Skip to content
Commits on Source (2)
Show whitespace changes
Inline Side-by-side
data/CVE/list
View file @ 39e7a0b7
......@@ -286,6 +286,8 @@ CVE-2018-8906 (dsmall v20180320 has XSS via a crafted street address to ...)
NOT-FOR-US: dsmall
CVE-2018-8905 (In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function ...)
- tiff <unfixed> (bug #893806)
[stretch] - tiff <postponed> (Can be fixed along in a future DSA)
[jessie] - tiff <postponed> (Can be fixed along in a future DSA)
- tiff3 <removed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2780
CVE-2018-8904 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...)
......@@ -338,13 +340,19 @@ CVE-2016-10717 (A vulnerability in the encryption and permission implementation
CVE-2018-8884
RESERVED
CVE-2018-8883 (Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the ...)
- nasm <unfixed>
- nasm <unfixed> (low)
[stretch] - nasm <no-dsa> (Minor issue)
[jessie] - nasm <no-dsa> (Minor issue)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392447
CVE-2018-8882 (Netwide Assembler (NASM) 2.13.02rc2 has a stack-based buffer under-read ...)
- nasm <unfixed>
- nasm <unfixed> (low)
[stretch] - nasm <no-dsa> (Minor issue)
[jessie] - nasm <no-dsa> (Minor issue)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392445
CVE-2018-8881 (Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read ...)
- nasm <unfixed>
- nasm <unfixed> (low)
[stretch] - nasm <no-dsa> (Minor issue)
[jessie] - nasm <no-dsa> (Minor issue)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392446
CVE-2018-8880
RESERVED
......@@ -4838,13 +4846,17 @@ CVE-2018-7187 (The &quot;go get&quot; implementation in Go 1.9.4, when the -inse
NOTE: https://github.com/golang/go/issues/23867
NOTE: https://github.com/golang/go/commit/c941e27e70c3e06e1011d2dd71d72a7a06a9bcbc
CVE-2018-7185 (The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote ...)
- ntp 1:4.2.8p11+dfsg-1
- ntp 1:4.2.8p11+dfsg-1 (low)
[stretch] - ntp <no-dsa> (Minor issue)
[jessie] - ntp <no-dsa> (Minor issue)
- ntpsec <not-affected> (Issue not present)
NOTE: http://www.kb.cert.org/vuls/id/961909
NOTE: http://support.ntp.org/bin/view/Main/NtpBug3454
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
CVE-2018-7184 (ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating ...)
- ntp 1:4.2.8p11+dfsg-1
- ntp 1:4.2.8p11+dfsg-1 (low)
[stretch] - ntp <no-dsa> (Minor issue)
[jessie] - ntp <no-dsa> (Minor issue)
- ntpsec <not-affected> (Issue not present)
NOTE: http://www.kb.cert.org/vuls/id/961909
NOTE: http://support.ntp.org/bin/view/Main/NtpBug3453
......@@ -7198,6 +7210,7 @@ CVE-2017-1000510 (Croogo version 2.3.1-17-g6f82e6c contains a Cross Site Scripti
NOT-FOR-US: Croogo
CVE-2017-1000509 (Dolibarr version 6.0.2 contains a Cross Site Scripting (XSS) ...)
- dolibarr <removed>
[jessie] - dolibarr <ignored> (Scheduled for removal)
NOTE: https://github.com/Dolibarr/dolibarr/issues/7727
CVE-2017-1000508 (Invoice Plane version 1.5.4 and earlier contains a Cross Site ...)
NOT-FOR-US: Invoice Plane
data/dsa-needed.txt
View file @ 39e7a0b7
......@@ -85,6 +85,8 @@ sharutils (luciano)
Maintainer proposed debdiff for review for stretch-security.
Pending request back for jessie-security
--
squirrelmail/oldstable
--
sqlite3/oldstable
--
sssd/stable
......