Commit a4a617b6 authored by security tracker role's avatar security tracker role

automatic update

parent 32729147
CVE-2018-9838 (The caml_ba_deserialize function in byterun/bigarray.c in the standard ...)
TODO: check
CVE-2018-XXXX [wordpress: Don't treat localhost as same host by default]
- wordpress <unfixed> (bug #895034)
NOTE: https://core.trac.wordpress.org/changeset/42894
......@@ -1038,25 +1040,25 @@ CVE-2018-9326
CVE-2018-9325
RESERVED
CVE-2018-9324
RESERVED
REJECTED
CVE-2018-9323
RESERVED
REJECTED
CVE-2018-9322
RESERVED
CVE-2018-9321
RESERVED
REJECTED
CVE-2018-9320
RESERVED
CVE-2018-9319
RESERVED
REJECTED
CVE-2018-9318
RESERVED
CVE-2018-9317
RESERVED
REJECTED
CVE-2018-9316
RESERVED
REJECTED
CVE-2018-9315
RESERVED
REJECTED
CVE-2018-9314
RESERVED
CVE-2018-9313
......@@ -4033,6 +4035,7 @@ CVE-2018-8090
CVE-2018-8089
RESERVED
CVE-2018-8088 (org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before ...)
{DLA-1342-1}
- libslf4j-java 1.7.25-3 (bug #893684)
NOTE: https://github.com/qos-ch/slf4j/commit/d2b27fba88e983f921558da27fc29b5f5d269405
NOTE: https://jira.qos.ch/browse/SLF4J-430
......@@ -5506,18 +5509,22 @@ CVE-2018-7556 (LimeSurvey 2.6.x before 2.6.7, 2.7x.x before 2.73.1, and 3.x befo
CVE-2018-7555
RESERVED
CVE-2018-7554 (There is an invalid free in ReadImage in input-bmp.ci that leads to a ...)
{DLA-1340-1}
- sam2p <removed>
[jessie] - sam2p <ignored> (Consider removal in next point release)
NOTE: https://github.com/pts/sam2p/issues/29
CVE-2018-7553 (There is a heap-based buffer overflow in the pcxLoadRaster function of ...)
{DLA-1340-1}
- sam2p <removed>
[jessie] - sam2p <ignored> (Consider removal in next point release)
NOTE: https://github.com/pts/sam2p/issues/32
CVE-2018-7552 (There is an invalid free in Mapping::DoubleHash::clear in mapping.cpp ...)
{DLA-1340-1}
- sam2p <removed>
[jessie] - sam2p <ignored> (Consider removal in next point release)
NOTE: https://github.com/pts/sam2p/issues/30
CVE-2018-7551 (There is an invalid free in MiniPS::delete0 in minips.cpp that leads to ...)
{DLA-1340-1}
- sam2p <removed>
[jessie] - sam2p <ignored> (Consider removal in next point release)
NOTE: https://github.com/pts/sam2p/issues/28
......@@ -5665,8 +5672,8 @@ CVE-2018-7508 (A Cross-site Scripting issue was discovered in OSIsoft PI Web API
NOT-FOR-US: OSIsoft PI
CVE-2018-7507
RESERVED
CVE-2018-7506
RESERVED
CVE-2018-7506 (The private key of the web server in Moxa MXview versions 2.8 and ...)
TODO: check
CVE-2018-7505
RESERVED
CVE-2018-7504 (A Protection Mechanism Failure issue was discovered in OSIsoft PI ...)
......@@ -5729,6 +5736,7 @@ CVE-2018-7489 (FasterXML jackson-databind before 2.8.11.1 and 2.9.x before 2.9.5
CVE-2018-7488
RESERVED
CVE-2018-7487 (There is a heap-based buffer overflow in the LoadPCX function of ...)
{DLA-1340-1}
- sam2p <removed>
[jessie] - sam2p <ignored> (Consider removal in next point release)
NOTE: https://github.com/pts/sam2p/issues/18
......@@ -8836,10 +8844,10 @@ CVE-2017-18100
RESERVED
CVE-2017-18099
RESERVED
CVE-2017-18098
RESERVED
CVE-2017-18097
RESERVED
CVE-2017-18098 (The searchrequest-xml resource in Atlassian Jira before version 7.6.1 ...)
TODO: check
CVE-2017-18097 (The Trello board importer resource in Atlassian Jira before version ...)
TODO: check
CVE-2017-18096 (The OAuth status rest resource in Atlassian Application Links before ...)
NOT-FOR-US: Atlassian Application Links
CVE-2017-18095 (The SnippetRPCServiceImpl class in Atlassian Crucible before version ...)
......@@ -22776,12 +22784,12 @@ CVE-2018-1274
RESERVED
CVE-2018-1273
RESERVED
CVE-2018-1272
RESERVED
CVE-2018-1271
RESERVED
CVE-2018-1270
RESERVED
CVE-2018-1272 (Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior ...)
TODO: check
CVE-2018-1271 (Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior ...)
TODO: check
CVE-2018-1270 (Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior ...)
TODO: check
CVE-2018-1269
RESERVED
CVE-2018-1268
......@@ -34550,6 +34558,7 @@ CVE-2017-14451
RESERVED
CVE-2017-14450 [Simple DirectMedia Layer SDL2_Image LWZ Decompression Buffer Overflow Vulnerability]
RESERVED
{DLA-1341-1}
- libsdl2-image 2.0.3+dfsg1-1
- sdl-image1.2 1.2.12-8
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0499
......@@ -34562,6 +34571,7 @@ CVE-2017-14449 [Simple DirectMedia Layer SDL2_image do_layer_surface Double-Free
NOTE: https://hg.libsdl.org/SDL_image/rev/d0142861559c
CVE-2017-14448 [Simple DirectMedia Layer SDL2_image load_xcf_tile_rle Decompression Code Execution Vulnerability]
RESERVED
{DLA-1341-1}
- libsdl2-image 2.0.3+dfsg1-1
- sdl-image1.2 1.2.12-8
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0497
......@@ -34578,18 +34588,21 @@ CVE-2017-14443
RESERVED
CVE-2017-14442 [Simple DirectMedia Layer SDL2_image Image Palette Population Code Execution Vulnerability]
RESERVED
{DLA-1341-1}
- libsdl2-image 2.0.3+dfsg1-1
- sdl-image1.2 1.2.12-8
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0491
NOTE: https://hg.libsdl.org/SDL_image/rev/37445f6180a8
CVE-2017-14441 [Simple DirectMedia Layer SDL2_image ICO Pitch Handling Code Execution Vulnerability]
RESERVED
{DLA-1341-1}
- libsdl2-image 2.0.3+dfsg1-1
- sdl-image1.2 1.2.12-8
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0490
NOTE: https://hg.libsdl.org/SDL_image/rev/a1e9b624ca10
CVE-2017-14440 [Simple DirectMedia Layer SDL2_image ILBM CMAP Parsing Code Execution Vulnerability]
RESERVED
{DLA-1341-1}
- libsdl2-image 2.0.3+dfsg1-1
- sdl-image1.2 1.2.12-8
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0489
......@@ -41546,6 +41559,7 @@ CVE-2017-12123
RESERVED
CVE-2017-12122 [Simple DirectMedia Layer SDL2_Image IMG_LoadLBM_RW Code Execution Vulnerability]
RESERVED
{DLA-1341-1}
- libsdl2-image 2.0.3+dfsg1-1
- sdl-image1.2 1.2.12-8
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0488
......@@ -129185,7 +129199,7 @@ CVE-2015-1419 (Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remo
NOTE: Not a real security feature according the manpage and upstream
CVE-2015-1418 (The do_ed_script function in pch.c in GNU patch through 2.7.6, and ...)
NOT-FOR-US: patch as used in FreeBSD specifically
CVE-2018-1000156 [input validation vulnerability when processing patch files]
CVE-2018-1000156 (GNU Patch version 2.7.6 contains an input validation vulnerability ...)
- patch 2.7.6-2 (bug #894993)
NOTE: Upstream bug: https://savannah.gnu.org/bugs/?53566
NOTE: https://rachelbythebay.com/w/2018/04/05/bangpatch/
......@@ -145120,8 +145134,8 @@ CVE-2014-5074 (Siemens SIMATIC S7-1500 CPU devices with firmware before 1.6 allo
NOT-FOR-US: Siemens SIMATIC S7-1500 CPU devices
CVE-2014-5073 (vmtadmin.cgi in VMTurbo Operations Manager before 4.6 build 28657 ...)
NOT-FOR-US: VMTurbo Operations Manager
CVE-2014-5072
RESERVED
CVE-2014-5072 (Cross-site request forgery (CSRF) vulnerability in WP Security Audit ...)
TODO: check
CVE-2014-5071 (SQL injection vulnerability in the checkPassword function in ...)
NOT-FOR-US: Symmetricom
CVE-2014-5070 (Symmetricom s350i 2.70.15 allows remote authenticated users to gain ...)
......@@ -145207,8 +145221,8 @@ CVE-2014-5036 (The Storage Controller (SC) component in Eucalyptus 3.4.2 through
- eucalyptus <removed>
CVE-2014-5035 (The Netconf (TCP) service in OpenDaylight 1.0 allows remote attackers ...)
NOT-FOR-US: Opendaylight
CVE-2014-5034
RESERVED
CVE-2014-5034 (Cross-site request forgery (CSRF) vulnerability in the Brute Force ...)
TODO: check
CVE-2014-5023 (Repository.php in Gitter, as used in Gitlist, allows remote attackers ...)
- gitlist <itp> (bug #750368)
CVE-2014-5018 (Incomplete blacklist vulnerability in the autoEscape function in ...)
......@@ -149132,8 +149146,7 @@ CVE-2014-3541 (The Repositories component in Moodle through 2.3.11, 2.4.x before
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45616
CVE-2014-3540
REJECTED
CVE-2014-3539 [pickle.load of remotely supplied data with no authentication required]
RESERVED
CVE-2014-3539 (base/oi/doa.py in the Rope library in CPython (aka Python) allows ...)
- rope 0.10.3-1 (bug #777525)
[jessie] - rope <no-dsa> (Minor issue)
[squeeze] - rope <no-dsa> (Minor issue)
......@@ -152484,8 +152497,8 @@ CVE-2014-2361 (OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Module
NOT-FOR-US: OleumTech Wireless Gateway
CVE-2014-2360 (OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules ...)
NOT-FOR-US: OleumTech Wireless Gateway
CVE-2014-2359
RESERVED
CVE-2014-2359 (OleumTech Wireless Sensor Network devices allow remote attackers to ...)
TODO: check
CVE-2014-2358 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
NOT-FOR-US: Fox-IT Fox DataDiode
CVE-2014-2357 (The GPT library in the Telegyr 8979 Master Protocol application in ...)
......@@ -155890,8 +155903,7 @@ CVE-2014-1228
RESERVED
CVE-2014-1227
RESERVED
CVE-2014-1226
RESERVED
CVE-2014-1226 (The pipe_init_terminal function in main.c in s3dvt allows local users ...)
- s3d 0.2.2-13 (unimportant)
NOTE: http://hmarco.org/bugs/CVE-2014-1226-s3dvt_0.2.2-root-shell.html
NOTE: Additional patch hunk applied in 0.2.2-11 (experimental) only
......@@ -159791,8 +159803,7 @@ CVE-2013-6878
NOT-FOR-US: MijoSearch
CVE-2013-6877 (Heap-based buffer overflow in RealNetworks RealPlayer before 17.0.4.61 ...)
NOT-FOR-US: RealPlayer
CVE-2013-6876
RESERVED
CVE-2013-6876 (The (1) pty_init_terminal and (2) pipe_init_terminal functions in ...)
- s3d 0.2.2-9 (unimportant)
NOTE: http://hmarco.org/bugs/s3dvt_0.2.2-root-shell.html
NOTE: Not running with elevated privileges in Debian packaging
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment