diff options
Diffstat (limited to 'data/CVE/2018.list')
| -rw-r--r-- | data/CVE/2018.list | 2208 |
1 files changed, 1187 insertions, 1021 deletions
diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 97cc50d808..8d31324b2a 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -1,45 +1,158 @@ +CVE-2018-25030 + RESERVED +CVE-2018-25029 (The Z-Wave specification requires that S2 security can be downgraded t ...) + NOT-FOR-US: Z-Wave specification +CVE-2018-25028 (An issue was discovered in the libpulse-binding crate before 1.2.1 for ...) + NOT-FOR-US: Rust crate libpulse-binding +CVE-2018-25027 (An issue was discovered in the libpulse-binding crate before 1.2.1 for ...) + NOT-FOR-US: Rust crate libpulse-binding +CVE-2018-25026 (An issue was discovered in the actix-web crate before 0.7.15 for Rust. ...) + NOT-FOR-US: Rust crate actix-web +CVE-2018-25025 (An issue was discovered in the actix-web crate before 0.7.15 for Rust. ...) + NOT-FOR-US: Rust crate actix-web +CVE-2018-25024 (An issue was discovered in the actix-web crate before 0.7.15 for Rust. ...) + NOT-FOR-US: Rust crate actix-web +CVE-2018-25023 (An issue was discovered in the smallvec crate before 0.6.13 for Rust. ...) + - rust-smallvec 1.1.0-1 + [buster] - rust-smallvec <no-dsa> (Minor issue) + NOTE: https://rustsec.org/advisories/RUSTSEC-2018-0018.html + NOTE: https://github.com/servo/rust-smallvec/issues/126 +CVE-2018-25022 (The Onion module in toxcore before 0.2.2 doesn't restrict which packet ...) + - libtoxcore 0.2.2-1 + NOTE: https://blog.tox.chat/2018/04/security-vulnerability-and-new-toxcore-release + NOTE: https://github.com/TokTok/c-toxcore/issues/873 + NOTE: https://github.com/TokTok/c-toxcore/pull/872 +CVE-2018-25021 (The TCP Server module in toxcore before 0.2.8 doesn't free the TCP pri ...) + - libtoxcore 0.2.8-1 + NOTE: https://blog.tox.chat/2018/10/memory-leak-bug-and-new-toxcore-release-fixing-it/ + NOTE: https://github.com/TokTok/c-toxcore/issues/1214 + NOTE: https://github.com/TokTok/c-toxcore/pull/1216 +CVE-2018-25020 (The BPF subsystem in the Linux kernel before 4.17 mishandles situation ...) + - linux 4.17.3-1 + NOTE: https://git.kernel.org/linus/050fad7c4534c13c8eb1d9c2ba66012e014773cb (4.17-rc7) +CVE-2018-25019 (The LearnDash LMS WordPress plugin before 2.5.4 does not have any auth ...) + NOT-FOR-US: WordPress plugin +CVE-2018-25018 (UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write durin ...) + - unrar-nonfree 1:5.6.6-1 (bug #990541) + [stretch] - unrar-nonfree <no-dsa> (Non-free not supported) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9845 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/unrar/OSV-2018-204.yaml +CVE-2018-25017 (RawSpeed (aka librawspeed) 3.1 has a heap-based buffer overflow in Tab ...) + - darktable 2.6.0-1 + [stretch] - darktable <not-affected> (Vulnerable code added later) + - photoflow <not-affected> (Fixed before initial upload to the archive) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5256 + NOTE: https://github.com/darktable-org/rawspeed/commit/dbe7591e54bad5e6430d38be6bed051582da76b9 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/librawspeed/OSV-2018-227.yaml + NOTE: darktable 2.6.0 is the first release to bundle rawspeed 3.2 with the fixes +CVE-2018-25016 (Greenbone Security Assistant (GSA) before 7.0.3 and Greenbone OS (GOS) ...) + NOT-FOR-US: Greenbone Security Assistant +CVE-2018-25015 (An issue was discovered in the Linux kernel before 4.14.16. There is a ...) + - linux 4.14.17-1 + [stretch] - linux 4.9.80-1 + NOTE: https://git.kernel.org/linus/a0ff660058b88d12625a783ce9e5c1371c87951f +CVE-2018-25014 (A flaw was found in libwebp in versions before 1.0.1. An unitialized v ...) + {DSA-4930-1 DLA-2677-1} + - libwebp 0.6.1-2.1 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496 +CVE-2018-25013 (A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds ...) + {DSA-4930-1 DLA-2677-1} + - libwebp 0.6.1-2.1 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9417 + NOTE: https://chromium.googlesource.com/webm/libwebp/+/907208f97ead639bd521cf355a2f203f462eade6 +CVE-2018-25012 (A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds ...) + {DSA-4930-1 DLA-2677-1} + - libwebp 0.6.1-2.1 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9123 + NOTE: https://chromium.googlesource.com/webm/libwebp/+/95fd65070662e01cc9170c4444f5c0859a710097%5E%21/ +CVE-2018-25011 (A flaw was found in libwebp in versions before 1.0.1. A heap-based buf ...) + {DSA-4930-1 DLA-2677-1} + - libwebp 0.6.1-2.1 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9119 +CVE-2018-25010 (A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds ...) + {DSA-4930-1 DLA-2677-1} + - libwebp 0.6.1-2.1 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9105 + NOTE: https://chromium.googlesource.com/webm/libwebp/+/1344a2e947c749d231141a295327e5b99b444d63%5E%21/#F0 +CVE-2018-25009 (A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds ...) + {DSA-4930-1 DLA-2677-1} + - libwebp 0.6.1-2.1 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9100 + NOTE: https://chromium.googlesource.com/webm/libwebp/+/95fd65070662e01cc9170c4444f5c0859a710097%5E%21/ +CVE-2018-25008 (In the standard library in Rust before 1.29.0, there is weak synchroni ...) + - rustc 1.29.0+dfsg1-1 + NOTE: https://github.com/rust-lang/rust/issues/51780 + NOTE: https://github.com/rust-lang/rust/pull/52031 +CVE-2018-25007 (Missing check in UIDL request handler in com.vaadin:flow-server versio ...) + NOT-FOR-US: Vaadin +CVE-2018-25006 + RESERVED +CVE-2018-25005 + RESERVED +CVE-2018-25004 (A user authorized to performing a specific type of query may trigger a ...) + - mongodb <removed> + [stretch] - mongodb <end-of-life> (https://lists.debian.org/debian-lts/2020/11/msg00058.html) + NOTE: https://jira.mongodb.org/browse/SERVER-38275 +CVE-2018-25003 + RESERVED +CVE-2018-25002 (uploader.php in the KCFinder integration project through 2018-06-01 fo ...) + NOT-FOR-US: KCFinder integration project for Drupal +CVE-2018-25001 (An issue was discovered in the libpulse-binding crate before 2.5.0 for ...) + NOT-FOR-US: libpulse-binding rust crate +CVE-2018-21270 (Versions less than 0.0.6 of the Node.js stringstream module are vulner ...) + - node-stringstream 0.0.6-1 + NOTE: https://github.com/mhart/StringStream/issues/7 + NOTE: https://hackerone.com/reports/321670 +CVE-2018-21269 (checkpath in OpenRC through 0.42.1 might allow local users to take own ...) + - openrc <unfixed> (bug #973245) + [bullseye] - openrc <no-dsa> (Minor issue) + [buster] - openrc <no-dsa> (Minor issue) + [stretch] - openrc <no-dsa> (Minor issue) + NOTE: https://github.com/OpenRC/openrc/issues/201 + NOTE: http://michael.orlitzky.com/cves/cve-2018-21269.xhtml + NOTE: https://github.com/OpenRC/openrc/commit/b6fef599bf8493480664b766040fa9b0d4b1e335 CVE-2018-21268 (The traceroute (aka node-traceroute) package through 1.0.0 for Node.js ...) NOT-FOR-US: Node traceroute CVE-2018-21267 - RESERVED + REJECTED CVE-2018-21266 - RESERVED + REJECTED CVE-2018-21265 (An issue was discovered in Mattermost Desktop App before 4.0.0. It mis ...) - NOT-FOR-US: Mattermost + - mattermost-desktop <itp> (bug #831861) CVE-2018-21264 (An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2018-21263 (An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2018-21262 (An issue was discovered in Mattermost Server before 4.7.3. It allows a ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2018-21261 (An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2018-21260 (An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2018-21259 (An issue was discovered in Mattermost Server before 4.10.1, 4.9.4, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2018-21258 (An issue was discovered in Mattermost Server before 5.1. It allows att ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2018-21257 (An issue was discovered in Mattermost Server before 5.1. It allows att ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2018-21256 (An issue was discovered in Mattermost Server before 5.1. It allows att ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2018-21255 (An issue was discovered in Mattermost Server before 5.1. Non-members o ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2018-21254 (An issue was discovered in Mattermost Server before 5.1. An attacker c ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2018-21253 (An issue was discovered in Mattermost Server before 5.1, 5.0.2, and 4. ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2018-21252 (An issue was discovered in Mattermost Server before 5.2, 5.1.1, 5.0.3, ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2018-21251 (An issue was discovered in Mattermost Server before 5.2 and 5.1.1. Aut ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2018-21250 (An issue was discovered in Mattermost Server before 5.2.2, 5.1.2, and ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2018-21249 (An issue was discovered in Mattermost Server before 5.3.0. It mishandl ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2018-21248 (An issue was discovered in Mattermost Server before 5.4.0. It mishandl ...) - NOT-FOR-US: Mattermost + - mattermost-server <itp> (bug #823556) CVE-2018-21247 (An issue was discovered in LibVNCServer before 0.9.13. There is an inf ...) {DSA-4383-1 DLA-1617-1} - libvncserver 0.9.11+dfsg-1.2 @@ -78,18 +191,16 @@ CVE-2018-21235 (An issue was discovered in Foxit E-mail advertising system befor NOT-FOR-US: Foxit E-mail advertising system CVE-2018-21234 (Jodd before 5.0.4 performs Deserialization of Untrusted JSON Data when ...) - jodd <unfixed> (bug #961298) - [buster] - jodd <no-dsa> (Minor issue) + [buster] - jodd <ignored> (Minor issue; upstream fix needs changes in rdeps and none present in Buster) NOTE: https://github.com/oblac/jodd/commit/9bffc3913aeb8472c11bb543243004b4b4376f16 NOTE: https://github.com/oblac/jodd/issues/628 CVE-2018-21233 (TensorFlow before 1.7.0 has an integer overflow that causes an out-of- ...) - tensorflow <itp> (bug #804612) CVE-2018-21232 (re2c before 2.0 has uncontrolled recursion that causes stack consumpti ...) - - re2c <unfixed> - [buster] - re2c <no-dsa> (Minor issue) - [stretch] - re2c <no-dsa> (Minor issue) - [jessie] - re2c <no-dsa> (Minor issue) + - re2c <unfixed> (unimportant) NOTE: https://github.com/skvadrik/re2c/issues/219 NOTE: https://www.openwall.com/lists/oss-security/2020/04/27/2 + NOTE: Crash im CLI tool, no security impact CVE-2018-21231 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) NOT-FOR-US: Netgear CVE-2018-21230 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) @@ -483,12 +594,13 @@ CVE-2018-21037 (Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to CVE-2018-21036 (Sails.js before v1.0.0-46 allows attackers to cause a denial of servic ...) NOT-FOR-US: Sails.js CVE-2018-21035 (In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB f ...) - - qtwebsockets-opensource-src <unfixed> (low; bug #953049) - [buster] - qtwebsockets-opensource-src <ignored> (Minor issue) + - qtwebsockets-opensource-src 5.15.1-2 (low; bug #953049) + [buster] - qtwebsockets-opensource-src <ignored> (Minor issue, fix adds new API only) [stretch] - qtwebsockets-opensource-src <ignored> (Minor issue) [jessie] - qtwebsockets-opensource-src <no-dsa> (Minor issue) NOTE: https://bugreports.qt.io/browse/QTBUG-70693 NOTE: https://codereview.qt-project.org/c/qt/qtwebsockets/+/284735 + NOTE: https://github.com/qt/qtwebsockets/commit/ed93680f34e92ad0383aa4e610bb65689118ca93 CVE-2018-21034 (In Argo versions prior to v1.5.0-rc1, it was possible for authenticate ...) NOT-FOR-US: Argo CVE-2018-21033 (A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Au ...) @@ -498,6 +610,7 @@ CVE-2018-21032 (A vulnerability in Hitachi Command Suite prior to 8.7.1-00 and H CVE-2018-21031 (Tautulli versions 2.1.38 and below allows remote attackers to bypass i ...) NOT-FOR-US: Plex Media Server CVE-2018-21030 (Jupyter Notebook before 5.5.0 does not use a CSP header to treat serve ...) + {DLA-2432-1} - jupyter-notebook 5.7.4-1 NOTE: https://github.com/jupyter/notebook/pull/3341 CVE-2018-21029 (** DISPUTED ** systemd 239 through 245 accepts any certificate signed ...) @@ -529,23 +642,26 @@ CVE-2018-21019 (Home Assistant before 0.67.0 was vulnerable to an information di CVE-2018-21018 (Mastodon before 2.6.3 mishandles timeouts of incompletely established ...) NOT-FOR-US: Mastodon CVE-2018-21017 (GPAC 0.7.1 has a memory leak in dinf_Read in isomedia/box_code_base.c. ...) - [experimental] - gpac <unfixed> (bug #940855) + [experimental] - gpac 1.0.1+dfsg1-1 (bug #940855) - gpac <not-affected> (Vulnerable code introduced in 0.6.0) NOTE: https://github.com/gpac/gpac/issues/1183 NOTE: Introduced in https://github.com/gpac/gpac/commit/6cfd65819add78426d9635e3f8358f8bc149b645 (v0.6.0) - NOTE: Fixed by: https://github.com/gpac/gpac/commit/d2371b4b204f0a3c0af51ad4e9b491144dd1225c (v0.8.) + NOTE: Fixed by: https://github.com/gpac/gpac/commit/d2371b4b204f0a3c0af51ad4e9b491144dd1225c (v0.8.0) CVE-2018-21016 (audio_sample_entry_AddBox() at isomedia/box_code_base.c in GPAC 0.7.1 ...) {DLA-2072-1} - - gpac <unfixed> (bug #940882) + - gpac 1.0.1+dfsg1-2 (bug #940882) [buster] - gpac <no-dsa> (Minor issue) [stretch] - gpac <no-dsa> (Minor issue) NOTE: https://github.com/gpac/gpac/issues/1180 NOTE: https://github.com/gpac/gpac/commit/ea13945f3c2dc2c21e30e2731bf2782384307a13 CVE-2018-21015 (AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows remot ...) {DLA-2072-1} - - gpac <unfixed> (bug #940882) + - gpac 1.0.1+dfsg1-2 (bug #940882) [buster] - gpac <no-dsa> (Minor issue) [stretch] - gpac <no-dsa> (Minor issue) + - ccextractor 0.93+ds2-1 (bug #994746) + [bullseye] - ccextractor <no-dsa> (Minor issue) + [buster] - ccextractor <no-dsa> (Minor issue) NOTE: https://github.com/gpac/gpac/issues/1179 NOTE: https://github.com/gpac/gpac/commit/0545bb0a01bfac6764c43bd5074e9c2d1eae495f CVE-2018-21014 (The buddyboss-media plugin through 3.2.3 for WordPress has stored XSS. ...) @@ -860,7 +976,7 @@ CVE-2018-20873 (cPanel before 74.0.8 allows local users to disable the ClamAV da CVE-2018-20872 (DrayTek routers before 2018-05-23 allow CSRF attacks to change DNS or ...) NOT-FOR-US: DrayTek routers CVE-2018-20871 (In Univa Grid Engine before 8.6.3, when configured for Docker jobs and ...) - - gridengine <undetermined> + - gridengine <not-affected> (Vulnerable code specific to Univa Grid Engine fork) CVE-2018-20870 (The WebDAV transport feature in cPanel before 76.0.8 enables debug log ...) NOT-FOR-US: cPanel CVE-2018-20869 (cPanel before 76.0.8 allows arbitrary code execution in the context of ...) @@ -988,7 +1104,8 @@ CVE-2018-20836 (An issue was discovered in the Linux kernel before 4.20. There i - linux 5.2.6-1 NOTE: Fixed by: https://git.kernel.org/linus/b90cd6f2b905905fb42671009dc0e27c310a16ae CVE-2018-20835 (A vulnerability was found in tar-fs before 1.16.2. An Arbitrary File O ...) - - node-tar-fs <itp> (bug #897023) + - node-tar-fs <not-affected> (Fixed before initial upload to Debian) + NOTE: https://github.com/mafintosh/tar-fs/commit/06672828e6fa29ac8551b1b6f36c852a9a3c58a2 (v1.16.2) CVE-2018-20834 (A vulnerability was found in node-tar before version 4.4.2 (excluding ...) - node-tar 4.4.4+ds1-2 [stretch] - node-tar <end-of-life> (Nodejs in stretch not covered by security support, minor issue) @@ -1018,13 +1135,14 @@ CVE-2018-20824 (The WallboardServlet resource in Jira before version 7.13.1 allo CVE-2018-20823 (The gyroscope on Xiaomi Mi 5s devices allows attackers to cause a deni ...) NOT-FOR-US: Xiaomi Mi 5s devices CVE-2018-20822 (LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrol ...) - - libsass <unfixed> (low) + - libsass 3.6.3-1 (low) [buster] - libsass <no-dsa> (Minor issue) [stretch] - libsass <no-dsa> (Minor issue) NOTE: https://github.com/sass/libsass/issues/2671 NOTE: Possibly introduced after https://github.com/sass/libsass/commit/25c9b4952f5838b615da996035453967d0420f57 (3.4.7) + NOTE: Fixed in 3.6.1, but 3.6.3 first to land in unstable CVE-2018-20821 (The parsing component in LibSass through 3.5.5 allows attackers to cau ...) - - libsass <unfixed> (low) + - libsass 3.6.3-1 (low) [buster] - libsass <no-dsa> (Minor issue) [stretch] - libsass <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/sass/libsass/issues/2658 @@ -1072,19 +1190,35 @@ CVE-2018-20806 (Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS vi [stretch] - phamm <no-dsa> (Minor issue) [jessie] - phamm <no-dsa> (Minor issue) NOTE: https://github.com/lota/phamm/issues/24 -CVE-2018-20805 - RESERVED -CVE-2018-20804 - RESERVED -CVE-2018-20803 - RESERVED -CVE-2018-20802 - RESERVED +CVE-2018-20805 (A user authorized to perform database queries may trigger denial of se ...) + - mongodb <removed> + [stretch] - mongodb <not-affected> (Vulnerable code introduced later) + NOTE: https://jira.mongodb.org/browse/SERVER-38164 + NOTE: https://github.com/mongodb/mongo/commit/66316884a4b1180a8cceb6381e3c51e56586fc3e (v3.6.10, SSPL) + NOTE: Introduced by: https://github.com/mongodb/mongo/commit/f77527a942347313e2848e050e89480bc3cadb95 (v3.5.4) +CVE-2018-20804 (A user authorized to perform database queries may trigger denial of se ...) + - mongodb <removed> + [stretch] - mongodb <not-affected> (Vulnerable code introduced later) + NOTE: https://jira.mongodb.org/browse/SERVER-35636 + NOTE: https://github.com/mongodb/mongo/commit/736d214fe2b1ad7cd9b57c05571b53628124668e (v3.6.13, SSPL) + NOTE: Introduced by: https://github.com/mongodb/mongo/commit/a69ae445303fc4821c6745866b3902623a385c1c (v3.5.10) +CVE-2018-20803 (A user authorized to perform database queries may trigger denial of se ...) + - mongodb <removed> + [stretch] - mongodb <postponed> (Minor issue, authenticated DoS) + NOTE: https://jira.mongodb.org/browse/SERVER-38070 + NOTE: https://github.com/mongodb/mongo/commit/a2d97db8fe449d15eb8e275bbf318491781472bf (v3.4.19, AGPL) + NOTE: Introduced by: https://github.com/mongodb/mongo/commit/a8176cf1da9fdbcc48334bfb3c71fedf37e77879 (v3.1.7) +CVE-2018-20802 (A user authorized to perform database queries may trigger denial of se ...) + - mongodb <removed> + [stretch] - mongodb <not-affected> (Vulnerable code introduced later) + NOTE: https://jira.mongodb.org/browse/SERVER-36993 + NOTE: https://github.com/mongodb/mongo/commit/2b4634bb6512c5345de2ab8f698a687c6cec9973 (v3.6.9, AGPL) + NOTE: Introduced by: https://github.com/mongodb/mongo/commit/2f3b96e636329b68809bc63b681a862e3d3bccd5 (v3.6) CVE-2018-20801 (In js/parts/SvgRenderer.js in Highcharts JS before 6.1.0, the use of b ...) NOT-FOR-US: Highcharts JS CVE-2018-20800 (An issue was discovered in Open Ticket Request System (OTRS) 5.0.31 an ...) - otrs2 6.0.14-1 - [stretch] - otrs2 <no-dsa> (Non-free not supported) + [stretch] - otrs2 <ignored> (Non-free not supported) [jessie] - otrs2 <not-affected> (Vulnerable code not present) NOTE: https://community.otrs.com/security-advisory-2018-10-security-update-for-otrs-framework/ NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/8d17d58029efbb0bba25c4208e09e2d320eeb0c3 @@ -1095,11 +1229,9 @@ CVE-2018-20799 (In pfSense 2.4.4_1, blocking of source IP addresses on the basis CVE-2018-20798 (The expiretable configuration in pfSense 2.4.4_1 establishes block dur ...) NOT-FOR-US: pfSense CVE-2018-20797 (An issue was discovered in PoDoFo 0.9.6. There is an attempted excessi ...) - - libpodofo <unfixed> (low; bug #923415) - [buster] - libpodofo <no-dsa> (Minor issue) - [stretch] - libpodofo <no-dsa> (Minor issue) - [jessie] - libpodofo <no-dsa> (Minor issue) + - libpodofo <unfixed> (unimportant; bug #923415) NOTE: https://sourceforge.net/p/podofo/tickets/34/ + NOTE: Negligible security impact CVE-2018-20796 (In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limi ...) - glibc <unfixed> (unimportant) - eglibc <removed> (unimportant) @@ -1260,7 +1392,7 @@ CVE-2018-20744 (The Olivier Poitrey Go CORS handler through 1.3.0 actively conve CVE-2018-20742 (An issue was discovered in UC Berkeley RISE Opaque before 2018-12-01. ...) NOT-FOR-US: UC Berkeley RISE Opaque CVE-2018-1000997 (A path traversal vulnerability exists in the Stapler web framework use ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2018-20741 RESERVED CVE-2018-20740 @@ -1305,8 +1437,8 @@ CVE-2018-20725 (A cross-site scripting (XSS) vulnerability exists in graph_templ NOTE: https://github.com/Cacti/cacti/issues/2214 CVE-2018-20724 (A cross-site scripting (XSS) vulnerability exists in pollers.php in Ca ...) - cacti 1.2.1+ds1-1 (low) - [stretch] - cacti <no-dsa> (Minor issue) - [jessie] - cacti <ignored> (Minor issue) + [stretch] - cacti <not-affected> (Vulnerable code introduced in 1.0.0) + [jessie] - cacti <not-affected> (Vulnerable code introduced in 1.0.0) NOTE: https://github.com/Cacti/cacti/commit/1f42478506d83d188f68ce5ff41728a7bd159f53 NOTE: https://github.com/Cacti/cacti/issues/2212 CVE-2018-20723 (A cross-site scripting (XSS) vulnerability exists in color_templates.p ...) @@ -1318,9 +1450,8 @@ CVE-2018-20723 (A cross-site scripting (XSS) vulnerability exists in color_templ CVE-2018-20722 RESERVED CVE-2018-20721 (URI_FUNC() in UriParse.c in uriparser before 0.9.1 has an out-of-bound ...) - {DLA-1682-1} + {DLA-2834-1 DLA-1682-1} - uriparser 0.9.1-1 (low) - [stretch] - uriparser <no-dsa> (Minor issue) NOTE: https://github.com/uriparser/uriparser/commit/cef25028de5ff872c2e1f0a6c562eb3ea9ecbce4 CVE-2018-20720 (ABB Relion 630 devices 1.1 before 1.1.0.C0, 1.2 before 1.2.0.B3, and 1 ...) NOT-FOR-US: ABB Relion 630 devices @@ -1403,7 +1534,7 @@ CVE-2018-20688 CVE-2018-20687 (An XML external entity (XXE) vulnerability in CommandCenterWebServices ...) NOT-FOR-US: Raritan CommandCenter Secure Gateway CVE-2018-20686 - RESERVED + REJECTED CVE-2018-20684 (In WinSCP before 5.14 beta, due to missing validation, the scp impleme ...) NOT-FOR-US: WinSCP CVE-2018-20685 (In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to b ...) @@ -1454,15 +1585,15 @@ CVE-2018-1000412 (An improper authorization vulnerability exists in Jenkins Jira CVE-2018-1000411 (A cross-site request forgery vulnerability exists in Jenkins JUnit Plu ...) NOT-FOR-US: Jenkins plugin CVE-2018-1000410 (An information exposure vulnerability exists in Jenkins 2.145 and earl ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2018-1000409 (A session fixation vulnerability exists in Jenkins 2.145 and earlier, ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2018-1000408 (A denial of service vulnerability exists in Jenkins 2.145 and earlier, ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2018-1000407 (A cross-site scripting vulnerability exists in Jenkins 2.145 and earli ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2018-1000406 (A path traversal vulnerability exists in Jenkins 2.145 and earlier, LT ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2018-20683 (commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsyn ...) - gitolite3 3.6.11-1 (bug #918849) [stretch] - gitolite3 <no-dsa> (Minor issue) @@ -1542,9 +1673,8 @@ CVE-2018-20664 (Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has X CVE-2018-20663 (The Reporting Addon (aka Reports Addon) through 2019-01-02 for CUBA Pl ...) NOT-FOR-US: Reporting Addon for CUBA Platform CVE-2018-20662 (In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to caus ...) - {DLA-1706-1} + {DLA-2440-1 DLA-1706-1} - poppler 0.71.0-4 (low; bug #918158) - [stretch] - poppler <no-dsa> (Minor issue) NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/706 NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/7b4e372deeb716eb3fe3a54b31ed41af759224f9 CVE-2018-20661 @@ -1556,7 +1686,7 @@ CVE-2018-20659 (An issue was discovered in Bento4 1.5.1-627. The AP4_StcoAtom cl CVE-2018-20658 (The server in Core FTP 2.0 build 653 on 32-bit platforms allows remote ...) NOT-FOR-US: Core FTP CVE-2018-20657 (The demangle_template function in cplus-dem.c in GNU libiberty, as dis ...) - NOTE: Short-lived, small memleak, not considered a real bug by upstream + NOTE: Short-lived, small memleak, not considered a real bug by upstream NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539 CVE-2018-20656 RESERVED @@ -1567,18 +1697,19 @@ CVE-2018-20654 CVE-2018-20653 RESERVED CVE-2018-20652 (An attempted excessive memory allocation was discovered in the functio ...) - NOT-FOR-US: tinyexr + - tinyexr <not-affected> (Fixed with initial upload to Debian) + NOTE: https://github.com/syoyo/tinyexr/issues/104 + NOTE: https://github.com/ChijinZ/security_advisories/tree/master/tinyexr_65f9859#cve-2018-20652-heap-buffer-overflow-in-function-tinyexrallocateimage-tinyexrh10302 CVE-2018-20651 (A NULL pointer dereference was discovered in elf_link_add_object_symbo ...) - binutils 2.32.51.20190707-1 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24041 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=54025d5812ff100f5f0654eb7e1ffd50f2e37f5f NOTE: binutils not covered by security support CVE-2018-20650 (A reachable Object::dictLookup assertion in Poppler 0.72.0 allows atta ...) - {DLA-1939-1} + {DLA-2440-1 DLA-1939-1} [experimental] - poppler 0.81.0-1 - poppler 0.85.0-2 (low; bug #917974) [buster] - poppler <ignored> (Minor issue) - [stretch] - poppler <ignored> (Minor issue) NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7 NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/704 CVE-2018-20649 @@ -1701,7 +1832,7 @@ CVE-2018-20595 (A CSRF issue was discovered in web/authorization/oauth2/controll CVE-2018-20594 (An issue was discovered in hsweb 3.0.4. It is a reflected XSS vulnerab ...) NOT-FOR-US: hsweb CVE-2018-20593 (In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in ...) - - mxml <unfixed> (low; bug #924353) + - mxml 3.0-1 (low; bug #924353) [buster] - mxml <ignored> (Minor issue) [stretch] - mxml <ignored> (Minor issue) [jessie] - mxml <no-dsa> (Minor issue, only affects the mxmldoc tool) @@ -1710,9 +1841,9 @@ CVE-2018-20593 (In Mini-XML (aka mxml) v2.12, there is stack-based buffer overfl NOTE: https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2987_1.txt NOTE: https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2987_1.txt.err (error output) NOTE: https://github.com/michaelrsweet/mxml/issues/237 - NOTE: upstream tagged the issue with 'wontfix' and removed mxmldoc code completely + NOTE: upstream tagged the issue with 'wontfix' and removed mxmldoc code completely in 3.0, marking that version as fix CVE-2018-20592 (In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd ...) - - mxml <unfixed> (low; bug #924353) + - mxml 3.0-1 (low; bug #924353) [buster] - mxml <ignored> (Minor issue) [stretch] - mxml <ignored> (Minor issue) [jessie] - mxml <no-dsa> (Minor issue, only affected the mxmldoc tool) @@ -1721,7 +1852,7 @@ CVE-2018-20592 (In Mini-XML (aka mxml) v2.12, there is a use-after-free in the m NOTE: https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/uaf_mxml-node.c:128_2.txt NOTE: https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/uaf_mxml-node.c:128_2.txt.err (error output) NOTE: https://github.com/michaelrsweet/mxml/issues/237 - NOTE: upstream tagged the issue with 'wontfix' and removed mxmldoc code completely + NOTE: upstream tagged the issue with 'wontfix' and removed mxmldoc code completely in 3.0, marking that version as fix CVE-2018-20591 (A heap-based buffer over-read was discovered in decompileJUMP function ...) - ming <removed> NOTE: https://github.com/libming/libming/issues/168 @@ -1734,6 +1865,7 @@ CVE-2018-20588 (lib/support/unicodeconv/unicodeconv.c in libotfcc.a in otfcc v0. CVE-2018-20587 (Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0. ...) - bitcoin <unfixed> NOTE: https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20587 + NOTE: Documentation of issue: https://github.com/bitcoin/bitcoin/pull/15223 CVE-2018-20586 (bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary d ...) - bitcoin 0.17.1~dfsg-1 CVE-2018-20585 @@ -1836,12 +1968,12 @@ CVE-2018-20552 (Tcpreplay before 4.3.1 has a heap-based buffer over-read in pack NOTE: initial set of fixes got additional hardening, see: NOTE: https://github.com/appneta/tcpreplay/issues/530#issuecomment-480312372 NOTE: https://github.com/appneta/tcpreplay/pull/584 -CVE-2018-1000893 - RESERVED -CVE-2018-1000892 - RESERVED -CVE-2018-1000891 - RESERVED +CVE-2018-1000893 (Bitcoin SV before 0.1.1 allows uncontrolled resource consumption when ...) + NOT-FOR-US: Bitcoin SV +CVE-2018-1000892 (Bitcoin SV before 0.1.1 allows uncontrolled resource consumption when ...) + NOT-FOR-US: Bitcoin SV +CVE-2018-1000891 (Bitcoin SV before 0.1.1 allows uncontrolled resource consumption when ...) + NOT-FOR-US: Bitcoin SV CVE-2018-20551 (A reachable Object::getString assertion in Poppler 0.72.0 allows attac ...) - poppler 0.71.0-4 (low; bug #917525) [stretch] - poppler <ignored> (Minor issue) @@ -1943,7 +2075,7 @@ CVE-2018-20536 (There is a heap-based buffer over-read at liblas::SpatialReferen NOTE: https://github.com/libLAS/libLAS/pull/183 NOTE: https://github.com/libLAS/libLAS/commit/ca88a11a8a0548d3aa78b643e6c701708b826fa9 CVE-2018-20535 (There is a use-after-free at asm/preproc.c (function pp_getline) in Ne ...) - - nasm <unfixed> (unimportant; bug #918270) + - nasm 2.15.04-1 (unimportant; bug #918270) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392530 NOTE: Crash in CLI tool, no security impact CVE-2018-20534 (** DISPUTED ** There is an illegal address access at ext/testcase.c in ...) @@ -2114,9 +2246,8 @@ CVE-2018-20483 (set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a NOTE: Don't use extended attributes by default: https://git.savannah.gnu.org/cgit/wget.git/commit/?id=c125d24762962d91050d925fbbd9e6f30b2302f8 NOTE: Introduced by: https://git.savannah.gnu.org/cgit/wget.git/commit/?id=a933bdd31eee9c956a3b5cc142f004ef1fa94cb3 (v1.19) CVE-2018-20482 (GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage ...) - {DLA-1623-1} + {DLA-2830-1 DLA-1623-1} - tar 1.30+dfsg-3.1 (bug #917377) - [stretch] - tar <no-dsa> (Minor issue) NOTE: https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug NOTE: https://news.ycombinator.com/item?id=18745431 NOTE: https://twitter.com/thatcks/status/1076166645708668928 @@ -2296,7 +2427,7 @@ CVE-2018-20423 (Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote CVE-2018-20422 (Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attac ...) NOT-FOR-US: DiscuzX CVE-2018-20421 (Go Ethereum (aka geth) 1.8.19 allows attackers to cause a denial of se ...) - NOT-FOR-US: Go Ethereum + - golang-github-go-ethereum <itp> (bug #890541) CVE-2018-20420 (In webERP 4.15, Z_CreateCompanyTemplateFile.php has Incorrect Access C ...) NOT-FOR-US: webERP CVE-2018-20419 (DouCo DouPHP 1.5 has upload/admin/manager.php?rec=insert CSRF to add a ...) @@ -2423,24 +2554,24 @@ CVE-2018-20367 (The "mall some commodity details: commodity consultation" compon CVE-2018-20366 RESERVED CVE-2018-20365 (LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow ...) + {DLA-2903-1} - libraw 0.19.2-2 (bug #917111) - [stretch] - libraw <no-dsa> (Minor issue) [jessie] - libraw <not-affected> (Vulnerable code not present) NOTE: https://github.com/LibRaw/LibRaw/issues/195 NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/7e29b9f29449fde30cc878fbb137d61c14bba3a4 NOTE: Additionally needed: https://github.com/LibRaw/LibRaw/commit/a7c17cb6bbec1e79f058d84511f9c3b142cbdfa7 NOTE: CVE-2018-20363, CVE-2018-20364 and CVE-2018-20365 have same root cause CVE-2018-20364 (LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL point ...) + {DLA-2903-1} - libraw 0.19.2-2 (bug #917112) - [stretch] - libraw <no-dsa> (Minor issue) [jessie] - libraw <not-affected> (Vulnerable code not present) NOTE: https://github.com/LibRaw/LibRaw/issues/194 NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/7e29b9f29449fde30cc878fbb137d61c14bba3a4 NOTE: Additionally needed: https://github.com/LibRaw/LibRaw/commit/a7c17cb6bbec1e79f058d84511f9c3b142cbdfa7 NOTE: CVE-2018-20363, CVE-2018-20364 and CVE-2018-20365 have same root cause CVE-2018-20363 (LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointe ...) + {DLA-2903-1} - libraw 0.19.2-2 (bug #917113) - [stretch] - libraw <no-dsa> (Minor issue) [jessie] - libraw <not-affected> (Vulnerable code not present) NOTE: https://github.com/LibRaw/LibRaw/issues/193 NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/7e29b9f29449fde30cc878fbb137d61c14bba3a4 @@ -2459,10 +2590,9 @@ CVE-2018-20361 (An invalid memory address dereference was discovered in the hf_a NOTE: https://github.com/knik0/faad2/issues/30 NOTE: https://github.com/knik0/faad2/commit/6b4a7cde30f2e2c CVE-2018-20360 (An invalid memory address dereference was discovered in the sbr_proces ...) - {DLA-1899-1} + {DLA-2792-1 DLA-1899-1} - faad2 2.8.8-3.1 (low) [buster] - faad2 <no-dsa> (Minor issue) - [stretch] - faad2 <no-dsa> (Minor issue) NOTE: https://github.com/knik0/faad2/issues/32 NOTE: https://github.com/knik0/faad2/commit/3b80a57483a6bc822d3ce3cc640fa81737a87c54 CVE-2018-20359 (An invalid memory address dereference was discovered in the sbrDecodeS ...) @@ -2540,7 +2670,7 @@ CVE-2018-20338 (Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL NOT-FOR-US: Zoho ManageEngine OpManager CVE-2018-20337 (There is a stack-based buffer overflow in the parse_makernote function ...) - libraw 0.19.2-1 (bug #917080) - [stretch] - libraw <no-dsa> (Minor issue) + [stretch] - libraw <not-affected> (Vulnerable code not present) [jessie] - libraw <not-affected> (Vulnerable code not present) NOTE: https://github.com/LibRaw/LibRaw/issues/192 CVE-2018-20336 (An issue was discovered in ASUSWRT 3.0.0.4.384.20308. There is a stack ...) @@ -2595,22 +2725,22 @@ CVE-2018-1000883 (Elixir Plug Plug version All contains a Header Injection vulne NOT-FOR-US: Elixir Plug, different from src:elixir-lang CVE-2018-20317 RESERVED -CVE-2018-20316 - RESERVED -CVE-2018-20315 - RESERVED -CVE-2018-20314 - RESERVED -CVE-2018-20313 - RESERVED -CVE-2018-20312 - RESERVED -CVE-2018-20311 - RESERVED -CVE-2018-20310 - RESERVED -CVE-2018-20309 - RESERVED +CVE-2018-20316 (Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9 ...) + NOT-FOR-US: Foxit Reader +CVE-2018-20315 (Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9 ...) + NOT-FOR-US: Foxit Reader +CVE-2018-20314 (Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9 ...) + NOT-FOR-US: Foxit Reader +CVE-2018-20313 (Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9 ...) + NOT-FOR-US: Foxit Reader +CVE-2018-20312 (Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9 ...) + NOT-FOR-US: Foxit Reader +CVE-2018-20311 (Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9 ...) + NOT-FOR-US: Foxit Reader +CVE-2018-20310 (Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9 ...) + NOT-FOR-US: Foxit Reader +CVE-2018-20309 (Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9 ...) + NOT-FOR-US: Foxit Reader CVE-2018-20308 RESERVED CVE-2018-1000882 (WeBid version up to current version 1.2.2 contains a Directory Travers ...) @@ -2772,7 +2902,7 @@ CVE-2018-1000826 (Microweber version <= 1.0.7 contains a Cross Site Scripting NOT-FOR-US: Microweber CVE-2018-1000825 (FreeCol version <= nightly-2018-08-22 contains a XML External Entit ...) - freecol 0.11.6+dfsg2-3 (bug #917023; low) - [buster] - freecol <no-dsa> (Minor issue) + [buster] - freecol 0.11.6+dfsg2-2+deb10u1 [stretch] - freecol <no-dsa> (Minor issue) [jessie] - freecol <end-of-life> (Games are not supported) NOTE: https://github.com/FreeCol/freecol/issues/26 @@ -2793,7 +2923,7 @@ CVE-2018-1000816 (Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross - grafana <removed> NOTE: https://github.com/grafana/grafana/issues/13667 CVE-2018-1000815 (Brave Software Inc. Brave version version 0.22.810 to 0.24.0 contains ...) - NOT-FOR-US: Brave Software Inc. Brave + - brave-browser <itp> (bug #864795) CVE-2018-1000814 (aio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Un ...) NOT-FOR-US: aio-libs aiohttp-session CVE-2018-1000813 (Backdrop CMS version 1.11.0 and earlier contains a Cross Site Scriptin ...) @@ -2930,8 +3060,8 @@ CVE-2018-20245 (The LDAP auth backend (airflow.contrib.auth.backends.ldap_auth) - airflow <itp> (bug #819700) CVE-2018-20244 (In Apache Airflow before 1.10.2, a malicious admin user could edit the ...) - airflow <itp> (bug #819700) -CVE-2018-20243 - RESERVED +CVE-2018-20243 (The implementation of POST with the username and password in the URL p ...) + NOT-FOR-US: Apache Fineract CVE-2018-20242 (A carefully crafted URL could trigger an XSS vulnerability on Apache J ...) - jspwiki <removed> CVE-2018-20241 (The Edit upload resource for a review in Atlassian Fisheye and Crucibl ...) @@ -2990,9 +3120,8 @@ CVE-2018-20219 (An issue was discovered on Teracue ENC-400 devices with firmware CVE-2018-20218 (An issue was discovered on Teracue ENC-400 devices with firmware 2.56 ...) NOT-FOR-US: Teracue ENC-400 devices CVE-2018-20217 (A Reachable Assertion issue was discovered in the KDC in MIT Kerberos ...) - {DLA-1643-1} + {DLA-2771-1 DLA-1643-1} - krb5 1.16.2-1 (low; bug #917387) - [stretch] - krb5 <no-dsa> (Minor issue) NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763 NOTE: https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086 CVE-2018-20216 (QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c becaus ...) @@ -3038,10 +3167,9 @@ CVE-2018-20200 (** DISPUTED ** CertificatePinner.java in OkHttp 3.x through 3.12 NOTE: https://github.com/square/okhttp/issues/4967 NOTE: No practicable security imapacting relevance CVE-2018-20199 (A NULL pointer dereference was discovered in ifilter_bank of libfaad/f ...) - {DLA-1899-1} + {DLA-2792-1 DLA-1899-1} - faad2 2.8.8-3.1 (low) [buster] - faad2 <no-dsa> (Minor issue) - [stretch] - faad2 <no-dsa> (Minor issue) NOTE: https://github.com/knik0/faad2/issues/24 NOTE: https://github.com/knik0/faad2/commit/3b80a57483a6bc822d3ce3cc640fa81737a87c54 CVE-2018-20198 (A NULL pointer dereference was discovered in ifilter_bank of libfaad/f ...) @@ -3481,8 +3609,8 @@ CVE-2018-20062 (An issue was discovered in NoneCms V1.3. thinkphp/library/think/ CVE-2018-20061 (A SQL injection issue was discovered in ERPNext 10.x and 11.x through ...) NOT-FOR-US: Frappe ERPNext CVE-2018-20060 (urllib3 before version 1.23 does not remove the Authorization HTTP hea ...) + {DLA-2686-1} - python-urllib3 1.24-1 - [stretch] - python-urllib3 <no-dsa> (Minor issue) [jessie] - python-urllib3 <ignored> (Minor issue) NOTE: https://github.com/urllib3/urllib3/issues/1316 NOTE: https://github.com/urllib3/urllib3/pull/1346 @@ -3591,7 +3719,7 @@ CVE-2018-20023 (LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains - libvncserver 0.9.11+dfsg-1.2 (bug #916941) - italc <removed> [stretch] - italc 1:3.0.3+dfsg1-1+deb9u1 - - veyon 4.1.4+repack1-1 + - veyon 4.1.4+repack1-1 NOTE: https://github.com/LibVNC/libvncserver/issues/253 NOTE: https://github.com/LibVNC/libvncserver/commit/8b06f835e259652b0ff026898014fc7297ade858 NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-033-libvnc-memory-leak/ @@ -3685,17 +3813,17 @@ CVE-2018-20010 (DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-accoun CVE-2018-20009 (DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Prov ...) NOT-FOR-US: DomainMOD CVE-2018-1000866 (A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2018-1000865 (A sandbox bypass vulnerability exists in Script Security Plugin 1.47 a ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2018-1000864 (A denial of service vulnerability exists in Jenkins 2.153 and earlier, ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2018-1000863 (A data modification vulnerability exists in Jenkins 2.153 and earlier, ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2018-1000862 (An information exposure vulnerability exists in Jenkins 2.153 and earl ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2018-1000861 (A code execution vulnerability exists in the Stapler web framework use ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2018-20008 (iBall Baton iB-WRB302N20122017 devices have improper access control ov ...) NOT-FOR-US: iBall Baton iB-WRB302N20122017 devices CVE-2018-20007 (Yeelight Smart AI Speaker 3.3.10_0074 devices have improper access con ...) @@ -3837,40 +3965,40 @@ CVE-2018-19959 RESERVED CVE-2018-19958 RESERVED -CVE-2018-19957 - RESERVED -CVE-2018-19956 - RESERVED -CVE-2018-19955 - RESERVED -CVE-2018-19954 - RESERVED -CVE-2018-19953 - RESERVED -CVE-2018-19952 - RESERVED -CVE-2018-19951 - RESERVED -CVE-2018-19950 - RESERVED -CVE-2018-19949 - RESERVED +CVE-2018-19957 (A vulnerability involving insufficient HTTP security headers has been ...) + NOT-FOR-US: QNAP +CVE-2018-19956 (The cross-site scripting vulnerability has been reported to affect ear ...) + NOT-FOR-US: QNAP +CVE-2018-19955 (The cross-site scripting vulnerability has been reported to affect ear ...) + NOT-FOR-US: QNAP +CVE-2018-19954 (The cross-site scripting vulnerability has been reported to affect ear ...) + NOT-FOR-US: QNAP +CVE-2018-19953 (If exploited, this cross-site scripting vulnerability could allow remo ...) + NOT-FOR-US: QNAP +CVE-2018-19952 (If exploited, this SQL injection vulnerability could allow remote atta ...) + NOT-FOR-US: QNAP +CVE-2018-19951 (If exploited, this cross-site scripting vulnerability could allow remo ...) + NOT-FOR-US: QNAP +CVE-2018-19950 (If exploited, this command injection vulnerability could allow remote ...) + NOT-FOR-US: QNAP +CVE-2018-19949 (If exploited, this command injection vulnerability could allow remote ...) + NOT-FOR-US: QNAP CVE-2018-19948 (The vulnerability have been reported to affect earlier versions of Hel ...) NOT-FOR-US: QNAP CVE-2018-19947 (The vulnerability have been reported to affect earlier versions of Hel ...) NOT-FOR-US: QNAP CVE-2018-19946 (The vulnerability have been reported to affect earlier versions of Hel ...) NOT-FOR-US: QNAP -CVE-2018-19945 - RESERVED -CVE-2018-19944 - RESERVED -CVE-2018-19943 - RESERVED -CVE-2018-19942 - RESERVED -CVE-2018-19941 - RESERVED +CVE-2018-19945 (A vulnerability has been reported to affect earlier QNAP devices runni ...) + NOT-FOR-US: QNAP +CVE-2018-19944 (A cleartext transmission of sensitive information vulnerability has be ...) + NOT-FOR-US: QNAP +CVE-2018-19943 (If exploited, this cross-site scripting vulnerability could allow remo ...) + NOT-FOR-US: QNAP +CVE-2018-19942 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) + NOT-FOR-US: QNAP +CVE-2018-19941 (A vulnerability has been reported to affect QNAP NAS. If exploited, th ...) + NOT-FOR-US: QNAP CVE-2018-19940 RESERVED CVE-2018-19939 (The Goodix GT9xx touchscreen driver for custom Linux kernels on Xiaomi ...) @@ -4024,15 +4152,21 @@ CVE-2018-19884 CVE-2018-19883 RESERVED CVE-2018-19882 (In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c a ...) - - mupdf <unfixed> (unimportant) + - mupdf 1.15.0+ds1-1 (unimportant) + [buster] - mupdf <not-affected> (Vulnerable code introduced later) + [stretch] - mupdf <not-affected> (Vulnerable code introduced later) NOTE: Negligable security impact, crash in CLI tool NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700342 NOTE: https://github.com/TeamSeri0us/pocs/tree/master/mupdf/20181203 + NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=a7f7d91cdff8d303c11d458fa8b802776f73c8cc CVE-2018-19881 (In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to caus ...) - - mupdf <unfixed> (unimportant) + - mupdf 1.15.0+ds1-1 (unimportant) + [buster] - mupdf <not-affected> (Vulnerable code introduced later) + [stretch] - mupdf <not-affected> (Vulnerable code introduced later) NOTE: Negligable security impact, crash in CLI tool NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700342 NOTE: https://github.com/TeamSeri0us/pocs/tree/master/mupdf/20181203 + NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=a7f7d91cdff8d303c11d458fa8b802776f73c8cc CVE-2018-19880 RESERVED CVE-2018-19879 (An issue was discovered in /cgi-bin/luci on Teltonika RTU9XX (e.g., RU ...) @@ -4065,53 +4199,47 @@ CVE-2018-19875 CVE-2018-19874 RESERVED CVE-2018-19873 (An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer ...) - {DSA-4374-1 DLA-1786-1 DLA-1627-1} + {DSA-4374-1 DLA-2377-1 DLA-1786-1 DLA-1627-1} [experimental] - qtbase-opensource-src 5.11.3+dfsg-1 - qtbase-opensource-src 5.11.3+dfsg-2 (low) - qt4-x11 4:4.8.7+dfsg-18 (low; bug #923003) - [stretch] - qt4-x11 <no-dsa> (Minor issue) NOTE: https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/ NOTE: https://codereview.qt-project.org/#/c/238749/ NOTE: https://github.com/qt/qtbase/commit/621ab8ab59901cc3f9bd98be709929c9eac997a8 CVE-2018-19872 (An issue was discovered in Qt 5.11. A malformed PPM image causes a div ...) + {DLA-2377-1 DLA-2376-1} - qtbase-opensource-src 5.11.2+dfsg-3 (low) - [stretch] - qtbase-opensource-src <no-dsa> (Minor issue) [jessie] - qtbase-opensource-src <no-dsa> (Minor issue) - qt4-x11 4:4.8.7+dfsg-18 - [stretch] - qt4-x11 <no-dsa> (Minor issue) [jessie] - qt4-x11 <no-dsa> (Minor issue) NOTE: https://bugreports.qt.io/browse/QTBUG-69449 NOTE: qt4-x11: POC doesn't crash on neither jessie nor stretch, it's possibly incomplete; patch applies though. CVE-2018-19871 (An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontr ...) - {DLA-1786-1} + {DLA-2377-1 DLA-1786-1} - qtimageformats-opensource-src 5.11.3-2 (low) [stretch] - qtimageformats-opensource-src <no-dsa> (Minor issue) [jessie] - qtimageformats-opensource-src <postponed> (Minor issue) - qt4-x11 4:4.8.7+dfsg-18 (low; bug #923003) - [stretch] - qt4-x11 <no-dsa> (Minor issue) NOTE: https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/ NOTE: https://codereview.qt-project.org/#/c/237761/ NOTE: qt4-x11 affected in src/plugins/imageformats/tga/qtgafile.cpp NOTE: https://github.com/qt/qtimageformats/commit/7cfe47a8fe2f987fb2a066a696fb3d9d0afe4d65 CVE-2018-19870 (An issue was discovered in Qt before 5.11.3. A malformed GIF image cau ...) - {DSA-4374-1 DLA-1786-1 DLA-1627-1} + {DSA-4374-1 DLA-2377-1 DLA-1786-1 DLA-1627-1} [experimental] - qtbase-opensource-src 5.11.3+dfsg-1 - qtbase-opensource-src 5.11.3+dfsg-2 (low) - qt4-x11 4:4.8.7+dfsg-18 (low; bug #923003) - [stretch] - qt4-x11 <no-dsa> (Minor issue) NOTE: https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/ NOTE: https://codereview.qt-project.org/#/c/235998/ NOTE: affected code can be in src/gui/image/qgifhandler.cpp or in NOTE: src/plugins/imageformats/gif/qgifhandler.cpp depending on the version NOTE: https://github.com/qt/qtbase/commit/2841e2b61e32f26900bde987d469c8b97ea31999 CVE-2018-19869 (An issue was discovered in Qt before 5.11.3. A malformed SVG image cau ...) - {DLA-1786-1} + {DLA-2422-1 DLA-2377-1 DLA-1786-1} [experimental] - qtsvg-opensource-src 5.11.3-1 - qtsvg-opensource-src 5.11.3-2 (low) - [stretch] - qtsvg-opensource-src <no-dsa> (Minor issue) [jessie] - qtsvg-opensource-src <no-dsa> (Minor issue) - qt4-x11 4:4.8.7+dfsg-18 (low) - [stretch] - qt4-x11 <no-dsa> (Minor issue) NOTE: https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/ NOTE: https://codereview.qt-project.org/#/c/234142/ NOTE: https://github.com/qt/qtsvg/commit/8c199714e9bc638fb3f6ec747fb7a23373e49335 @@ -4187,15 +4315,13 @@ CVE-2018-19842 (getToken in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allo NOTE: https://github.com/radare/radare2/commit/66191f780863ea8c66ace4040d0d04a8842e8432 NOTE: https://github.com/radare/radare2/issues/12239 CVE-2018-19841 (The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a ...) + {DLA-2525-1} - wavpack 5.1.0-5 (bug #915565) - [stretch] - wavpack <no-dsa> (Minor issue) - [jessie] - wavpack <no-dsa> (Minor issue) NOTE: https://github.com/dbry/WavPack/commit/bba5389dc598a92bdf2b297c3ea34620b6679b5b NOTE: https://github.com/dbry/WavPack/issues/54 CVE-2018-19840 (The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPac ...) + {DLA-2525-1} - wavpack 5.1.0-5 (bug #915564) - [stretch] - wavpack <no-dsa> (Minor issue) - [jessie] - wavpack <no-dsa> (Minor issue) NOTE: https://github.com/dbry/WavPack/commit/070ef6f138956d9ea9612e69586152339dbefe51 NOTE: https://github.com/dbry/WavPack/issues/53 CVE-2018-19839 (In LibSass prior to 3.5.5, the function handle_error in sass_context.c ...) @@ -4204,10 +4330,11 @@ CVE-2018-19839 (In LibSass prior to 3.5.5, the function handle_error in sass_con NOTE: https://github.com/sass/libsass/issues/2657 NOTE: https://github.com/sass/libsass/pull/2767 CVE-2018-19838 (In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_ ...) - - libsass <unfixed> (low) + - libsass 3.6.3-1 (low) [buster] - libsass <no-dsa> (Minor issue) [stretch] - libsass <no-dsa> (Minor issue) NOTE: https://github.com/sass/libsass/issues/2660 + NOTE: Fixed in 3.6.1, but 3.6.3 first to land in unstable CVE-2018-19837 (In LibSass prior to 3.5.5, Sass::Eval::operator()(Sass::Binary_Express ...) - libsass 3.5.4+20180621~c0a6cf3-1 [stretch] - libsass <no-dsa> (Minor issue) @@ -4311,10 +4438,11 @@ CVE-2018-19799 (Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexp CVE-2018-19798 (Fleetco Fleet Maintenance Management (FMM) 1.2 and earlier allows uplo ...) NOT-FOR-US: Fleetco Fleet Maintenance Management (FMM) CVE-2018-19797 (In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Sel ...) - - libsass <unfixed> + - libsass 3.6.3-1 [buster] - libsass <no-dsa> (Minor issue) [stretch] - libsass <no-dsa> (Minor issue) NOTE: https://github.com/sass/libsass/issues/2779 + NOTE: https://github.com/sass/libsass/commit/e94b5f91ec372a84be1f9c0da32cb6e0af0b99fe CVE-2018-19796 (An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPre ...) NOT-FOR-US: Ninja Forms plugin for WordPress CVE-2018-19795 (ChipsBank UMPTool saves the password to the NAND with a simple substit ...) @@ -4343,9 +4471,8 @@ CVE-2018-19788 (A flaw was found in PolicyKit (aka polkit) 0.115 that allows a u NOTE: https://gitlab.freedesktop.org/polkit/polkit/commit/2cb40c4d5feeaa09325522bd7d97910f1b59e379 NOTE: https://gitlab.freedesktop.org/polkit/polkit/commit/b534a10727455409acd54018a9c91000e7626126 CVE-2018-19787 (An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in th ...) - {DLA-1604-1} + {DLA-2467-1} - lxml 4.2.5-1 - [stretch] - lxml <no-dsa> (Minor issue) NOTE: Fixed by: https://github.com/lxml/lxml/commit/6be1d081b49c97cfd7b3fbd934a193b668629109 (lxml-4.2.5) CVE-2018-19786 (HashiCorp Vault before 1.0.0 writes the master key to the server log i ...) NOT-FOR-US: HashiCorp Vault @@ -4369,6 +4496,8 @@ CVE-2018-19777 (In Artifex MuPDF 1.14.0, there is an infinite loop in the functi - mupdf 1.15.0+ds1-1 (unimportant; bug #915137) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700301 NOTE: No security impact, hang in GUI/CLI tool + NOTE: Not able to reproduce on buster or stretch + NOTE: upstream fix for bug #700301 may be incomplete CVE-2018-19776 RESERVED CVE-2018-19775 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...) @@ -4432,9 +4561,8 @@ CVE-2018-19759 (There is a heap-based buffer over-read at stb_image_write.h (fun NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649202 (reproducer) NOTE: CVE description is misleading, not an issue in libstb CVE-2018-19758 (There is a heap-based buffer over-read at wav.c in wav_write_header in ...) - {DLA-1632-1} + {DLA-2418-1 DLA-1632-1} - libsndfile 1.0.28-5 (bug #917416) - [stretch] - libsndfile <ignored> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643812 NOTE: https://github.com/erikd/libsndfile/issues/435 NOTE: https://github.com/erikd/libsndfile/commit/42132c543358cee9f7c3e9e9b15bb6c1063a608e @@ -4455,7 +4583,7 @@ CVE-2018-19756 (There is a heap-based buffer over-read at stb_image.h (function: NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649198 (reproducer) NOTE: CVE description is misleading, not an issue in libstb CVE-2018-19755 (There is an illegal address access at asm/preproc.c (function: is_mmac ...) - - nasm <unfixed> (unimportant; bug #915087) + - nasm 2.15.02-1 (unimportant; bug #915087) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392528 NOTE: https://github.com/netwide-assembler/nasm/commit/3079f7966dbed4497e36d5067cbfd896a90358cb NOTE: Crash in CLI tool, no security impact @@ -4661,16 +4789,14 @@ CVE-2018-19664 (libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put CVE-2018-19663 RESERVED CVE-2018-19662 (An issue was discovered in libsndfile 1.0.28. There is a buffer over-r ...) - {DLA-1618-1} + {DLA-2418-1 DLA-1618-1} - libsndfile 1.0.28-5 (low) - [stretch] - libsndfile <ignored> (Minor issue) NOTE: https://github.com/erikd/libsndfile/issues/429 NOTE: https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f NOTE: similar to CVE-2017-17456/CVE-2017-17457 (but not duplicate) CVE-2018-19661 (An issue was discovered in libsndfile 1.0.28. There is a buffer over-r ...) - {DLA-1618-1} + {DLA-2418-1 DLA-1618-1} - libsndfile 1.0.28-5 (low) - [stretch] - libsndfile <ignored> (Minor issue) NOTE: https://github.com/erikd/libsndfile/issues/429 NOTE: https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f NOTE: similar to CVE-2017-17456/CVE-2017-17457 (but not duplicate) @@ -4994,11 +5120,11 @@ CVE-2018-19542 (An issue was discovered in JasPer 2.0.14. There is a NULL pointe {DLA-1628-1} - jasper <removed> NOTE: https://github.com/mdadams/jasper/issues/182 -CVE-2018-19541 (An issue was discovered in JasPer 2.0.14. There is a heap-based buffer ...) +CVE-2018-19541 (An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11 ...) {DLA-1628-1} - jasper <removed> NOTE: https://github.com/mdadams/jasper/issues/182 -CVE-2018-19540 (An issue was discovered in JasPer 2.0.14. There is a heap-based buffer ...) +CVE-2018-19540 (An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11 ...) {DLA-1628-1} - jasper <removed> NOTE: https://github.com/mdadams/jasper/issues/182 @@ -5250,13 +5376,12 @@ CVE-2018-19475 (psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=aeea342904978c9fe17d85f4906a0f6fcce2d315 (master) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700153 CVE-2018-19518 (University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_o ...) - {DSA-4353-1 DLA-1700-1 DLA-1608-1} + {DSA-4353-1 DLA-2866-1 DLA-1700-1 DLA-1608-1} - php7.3 7.3.0-1 (bug #913775) - php7.2 <removed> (bug #913835) - php7.0 <removed> (bug #913836) - php5 <removed> - uw-imap 8:2007f~dfsg-6 (bug #914632) - [stretch] - uw-imap <no-dsa> (Minor issue) NOTE: Fixed in 5.6.39, 7.0.33, 7.1.25, 7.2.13, 7.3.0 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76428 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77153 @@ -5343,8 +5468,8 @@ CVE-2018-19420 (In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads bu NOT-FOR-US: GetSimpleCMS CVE-2018-19419 RESERVED -CVE-2018-19418 - RESERVED +CVE-2018-19418 (Foxit PDF ActiveX before 5.5.1 allows remote code execution via comman ...) + NOT-FOR-US: Foxit PDF ActiveX CVE-2018-19417 (An issue was discovered in the MQTT server in Contiki-NG before 4.2. T ...) NOT-FOR-US: Contiki-NG CVE-2018-19517 (An issue was discovered in sysstat 12.1.1. The remap_struct function i ...) @@ -5564,8 +5689,10 @@ CVE-2018-19353 (The ansilove_ansi function in loaders/ansi.c in libansilove 1.0. NOT-FOR-US: libansilove CVE-2018-19352 (Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name ...) - jupyter-notebook 5.7.4-1 (bug #917408) + [stretch] - jupyter-notebook <not-affected> (Vulnerable code not present) NOTE: https://github.com/jupyter/notebook/commit/288b73e1edbf527740e273fcc69b889460871648 CVE-2018-19351 (Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook bec ...) + {DLA-2432-1} - jupyter-notebook 5.7.4-1 (bug #917409) NOTE: https://github.com/jupyter/notebook/commit/107a89fce5f413fb5728c1c5d2c7788e1fb17491 CVE-2018-19350 (In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwd ...) @@ -5840,10 +5967,10 @@ CVE-2018-19221 (An issue was discovered in LAOBANCMS 2.0. It allows SQL Injectio CVE-2018-19220 (An issue was discovered in LAOBANCMS 2.0. It allows remote attackers t ...) NOT-FOR-US: LAOBANCMS CVE-2018-19219 (In LibSass 3.5-stable, there is an illegal address access at Sass::Eva ...) - - libsass <undetermined> + NOTE: Bogus report for libsass NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643760 CVE-2018-19218 (In LibSass 3.5-stable, there is an illegal address access at Sass::Par ...) - - libsass <undetermined> + NOTE: Bogus report for libsass NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643758 CVE-2018-19217 (** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL poi ...) - ncurses 6.0+20170701-1 @@ -5877,7 +6004,7 @@ CVE-2018-19212 (In libwebm through 2018-10-03, there is an abort caused by libwe NOTE: Chromium and qtwebengine bundle the library, but not a security issue there CVE-2018-19211 (In ncurses 6.1, there is a NULL pointer dereference at function _nc_pa ...) - ncurses 6.1+20180210-3 (low) - [stretch] - ncurses <no-dsa> (Minor issue) + [stretch] - ncurses <ignored> (Minor issue) [jessie] - ncurses <no-dsa> (Minor issue) [wheezy] - ncurses <ignored> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643754 @@ -5964,7 +6091,7 @@ CVE-2018-19186 (The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2 CVE-2018-19185 (An issue has been found in libIEC61850 v1.3. It is a heap-based buffer ...) NOT-FOR-US: libIEC61850 CVE-2018-19184 (cmd/evm/runner.go in Go Ethereum (aka geth) 1.8.17 allows attackers to ...) - NOT-FOR-US: Go Ethereum + - golang-github-go-ethereum <itp> (bug #890541) CVE-2018-19183 (ethereumjs-vm 2.4.0 allows attackers to cause a denial of service (vm. ...) NOT-FOR-US: ethereumjs-vm CVE-2018-19182 (Engelsystem before commit hash 2e28336 allows CSRF. ...) @@ -6034,10 +6161,10 @@ CVE-2018-19151 (qtum through 0.16 (a chain-based proof-of-stake cryptocurrency) CVE-2018-19150 (Memory corruption in PDMODELProvidePDModelHFT in pdmodel.dll in pdffor ...) NOT-FOR-US: pdfforge PDF Architect CVE-2018-19149 (Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attac ...) - - poppler <unfixed> (unimportant; bug #914600) + - poppler 0.71.0-2 (unimportant; bug #914600) NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/664 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649457#c3 - NOTE: https://github.com/freedesktop/poppler/commit/f162ecdea0dda5dbbdb45503c1d55d9afaa41d44 + NOTE: https://github.com/freedesktop/poppler/commit/f162ecdea0dda5dbbdb45503c1d55d9afaa41d44 (poppler-0.70.0) CVE-2018-19148 (Caddy through 0.11.0 sends incorrect certificates for certain invalid ...) - caddy <itp> (bug #810890) CVE-2018-19147 @@ -6101,7 +6228,7 @@ CVE-2018-19121 (An issue has been found in libIEC61850 v1.3. It is a SEGV in Eth CVE-2018-19141 (Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before ...) {DLA-1592-1} - otrs2 6.0.1-1 - [stretch] - otrs2 <no-dsa> (Non-free not supported) + [stretch] - otrs2 <ignored> (Non-free not supported) NOTE: https://community.otrs.com/security-advisory-2018-09-security-update-for-otrs-framework/ NOTE: Only the 4.x and 5.x series are affected (and possibly earlier versions). NOTE: Add workaround and mark first 6.x version as fixing version @@ -6113,13 +6240,13 @@ CVE-2018-19142 (Open Ticket Request System (OTRS) 6.0.x before 6.0.13 allows an CVE-2018-19143 (Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5. ...) {DLA-1592-1} - otrs2 6.0.13-1 - [stretch] - otrs2 <no-dsa> (Non-free not supported) + [stretch] - otrs2 <ignored> (Non-free not supported) NOTE: https://community.otrs.com/security-advisory-2018-07-security-update-for-otrs-framework/ CVE-2018-19120 (The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows ...) - kio-extras 4:18.08.3-1 (bug #913595) [stretch] - kio-extras <no-dsa> (Minor issue) - kde-runtime <removed> (bug #913596) - [buster] - kde-runtime <no-dsa> (Minor issue) + [buster] - kde-runtime <ignored> (Minor issue) [stretch] - kde-runtime <no-dsa> (Minor issue) [jessie] - kde-runtime <ignored> (Minor issue) NOTE: https://www.kde.org/info/security/advisory-20181012-1.txt @@ -6271,21 +6398,20 @@ CVE-2018-19062 CVE-2018-19061 (DedeCMS 5.7 SP2 has SQL Injection via the dede\co_do.php ids parameter ...) NOT-FOR-US: DedeCMS CVE-2018-19060 (An issue was discovered in Poppler 0.71.0. There is a NULL pointer der ...) - - poppler <unfixed> (unimportant; bug #913182) + - poppler 0.85.0-2 (unimportant; bug #913182) NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/660 - NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/d2f5d424ba8752f9a9e9dad410546ec1b46caa0a + NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/d2f5d424ba8752f9a9e9dad410546ec1b46caa0a (poppler-0.72.0) NOTE: Issue in pdfdetach cli tool leading to crash CVE-2018-19059 (An issue was discovered in Poppler 0.71.0. There is a out-of-bounds re ...) - - poppler <unfixed> (unimportant; bug #913180) + - poppler 0.85.0-2 (unimportant; bug #913180) NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/661 - NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/77a30e94d96220d7e22dff5b3f0a7f296f01b118 + NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/77a30e94d96220d7e22dff5b3f0a7f296f01b118 (poppler-0.72.0) NOTE: Issue in pdfdetach cli tool leading to crash CVE-2018-19058 (An issue was discovered in Poppler 0.71.0. There is a reachable abort ...) - {DLA-1706-1} + {DLA-2440-1 DLA-1706-1} [experimental] - poppler 0.81.0-1 - poppler 0.85.0-2 (low; bug #913177) [buster] - poppler <ignored> (Minor issue) - [stretch] - poppler <ignored> (Minor issue) NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/659 NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/6912e06d9ab19ba28991b5cab3319d61d856bd6d CVE-2018-19057 (SimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted IMG ele ...) @@ -6311,8 +6437,8 @@ CVE-2018-19050 (MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword la CVE-2018-19049 RESERVED CVE-2018-19052 (An issue was discovered in mod_alias_physical_handler in mod_alias.c i ...) + {DLA-2887-1} - lighttpd 1.4.52-1 (bug #913528) - [stretch] - lighttpd <no-dsa> (Minor issue) [jessie] - lighttpd <no-dsa> (Minor issue) NOTE: https://github.com/lighttpd/lighttpd1.4/commit/2105dae0f9d7a964375ce681e53cb165375f84c1 CVE-2018-19048 (Simditor through 2.3.21 allows DOM XSS via an onload attribute within ...) @@ -6372,8 +6498,8 @@ CVE-2018-19027 (Three type confusion vulnerabilities exist in CX-One Versions 4. NOT-FOR-US: CX-One CVE-2018-19026 RESERVED -CVE-2018-19025 - RESERVED +CVE-2018-19025 (In JUUKO K-808, an attacker could specially craft a packet that encode ...) + NOT-FOR-US: JUUKO K-808 CVE-2018-19024 RESERVED CVE-2018-19023 (Hetronic Nova-M prior to verson r161 uses fixed codes that are reprodu ...) @@ -6884,7 +7010,7 @@ CVE-2018-19131 (Squid before 4.4 has XSS via a crafted X.509 certificate during NOTE: Squid in Debian builds without TLS support CVE-2018-18806 (School Equipment Monitoring System 1.0 allows SQL injection via the lo ...) NOT-FOR-US: School Equipment Monitoring System -CVE-2018-18805 (PointOfSales 1.0 allows SQL injection via the login screen, related to ...) +CVE-2018-18805 (Point Of Sales 1.0 allows SQL injection via the login screen, related ...) NOT-FOR-US: PointOfSales CVE-2018-18804 (Bakeshop Inventory System 1.0 has SQL injection via the login screen, ...) NOT-FOR-US: Bakeshop Inventory System @@ -7145,10 +7271,10 @@ CVE-2018-18690 (In the Linux kernel before 4.17, a local attacker able to set at NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199119 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1105025 NOTE: https://git.kernel.org/linus/7b38460dc8e4eafba06c78f8e37099d3b34d473c -CVE-2018-18689 - RESERVED -CVE-2018-18688 - RESERVED +CVE-2018-18689 (The Portable Document Format (PDF) specification does not provide any ...) + NOT-FOR-US: Foxit Reader +CVE-2018-18688 (The Portable Document Format (PDF) specification does not provide any ...) + NOT-FOR-US: Foxit Reader CVE-2018-18687 RESERVED CVE-2018-18686 @@ -7476,7 +7602,7 @@ CVE-2018-18559 (In the Linux kernel through 4.19, a use-after-free can occur due NOTE: Fixed by: https://git.kernel.org/linus/15fe076edea787807a7cdc168df832544b58eba6 CVE-2018-18558 (An issue was discovered in Espressif ESP-IDF 2.x and 3.x before 3.0.6 ...) NOT-FOR-US: Espressif ESP-IDF -CVE-2018-18557 (LibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into ...) +CVE-2018-18557 (LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4 ...) {DSA-4349-1 DLA-1557-1} - tiff 4.0.9+git181026-1 (bug #911635) - tiff3 <removed> @@ -7568,16 +7694,14 @@ CVE-2018-18523 CVE-2018-18522 RESERVED CVE-2018-18521 (Divide-by-zero vulnerabilities in the function arlib_add_symbols() in ...) - {DLA-1689-1} + {DLA-2802-1 DLA-1689-1} - elfutils 0.175-1 (low; bug #911413) - [stretch] - elfutils <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23786 NOTE: https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=2b16a9be69939822dcafe075413468daac98b327 CVE-2018-18520 (An Invalid Memory Address Dereference exists in the function elf_end i ...) - {DLA-1689-1} + {DLA-2802-1 DLA-1689-1} - elfutils 0.175-1 (low; bug #911414) - [stretch] - elfutils <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23787 NOTE: https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=22d2d082d57a7470fadc0eae67179553f4919209 @@ -7617,9 +7741,8 @@ CVE-2018-18509 (A flaw during verification of certain S/MIME signatures causes e {DSA-4392-1 DLA-1678-1} - thunderbird 1:60.5.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-06/#CVE-2018-18511 -CVE-2018-18508 [NULL pointer dereference in several CMS functions resulting in a denial of service] - RESERVED - {DLA-1704-1} +CVE-2018-18508 (In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a ...) + {DLA-2388-1 DLA-1704-1} - nss 2:3.42.1-1 (bug #921614) NOTE: https://hg.mozilla.org/projects/nss/rev/08d1b0c1117f NOTE: https://hg.mozilla.org/projects/nss/rev/5e70b72131ac @@ -7762,7 +7885,7 @@ CVE-2018-18474 RESERVED CVE-2018-18473 (A hidden backdoor on PATLITE NH-FB Series devices with firmware versio ...) NOT-FOR-US: PATLITE NBM-D88N -CVE-2018-18472 (Western Digital WD My Book Live (all versions) has a root Remote Comma ...) +CVE-2018-18472 (Western Digital WD My Book Live and WD My Book Live Duo (all versions) ...) NOT-FOR-US: Western Digital WD My Book Live CVE-2018-18471 (/api/2.0/rest/aggregator/xml in Axentra firmware, used by NETGEAR Stor ...) NOT-FOR-US: Axentra firmware @@ -7847,9 +7970,12 @@ CVE-2018-18447 CVE-2018-18446 RESERVED CVE-2018-18444 (makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bound ...) + {DSA-4755-1 DLA-2358-1} - openexr 2.5.3-2 (unimportant) + [jessie] - openexr <not-affected> (exrmultiview code not present in tarball) NOTE: Issue in exrmultiview which is not installed in the binary package. NOTE: https://github.com/openexr/openexr/issues/351 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/401#issuecomment-513721310 (v2.4.0) CVE-2018-18443 (OpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/Ilm ...) - openexr 2.5.3-2 (unimportant) NOTE: https://github.com/openexr/openexr/issues/350 @@ -8218,9 +8344,8 @@ CVE-2018-18311 (Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflo NOTE: Introduced by: https://perl5.git.perl.org/perl.git/commitdiff/e658793210bbe632a5e80a876acfcd0984c46b87 NOTE: maint-5.28: https://perl5.git.perl.org/perl.git/commitdiff/0589f071dc6836de80b24fd798c3336c72ead850 CVE-2018-18310 (An invalid memory address dereference was discovered in dwfl_segment_r ...) - {DLA-1689-1} + {DLA-2802-1 DLA-1689-1} - elfutils 0.175-1 (bug #911083) - [stretch] - elfutils <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23752 NOTE: https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=20f9de9b5f704cec55df92406a50bcbcfca96acd @@ -8492,41 +8617,29 @@ CVE-2018-18199 (Mediamanager in REDAXO before 5.6.4 has XSS. ...) CVE-2018-18198 (The $opener_input_field variable in addons/mediapool/pages/index.php i ...) NOT-FOR-US: REDAXO CVE-2018-18197 (An issue was discovered in libgig 4.1.0. There is an operator new[] fa ...) - - libgig <unfixed> (low; bug #931309) - [buster] - libgig <ignored> (Minor issue) - [stretch] - libgig <ignored> (Minor issue) - [jessie] - libgig <no-dsa> (Minor issue) + - libgig <unfixed> (unimportant; bug #931309) NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md + NOTE: Negligible security impact CVE-2018-18196 (An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...) - - libgig <unfixed> (low; bug #931309) - [buster] - libgig <ignored> (Minor issue) - [stretch] - libgig <ignored> (Minor issue) - [jessie] - libgig <no-dsa> (Minor issue) + - libgig <unfixed> (unimportant; bug #931309) NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md + NOTE: Negligible security impact CVE-2018-18195 (An issue was discovered in libgig 4.1.0. There is an FPE (divide-by-ze ...) - - libgig <unfixed> (low; bug #931309) - [buster] - libgig <ignored> (Minor issue) - [stretch] - libgig <ignored> (Minor issue) - [jessie] - libgig <no-dsa> (Minor issue) + - libgig <unfixed> (unimportant; bug #931309) NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md + NOTE: Negligible security impact CVE-2018-18194 (An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...) - - libgig <unfixed> (low; bug #931309) - [buster] - libgig <ignored> (Minor issue) - [stretch] - libgig <ignored> (Minor issue) - [jessie] - libgig <no-dsa> (Minor issue) + - libgig <unfixed> (unimportant; bug #931309) NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md + NOTE: Negligible security impact CVE-2018-18193 (An issue was discovered in libgig 4.1.0. There is operator new[] failu ...) - - libgig <unfixed> (low; bug #931309) - [buster] - libgig <ignored> (Minor issue) - [stretch] - libgig <ignored> (Minor issue) - [jessie] - libgig <no-dsa> (Minor issue) + - libgig <unfixed> (unimportant; bug #931309) NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md + NOTE: Negligible security impact CVE-2018-18192 (An issue was discovered in libgig 4.1.0. There is a NULL pointer deref ...) - - libgig <unfixed> (low; bug #931309) - [buster] - libgig <ignored> (Minor issue) - [stretch] - libgig <ignored> (Minor issue) - [jessie] - libgig <no-dsa> (Minor issue) + - libgig <unfixed> (unimportant; bug #931309) NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md + NOTE: Negligible security impact CVE-2018-18191 (Cross-site request forgery (CSRF) vulnerability in /admin.php?c=member ...) NOT-FOR-US: FineCms CVE-2018-18190 (An issue was discovered in GoPro gpmf-parser before 1.2.1. There is a ...) @@ -8804,6 +8917,7 @@ CVE-2018-18065 (_set_key in agent/helpers/table_container.c in Net-SNMP before 5 NOTE: https://sourceforge.net/p/net-snmp/code/ci/7ffb8e25a0db851953155de91f0170e9bf8c457d/ CVE-2018-18064 (cairo through 1.15.14 has an out-of-bounds stack-memory write during p ...) - cairo <unfixed> (low; bug #916083) + [bullseye] - cairo <ignored> (Minor issue) [buster] - cairo <ignored> (Minor issue) [stretch] - cairo <no-dsa> (Minor issue) [jessie] - cairo <no-dsa> (Minor issue) @@ -8845,9 +8959,8 @@ CVE-2018-1000807 (Python Cryptographic Authority pyopenssl version prior to vers NOTE: https://github.com/pyca/pyopenssl/pull/723 NOTE: https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509 CVE-2018-1000805 (Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 con ...) - {DLA-1556-1} + {DLA-2860-1 DLA-1556-1} - paramiko 2.4.2-0.1 (bug #910760) - [stretch] - paramiko <no-dsa> (Minor issue) NOTE: https://github.com/paramiko/paramiko/issues/1283 NOTE: https://github.com/paramiko/paramiko/commit/56c96a659658acdbb873aef8809a7b508434dcce CVE-2018-1000804 (contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL ( ...) @@ -9010,7 +9123,7 @@ CVE-2018-17990 (An issue was discovered on D-Link DSL-3782 devices with firmware NOT-FOR-US: D-Link CVE-2018-17989 (A stored XSS vulnerability exists in the web interface on D-Link DSL-3 ...) NOT-FOR-US: D-Link -CVE-2018-17988 (LayerBB 1.1.1 has SQL Injection via the search.php search_query parame ...) +CVE-2018-17988 (LayerBB 1.1.1 and 1.1.3 has SQL Injection via the search.php search_qu ...) NOT-FOR-US: LayerBB CVE-2018-17987 (The determineWinner function of a smart contract implementation for Ha ...) NOT-FOR-US: Some Ethereum application @@ -9039,7 +9152,8 @@ CVE-2018-17979 CVE-2018-17978 RESERVED CVE-2018-17977 (The Linux kernel 4.14.67 mishandles certain interaction among XFRM Net ...) - - linux <unfixed> + - linux <unfixed> (unimportant) + NOTE: Needs major rework on protocol level to fix. Exploitable (likely) only with CAP_NET_ADMIN. CVE-2018-17976 (An issue was discovered in GitLab Community Edition 11.x before 11.1.8 ...) - gitlab 11.1.8+dfsg-2 NOTE: https://about.gitlab.com/2018/10/05/critical-security-release-11-3-4/ @@ -9169,10 +9283,9 @@ CVE-2018-17939 (An issue was discovered in GitLab Community and Enterprise Editi CVE-2018-17938 (Zimbra Collaboration before 8.8.10 GA allows text content spoofing via ...) NOT-FOR-US: Zimbra CVE-2018-17937 (gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3, an open ...) - {DLA-1738-1} + {DLA-2795-1 DLA-1738-1} [experimental] - gpsd 3.18.1-1 - gpsd 3.17-6 (low; bug #925327) - [stretch] - gpsd <no-dsa> (Minor issue) NOTE: http://git.savannah.nongnu.org/cgit/gpsd.git/commit/?id=7646cbd04055a50b157312ba6b376e88bd398c19 CVE-2018-17936 (NUUO CMS All versions 3.3 and prior the application allows the upload ...) NOT-FOR-US: NUUO CMS @@ -9182,8 +9295,8 @@ CVE-2018-17934 (NUUO CMS All versions 3.3 and prior the application allows exter NOT-FOR-US: NUUO CMS CVE-2018-17933 (VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may al ...) NOT-FOR-US: VGo Robot -CVE-2018-17932 - RESERVED +CVE-2018-17932 (JUUKO K-800 (Firmware versions prior to numbers ending ...9A, ...9B, . ...) + NOT-FOR-US: JUUKO K-800 CVE-2018-17931 (If an attacker has physical access to the VGo Robot (Versions 3.0.3.52 ...) NOT-FOR-US: VGo Robot CVE-2018-17930 (A stack-based buffer overflow vulnerability has been identified in Tel ...) @@ -9307,8 +9420,8 @@ CVE-2018-17877 (A lottery smart contract implementation for Greedy 599, an Ether NOT-FOR-US: Greedy 599 CVE-2018-17876 (A Stored XSS vulnerability has been discovered in the v5.5.0 version o ...) NOT-FOR-US: Coaster CMS -CVE-2018-17875 - RESERVED +CVE-2018-17875 (A remote code execution issue in the ping command on Poly Trio 8800 5. ...) + NOT-FOR-US: Poly Trio 8800 devices CVE-2018-17874 (ExpressionEngine before 4.3.5 has reflected XSS. ...) NOT-FOR-US: ExpressionEngine CVE-2018-17873 (An incorrect access control vulnerability in the FTP configuration of ...) @@ -9327,16 +9440,16 @@ CVE-2018-17867 (The Port Forwarding functionality on DASAN H660GW devices allows NOT-FOR-US: DASAN H660GW device CVE-2018-17866 (Multiple cross-site scripting (XSS) vulnerabilities in includes/core/u ...) NOT-FOR-US: "Ultimate Member - User Profile & Membership" plugin for WordPress -CVE-2018-17865 - RESERVED +CVE-2018-17865 (** UNSUPPORTED WHEN ASSIGNED ** A cross-site scripting (XSS) vulnerabi ...) + NOT-FOR-US: SAP CVE-2018-17864 RESERVED CVE-2018-17863 RESERVED -CVE-2018-17862 - RESERVED -CVE-2018-17861 - RESERVED +CVE-2018-17862 (** UNSUPPORTED WHEN ASSIGNED ** A cross-site scripting (XSS) vulnerabi ...) + NOT-FOR-US: SAP +CVE-2018-17861 (** UNSUPPORTED WHEN ASSIGNED ** A cross-site scripting (XSS) vulnerabi ...) + NOT-FOR-US: SAP CVE-2018-17860 (Cloudera CDH has Insecure Permissions because ALL cannot be revoked.Th ...) NOT-FOR-US: Cloudera CVE-2018-17859 (An issue was discovered in Joomla! before 3.8.13. Inadequate checks in ...) @@ -9488,7 +9601,7 @@ CVE-2018-17797 (An issue was discovered in zzcms 8.3. user/zssave.php allows rem NOT-FOR-US: zzcms CVE-2018-17796 (An issue was discovered in MRCMS (aka mushroom) through 3.1.2. The Web ...) NOT-FOR-US: MRCMS -CVE-2018-17795 (The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 allows remot ...) +CVE-2018-17795 (The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier ...) - tiff 4.0.9-2 [stretch] - tiff 4.0.8-2+deb9u2 [jessie] - tiff 4.0.3-12.3+deb8u5 @@ -10325,20 +10438,18 @@ CVE-2018-17441 (An issue was discovered on D-Link Central WiFi Manager before v CVE-2018-17440 (An issue was discovered on D-Link Central WiFi Manager before v 1.03r0 ...) NOT-FOR-US: D-Link CVE-2018-17439 (An issue was discovered in the HDF HDF5 1.10.3 library. There is a sta ...) - - hdf5 <undetermined> + - hdf5 <unfixed> (unimportant) NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln5#stack-overflow-in-h5s_extent_get_dims NOTE: https://jira.hdfgroup.org/browse/HDFFV-10589 + NOTE: Negligible security impact CVE-2018-17438 (A SIGFPE signal is raised in the function H5D__select_io() of H5Dselec ...) - - hdf5 <unfixed> (low) - [buster] - hdf5 <no-dsa> (Minor issue) - [stretch] - hdf5 <no-dsa> (Minor issue) - [jessie] - hdf5 <ignored> (Minor issue) + - hdf5 1.10.6+repack-1 (unimportant) NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln4#divided-by-zero---poc_h5d__select_io_h5dselect NOTE: https://jira.hdfgroup.org/browse/HDFFV-10587 NOTE: fix in develop branch: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/7add52ff4f2443357648d53d52add274d1b18b5f + NOTE: Negligible security impact CVE-2018-17437 (Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in ...) - [experimental] - hdf5 1.10.5+repack-1~exp1 - - hdf5 <unfixed> (low) + - hdf5 1.10.6+repack-2 (low) [buster] - hdf5 <no-dsa> (Minor issue) [stretch] - hdf5 <no-dsa> (Minor issue) [jessie] - hdf5 <ignored> (Minor issue) @@ -10347,15 +10458,16 @@ CVE-2018-17437 (Memory leak in the H5O_dtype_decode_helper() function in H5Odtyp NOTE: fixed in 1.10.5, release notes: https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.10/hdf5-1.10.5/src/hdf5-1.10.5-RELEASE.txt NOTE: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/02d03b4624122955ee3de635699a4e3880fea377 CVE-2018-17436 (ReadCode() in decompress.c in the HDF HDF5 through 1.10.3 library allo ...) - - hdf5 <undetermined> + - hdf5 <unfixed> (unimportant) NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln8#invalid-write-memory-access-in-decompressc + NOTE: Negligible security impact CVE-2018-17435 (A heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c in the ...) - - hdf5 <undetermined> + - hdf5 <unfixed> (unimportant) NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln7#heap-overflow-in-h5o_attr_decode NOTE: https://jira.hdfgroup.org/browse/HDFFV-10591 + NOTE: Negligible security impact CVE-2018-17434 (A SIGFPE signal is raised in the function apply_filters() of h5repack_ ...) - [experimental] - hdf5 1.10.5+repack-1~exp1 - - hdf5 <unfixed> (low) + - hdf5 1.10.6+repack-2 (low) [buster] - hdf5 <no-dsa> (Minor issue) [stretch] - hdf5 <no-dsa> (Minor issue) [jessie] - hdf5 <ignored> (Minor issue) @@ -10364,17 +10476,19 @@ CVE-2018-17434 (A SIGFPE signal is raised in the function apply_filters() of h5r NOTE: fixed in 1.10.5, release notes: https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.10/hdf5-1.10.5/src/hdf5-1.10.5-RELEASE.txt NOTE: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/02d03b4624122955ee3de635699a4e3880fea377 CVE-2018-17433 (A heap-based buffer overflow in ReadGifImageDesc() in gifread.c in the ...) - - hdf5 <undetermined> + - hdf5 <unfixed> (unimportant) NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln8#heap-overflow-in-readgifimagedesc NOTE: https://jira.hdfgroup.org/browse/HDFFV-10592 + NOTE: Negligible security impact CVE-2018-17432 (A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in ...) - - hdf5 <unfixed> + - hdf5 <unfixed> (unimportant) [buster] - hdf5 <no-dsa> (Minor issue) [stretch] - hdf5 <no-dsa> (Minor issue) [jessie] - hdf5 <ignored> (Minor issue) NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln6#null-pointer-dereference-in-h5o_sdspace_encode NOTE: upstream bug tracker (not public): https://jira.hdfgroup.org/browse/HDFFV-10590 NOTE: fix planned for HDF5-1.10.6 (will also be backported to HDF5-1.8) + NOTE: Negligible security impact, malicous scientific data has more issues than a crash CVE-2018-17431 (Web Console in Comodo UTM Firewall before 2.7.0 allows remote attacker ...) NOT-FOR-US: Comodo UTM CVE-2018-17430 @@ -10505,7 +10619,7 @@ CVE-2018-17367 RESERVED CVE-2018-17366 (An issue was discovered in MCMS 4.6.5. There is a CSRF vulnerability t ...) NOT-FOR-US: MCMS -CVE-2018-17365 (SeaCMS 6.64 allows remote attackers to delete arbitrary files via the ...) +CVE-2018-17365 (SeaCMS 6.64 and 7.2 allows remote attackers to delete arbitrary files ...) NOT-FOR-US: SeaCMS CVE-2018-17364 (OTCMS 3.61 allows remote attackers to execute arbitrary PHP code via t ...) NOT-FOR-US: OTCMS @@ -10757,8 +10871,8 @@ CVE-2018-17257 REJECTED CVE-2018-17256 (Persistent cross-site scripting (XSS) vulnerability in Umbraco CMS 7.1 ...) NOT-FOR-US: Umbraco CMS -CVE-2018-17255 (Navigate CMS 2.8 has Reflected XSS via the navigate.php fid parameter. ...) - NOT-FOR-US: Navigate CMS +CVE-2018-17255 + REJECTED CVE-2018-17254 (The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via th ...) NOT-FOR-US: JCK Editor component for Joomla! CVE-2018-17253 @@ -10794,7 +10908,7 @@ CVE-2018-17239 CVE-2018-17238 RESERVED CVE-2018-17237 (A SIGFPE signal is raised in the function H5D__chunk_set_info_real() o ...) - - hdf5 <unfixed> (low) + - hdf5 1.10.6+repack-2 (low) [buster] - hdf5 <no-dsa> (Minor issue) [stretch] - hdf5 <no-dsa> (Minor issue) [jessie] - hdf5 <ignored> (Minor issue) @@ -10813,7 +10927,7 @@ CVE-2018-17235 (The function mp4v2::impl::MP4Track::FinishSdtp() in mp4track.cpp [jessie] - mp4v2 <ignored> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1629451 CVE-2018-17234 (Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in ...) - - hdf5 <unfixed> (low) + - hdf5 1.10.6+repack-2 (low) [buster] - hdf5 <no-dsa> (Minor issue) [stretch] - hdf5 <no-dsa> (Minor issue) [jessie] - hdf5 <ignored> (Minor issue) @@ -10822,8 +10936,7 @@ CVE-2018-17234 (Memory leak in the H5O__chunk_deserialize() function in H5Ocache NOTE: does not appear in 1.10.5 release notes, but fixed in NOTE: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/f4138013dbc6851e968ea3d37b32776538ef306b CVE-2018-17233 (A SIGFPE signal is raised in the function H5D__create_chunk_file_map_h ...) - [experimental] - hdf5 1.10.5+repack-1~exp1 - - hdf5 <unfixed> (low) + - hdf5 1.10.6+repack-2 (low) [buster] - hdf5 <no-dsa> (Minor issue) [stretch] - hdf5 <no-dsa> (Minor issue) [jessie] - hdf5 <ignored> (Minor issue) @@ -10897,12 +11010,13 @@ CVE-2018-17208 (Linksys Velop 1.1.2.187020 devices allow unauthenticated command CVE-2018-17207 (An issue was discovered in Snap Creek Duplicator before 1.2.42. By acc ...) NOT-FOR-US: Snap Creek Duplicator CVE-2018-17206 (An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The ...) + {DLA-2571-1} - openvswitch 2.10.0+2018.08.28+git.8ca7c82b7d+ds1-1 - [stretch] - openvswitch <no-dsa> (Minor issue) [jessie] - openvswitch <not-affected> (Vulnerable code does not exist; no such function) NOTE: https://github.com/openvswitch/ovs/commit/5026a263d7846077eee540de42192d27da513226 (master) NOTE: https://github.com/openvswitch/ovs/commit/20626d38c1a1d4cebb5a6911ea3cb6a7f4f993f8 (branch-2.8) NOTE: https://github.com/openvswitch/ovs/commit/9237a63c47bd314b807cda0bd2216264e82edbe8 (branch-2.7) + NOTE: https://github.com/openvswitch/ovs/commit/ee47d61ba1c97cf67a68f0191dec1f93bfafc0a0 (branch-2.6) CVE-2018-17205 (An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, aff ...) - openvswitch 2.10.0+2018.08.28+git.8ca7c82b7d+ds1-1 [stretch] - openvswitch <not-affected> (Vulnerable code introduced later) @@ -10911,12 +11025,13 @@ CVE-2018-17205 (An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7. NOTE: https://github.com/openvswitch/ovs/commit/638d406e3b647359f3d82189d7a6ee56b4a54928 (branch-2.8) NOTE: https://github.com/openvswitch/ovs/commit/0befd1f3745055c32940f5faf9559be6a14395e6 (branch-2.7) CVE-2018-17204 (An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, aff ...) + {DLA-2571-1} - openvswitch 2.10.0+2018.08.28+git.8ca7c82b7d+ds1-1 - [stretch] - openvswitch <no-dsa> (Minor issue) [jessie] - openvswitch <not-affected> (Vulnerable code does not exist; no such function) NOTE: https://github.com/openvswitch/ovs/commit/9740d81d94888cb158fa99a9366fe2b32b3e4aaa (master) NOTE: https://github.com/openvswitch/ovs/commit/8976ea1d680ab7a2d726a50e5666aa8fefd24168 (branch-2.8) NOTE: https://github.com/openvswitch/ovs/commit/4af6da3b275b764b1afe194df6499b33d2bf4cde (branch-2.7) + NOTE: https://github.com/openvswitch/ovs/commit/fbe37f3ccc819a044a500fb5da13d3e53596c2a7 (branch-2.6) NOTE: ovs-vswitchd does not enable support for OpenFlow 1.5 by default. CVE-2018-17203 REJECTED @@ -11352,7 +11467,7 @@ CVE-2018-17038 RESERVED CVE-2018-17037 (user/editpost.php in UCMS 1.4.6 mishandles levels, which allows escala ...) NOT-FOR-US: UCMS -CVE-2018-17036 (An issue was discovered in UCMS 1.4.6. It allows PHP code injection du ...) +CVE-2018-17036 (An issue was discovered in UCMS 1.4.6 and 1.6. It allows PHP code inje ...) NOT-FOR-US: UCMS CVE-2018-17035 (UCMS 1.4.6 has SQL injection during installation via the install/index ...) NOT-FOR-US: UCMS @@ -11572,97 +11687,97 @@ CVE-2018-16938 CVE-2018-16937 RESERVED CVE-2018-16936 - RESERVED + REJECTED CVE-2018-16935 - RESERVED + REJECTED CVE-2018-16934 - RESERVED + REJECTED CVE-2018-16933 - RESERVED + REJECTED CVE-2018-16932 - RESERVED + REJECTED CVE-2018-16931 - RESERVED + REJECTED CVE-2018-16930 - RESERVED + REJECTED CVE-2018-16929 - RESERVED + REJECTED CVE-2018-16928 - RESERVED + REJECTED CVE-2018-16927 - RESERVED + REJECTED CVE-2018-16926 - RESERVED + REJECTED CVE-2018-16925 - RESERVED + REJECTED CVE-2018-16924 - RESERVED + REJECTED CVE-2018-16923 - RESERVED + REJECTED CVE-2018-16922 - RESERVED + REJECTED CVE-2018-16921 - RESERVED + REJECTED CVE-2018-16920 - RESERVED + REJECTED CVE-2018-16919 - RESERVED + REJECTED CVE-2018-16918 - RESERVED + REJECTED CVE-2018-16917 - RESERVED + REJECTED CVE-2018-16916 - RESERVED + REJECTED CVE-2018-16915 - RESERVED + REJECTED CVE-2018-16914 - RESERVED + REJECTED CVE-2018-16913 - RESERVED + REJECTED CVE-2018-16912 - RESERVED + REJECTED CVE-2018-16911 - RESERVED + REJECTED CVE-2018-16910 - RESERVED + REJECTED CVE-2018-16909 - RESERVED + REJECTED CVE-2018-16908 - RESERVED + REJECTED CVE-2018-16907 - RESERVED + REJECTED CVE-2018-16906 - RESERVED + REJECTED CVE-2018-16905 - RESERVED + REJECTED CVE-2018-16904 - RESERVED + REJECTED CVE-2018-16903 - RESERVED + REJECTED CVE-2018-16902 - RESERVED + REJECTED CVE-2018-16901 - RESERVED + REJECTED CVE-2018-16900 - RESERVED + REJECTED CVE-2018-16899 - RESERVED + REJECTED CVE-2018-16898 - RESERVED + REJECTED CVE-2018-16897 - RESERVED + REJECTED CVE-2018-16896 - RESERVED + REJECTED CVE-2018-16895 - RESERVED + REJECTED CVE-2018-16894 - RESERVED + REJECTED CVE-2018-16893 - RESERVED + REJECTED CVE-2018-16892 - RESERVED + REJECTED CVE-2018-16891 - RESERVED + REJECTED CVE-2018-16890 (libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap ...) {DSA-4386-1 DLA-1672-1} - curl 7.64.0-1 @@ -11732,15 +11847,15 @@ CVE-2018-16880 (A flaw was found in the Linux kernel's handle_rx() function in t CVE-2018-16879 (Ansible Tower before version 3.3.3 does not set a secure channel as it ...) NOT-FOR-US: Ansible Tower CVE-2018-16878 (A flaw was found in pacemaker up to and including version 2.0.1. An in ...) + {DLA-2519-1} - pacemaker 2.0.1-3 (bug #927714) - [stretch] - pacemaker <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2019/04/17/1 NOTE: https://github.com/ClusterLabs/pacemaker/pull/1749 (master) NOTE: https://github.com/ClusterLabs/pacemaker/pull/1750 (1.1) NOTE: https://lists.clusterlabs.org/pipermail/users/2019-May/025822.html CVE-2018-16877 (A flaw was found in the way pacemaker's client-server authentication w ...) + {DLA-2519-1} - pacemaker 2.0.1-3 (bug #927714) - [stretch] - pacemaker <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2019/04/17/1 NOTE: https://github.com/ClusterLabs/pacemaker/pull/1749 (master) NOTE: https://github.com/ClusterLabs/pacemaker/pull/1750 (1.1) @@ -11754,23 +11869,35 @@ CVE-2018-16876 (ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a CVE-2018-16875 (The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 d ...) - golang-1.11 1.11.3-1 - golang-1.10 1.10.6-1 + - golang-1.8 <removed> + [stretch] - golang-1.8 <ignored> (Minor issue, DoS, requires rebuilding affected go-based packages) + - golang-1.7 <removed> + [stretch] - golang-1.7 <ignored> (Minor issue, DoS, requires rebuilding affected go-based packages) NOTE: https://github.com/golang/go/issues/29233 NOTE: https://github.com/golang/go/commit/df523969435b8945d939c7e2a849b50910ef4c25 (1.11.3) NOTE: https://github.com/golang/go/commit/0a4a37f1f0a36e55d8ae5c34210a79499f9f2a9d (1.10.6) CVE-2018-16874 (In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is ...) + {DLA-2592-1 DLA-2591-1} - golang-1.11 1.11.3-1 - golang-1.10 1.10.6-1 + - golang-1.8 <removed> + - golang-1.7 <removed> NOTE: https://github.com/golang/go/issues/29231 - NOTE: https://github.com/golang/go/commit/8954addb3294a5e664a9833354bafa58f163fe8f (1.11.3) - NOTE: https://github.com/golang/go/commit/90d609ba6156299642d08afc06d85ab770a03972 (1.10.6) + NOTE: See CVE-2018-16873 for patches and regression fix CVE-2018-16873 (In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is ...) + {DLA-2592-1 DLA-2591-1} - golang-1.11 1.11.3-1 - golang-1.10 1.10.6-1 + - golang-1.8 <removed> + - golang-1.7 <removed> NOTE: https://github.com/golang/go/issues/29230 NOTE: https://github.com/golang/go/commit/8954addb3294a5e664a9833354bafa58f163fe8f (1.11.3) NOTE: https://github.com/golang/go/commit/5aedc8af94c0a8ffc58cbd09993192dea9b238db (1.11.3) NOTE: https://github.com/golang/go/commit/90d609ba6156299642d08afc06d85ab770a03972 (1.10.6) NOTE: https://github.com/golang/go/commit/7ef6ee2c5727f0d11206b4d1866c18e6ab4785be (1.10.6) + NOTE: https://github.com/golang/go/issues/29241 (regression) + NOTE: https://github.com/golang/go/commit/ef209c9eb1216252ee7a59d78156ad9dcccab656 (1.11.4) + NOTE: https://github.com/golang/go/commit/25bee965c685e3f35c10076648685e22e59fd656 (1.10.7) CVE-2018-16872 (A flaw was found in qemu Media Transfer Protocol (MTP). The code openi ...) {DSA-4454-1 DLA-1694-1} - qemu 1:3.1+dfsg-2 (bug #916397) @@ -11913,8 +12040,11 @@ CVE-2018-16849 (A flaw was found in openstack-mistral. By manipulating the SSH p [stretch] - mistral 3.0.0-4+deb9u1 NOTE: https://bugs.launchpad.net/mistral/+bug/1783708 CVE-2018-16848 (A Denial of Service (DoS) condition is possible in OpenStack Mistral i ...) - - mistral <undetermined> + - mistral 10.0.0~rc1-2 + [buster] - mistral <no-dsa> (Minor issue) + [stretch] - mistral <end-of-life> (OpenStack component; not supported in stretch LTS) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1645332 + NOTE: https://bugs.launchpad.net/mistral/%2Bbug/1785657 CVE-2018-16847 (An OOB heap buffer r/w access issue was found in the NVM Express Contr ...) - qemu 1:3.1+dfsg-1 (bug #912655) [stretch] - qemu <not-affected> (support for Controller Memory Buffers added later) @@ -11923,7 +12053,7 @@ CVE-2018-16847 (An OOB heap buffer r/w access issue was found in the NVM Express NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00200.html NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=87ad860c622cc8f8916b5232bd8728c08f938fce CVE-2018-16846 (It was found in Ceph versions before 13.2.4 that authenticated ceph RG ...) - {DLA-1696-1} + {DLA-2735-1 DLA-1696-1} - ceph 12.2.11+dfsg1-1 (bug #921947) NOTE: http://tracker.ceph.com/issues/35994 NOTE: https://github.com/ceph/ceph/commit/4337e6a7d9f92c8549ebee20d0dd67a01e49857f @@ -12039,8 +12169,8 @@ CVE-2018-1002001 (There is a reflected XSS vulnerability in WordPress Arigato Au CVE-2018-1002000 (There is blind SQL injection in WordPress Arigato Autoresponder and Ne ...) NOTE: Wordpress plugin CVE-2018-16831 (Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir ...) + {DLA-2618-1} - smarty3 3.1.33+20180830.1.3a78a21f+selfpack1-1 (bug #908698) - [stretch] - smarty3 <no-dsa> (Minor issue; can be fixed via point release) [jessie] - smarty3 <not-affected> (vulnerable code not present) NOTE: https://github.com/smarty-php/smarty/issues/486 NOTE: CVE is about the include tag as an attack vector. @@ -12118,8 +12248,8 @@ CVE-2018-16797 (A heap-based buffer overflow in PotPlayerMini.exe in PotPlayer 1 NOT-FOR-US: PotPlayer CVE-2018-16796 (HiScout GRC Suite before 3.1.5 allows Unrestricted Upload of Files wit ...) NOT-FOR-US: HiScout GRC Suite -CVE-2018-16795 - RESERVED +CVE-2018-16795 (OpenEMR 5.0.1.3 allows Cross-Site Request Forgery (CSRF) via library/a ...) + NOT-FOR-US: OpenEMR CVE-2018-16794 (Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory ...) NOT-FOR-US: Microsoft ADFS 4.0 Windows Server CVE-2018-16793 (Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions ...) @@ -12289,7 +12419,7 @@ CVE-2018-16735 CVE-2018-16734 RESERVED CVE-2018-16733 (In Go Ethereum (aka geth) before 1.8.14, TraceChain in eth/api_tracer. ...) - NOT-FOR-US: Go Ethereum + - golang-github-go-ethereum <itp> (bug #890541) CVE-2018-16732 (\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via adm ...) NOT-FOR-US: CScms CVE-2018-16731 (CScms 4.1 allows arbitrary file upload by (for example) adding the php ...) @@ -12308,16 +12438,16 @@ CVE-2018-16725 (An issue is discovered in baijiacms V4. XSS exists via the asset NOT-FOR-US: baijiacms CVE-2018-16724 (An issue is discovered in baijiacms V4. Blind SQL Injection exists via ...) NOT-FOR-US: baijiacms -CVE-2018-16723 - RESERVED -CVE-2018-16722 - RESERVED -CVE-2018-16721 - RESERVED -CVE-2018-16720 - RESERVED -CVE-2018-16719 - RESERVED +CVE-2018-16723 (In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows ...) + NOT-FOR-US: Jingyun Antivirus +CVE-2018-16722 (In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows ...) + NOT-FOR-US: Jingyun Antivirus +CVE-2018-16721 (In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows ...) + NOT-FOR-US: Jingyun Antivirus +CVE-2018-16720 (In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows ...) + NOT-FOR-US: Jingyun Antivirus +CVE-2018-16719 (In Jingyun Antivirus v2.4.2.39, the driver file (hookbody.sys) allows ...) + NOT-FOR-US: Jingyun Antivirus CVE-2018-16718 (An XSS vulnerability exists in wwwblast.c in the 2.0.7 through 2.2.26 ...) NOT-FOR-US: NCBI ToolBox CVE-2018-16717 (A heap-based buffer overflow exists in nph-viewgif.cgi in the 2.0.7 th ...) @@ -12722,9 +12852,8 @@ CVE-2018-1000773 (WordPress version 4.9.8 and earlier contains a CWE-20 Input Va CVE-2018-1000673 REJECTED CVE-2018-1000671 (sympa version 6.2.16 and later contains a CWE-601: URL Redirection to ...) - {DLA-1512-1} + {DLA-2441-1 DLA-1512-1} - sympa 6.2.36~dfsg-1 (bug #908165) - [stretch] - sympa <no-dsa> (Minor issue) NOTE: https://github.com/sympa-community/sympa/issues/268 NOTE: https://github.com/sympa-community/sympa/commit/c6ce32a6c203070702eac45a4442a17d2bf7b0c1 NOTE: https://github.com/sympa-community/sympa/commit/03314a9baf7f7903283253829877afd0ae50e325 @@ -12865,18 +12994,18 @@ CVE-2018-16501 RESERVED CVE-2018-16500 RESERVED -CVE-2018-16499 - RESERVED -CVE-2018-16498 - RESERVED -CVE-2018-16497 - RESERVED -CVE-2018-16496 - RESERVED -CVE-2018-16495 - RESERVED -CVE-2018-16494 - RESERVED +CVE-2018-16499 (In VOS compromised, an attacker at network endpoints can possibly view ...) + NOT-FOR-US: Versa +CVE-2018-16498 (In Versa Director, the unencrypted backup files stored on the Versa de ...) + NOT-FOR-US: Versa +CVE-2018-16497 (In Versa Analytics, the cron jobs are used for scheduling tasks by exe ...) + NOT-FOR-US: Versa +CVE-2018-16496 (In Versa Director, the un-authentication request found. ...) + NOT-FOR-US: Versa +CVE-2018-16495 (In VOS user session identifier (authentication token) is issued to the ...) + NOT-FOR-US: Versa +CVE-2018-16494 (In VOS and overly permissive "umask" may allow for authorized users of ...) + NOT-FOR-US: Versa CVE-2018-16493 (A path traversal vulnerability was found in module static-resource-ser ...) NOT-FOR-US: node static-resource-server CVE-2018-16492 (A prototype pollution vulnerability was found in module extend <2.0 ...) @@ -12935,7 +13064,11 @@ CVE-2018-16474 (A stored xss in tianma-static module versions <=1.0.4 allows CVE-2018-16473 (A path traversal in takeapeek module versions <=0.2.2 allows an att ...) NOT-FOR-US: takeapeek CVE-2018-16472 (A prototype pollution attack in cached-path-relative versions <=1.0 ...) - NOT-FOR-US: cached-path-relative + - node-cached-path-relative 1.0.2-1 + [buster] - node-cached-path-relative <no-dsa> (Minor issue) + NOTE: https://hackerone.com/reports/390847 + NOTE: https://github.com/ashaffer/cached-path-relative/issues/3 + NOTE: Fixed by: https://github.com/ashaffer/cached-path-relative/commit/a43cffec84ed0e9eceecb43b534b6937a8028fc0 CVE-2018-16471 (There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. ...) {DLA-1585-1} - ruby-rack 1.6.4-6 (bug #913005) @@ -13022,8 +13155,9 @@ CVE-2018-16440 CVE-2018-16439 RESERVED CVE-2018-16438 (An issue was discovered in the HDF HDF5 1.8.20 library. There is an ou ...) - - hdf5 <undetermined> + - hdf5 <unfixed> (unimportant) NOTE: H5L_extern_query@H5Lexternal.c:498-10___out-of-bounds-read + NOTE: Negligible security impact CVE-2018-16437 (Gxlcms 2.0 before bug fix 20180915 has Directory Traversal exploitable ...) NOT-FOR-US: Gxlcms CVE-2018-16436 (Gxlcms 2.0 before bug fix 20180915 has SQL Injection exploitable by an ...) @@ -13058,7 +13192,7 @@ CVE-2018-16429 (GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_m CVE-2018-16428 (In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c ...) {DLA-1866-1} - glib2.0 2.58.0-1 (low) - [stretch] - glib2.0 <no-dsa> (Minor issue) + [stretch] - glib2.0 2.50.3-2+deb9u1 NOTE: https://gitlab.gnome.org/GNOME/glib/commit/fccef3cc822af74699cca84cd202719ae61ca3b9 NOTE: https://gitlab.gnome.org/GNOME/glib/issues/1364 CVE-2018-16427 (Various out of bounds reads when handling responses in OpenSC before 0 ...) @@ -13167,8 +13301,8 @@ CVE-2018-16403 (libdw in elfutils 0.173 checks the end of the attributes list in NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23529 NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda CVE-2018-16402 (libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a ...) + {DLA-2802-1} - elfutils 0.175-1 (low) - [stretch] - elfutils <no-dsa> (Minor issue) [jessie] - elfutils <not-affected> (vulnerable code introduced later) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23528 NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=56b18521fb8d46d40fc090c0de9d11a08bc982fa @@ -13230,7 +13364,7 @@ CVE-2018-16386 (An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A CVE-2018-16385 (ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index ...) NOT-FOR-US: ThinkPHP CVE-2018-16384 (A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Co ...) - - modsecurity-crs <unfixed> (low; bug #924352) + - modsecurity-crs 3.2.0-1 (low; bug #924352) [buster] - modsecurity-crs <no-dsa> (Minor issue) [stretch] - modsecurity-crs <no-dsa> (Minor issue) [jessie] - modsecurity-crs <no-dsa> (Minor issue) @@ -13432,8 +13566,14 @@ CVE-2018-16303 (PDF-XChange Editor through 7.0.326.1 allows remote attackers to NOT-FOR-US: PDF-XChange Editor CVE-2018-16302 (MediaComm Zip-n-Go before 4.95 has a Buffer Overflow via a crafted fil ...) NOT-FOR-US: MediaComm Zip-n-Go -CVE-2018-16301 - REJECTED +CVE-2018-16301 (The command-line argument parser in tcpdump before 4.99.0 has a buffer ...) + - tcpdump 4.99.0-1 (unimportant) + NOTE: https://github.com/the-tcpdump-group/libpcap/issues/855 + NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/ad7c25bc0decf96dc7768c9e903734d38528b1bd + NOTE: https://www.tcpdump.org/public-cve-list.txt + NOTE: Fixed by: https://github.com/the-tcpdump-group/tcpdump/commit/faf8fb70af3a013e5d662b8283dec742fd6b1a77 (tcpdump-4.99-bp) + NOTE: Fixed by: https://github.com/the-tcpdump-group/tcpdump/commit/8ab211a7ec728bb0ad8c766c8eeb12deb0a13b86 (tcpdump-4.9) + NOTE: Negligible security impact CVE-2018-16300 (The BGP parser in tcpdump before 4.9.3 allows stack consumption in pri ...) {DSA-4547-1 DLA-1955-1} - tcpdump 4.9.3-1 (bug #941698) @@ -13552,8 +13692,8 @@ CVE-2018-16245 RESERVED CVE-2018-16244 RESERVED -CVE-2018-16243 - RESERVED +CVE-2018-16243 (SolarWinds Database Performance Analyzer (DPA) 11.1.468 and 12.0.3074 ...) + NOT-FOR-US: SolarWinds CVE-2018-16242 (oBike relies on Hangzhou Luoping Smart Locker to lock bicycles, which ...) NOT-FOR-US: oBike CVE-2018-16241 @@ -13692,7 +13832,7 @@ CVE-2018-16179 (The Mizuho Direct App for Android version 3.13.0 and earlier doe NOT-FOR-US: Mizuho Direct App for Android CVE-2018-16178 (Cybozu Garoon 3.0.0 to 4.10.0 allows remote attackers to bypass access ...) NOT-FOR-US: Cybozu Garoon -CVE-2018-16177 (Untrusted search path vulnerability in The installer of Windows10 Fall ...) +CVE-2018-16177 (Untrusted search path vulnerability in The installer of Windows 10 Fal ...) NOT-FOR-US: Random Windows installer CVE-2018-16176 (Untrusted search path vulnerability in Installer of Mapping Tool 2.0.1 ...) NOT-FOR-US: Random Windows installer @@ -14007,15 +14147,14 @@ CVE-2018-16064 (Insufficient data validation in Extensions API in Google Chrome CVE-2018-16063 RESERVED CVE-2018-16062 (dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 201 ...) - {DLA-1689-1} + {DLA-2802-1 DLA-1689-1} - elfutils 0.175-1 (bug #907562) - [stretch] - elfutils <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23541 NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9 -CVE-2018-16061 - RESERVED -CVE-2018-16060 - RESERVED +CVE-2018-16061 (Mitsubishi Electric SmartRTU devices allow XSS via the username parame ...) + NOT-FOR-US: Mitsubishi +CVE-2018-16060 (Mitsubishi Electric SmartRTU devices allow remote attackers to obtain ...) + NOT-FOR-US: Mitsubishi CVE-2018-16059 (Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Director ...) NOT-FOR-US: Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices CVE-2018-16058 (In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the ...) @@ -14316,11 +14455,9 @@ CVE-2018-15913 (An issue was discovered in Cloudera Manager 5.x through 5.15.0. CVE-2018-15912 (An issue was discovered in manjaro-update-system.sh in manjaro-system ...) NOT-FOR-US: manjaro-update-system.sh in manjaro-system on Manjaro Linux CVE-2018-15919 (Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 co ...) - - openssh <unfixed> (low; bug #907503) - [buster] - openssh <ignored> (Minor issue) - [stretch] - openssh <ignored> (Minor issue) - [jessie] - openssh <no-dsa> (Minor issue) + - openssh <unfixed> (unimportant; bug #907503) NOTE: https://www.openwall.com/lists/oss-security/2018/08/27/2 + NOTE: Not treated as a security issue by upstream CVE-2018-15911 (In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to suppl ...) {DSA-4288-1 DLA-1504-1} - ghostscript 9.22~dfsg-3 (bug #907332) @@ -14771,10 +14908,13 @@ CVE-2018-15758 (Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prio CVE-2018-15757 REJECTED CVE-2018-15756 (Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, version ...) + {DLA-2635-1} - libspring-java 4.3.21-1 (bug #911786) - [stretch] - libspring-java <no-dsa> (Minor issue) [jessie] - libspring-java <not-affected> (vulnerable code introduced in later version) NOTE: https://pivotal.io/security/cve-2018-15756 + NOTE: https://jira.spring.io/browse/SPR-17318?redirect=false + NOTE: https://github.com/spring-projects/spring-framework/commit/044772641d12b9281185f6cf50f8485b8747132c + NOTE: Introduced by: https://github.com/spring-projects/spring-framework/commit/da48739628303e3d25ff78d80ff6e9ba87aaeae2 (v4.2) CVE-2018-15755 (Cloud Foundry CF Networking Release, versions 2.11.0 prior to 2.16.0, ...) NOT-FOR-US: Cloud Foundry CVE-2018-15754 (Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization ...) @@ -14994,9 +15134,10 @@ CVE-2018-15673 CVE-2018-15672 REJECTED CVE-2018-15671 (An issue was discovered in the HDF HDF5 1.10.2 library. Excessive stac ...) - - hdf5 <undetermined> + - hdf5 <unfixed> (unimportant) NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5#stack-overflow---stackoverflow_h5p__get_cb NOTE: https://jira.hdfgroup.org/browse/HDFFV-10557 + NOTE: Negligible security impact CVE-2018-15670 (An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primar ...) NOT-FOR-US: Bloop Airmail CVE-2018-15669 (An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primar ...) @@ -15049,36 +15190,45 @@ CVE-2018-15647 RESERVED CVE-2018-15646 RESERVED -CVE-2018-15645 - RESERVED +CVE-2018-15645 (Improper access control in message routing in Odoo Community 12.0 and ...) + - odoo <not-affected> (Fixed before initial upload to Debian) + NOTE: https://github.com/odoo/odoo/issues/63705 CVE-2018-15644 RESERVED CVE-2018-15643 RESERVED CVE-2018-15642 RESERVED -CVE-2018-15641 - RESERVED +CVE-2018-15641 (Cross-site scripting (XSS) issue in web module in Odoo Community 11.0 ...) + - odoo 14.0.0+dfsg.2-1 + NOTE: https://github.com/odoo/odoo/issues/63704 CVE-2018-15640 (Improper access control in the Helpdesk App of Odoo Enterprise 10.0 th ...) - NOT-FOR-US: Odoo + - odoo <not-affected> (Only in enterprise version) + NOTE: https://github.com/odoo/odoo/issues/32514 CVE-2018-15639 RESERVED -CVE-2018-15638 - RESERVED +CVE-2018-15638 (Cross-site scripting (XSS) issue in mail module in Odoo Community 13.0 ...) + - odoo <not-affected> (Fixed before initial upload to Debian) + NOTE: https://github.com/odoo/odoo/issues/63703 CVE-2018-15637 RESERVED CVE-2018-15636 RESERVED CVE-2018-15635 (Cross-site scripting vulnerability in the Discuss App of Odoo Communit ...) - NOT-FOR-US: Odoo -CVE-2018-15634 - RESERVED -CVE-2018-15633 - RESERVED -CVE-2018-15632 - RESERVED + - odoo <not-affected> (Fixed before initial upload to Debian) + NOTE: https://github.com/odoo/odoo/issues/32515 +CVE-2018-15634 (Cross-site scripting (XSS) issue in attachment management in Odoo Comm ...) + - odoo 14.0.0+dfsg.2-1 + NOTE: https://github.com/odoo/odoo/issues/63702 +CVE-2018-15633 (Cross-site scripting (XSS) issue in "document" module in Odoo Communit ...) + - odoo <not-affected> (Fixed before initial upload to Debian) + NOTE: https://github.com/odoo/odoo/issues/63701 +CVE-2018-15632 (Improper input validation in database creation logic in Odoo Community ...) + - odoo <not-affected> (Fixed before initial upload to Debian) + NOTE: https://github.com/odoo/odoo/issues/63700 CVE-2018-15631 (Improper access control in the Discuss App of Odoo Community 12.0 and ...) - NOT-FOR-US: Odoo + - odoo <not-affected> (Fixed before initial upload to Debian) + NOTE: https://github.com/odoo/odoo/issues/32514 CVE-2018-15630 RESERVED CVE-2018-15629 @@ -15157,7 +15307,7 @@ CVE-2018-15599 (The recv_msg_userauth_request function in svr-auth.c in Dropbear - dropbear 2018.76-4 (bug #906890) [stretch] - dropbear 2016.74-5+deb9u1 NOTE: http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2018q3/002108.html - NOTE: https://secure.ucc.asn.au/hg/dropbear/rev/5d2d1021ca00 + NOTE: https://hg.ucc.asn.au/dropbear/rev/5d2d1021ca00 CVE-2018-15598 (Containous Traefik 1.6.x before 1.6.6, when --api is used, exposes the ...) NOT-FOR-US: Traefik CVE-2018-15597 @@ -15169,7 +15319,8 @@ CVE-2018-1000226 (Cobbler version Verified as present in Cobbler versions 2.6.11 CVE-2018-1000225 (Cobbler version Verified as present in Cobbler versions 2.6.11+, but c ...) - cobbler <removed> CVE-2018-1000224 (Godot Engine version All versions prior to 2.1.5, all 3.0 versions pri ...) - NOT-FOR-US: Godot + - godot <not-affected> (Fixed with initial upload to Debian) + NOTE: https://github.com/godotengine/godot/issues/20558 CVE-2018-1000222 (Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability ...) {DLA-1651-1} - libgd2 2.2.5-4.1 (low; bug #906886) @@ -15282,7 +15433,10 @@ CVE-2018-1000639 (LatexDraw version <=4.0 contains a XML External Entity (XXE CVE-2018-1000638 (MiniCMS version 1.1 contains a Cross Site Scripting (XSS) vulnerabilit ...) NOT-FOR-US: MiniCMS CVE-2018-1000636 (JerryScript version Tested on commit f86d7459d195c8ba58479d1861b0cc726 ...) - NOT-FOR-US: JerryScript + - iotjs 1.0+715-1 + [buster] - iotjs <no-dsa> (Minor issue) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/2435 + NOTE: https://github.com/jerryscript-project/jerryscript/commit/87897849f6879df10e8ad68a41bf8cf507edf710 CVE-2018-1000635 (The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 co ...) NOT-FOR-US: Open Microscopy Environment CVE-2018-1000634 (The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 co ...) @@ -15441,11 +15595,10 @@ CVE-2018-15520 (Various Lexmark devices have a Buffer Overflow (issue 2 of 2). . CVE-2018-15519 (Various Lexmark devices have a Buffer Overflow (issue 1 of 2). ...) NOT-FOR-US: Lexmark devices CVE-2018-15518 (QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption dur ...) - {DSA-4374-1 DLA-1786-1 DLA-1627-1} + {DSA-4374-1 DLA-2377-1 DLA-1786-1 DLA-1627-1} [experimental] - qtbase-opensource-src 5.11.3+dfsg-1 - qtbase-opensource-src 5.11.3+dfsg-2 - qt4-x11 4:4.8.7+dfsg-18 (low) - [stretch] - qt4-x11 <no-dsa> (Minor issue) NOTE: https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/ NOTE: https://codereview.qt-project.org/#/c/236691/ CVE-2018-15517 (The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r00 ...) @@ -16204,16 +16357,16 @@ CVE-2018-15163 CVE-2018-15162 RESERVED CVE-2018-15161 (** DISPUTED ** The libesedb_key_append_data function in libesedb_key.c ...) - - libesedb <undetermined> + NOTE: Disputed libesedb issues NOTE: https://github.com/libyal/libesedb/issues/43 CVE-2018-15160 (** DISPUTED ** The libesedb_catalog_definition_read function in libese ...) - - libesedb <undetermined> + NOTE: Disputed libesedb issues NOTE: https://github.com/libyal/libesedb/issues/43 CVE-2018-15159 (** DISPUTED ** The libesedb_page_read_tags function in libesedb_page.c ...) - - libesedb <undetermined> + NOTE: Disputed libesedb issues NOTE: https://github.com/libyal/libesedb/issues/43 CVE-2018-15158 (** DISPUTED ** The libesedb_page_read_values function in libesedb_page ...) - - libesedb <undetermined> + NOTE: Disputed libesedb issues NOTE: https://github.com/libyal/libesedb/issues/43 CVE-2018-15157 (** DISPUTED ** The libfsclfs_block_read function in libfsclfs_block.c ...) NOT-FOR-US: libfsclfs @@ -16264,7 +16417,7 @@ CVE-2018-15135 CVE-2018-15134 RESERVED CVE-2018-15133 (In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote c ...) - NOT-FOR-US: Laravel + - php-laravel-framework <not-affected> (Fixed before initial upload to Debian) CVE-2018-15132 (An issue was discovered in ext/standard/link_win32.c in PHP before 5.6 ...) - php7.2 <not-affected> (Windows-specific) - php7.1 <not-affected> (Windows-specific) @@ -16692,8 +16845,8 @@ CVE-2018-1000637 (zutils version prior to version 1.8-pre2 contains a Buffer Ove NOTE: https://lists.nongnu.org/archive/html/zutils-bug/2018-08/msg00000.html NOTE: Fixed by: upstream/0001-zcat-buffer-overrun.patch (in 1.7-3) CVE-2018-14938 (An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1. ...) + {DLA-2468-1} - tcpflow 1.5.0+repack1-1 (bug #905483) - [stretch] - tcpflow <no-dsa> (Minor issue) [jessie] - tcpflow <no-dsa> (Minor issue) NOTE: https://github.com/simsong/tcpflow/commit/a4e1cd14eb5ccc51ed271b65b3420f7d692c40eb NOTE: https://github.com/simsong/tcpflow/issues/182 @@ -16807,11 +16960,14 @@ CVE-2018-14889 (CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 c CVE-2018-14888 (inc/plugins/thankyoulike.php in the Eldenroot Thank You/Like plugin be ...) NOT-FOR-US: Eldenroot Thank You/Like plugin for MyBB CVE-2018-14887 (Improper Host header sanitization in the dbfilter routing component in ...) - NOT-FOR-US: Odoo + - odoo <not-affected> (Fixed before initial upload to Debian) + NOTE: https://github.com/odoo/odoo/issues/32511 CVE-2018-14886 (The module-description renderer in Odoo Community 11.0 and earlier and ...) - NOT-FOR-US: Odoo + - odoo <not-affected> (Fixed before initial upload to Debian) + NOTE: https://github.com/odoo/odoo/issues/32513 CVE-2018-14885 (Incorrect access control in the database manager component in Odoo Com ...) - NOT-FOR-US: Odoo + - odoo <not-affected> (Fixed before initial upload to Debian) + NOTE: https://github.com/odoo/odoo/issues/32512 CVE-2018-14884 (An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.1 ...) - php7.2 7.2.1-1 - php7.1 7.1.13-1 @@ -16882,25 +17038,35 @@ CVE-2018-14870 CVE-2018-14869 (PHP Template Store Script 3.0.6 allows XSS via the Address line 1, Add ...) NOT-FOR-US: PHP Template Store Script CVE-2018-14868 (Incorrect access control in the Password Encryption module in Odoo Com ...) - NOT-FOR-US: Odoo + - odoo <not-affected> (Fixed before initial upload to Debian) + NOTE: https://github.com/odoo/odoo/issues/32507 CVE-2018-14867 (Incorrect access control in the portal messaging system in Odoo Commun ...) - NOT-FOR-US: Odoo + - odoo <not-affected> (Fixed before initial upload to Debian) + NOTE: https://github.com/odoo/odoo/issues/32503 CVE-2018-14866 (Incorrect access control in the TransientModel framework in Odoo Commu ...) - NOT-FOR-US: Odoo + - odoo <not-affected> (Fixed before initial upload to Debian) + NOTE: https://github.com/odoo/odoo/issues/32509 CVE-2018-14865 (Report engine in Odoo Community 9.0 through 11.0 and earlier and Odoo ...) - NOT-FOR-US: Odoo + - odoo <not-affected> (Fixed before initial upload to Debian) + NOTE: https://github.com/odoo/odoo/issues/32501 CVE-2018-14864 (Incorrect access control in asset bundles in Odoo Community 9.0 throug ...) - NOT-FOR-US: Odoo + - odoo <not-affected> (Fixed before initial upload to Debian) + NOTE: https://github.com/odoo/odoo/issues/32502 CVE-2018-14863 (Incorrect access control in the RPC framework in Odoo Community 8.0 th ...) - NOT-FOR-US: Odoo + - odoo <not-affected> (Fixed before initial upload to Debian) + NOTE: https://github.com/odoo/odoo/issues/32508 CVE-2018-14862 (Incorrect access control in the mail templating system in Odoo Communi ...) - NOT-FOR-US: Odoo + - odoo <not-affected> (Fixed before initial upload to Debian) + NOTE: https://github.com/odoo/odoo/issues/32504 CVE-2018-14861 (Improper data access control in Odoo Community 10.0 and 11.0 and Odoo ...) - NOT-FOR-US: Odoo + - odoo <not-affected> (Fixed before initial upload to Debian) + NOTE: https://github.com/odoo/odoo/issues/32506 CVE-2018-14860 (Improper sanitization of dynamic user expressions in Odoo Community 11 ...) - NOT-FOR-US: Odoo + - odoo <not-affected> (Fixed before initial upload to Debian) + NOTE: https://github.com/odoo/odoo/issues/32505 CVE-2018-14859 (Incorrect access control in the password reset component in Odoo Commu ...) - NOT-FOR-US: Odoo + - odoo <not-affected> (Fixed before initial upload to Debian) + NOTE: https://github.com/odoo/odoo/issues/32510 CVE-2018-14858 (An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 ...) NOT-FOR-US: idreamsoft iCMS CVE-2018-14857 (Unrestricted file upload (with remote code execution) in require/mail/ ...) @@ -17246,7 +17412,8 @@ CVE-2018-14736 (An issue was discovered in libpbc.a in cloudwu PBC through 2017- CVE-2018-14735 (An Information Exposure issue was discovered in Hitachi Command Suite ...) NOT-FOR-US: Hitachi CVE-2018-14733 (The Odoo Community Association (OCA) dbfilter_from_header module makes ...) - NOT-FOR-US: Odoo + - odoo <not-affected> (Fixed before initial upload to Debian) + NOTE: https://github.com/OCA/server-tools/issues/1335 CVE-2018-14734 (drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 all ...) {DSA-4308-1 DLA-1531-1 DLA-1529-1} - linux 4.17.14-1 @@ -17427,30 +17594,28 @@ CVE-2018-14663 (An issue has been found in PowerDNS DNSDist before 1.3.3 allowin [stretch] - dnsdist <no-dsa> (Minor issue) NOTE: https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2018-08.html CVE-2018-14662 (It was found Ceph versions before 13.2.4 that authenticated ceph users ...) - {DLA-1696-1} + {DLA-2735-1 DLA-1696-1} - ceph 12.2.11+dfsg1-1 (bug #921948) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1637327 NOTE: https://github.com/ceph/ceph/commit/a2acedd2a7e12d58af6db35edbd8a9d29c557578 CVE-2018-14661 (It was found that usage of snprintf function in feature/locks translat ...) - {DLA-1565-1} + {DLA-2806-1 DLA-1565-1} - glusterfs 5.1-1 (bug #912997) - [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release) NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1636880 NOTE: https://review.gluster.org/#/c/glusterfs/+/21532/ NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=74dbf0a9aac4b960832029ec122685b5b5009127 CVE-2018-14660 (A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 ...) + {DLA-2806-1} - glusterfs 5.1-1 (bug #912997) - [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release) [jessie] - glusterfs <not-affected> (vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1635926 NOTE: https://review.gluster.org/#/c/glusterfs/+/21531/ NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=c2c70552188ee1b15bb748b4f2272062505c7696 CVE-2018-14659 (The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable ...) - {DLA-1565-1} + {DLA-2806-1 DLA-1565-1} - glusterfs 5.1-1 (bug #912997) - [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release) NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1635929 NOTE: https://review.gluster.org/#/c/glusterfs/+/21530/ @@ -17467,8 +17632,8 @@ CVE-2018-14656 (A missing address check in the callers of the show_opcodes() in CVE-2018-14655 (A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. Wh ...) NOT-FOR-US: Keycloak CVE-2018-14654 (The Gluster file system through version 4.1.4 is vulnerable to abuse o ...) + {DLA-2806-1} - glusterfs 5.1-1 (bug #912997) - [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release) [jessie] - glusterfs <not-affected> (vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1631576 @@ -17476,9 +17641,8 @@ CVE-2018-14654 (The Gluster file system through version 4.1.4 is vulnerable to a NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=5f4ae8a80543332a2e92dfa5c7f833ae7b93a664 (release-4.1) NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=dc775c4ae052d1e9d0f61ace3be999f73f0ffa23 (release-5) CVE-2018-14653 (The Gluster file system through versions 4.1.4 and 3.12 is vulnerable ...) - {DLA-1565-1} + {DLA-2806-1 DLA-1565-1} - glusterfs 5.1-1 (bug #912997) - [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release) NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1633431 NOTE: https://review.gluster.org/#/c/glusterfs/+/21528/ @@ -17486,9 +17650,8 @@ CVE-2018-14653 (The Gluster file system through versions 4.1.4 and 3.12 is vulne NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=d3ec5f5a089edb68206b5d4a469358867340d4f7 NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=e2712fbd38477e736f157c9dbfbbae9c253b6c13 CVE-2018-14652 (The Gluster file system through versions 3.12 and 4.1.4 is vulnerable ...) - {DLA-1565-1} + {DLA-2806-1 DLA-1565-1} - glusterfs 5.0-1 (bug #912997) - [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release) NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1632974 NOTE: https://review.gluster.org/#/c/glusterfs/+/21535/ @@ -17557,9 +17720,9 @@ CVE-2018-14641 (A security flaw was found in the ip_frag_reasm() function in net NOTE: https://www.openwall.com/lists/oss-security/2018/09/18/1 NOTE: Fixed by: https://git.kernel.org/linus/5d407b071dc369c26a38398326ee2be53651cfe4 CVE-2018-14640 - RESERVED + REJECTED CVE-2018-14639 - RESERVED + REJECTED CVE-2018-14638 (A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ...) - 389-ds-base 1.4.0.18-1 (bug #908859) [stretch] - 389-ds-base <no-dsa> (Minor issue) @@ -17816,7 +17979,7 @@ CVE-2018-14578 RESERVED CVE-2018-14577 RESERVED -CVE-2018-14576 (The mintToken function of a smart contract implementation for SunContr ...) +CVE-2018-14576 (The mintTokens function of a smart contract implementation for SunCont ...) NOT-FOR-US: smart contract implementation for SunContract CVE-2018-14575 (Trash Bin plugin 1.1.3 for MyBB has cross-site scripting (XSS) via a t ...) NOT-FOR-US: MyBB plugin @@ -17904,7 +18067,7 @@ CVE-2018-14567 (libxml2 2.9.8, if --with-lzma is used, allows remote attackers t {DLA-2369-1 DLA-1524-1} [experimental] - libxml2 2.9.9+dfsg1-1~exp1 - libxml2 2.9.10+dfsg-2 - [buster] - libxml2 <no-dsa> (Minor issue) + [buster] - libxml2 2.9.4+dfsg1-7+deb10u1 NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/13 (not public yet) NOTE: https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74 CVE-2018-14566 @@ -18090,7 +18253,7 @@ CVE-2018-14499 (An issue was found in HYBBS through 2016-03-08. There is an XSS CVE-2018-14498 (get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG th ...) {DLA-2302-1 DLA-1719-1} - libjpeg-turbo 1:2.0.5-1 (low; bug #924678) - [buster] - libjpeg-turbo <no-dsa> (Minor issue) + [buster] - libjpeg-turbo 1:1.5.2-2+deb10u1 - mozjpeg <itp> (bug #741487) NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55 NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/258 @@ -18194,74 +18357,53 @@ CVE-2018-14461 (The LDP parser in tcpdump before 4.9.3 has a buffer over-read in - tcpdump 4.9.3-1 (bug #941698) NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/aa5c6b710dfd8020d2c908d6b3bd41f1da719b3b CVE-2018-14460 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...) - - hdf5 <undetermined> + - hdf5 <unfixed> (unimportant) NOTE: https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README3.md + NOTE: Negligible security impact CVE-2018-14459 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds wri ...) - - libgig <unfixed> (low; bug #931309) - [buster] - libgig <ignored> (Minor issue) - [stretch] - libgig <ignored> (Minor issue) - [jessie] - libgig <no-dsa> (Minor issue) - NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md + - libgig <unfixed> (unimportant; bug #931309) + NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md + NOTE: Negligible security impact CVE-2018-14458 (An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...) - - libgig <unfixed> (low; bug #931309) - [buster] - libgig <ignored> (Minor issue) - [stretch] - libgig <ignored> (Minor issue) - [jessie] - libgig <no-dsa> (Minor issue) - NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md + - libgig <unfixed> (unimportant; bug #931309) + NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md + NOTE: Negligible security impact CVE-2018-14457 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds wri ...) - - libgig <unfixed> (low; bug #931309) - [buster] - libgig <ignored> (Minor issue) - [stretch] - libgig <ignored> (Minor issue) - [jessie] - libgig <no-dsa> (Minor issue) - NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md + - libgig <unfixed> (unimportant; bug #931309) + NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md + NOTE: Negligible security impact CVE-2018-14456 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds wri ...) - - libgig <unfixed> (low; bug #931309) - [buster] - libgig <ignored> (Minor issue) - [stretch] - libgig <ignored> (Minor issue) - [jessie] - libgig <no-dsa> (Minor issue) - NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md + - libgig <unfixed> (unimportant; bug #931309) + NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md + NOTE: Negligible security impact CVE-2018-14455 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds wri ...) - - libgig <unfixed> (low; bug #931309) - [buster] - libgig <ignored> (Minor issue) - [stretch] - libgig <ignored> (Minor issue) - [jessie] - libgig <no-dsa> (Minor issue) - NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md + - libgig <unfixed> (unimportant; bug #931309) + NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md + NOTE: Negligible security impact CVE-2018-14454 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds rea ...) - - libgig <unfixed> (low; bug #931309) - [buster] - libgig <ignored> (Minor issue) - [stretch] - libgig <ignored> (Minor issue) - [jessie] - libgig <no-dsa> (Minor issue) - NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md + - libgig <unfixed> (unimportant; bug #931309) + NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md + NOTE: Negligible security impact CVE-2018-14453 (An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...) - - libgig <unfixed> (low; bug #931309) - [buster] - libgig <ignored> (Minor issue) - [stretch] - libgig <ignored> (Minor issue) - [jessie] - libgig <no-dsa> (Minor issue) - NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md + - libgig <unfixed> (unimportant; bug #931309) + NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md + NOTE: Negligible security impact CVE-2018-14452 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds rea ...) - - libgig <unfixed> (low; bug #931309) - [buster] - libgig <ignored> (Minor issue) - [stretch] - libgig <ignored> (Minor issue) - [jessie] - libgig <no-dsa> (Minor issue) - NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md + - libgig <unfixed> (unimportant; bug #931309) + NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md + NOTE: Negligible security impact CVE-2018-14451 (An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...) - - libgig <unfixed> (low; bug #931309) - [buster] - libgig <ignored> (Minor issue) - [stretch] - libgig <ignored> (Minor issue) - [jessie] - libgig <no-dsa> (Minor issue) - NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md + - libgig <unfixed> (unimportant; bug #931309) + NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md + NOTE: Negligible security impact CVE-2018-14450 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds rea ...) - - libgig <unfixed> (low; bug #931309) - [buster] - libgig <ignored> (Minor issue) - [stretch] - libgig <ignored> (Minor issue) - [jessie] - libgig <no-dsa> (Minor issue) - NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md + - libgig <unfixed> (unimportant; bug #931309) + NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md + NOTE: Negligible security impact CVE-2018-14449 (An issue was discovered in libgig 4.1.0. There is an out of bounds rea ...) - - libgig <unfixed> (low; bug #931309) - [buster] - libgig <ignored> (Minor issue) - [stretch] - libgig <ignored> (Minor issue) - [jessie] - libgig <no-dsa> (Minor issue) - NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md + - libgig <unfixed> (unimportant; bug #931309) + NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md + NOTE: Negligible security impact CVE-2018-14448 (Codec::parse in track.cpp in Untrunc through 2018-06-07 has a NULL poi ...) - untrunc <itp> (bug #702476) CVE-2018-14447 (trim_whitespace in lexer.l in libConfuse v3.2.1 has an out-of-bounds r ...) @@ -18383,7 +18525,7 @@ CVE-2018-14404 (A NULL pointer dereference vulnerability exists in the xpath.c:x {DLA-2369-1 DLA-1524-1} [experimental] - libxml2 2.9.9+dfsg1-1~exp1 - libxml2 2.9.10+dfsg-2 (low; bug #901817) - [buster] - libxml2 <no-dsa> (Minor issue) + [buster] - libxml2 2.9.4+dfsg1-7+deb10u1 NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/5 NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/10 NOTE: https://gitlab.gnome.org/GNOME/libxml2/commit/a436374994c47b12d5de1b8b1d191a098fa23594 @@ -18406,7 +18548,7 @@ CVE-2018-14397 (An issue was discovered in Creme CRM 1.6.12. The organization cr NOT-FOR-US: Creme CRM CVE-2018-14396 (An issue was discovered in Creme CRM 1.6.12. The salesman creation pag ...) NOT-FOR-US: Creme CRM -CVE-2018-14395 (libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause ...) +CVE-2018-14395 (libavformat/movenc.c in FFmpeg 3.2 and 4.0.2 allows attackers to cause ...) {DSA-4258-1} - ffmpeg 7:4.0.2-1 - libav <removed> @@ -18426,19 +18568,19 @@ CVE-2018-14391 CVE-2018-14390 RESERVED CVE-2018-1999001 (A unauthorized modification of configuration vulnerability exists in J ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2018-1999002 (A arbitrary file read vulnerability exists in Jenkins 2.132 and earlie ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2018-1999003 (A Improper authorization vulnerability exists in Jenkins 2.132 and ear ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2018-1999004 (A Improper authorization vulnerability exists in Jenkins 2.132 and ear ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2018-1999005 (A cross-site scripting vulnerability exists in Jenkins 2.132 and earli ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2018-1999006 (A exposure of sensitive information vulnerability exists in Jenkins 2. ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2018-1999007 (A cross-site scripting vulnerability exists in Jenkins 2.132 and earli ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2018-14389 (joyplus-cms 1.6.0 has SQL Injection via the manager/admin_ajax.php val ...) NOT-FOR-US: joyplus-cms CVE-2018-14388 (joyplus-cms 1.6.0 has XSS via the manager/admin_ajax.php can_search_de ...) @@ -19237,8 +19379,8 @@ CVE-2018-14069 (An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnera NOT-FOR-US: SRCMS CVE-2018-14068 (An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability ...) NOT-FOR-US: SRCMS -CVE-2018-14067 - RESERVED +CVE-2018-14067 (Green Packet WiMax DV-360 2.10.14-g1.0.6.1 devices allow Command Injec ...) + NOT-FOR-US: Green Packet WiMax DV-360 devices CVE-2018-14066 (The content://wappush content provider in com.android.provider.telepho ...) NOT-FOR-US: Lenovo CVE-2018-14065 (XMLReader.php in PHPOffice Common before 0.2.9 allows XXE. ...) @@ -19356,10 +19498,11 @@ CVE-2018-14037 (Cross-site scripting (XSS) vulnerability in Progress Kendo UI Ed NOT-FOR-US: Progress Kendo UI Editor CVE-2018-1000211 (Doorkeeper version 4.2.0 and later contains a Incorrect Access Control ...) - ruby-doorkeeper 4.4.2-1 (bug #903980) - [stretch] - ruby-doorkeeper <no-dsa> (Minor issue) + [stretch] - ruby-doorkeeper <ignored> (Minor issue, invasive, no reverse dependencies, require changes in calling code) NOTE: https://github.com/doorkeeper-gem/doorkeeper/issues/891 NOTE: https://github.com/doorkeeper-gem/doorkeeper/pull/1119 - NOTE: https://github.com/doorkeeper-gem/doorkeeper/pull/1031 + NOTE: https://github.com/doorkeeper-gem/doorkeeper/commit/16e76e666b63e0e5e2704dd45b59e426190ddc78 (v4.4.0) + NOTE: Requires changes in the reverse dependencies CVE-2018-1000210 (YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object ...) NOT-FOR-US: YamlDotNet CVE-2018-1000209 (Sensu, Inc. Sensu Core version Before version 1.4.2-3 contains a Insec ...) @@ -19383,25 +19526,30 @@ CVE-2018-14036 (Directory Traversal with ../ sequences occurs in AccountsService NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=107085 NOTE: https://gitlab.freedesktop.org/accountsservice/accountsservice/commit/f9abd359f71a5bce421b9ae23432f539a067847a CVE-2018-14035 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...) - - hdf5 <undetermined> + - hdf5 <unfixed> (unimportant) NOTE: https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md + NOTE: Negligible security impact CVE-2018-14034 (An issue was discovered in the HDF HDF5 1.8.20 library. There is an ou ...) - - hdf5 <undetermined> + - hdf5 <unfixed> (unimportant) NOTE: https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md + NOTE: Negligible security impact CVE-2018-14033 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...) - - hdf5 <undetermined> + - hdf5 <unfixed> (unimportant) NOTE: https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md + NOTE: Negligible security impact CVE-2018-14032 REJECTED CVE-2018-14031 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...) - - hdf5 <undetermined> + - hdf5 <unfixed> (unimportant) NOTE: https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md + NOTE: Negligible security impact CVE-2018-14030 RESERVED CVE-2018-14029 (CSRF vulnerability in admin/user/edit in Creatiwity wityCMS 0.6.2 allo ...) NOT-FOR-US: Creatiwity wityCMS CVE-2018-14028 (In WordPress 4.9.7, plugins uploaded via the admin area are not verifi ...) - wordpress <unfixed> (bug #906565) + [bullseye] - wordpress <postponed> (Minor issue, revisit when fixed upstream) [buster] - wordpress <postponed> (Minor issue, revisit when fixed upstream) [stretch] - wordpress <postponed> (Minor issue, no sanctioned patch) [jessie] - wordpress <postponed> (Minor issue, no sanctioned patch) @@ -19512,8 +19660,8 @@ CVE-2018-13984 CVE-2018-13983 (ImpressCMS 1.3.10 has XSS via the PATH_INFO to htdocs/install/index.ph ...) NOT-FOR-US: ImpressCMS CVE-2018-13982 (Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is pro ...) + {DLA-2618-1} - smarty3 3.1.33+20180830.1.3a78a21f+selfpack1-1 - [stretch] - smarty3 <no-dsa> (Minor issue; can be fixed via point release) [jessie] - smarty3 <not-affected> (vulnerable code not present) NOTE: https://github.com/smarty-php/smarty/commit/8d21f38dc35c4cd6b31c2f23fc9b8e5adbc56dfe NOTE: https://github.com/smarty-php/smarty/commit/f9ca3c63d1250bb56b2bda609dcc9dd81f0065f8 @@ -19528,123 +19676,123 @@ CVE-2018-13981 (The websites that were built from Zeta Producer Desktop CMS befo CVE-2018-13980 (The websites that were built from Zeta Producer Desktop CMS before 14. ...) NOT-FOR-US: Zeta Producer Desktop CMS CVE-2018-13979 - RESERVED + REJECTED CVE-2018-13978 - RESERVED + REJECTED CVE-2018-13977 - RESERVED + REJECTED CVE-2018-13976 - RESERVED + REJECTED CVE-2018-13975 - RESERVED + REJECTED CVE-2018-13974 - RESERVED + REJECTED CVE-2018-13973 - RESERVED + REJECTED CVE-2018-13972 - RESERVED + REJECTED CVE-2018-13971 - RESERVED + REJECTED CVE-2018-13970 - RESERVED + REJECTED CVE-2018-13969 - RESERVED + REJECTED CVE-2018-13968 - RESERVED + REJECTED CVE-2018-13967 - RESERVED + REJECTED CVE-2018-13966 - RESERVED + REJECTED CVE-2018-13965 - RESERVED + REJECTED CVE-2018-13964 - RESERVED + REJECTED CVE-2018-13963 - RESERVED + REJECTED CVE-2018-13962 - RESERVED + REJECTED CVE-2018-13961 - RESERVED + REJECTED CVE-2018-13960 - RESERVED + REJECTED CVE-2018-13959 - RESERVED + REJECTED CVE-2018-13958 - RESERVED + REJECTED CVE-2018-13957 - RESERVED + REJECTED CVE-2018-13956 - RESERVED + REJECTED CVE-2018-13955 - RESERVED + REJECTED CVE-2018-13954 - RESERVED + REJECTED CVE-2018-13953 - RESERVED + REJECTED CVE-2018-13952 - RESERVED + REJECTED CVE-2018-13951 - RESERVED + REJECTED CVE-2018-13950 - RESERVED + REJECTED CVE-2018-13949 - RESERVED + REJECTED CVE-2018-13948 - RESERVED + REJECTED CVE-2018-13947 - RESERVED + REJECTED CVE-2018-13946 - RESERVED + REJECTED CVE-2018-13945 - RESERVED + REJECTED CVE-2018-13944 - RESERVED + REJECTED CVE-2018-13943 - RESERVED + REJECTED CVE-2018-13942 - RESERVED + REJECTED CVE-2018-13941 - RESERVED + REJECTED CVE-2018-13940 - RESERVED + REJECTED CVE-2018-13939 - RESERVED + REJECTED CVE-2018-13938 - RESERVED + REJECTED CVE-2018-13937 - RESERVED + REJECTED CVE-2018-13936 - RESERVED + REJECTED CVE-2018-13935 - RESERVED + REJECTED CVE-2018-13934 - RESERVED + REJECTED CVE-2018-13933 - RESERVED + REJECTED CVE-2018-13932 - RESERVED + REJECTED CVE-2018-13931 - RESERVED + REJECTED CVE-2018-13930 - RESERVED + REJECTED CVE-2018-13929 - RESERVED + REJECTED CVE-2018-13928 - RESERVED + REJECTED CVE-2018-13927 (Debug policy with invalid signature can be loaded when the debug polic ...) NOT-FOR-US: Snapdragon CVE-2018-13926 - RESERVED + REJECTED CVE-2018-13925 (Error in parsing PMT table frees the memory allocated for the map sect ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-13924 (Lack of check to prevent the buffer length taking negative values can ...) NOT-FOR-US: Snapdragon CVE-2018-13923 - RESERVED + REJECTED CVE-2018-13922 - RESERVED + REJECTED CVE-2018-13921 - RESERVED + REJECTED CVE-2018-13920 (Use-after-free condition due to Improper handling of hrtimers when the ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-13919 (Use-after-free vulnerability will occur if reset of the routing table ...) @@ -19657,7 +19805,7 @@ CVE-2018-13917 CVE-2018-13916 (Out-of-bounds memory access in Qurt kernel function when using the ide ...) NOT-FOR-US: Snapdragon CVE-2018-13915 - RESERVED + REJECTED CVE-2018-13914 (Lack of input validation for data received from user space can lead to ...) NOT-FOR-US: CodeAurora components for Android CVE-2018-13913 (Improper validation of array index can lead to unauthorized access whi ...) @@ -19703,11 +19851,11 @@ CVE-2018-13894 CVE-2018-13893 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...) NOT-FOR-US: CodeAurora components for Android CVE-2018-13892 - RESERVED + REJECTED CVE-2018-13891 - RESERVED + REJECTED CVE-2018-13890 - RESERVED + REJECTED CVE-2018-13889 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...) NOT-FOR-US: CodeAurora components for Android CVE-2018-13888 (There is potential for memory corruption in the RIL daemon due to de r ...) @@ -19721,13 +19869,13 @@ CVE-2018-13885 (Possible memory overread may be lead to access of sensitive data CVE-2018-13884 REJECTED CVE-2018-13883 - RESERVED + REJECTED CVE-2018-13882 - RESERVED + REJECTED CVE-2018-13881 - RESERVED + REJECTED CVE-2018-13880 - RESERVED + REJECTED CVE-2018-13879 (A reflected XSS issue was discovered in the registration form in Rocke ...) NOT-FOR-US: Rocket.Chat CVE-2018-13878 (An XSS issue was discovered in packages/rocketchat-mentions/Mentions.j ...) @@ -19735,37 +19883,37 @@ CVE-2018-13878 (An XSS issue was discovered in packages/rocketchat-mentions/Ment CVE-2018-13877 (The doPayouts() function of the smart contract implementation for Mega ...) NOT-FOR-US: MegaCryptoPolis CVE-2018-13876 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a sta ...) - - hdf5 <undetermined> + NOTE: Negligible HDF crash, never properly reported upstrem NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5 CVE-2018-13875 (An issue was discovered in the HDF HDF5 1.8.20 library. There is an ou ...) - - hdf5 <undetermined> + NOTE: Negligible HDF crash, never properly reported upstrem NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5 CVE-2018-13874 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a sta ...) - - hdf5 <undetermined> + NOTE: Negligible HDF crash, never properly reported upstrem NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5 CVE-2018-13873 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a buf ...) - - hdf5 <undetermined> + NOTE: Negligible HDF crash, never properly reported upstrem NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5 CVE-2018-13872 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...) - - hdf5 <undetermined> + NOTE: Negligible HDF crash, never properly reported upstrem NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5 CVE-2018-13871 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...) - - hdf5 <undetermined> NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5 + NOTE: Negligible HDF crash, never properly reported upstrem CVE-2018-13870 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...) - - hdf5 <undetermined> + NOTE: Negligible HDF crash, never properly reported upstrem NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5 CVE-2018-13869 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a mem ...) - - hdf5 <undetermined> + NOTE: Negligible HDF crash, never properly reported upstrem NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5 CVE-2018-13868 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...) - - hdf5 <undetermined> + NOTE: Negligible HDF crash, never properly reported upstrem NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5 CVE-2018-13867 (An issue was discovered in the HDF HDF5 1.8.20 library. There is an ou ...) - - hdf5 <undetermined> + NOTE: Negligible HDF crash, never properly reported upstrem NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5 CVE-2018-13866 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a sta ...) - - hdf5 <undetermined> + NOTE: Negligible HDF crash, never properly reported upstrem NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5 CVE-2018-13865 (An issue was discovered in idreamsoft iCMS 7.0.9. XSS exists via the c ...) NOT-FOR-US: idreamsoft iCMS @@ -19813,7 +19961,7 @@ CVE-2018-13845 (An issue has been found in HTSlib 1.8. It is a buffer over-read [stretch] - htslib <no-dsa> (Minor issue) [jessie] - htslib <no-dsa> (Minor issue) NOTE: https://github.com/samtools/htslib/issues/731#issuecomment-403681105 -CVE-2018-13844 (An issue has been found in HTSlib 1.8. It is a memory leak in fai_read ...) +CVE-2018-13844 (** DISPUTED ** An issue has been found in HTSlib 1.8. It is a memory l ...) - htslib 1.9-2 (low) [stretch] - htslib <no-dsa> (Minor issue) [jessie] - htslib <no-dsa> (Minor issue) @@ -20823,11 +20971,11 @@ CVE-2018-13385 (There was an argument injection vulnerability in Sourcetree for NOT-FOR-US: Atlassian Sourcetree CVE-2018-13384 (A Host Header Redirection vulnerability in Fortinet FortiOS all versio ...) NOT-FOR-US: Fortinet FortiOS -CVE-2018-13383 (A heap buffer overflow in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5. ...) +CVE-2018-13383 (A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 ...) NOT-FOR-US: Fortinet FortiOS CVE-2018-13382 (An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6 ...) NOT-FOR-US: Fortinet FortiOS -CVE-2018-13381 (A buffer overflow vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5. ...) +CVE-2018-13381 (A buffer overflow vulnerability in Fortinet FortiOS 6.0.0 through 6.0. ...) NOT-FOR-US: Fortinet FortiOS CVE-2018-13380 (A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 t ...) NOT-FOR-US: Fortinet FortiOS @@ -20841,7 +20989,7 @@ CVE-2018-13376 (An uninitialized memory buffer leak exists in Fortinet FortiOS 5 NOT-FOR-US: Fortinet FortiOS CVE-2018-13375 (An Improper Neutralization of Script-Related HTML Tags in Fortinet For ...) NOT-FOR-US: FortiAnalyzer and FortiManager -CVE-2018-13374 (A Improper Access Control in Fortinet FortiOS allows attacker to obtai ...) +CVE-2018-13374 (A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, ...) NOT-FOR-US: Fortinet FortiOS CVE-2018-13373 RESERVED @@ -21005,7 +21153,7 @@ CVE-2018-13301 (In FFmpeg 4.0.1, due to a missing check of a profile value befor [jessie] - libav <not-affected> (Vulnerable code path not present) NOTE: https://github.com/FFmpeg/FFmpeg/commit/2aa9047486dbff12d9e040f917e5f799ed2fd78b NOTE: It looks like Jessie is not affected but we need the reproducer to confirm this assumption. -CVE-2018-13300 (In FFmpeg 4.0.1, an improper argument (AVCodecParameters) passed to th ...) +CVE-2018-13300 (In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) pass ...) {DSA-4249-1} - ffmpeg 7:3.4.3-1 - libav <removed> @@ -21093,8 +21241,8 @@ CVE-2018-13261 CVE-2018-13260 REJECTED CVE-2018-13259 (An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 ...) + {DLA-2470-1} - zsh 5.6-1 (bug #908000) - [stretch] - zsh <no-dsa> (Minor issue) [jessie] - zsh <no-dsa> (Minor issue) NOTE: https://www.zsh.org/mla/zsh-announce/136 NOTE: https://sourceforge.net/p/zsh/code/ci/1c4c7b6a4d17294df028322b70c53803a402233d @@ -21624,7 +21772,7 @@ CVE-2018-13033 (The Binary File Descriptor (BFD) library (aka libbfd), as distri NOTE: binutils not covered by security support CVE-2018-13032 (ECESSA ShieldLink SL175EHQ 10.7.4 devices have CSRF to add superuser a ...) NOT-FOR-US: ECESSA ShieldLink -CVE-2018-13031 (DamiCMS v6.0.0 allows CSRF via admin.php?s=/Admin/doadd to add an admi ...) +CVE-2018-13031 (DamiCMS v6.0.0 aand 6.1.0 allows CSRF via admin.php?s=/Admin/doadd to ...) NOT-FOR-US: DamiCMS CVE-2018-13030 (An issue was discovered in jpeg-compressor 0.1. The build_huffman func ...) NOT-FOR-US: jpeg-compressor @@ -21729,6 +21877,7 @@ CVE-2018-12984 (Hycus CMS 1.0.4 allows Authentication Bypass via "'=' 'OR'" cred NOT-FOR-US: Hycus CMS CVE-2018-12983 (A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryp ...) - libpodofo <unfixed> (low; bug #916580) + [bullseye] - libpodofo <no-dsa> (Minor issue) [buster] - libpodofo <no-dsa> (Minor issue) [stretch] - libpodofo <no-dsa> (Minor issue) [jessie] - libpodofo <no-dsa> (Minor issue) @@ -21874,6 +22023,7 @@ CVE-2018-12929 (ntfs_read_locked_inode in the ntfs.ko filesystem driver in the L [jessie] - linux <ignored> (ntfs is not supportable) CVE-2018-12928 (In the Linux kernel 4.15.0, a NULL pointer dereference was discovered ...) - linux <unfixed> (low) + [bullseye] - linux <ignored> (Minor issue) [buster] - linux <ignored> (Minor issue) [stretch] - linux <ignored> (Minor issue) - linux-4.9 <removed> @@ -21990,8 +22140,8 @@ CVE-2018-12888 CVE-2018-12887 RESERVED CVE-2018-12886 (stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in fu ...) - - gcc-snapshot <unfixed> - gcc-8 <unfixed> + [bullseye] - gcc-8 <ignored> (Too intrusive to backport) [buster] - gcc-8 <ignored> (Too intrusive to backport) - gcc-7 <unfixed> [buster] - gcc-7 <ignored> (Too intrusive to backport) @@ -22001,7 +22151,8 @@ CVE-2018-12886 (stack_protect_prologue in cfgexpand.c and stack_protect_epilogue [jessie] - gcc-4.9 <ignored> (Too intrusive to backport) - gcc-4.8 <removed> [jessie] - gcc-4.8 <ignored> (Too intrusive to backport) - NOTE: https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=266379&view=markup + NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85434 + NOTE: https://gcc.gnu.org/git/?p=gcc.git&a=commit;h=89d7557202d25a393666ac4c0f7dbdab31e452a2 CVE-2018-12885 (The randMod() function of the smart contract implementation for MyCryp ...) NOT-FOR-US: MyCryptoChamp CVE-2018-12884 (In Octopus Deploy 3.0 onwards (before 2018.6.7), an authenticated user ...) @@ -22410,12 +22561,8 @@ CVE-2018-12702 (The approveAndCallcode function of a smart contract implementati NOT-FOR-US: Globalvillage ecosystem CVE-2018-12701 RESERVED -CVE-2018-12700 (A Stack Exhaustion issue was discovered in debug_write_type in debug.c ...) - - binutils 2.32.51.20190707-1 (unimportant) - NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454 - NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23057 - NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9 - NOTE: binutils not covered by security support +CVE-2018-12700 + REJECTED CVE-2018-12699 (finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause ...) - binutils 2.32.51.20190707-1 (unimportant) NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454 @@ -22454,9 +22601,11 @@ CVE-2018-12689 (phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id NOTE: Non-security issue as demostrated in https://bugs.debian.org/902186 NOTE: and disputed as security issue. Should be properly rejected by MITRE. CVE-2018-12688 (tinyexr 0.9.5 has a segmentation fault in the wav2Decode function. ...) - NOT-FOR-US: tinyexr + - tinyexr <undetermined> + NOTE: https://github.com/syoyo/tinyexr/issues/83 CVE-2018-12687 (tinyexr 0.9.5 has an assertion failure in DecodePixelData in tinyexr.h ...) - NOT-FOR-US: tinyexr + - tinyexr <undetermined> + NOTE: https://github.com/syoyo/tinyexr/issues/84 CVE-2018-12686 RESERVED CVE-2018-12685 @@ -22682,9 +22831,8 @@ CVE-2018-1000519 (aio-libs aiohttp-session contains a Session Fixation vulnerabi CVE-2018-1000518 (aaugustin websockets version 4 contains a CWE-409: Improper Handling o ...) NOT-FOR-US: aaugustin websockets CVE-2018-1000517 (BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c ...) - {DLA-1445-1} + {DLA-2559-1 DLA-1445-1} - busybox 1:1.27.2-3 (low; bug #902724) - [stretch] - busybox <no-dsa> (Minor issue; can be fixed via point release) NOTE: https://git.busybox.net/busybox/commit/?id=8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e CVE-2018-1000516 (The Galaxy Project Galaxy version v14.10 contains a CWE-79: Improper N ...) NOT-FOR-US: Galaxy Project Galaxy @@ -22878,9 +23026,8 @@ CVE-2018-12586 CVE-2018-12585 (An XXE vulnerability in the OPC UA Java and .NET Legacy Stack can allo ...) NOT-FOR-US: OPC UA Java and .NET Legacy Stack CVE-2018-12584 (The ConnectionBase::preparseNewBytes function in resip/stack/Connectio ...) - {DLA-1439-1} + {DLA-2865-1 DLA-1439-1} - resiprocate <removed> (bug #905495) - [stretch] - resiprocate <no-dsa> (Minor issue) NOTE: http://joachimdezutter.webredirect.org/advisory.html NOTE: https://github.com/resiprocate/resiprocate/commit/2cb291191c93c7c4e371e22cb89805a5b31d6608 CVE-2018-12583 (An issue was discovered in AKCMS 6.1. CSRF can delete an article via a ...) @@ -23043,13 +23190,16 @@ CVE-2018-12538 (In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the op CVE-2018-12537 (In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response header ...) NOT-FOR-US: Eclipse Vertx CVE-2018-12536 (In Eclipse Jetty Server, all 9.x versions, on webapps deployed using d ...) + {DLA-2661-1} - jetty9 9.2.25-1 (low; bug #902774) - [stretch] - jetty9 <ignored> (Harmless information leak) - jetty8 <removed> [jessie] - jetty8 <ignored> (Harmless information leak) - jetty <removed> [jessie] - jetty <ignored> (Harmless information leak) NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=535670 + NOTE: https://github.com/eclipse/jetty.project/issues/2560 + NOTE: Introduced by https://github.com/eclipse/jetty.project/commit/9f844383cdb528d67ec69895dd8c6117b6e36e13 (v9.3) + NOTE: Marked as fixed by 9.2.25 at https://www.eclipse.org/jetty/security_reports.php but no related commit found for 9.2.x CVE-2018-12535 RESERVED CVE-2018-12534 (A SQL injection issue was discovered in the Quick Chat plugin before 4 ...) @@ -23118,9 +23268,13 @@ CVE-2018-12506 CVE-2018-12505 RESERVED CVE-2018-12504 (tinyexr 0.9.5 has an assertion failure in ComputeChannelLayout in tiny ...) - NOT-FOR-US: tinyexr + - tinyexr <not-affected> (Fixed before initial upload to Debian) + NOTE: https://github.com/ChijinZ/security_advisories/tree/master/tinyexr_b53a457 + NOTE: https://github.com/syoyo/tinyexr/issues/82 CVE-2018-12503 (tinyexr 0.9.5 has a heap-based buffer over-read in LoadEXRImageFromMem ...) - NOT-FOR-US: tinyexr + - tinyexr <not-affected> (Fixed before initial upload to Debian) + NOTE: https://github.com/syoyo/tinyexr/issues/81 + NOTE: https://github.com/ChijinZ/security_advisories/tree/master/tinyexr_65f9859#duplicated-cve-2018-12503-heap-buffer-overflow-in-function-tinyexrloadexrimagefromfile-tinyexrh11593 CVE-2018-12502 RESERVED CVE-2018-12501 (Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335. ...) @@ -23282,8 +23436,6 @@ CVE-2018-12439 (MatrixSSL through 3.9.5 Open allows a memory-cache side-channel - matrixssl <removed> CVE-2018-12438 (The Elliptic Curve Cryptography library (aka sunec or libsunec) allows ...) - openjdk-7 <not-affected> (Didn't include/build sunec, see #750400) - - openjdk-8 <undetermined> - - openjdk-11 <undetermined> CVE-2018-12437 (LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack o ...) - libtomcrypt 1.18.2-1 (low; bug #901626) [stretch] - libtomcrypt <no-dsa> (Minor issue) @@ -23369,7 +23521,7 @@ CVE-2018-12405 (Mozilla developers and community members reported memory safety NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/#CVE-2018-12405 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-31/#CVE-2018-12405 CVE-2018-12404 (A cached side channel attack during handshakes using RSA encryption co ...) - {DLA-1704-1} + {DLA-2388-1 DLA-1704-1} - nss 2:3.41-1 NOTE: http://cat.eyalro.net/ NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1485864 (not public) @@ -24303,26 +24455,30 @@ CVE-2018-12098 (** DISPUTED ** The liblnk_data_block_read function in liblnk_dat NOTE: https://github.com/libyal/liblnk/issues/33 NOTE: Questionable/negligabe security impact CVE-2018-12097 (** DISPUTED ** The liblnk_location_information_read_data function in l ...) - - liblnk <unfixed> (unimportant; bug #901962) + - liblnk 20180626-1 (unimportant; bug #901962) NOTE: http://seclists.org/fulldisclosure/2018/Jun/33 NOTE: https://github.com/libyal/liblnk/commit/cb7fe0c66a5a01c19f1953fc7814c4fedfdc5785 NOTE: https://github.com/libyal/liblnk/issues/32 NOTE: https://github.com/libyal/liblnk/issues/33 NOTE: Questionable/negligabe security impact CVE-2018-12096 (** DISPUTED ** The liblnk_data_string_get_utf8_string_size function in ...) - - liblnk <unfixed> (unimportant; bug #901962) + - liblnk 20180626-1 (unimportant; bug #901962) NOTE: http://seclists.org/fulldisclosure/2018/Jun/33 NOTE: https://github.com/libyal/liblnk/issues/32 NOTE: https://github.com/libyal/liblnk/issues/33 + NOTE: https://github.com/libyal/libuna/commit/aca678aa7e49ca628f1b27a53fdea883fa8764bb + NOTE: https://github.com/libyal/libuna/commit/f22aca8b649afe5cef529d9268186bfe591b7f89 NOTE: Questionable/negligabe security impact CVE-2018-12095 (A Reflected Cross-Site Scripting web vulnerability has been discovered ...) NOT-FOR-US: OEcms CVE-2018-12094 (Cross-site scripting (XSS) vulnerability in news.php in Dimofinf CMS V ...) NOT-FOR-US: Dimofinf CMS CVE-2018-12093 (tinyexr 0.9.5 has a memory leak in ParseEXRHeaderFromMemory in tinyexr ...) - NOT-FOR-US: tinyexr + - tinyexr <not-affected> (Fixed with initial upload to Debian) + NOTE: https://github.com/syoyo/tinyexr/issues/79 CVE-2018-12092 (tinyexr 0.9.5 has a heap-based buffer over-read in tinyexr::DecodePixe ...) - NOT-FOR-US: tinyexr + - tinyexr <not-affected> (Fixed with initial upload to Debian) + NOTE: https://github.com/syoyo/tinyexr/issues/78 CVE-2018-12091 RESERVED CVE-2018-12090 (There is unauthenticated reflected cross-site scripting (XSS) in LAMS ...) @@ -24393,7 +24549,8 @@ CVE-2018-12067 (The sell function of a smart contract implementation for Substra CVE-2018-12065 (A Local File Inclusion vulnerability in /system/WCore/WHelper.php in C ...) NOT-FOR-US: wityCMS CVE-2018-12064 (tinyexr 0.9.5 has a heap-based buffer over-read via tinyexr::ReadChann ...) - NOT-FOR-US: tinyexr + - tinyexr <undetermined> + NOTE: https://github.com/ChijinZ/security_advisories/tree/master/tinyexr_7953aea CVE-2018-12063 (The sell function of a smart contract implementation for Internet Node ...) NOT-FOR-US: Internet Node Token CVE-2018-12062 (The sell function of a smart contract implementation for SwftCoin (SWF ...) @@ -24531,7 +24688,7 @@ CVE-2018-12021 (Singularity 2.3.0 through 2.5.1 is affected by an incorrect acce - singularity-container 2.5.2-1 NOTE: https://github.com/singularityware/singularity/releases/tag/2.5.2 CVE-2018-12020 (mainproc.c in GnuPG before 2.2.8 mishandles the original filename duri ...) - {DSA-4224-1 DSA-4223-1 DSA-4222-1} + {DSA-4224-1 DSA-4223-1 DSA-4222-1 DLA-2862-1} - enigmail 2:2.0.7-1 [jessie] - enigmail <end-of-life> (see https://lists.debian.org/debian-lts-announce/2019/02/msg00002.html) - gnupg2 2.2.8-1 @@ -24549,7 +24706,7 @@ CVE-2018-12019 (The signature verification routine in Enigmail before 2.0.7 inte NOTE: https://www.openwall.com/lists/oss-security/2018/06/13/10 NOTE: https://neopg.io/blog/enigmail-signature-spoof/ CVE-2018-12018 (The GetBlockHeadersMsg handler in the LES protocol implementation in G ...) - NOT-FOR-US: Go Ethereum + - golang-github-go-ethereum <itp> (bug #890541) CVE-2018-12017 RESERVED CVE-2018-12016 (libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows rem ...) @@ -24566,11 +24723,11 @@ CVE-2018-12011 (In all android releases(Android for MSM, Firefox OS for MSM, QRD CVE-2018-12010 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...) NOT-FOR-US: CodeAurora components for Android CVE-2018-12009 - RESERVED + REJECTED CVE-2018-12008 - RESERVED + REJECTED CVE-2018-12007 - RESERVED + REJECTED CVE-2018-12006 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...) NOT-FOR-US: CodeAurora components for Android CVE-2018-12005 (An unprivileged user can issue a binder call and cause a system halt i ...) @@ -24578,19 +24735,19 @@ CVE-2018-12005 (An unprivileged user can issue a binder call and cause a system CVE-2018-12004 (Secure keypad is unlocked with secure display still intact in Snapdrag ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-12003 - RESERVED + REJECTED CVE-2018-12002 - RESERVED + REJECTED CVE-2018-12001 - RESERVED + REJECTED CVE-2018-12000 - RESERVED + REJECTED CVE-2018-11999 (Improper input validation in trustzone can lead to denial of service i ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11998 (While processing a packet decode request in MQTT, Race condition can o ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11997 - RESERVED + REJECTED CVE-2018-11996 (When a malformed command is sent to the device programmer, an out-of-b ...) NOT-FOR-US: Snapdragon CVE-2018-11995 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...) @@ -24600,11 +24757,11 @@ CVE-2018-11994 (SMMU secure camera logic allows secure camera controllers to acc CVE-2018-11993 (Improper check while accessing the local memory stack on MQTT connecti ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11992 - RESERVED + REJECTED CVE-2018-11991 - RESERVED + REJECTED CVE-2018-11990 - RESERVED + REJECTED CVE-2018-11989 REJECTED CVE-2018-11988 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...) @@ -24629,7 +24786,7 @@ CVE-2018-11981 CVE-2018-11980 (When a fake broadcast/multicast 11w rmf without mmie received, since n ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11979 - RESERVED + REJECTED CVE-2018-11978 REJECTED CVE-2018-11977 @@ -24673,13 +24830,13 @@ CVE-2018-11959 CVE-2018-11958 (Insufficient protection of keys in keypad can lead HLOS to gain access ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11957 - RESERVED + REJECTED CVE-2018-11956 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...) NOT-FOR-US: Android CVE-2018-11955 (Lack of check on length of reason-code fetched from payload may lead d ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11954 - RESERVED + REJECTED CVE-2018-11953 (While processing ssid IE length from remote AP, possible out-of-bounds ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11952 @@ -24700,7 +24857,7 @@ CVE-2018-11946 (In all android releases(Android for MSM, Firefox OS for MSM, QRD CVE-2018-11945 (Improper input validation in wireless service messaging module for dat ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11944 - RESERVED + REJECTED CVE-2018-11943 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11942 (Failure to initialize the reserved memory which is sent to the firmwar ...) @@ -24736,7 +24893,7 @@ CVE-2018-11928 (Lack of check on length parameter may cause buffer overflow whil CVE-2018-11927 (Improper input validation on input which is used as an array index wil ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11926 - RESERVED + REJECTED CVE-2018-11925 (Data length received from firmware is not validated against the max al ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11924 (Improper buffer length validation in WLAN function can lead to a poten ...) @@ -24758,7 +24915,7 @@ CVE-2018-11917 CVE-2018-11916 RESERVED CVE-2018-11915 - RESERVED + REJECTED CVE-2018-11914 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11913 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...) @@ -24786,9 +24943,9 @@ CVE-2018-11903 (In all android releases (Android for MSM, Firefox OS for MSM, QR CVE-2018-11902 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11901 - RESERVED + REJECTED CVE-2018-11900 - RESERVED + REJECTED CVE-2018-11899 (While processing radio connection status change events, Radio index is ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11898 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...) @@ -24796,7 +24953,7 @@ CVE-2018-11898 (In all android releases (Android for MSM, Firefox OS for MSM, QR CVE-2018-11897 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11896 - RESERVED + REJECTED CVE-2018-11895 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11894 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...) @@ -24808,17 +24965,17 @@ CVE-2018-11892 CVE-2018-11891 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11890 - RESERVED + REJECTED CVE-2018-11889 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11888 (Unauthorized access may be allowed by the SCP11 Crypto Services TA wil ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11887 - RESERVED + REJECTED CVE-2018-11886 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11885 - RESERVED + REJECTED CVE-2018-11884 (Improper input validation leads to buffer overflow while processing ne ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11883 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...) @@ -24892,7 +25049,7 @@ CVE-2018-11850 (Lack of check on remaining length parameter When processing scan CVE-2018-11849 (Lack of check on out of range of bssid parameter When processing scan ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11848 - RESERVED + REJECTED CVE-2018-11847 (Malicious TA can tag QSEE kernel memory and map to EL0, there by corru ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11846 (The use of a non-time-constant memory comparison operation can lead to ...) @@ -24900,37 +25057,37 @@ CVE-2018-11846 (The use of a non-time-constant memory comparison operation can l CVE-2018-11845 (Usage of non-time-constant comparison functions can lead to informatio ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11844 - RESERVED + REJECTED CVE-2018-11843 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11842 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11841 - RESERVED + REJECTED CVE-2018-11840 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11839 - RESERVED + REJECTED CVE-2018-11838 (Possible double free issue in WLAN due to lack of checking memory free ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11837 - RESERVED + REJECTED CVE-2018-11836 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11835 - RESERVED + REJECTED CVE-2018-11834 - RESERVED + REJECTED CVE-2018-11833 - RESERVED + REJECTED CVE-2018-11832 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...) NOT-FOR-US: Android kernel, code not in mainline CVE-2018-11831 - RESERVED + REJECTED CVE-2018-11830 (Improper input validation in QCPE create function may lead to integer ...) NOT-FOR-US: Snapdragon CVE-2018-11829 - RESERVED + REJECTED CVE-2018-11828 (When FW tries to get random mac address generated from new SW RNG and ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11827 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...) @@ -25023,11 +25180,11 @@ CVE-2018-1000197 (An improper authorization vulnerability exists in Jenkins Blac CVE-2018-1000196 (A exposure of sensitive information vulnerability exists in Jenkins Gi ...) NOT-FOR-US: Jenkins plugin CVE-2018-1000195 (A server-side request forgery vulnerability exists in Jenkins 2.120 an ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2018-1000194 (A path traversal vulnerability exists in Jenkins 2.120 and older, LTS ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2018-1000193 (A improper neutralization of control sequences vulnerability exists in ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2018-12015 (In Perl through 5.26.2, the Archive::Tar module allows remote attacker ...) {DSA-4226-1} - perl 5.26.2-6 (bug #900834) @@ -25163,8 +25320,8 @@ CVE-2018-11776 (Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer fr - libstruts1.2-java <not-affected> (Specific to 2.x) NOTE: https://cwiki.apache.org/confluence/display/WW/S2-057 CVE-2018-11775 (TLS hostname verification when using the Apache ActiveMQ Client before ...) + {DLA-2583-1} - activemq 5.15.6-1 (low; bug #908950) - [stretch] - activemq <no-dsa> (Minor issue) [jessie] - activemq <no-dsa> (Minor issue) NOTE: http://activemq.apache.org/security-advisories.data/CVE-2018-11775-announcement.txt NOTE: https://git-wip-us.apache.org/repos/asf?p=activemq.git;a=commit;h=bde7097fb8173cf871827df7811b3865679b963d @@ -25192,10 +25349,10 @@ CVE-2018-11767 (In Apache Hadoop 2.9.0 to 2.9.1, 2.8.3 to 2.8.4, 2.7.5 to 2.7.6, - hadoop <itp> (bug #793644) CVE-2018-11766 (In Apache Hadoop 2.7.4 to 2.7.6, the security fix for CVE-2016-6811 is ...) - hadoop <itp> (bug #793644) -CVE-2018-11765 - RESERVED -CVE-2018-11764 - RESERVED +CVE-2018-11765 (In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 ...) + - hadoop <itp> (bug #793644) +CVE-2018-11764 (Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alp ...) + - hadoop <itp> (bug #793644) CVE-2018-11763 (In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large S ...) - apache2 2.4.35-1 (bug #909591) [stretch] - apache2 2.4.25-3+deb9u6 @@ -25264,25 +25421,29 @@ CVE-2018-11741 (NEC Univerge Sv9100 WebPro 6.00.00 devices have Predictable Sess NOT-FOR-US: NEC Univerge Sv9100 WebPro devices CVE-2018-11740 (An issue was discovered in libtskbase.a in The Sleuth Kit (TSK) from r ...) - sleuthkit <unfixed> (low; bug #902187) - [buster] - sleuthkit <no-dsa> (Minor issue) + [bullseye] - sleuthkit <ignored> (Minor issue) + [buster] - sleuthkit <ignored> (Minor issue) [stretch] - sleuthkit <no-dsa> (Minor issue) [jessie] - sleuthkit <no-dsa> (Minor issue) NOTE: https://github.com/sleuthkit/sleuthkit/issues/1264 CVE-2018-11739 (An issue was discovered in libtskimg.a in The Sleuth Kit (TSK) from re ...) - sleuthkit <unfixed> (low; bug #902187) - [buster] - sleuthkit <no-dsa> (Minor issue) + [bullseye] - sleuthkit <ignored> (Minor issue) + [buster] - sleuthkit <ignored> (Minor issue) [stretch] - sleuthkit <no-dsa> (Minor issue) [jessie] - sleuthkit <no-dsa> (Minor issue) NOTE: https://github.com/sleuthkit/sleuthkit/issues/1267 CVE-2018-11738 (An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from rel ...) - sleuthkit <unfixed> (low; bug #902187) - [buster] - sleuthkit <no-dsa> (Minor issue) + [bullseye] - sleuthkit <ignored> (Minor issue) + [buster] - sleuthkit <ignored> (Minor issue) [stretch] - sleuthkit <no-dsa> (Minor issue) [jessie] - sleuthkit <no-dsa> (Minor issue) NOTE: https://github.com/sleuthkit/sleuthkit/issues/1265 CVE-2018-11737 (An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from rel ...) - sleuthkit <unfixed> (low; bug #902187) - [buster] - sleuthkit <no-dsa> (Minor issue) + [bullseye] - sleuthkit <ignored> (Minor issue) + [buster] - sleuthkit <ignored> (Minor issue) [stretch] - sleuthkit <no-dsa> (Minor issue) [jessie] - sleuthkit <no-dsa> (Minor issue) NOTE: https://github.com/sleuthkit/sleuthkit/issues/1266 @@ -25334,11 +25495,17 @@ CVE-2018-11727 (** DISPUTED ** The libfsntfs_attribute_read_from_mft function in NOTE: https://github.com/libyal/libfsntfs/commit/7a17c43be39919227b4fe24684a8a29a90ee54ad NOTE: Negligable/questionable security impact CVE-2018-11726 (The mobi_decode_font_resource function in util.c in Libmobi 0.3 allows ...) - NOT-FOR-US: Libmobi + - libmobi <not-affected> (Fixed before initial upload to Debian) + NOTE: https://seclists.org/fulldisclosure/2018/May/48 + NOTE: https://github.com/bfabiszewski/libmobi/commit/6904ebc247f01b5fe27d58c5dbb27e38af8449fb (v0.4) CVE-2018-11725 (The mobi_parse_index_entry function in index.c in Libmobi 0.3 allows r ...) - NOT-FOR-US: Libmobi + - libmobi <not-affected> (Fixed before initial upload to Debian) + NOTE: https://seclists.org/fulldisclosure/2018/May/48 + NOTE: https://github.com/bfabiszewski/libmobi/commit/c625698e297ac877eb4bc0d35cd0e605253c33e5 (v0.4) CVE-2018-11724 (The mobi_pk1_decrypt function in encryption.c in Libmobi 0.3 allows re ...) - NOT-FOR-US: Libmobi + - libmobi <not-affected> (Fixed before initial upload to Debian) + NOTE: https://seclists.org/fulldisclosure/2018/May/48 + NOTE: https://github.com/bfabiszewski/libmobi/commit/b5657d7e2357782147a80a4d63a4b5fb7c05305f (v0.4) CVE-2018-11723 (** DISPUTED ** The libpff_name_to_id_map_entry_read function in libpff ...) - libpff 20180714-1 (low; bug #901967) [stretch] - libpff <no-dsa> (Minor issue) @@ -25409,12 +25576,13 @@ CVE-2018-11700 CVE-2018-11699 RESERVED CVE-2018-11698 (An issue was discovered in LibSass through 3.5.4. An out-of-bounds rea ...) - - libsass <unfixed> + - libsass 3.6.3-1 [buster] - libsass <no-dsa> (Minor issue) [stretch] - libsass <no-dsa> (Minor issue) NOTE: https://github.com/sass/libsass/issues/2662 + NOTE: https://github.com/sass/libsass/commit/8f40dc03e5ab5a8b2ebeb72b31f8d1adbb2fd6ae CVE-2018-11697 (An issue was discovered in LibSass through 3.5.4. An out-of-bounds rea ...) - - libsass <unfixed> + - libsass 3.6.3-1 [buster] - libsass <no-dsa> (Minor issue) [stretch] - libsass <no-dsa> (Minor issue) NOTE: https://github.com/sass/libsass/issues/2656 @@ -25431,7 +25599,7 @@ CVE-2018-11695 (An issue was discovered in LibSass <3.5.3. A NULL pointer der NOTE: https://github.com/sass/libsass/commit/0bc35e3d26922229d5a3e3308860cf0fcee5d1cf (master) NOTE: https://github.com/sass/libsass/commit/e3512120403dc7863a38bf2f122e7523593718ad (3.5.3) CVE-2018-11694 (An issue was discovered in LibSass through 3.5.4. A NULL pointer deref ...) - - libsass <unfixed> (low) + - libsass 3.6.3-1 (low) [buster] - libsass <no-dsa> (Minor issue) [stretch] - libsass <no-dsa> (Minor issue) NOTE: https://github.com/sass/libsass/issues/2663 @@ -25449,7 +25617,7 @@ CVE-2018-11691 (Emerson DeltaV Smart Switch Command Center application, availabl NOT-FOR-US: Emerson devices CVE-2018-11690 (The Balbooa Gridbox extension version 2.4.0 and previous versions for ...) NOT-FOR-US: Balbooa Gridbox extension for Joomla! -CVE-2018-11689 (Smart Viewer in Samsung Web Viewer for Samsung DVR is vulnerable to cr ...) +CVE-2018-11689 (Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer ...) NOT-FOR-US: Smart Viewer in Samsung Web Viewer for Samsung DVR CVE-2018-11688 (Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scri ...) NOT-FOR-US: Ignite Realtime Openfire @@ -25503,27 +25671,27 @@ CVE-2018-11671 (An issue was discovered in GreenCMS v2.3.0603. There is a CSRF v CVE-2018-11670 (An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnera ...) NOT-FOR-US: GreenCMS CVE-2018-11669 - RESERVED + REJECTED CVE-2018-11668 - RESERVED + REJECTED CVE-2018-11667 RESERVED CVE-2018-11666 - RESERVED + REJECTED CVE-2018-11665 - RESERVED + REJECTED CVE-2018-11664 - RESERVED + REJECTED CVE-2018-11663 - RESERVED + REJECTED CVE-2018-11662 - RESERVED + REJECTED CVE-2018-11661 - RESERVED + REJECTED CVE-2018-11660 RESERVED CVE-2018-11659 - RESERVED + REJECTED CVE-2018-11658 RESERVED CVE-2018-11657 (ngiflib.c in MiniUPnP ngiflib 0.4 has an infinite loop in DecodeGifImg ...) @@ -25756,7 +25924,7 @@ CVE-2018-11564 (Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a user CVE-2018-11563 (An issue was discovered in Open Ticket Request System (OTRS) 6.0.x thr ...) {DLA-1877-1} - otrs2 6.0.8-1 - [stretch] - otrs2 <no-dsa> (Non-free not supported) + [stretch] - otrs2 <ignored> (Non-free not supported) NOTE: https://community.otrs.com/security-advisory-2018-02-security-update-for-otrs-framework/ NOTE: https://github.com/OTRS/otrs/commit/50861a2a1183a07daf99cc2e71395e79f022338f CVE-2018-11562 (An issue was discovered in MISP 2.4.91. A vulnerability in app/View/El ...) @@ -25894,7 +26062,7 @@ CVE-2018-11516 (The vlc_demux_chained_Delete function in input/demux_chained.c i - vlc 3.0.2-1 [stretch] - vlc 3.0.2-0+deb9u1 [jessie] - vlc <not-affected> (Only affects 3.x) - NOTE: http://git.videolan.org/?p=vlc.git;a=commit;h=33dcfcf41340c27b6f8183fdb35b129282a79bd8 + NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=33dcfcf41340c27b6f8183fdb35b129282a79bd8 NOTE: http://www.videolan.org/security/sa1801.html CVE-2018-11515 (The wpForo plugin through 2018-02-05 for WordPress has SQL Injection v ...) NOT-FOR-US: wpForo plugin for WordPress @@ -25955,8 +26123,8 @@ CVE-2018-11498 (In Lizard v1.0 and LZ5 v2.0 (the prior release, before the produ CVE-2018-11497 RESERVED CVE-2018-11496 (In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in read ...) + {DLA-2725-1} - lrzip 0.631+git180528-1 - [stretch] - lrzip <no-dsa> (Minor issue) [jessie] - lrzip <no-dsa> (Minor issue) NOTE: https://github.com/ckolivas/lrzip/issues/96 NOTE: https://github.com/ckolivas/lrzip/commit/907b66b8cb4ba7384abf8d82f09204b127d328bd @@ -25983,6 +26151,7 @@ CVE-2018-11490 (The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibl NOTE: Issue was reported against sam2p but issue is in dgif_lib.c from giflib. CVE-2018-11489 (The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly vers ...) - giflib <unfixed> (bug #904113) + [bullseye] - giflib <no-dsa> (Minor issue) [buster] - giflib <no-dsa> (Minor issue) [stretch] - giflib <no-dsa> (Minor issue) [jessie] - giflib <no-dsa> (Minor issue) @@ -26099,27 +26268,33 @@ CVE-2018-11440 (Liblouis 3.5.0 has a stack-based Buffer Overflow in the function NOTE: https://github.com/liblouis/liblouis/issues/575 NOTE: https://github.com/liblouis/liblouis/commit/4417bad83df4481ed58419b28c5c91b9649e2a86 CVE-2018-11439 (The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLi ...) - {DLA-1430-1} + {DLA-2772-1 DLA-1430-1} - taglib 1.11.1+dfsg.1-0.3 (bug #903847) - [stretch] - taglib <no-dsa> (Minor issue) NOTE: PoC: http://seclists.org/fulldisclosure/2018/May/49 NOTE: Upstream issue: https://github.com/taglib/taglib/issues/868 NOTE: Pull request: https://github.com/taglib/taglib/pull/869 NOTE: Upstream fix: https://github.com/taglib/taglib/commit/2c4ae870ec086f2ddd21a47861a3709c36faac45 CVE-2018-11438 (The mobi_decompress_lz77 function in compression.c in Libmobi 0.3 allo ...) - NOT-FOR-US: Libmobi + - libmobi <not-affected> (Fixed before/with initial upload to Debian) + NOTE: https://seclists.org/fulldisclosure/2018/May/48 CVE-2018-11437 (The mobi_reconstruct_parts function in parse_rawml.c in Libmobi 0.3 al ...) - NOT-FOR-US: Libmobi + - libmobi <not-affected> (Fixed before/with initial upload to Debian) + NOTE: https://seclists.org/fulldisclosure/2018/May/48 CVE-2018-11436 (The buffer_addraw function in buffer.c in Libmobi 0.3 allows remote at ...) - NOT-FOR-US: Libmobi + - libmobi <not-affected> (Fixed before/with initial upload to Debian) + NOTE: https://seclists.org/fulldisclosure/2018/May/48 CVE-2018-11435 (The mobi_decompress_huffman_internal function in compression.c in Libm ...) - NOT-FOR-US: Libmobi + - libmobi <not-affected> (Fixed before/with initial upload to Debian) + NOTE: https://seclists.org/fulldisclosure/2018/May/48 CVE-2018-11434 (The buffer_fill64 function in compression.c in Libmobi 0.3 allows remo ...) - NOT-FOR-US: Libmobi + - libmobi <not-affected> (Fixed before/with initial upload to Debian) + NOTE: https://seclists.org/fulldisclosure/2018/May/48 CVE-2018-11433 (The mobi_get_kf8boundary_seqnumber function in util.c in Libmobi 0.3 a ...) - NOT-FOR-US: Libmobi + - libmobi <not-affected> (Fixed before/with initial upload to Debian) + NOTE: https://seclists.org/fulldisclosure/2018/May/48 CVE-2018-11432 (The mobi_parse_mobiheader function in read.c in Libmobi 0.3 allows rem ...) - NOT-FOR-US: Libmobi + - libmobi <not-affected> (Fixed before/with initial upload to Debian) + NOTE: https://seclists.org/fulldisclosure/2018/May/48 CVE-2018-11431 RESERVED CVE-2018-11430 (An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB ...) @@ -26145,9 +26320,15 @@ CVE-2018-11421 (Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and pri CVE-2018-11420 (There is Memory corruption in the web interface of Moxa OnCell G3100-H ...) NOT-FOR-US: Moxa CVE-2018-11419 (An issue was discovered in JerryScript 1.0. There is a heap-based buff ...) - NOT-FOR-US: JerryScript + - iotjs 1.0+715-1 + [buster] - iotjs <no-dsa> (Minor issue) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/2230 + NOTE: https://github.com/jerryscript-project/jerryscript/pull/2352 CVE-2018-11418 (An issue was discovered in JerryScript 1.0. There is a heap-based buff ...) - NOT-FOR-US: JerryScript + - iotjs 1.0+715-1 + [buster] - iotjs <no-dsa> (Minor issue) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/2237 + NOTE: https://github.com/jerryscript-project/jerryscript/pull/2352 CVE-2018-11417 RESERVED CVE-2018-11416 (jpegoptim.c in jpegoptim 1.4.5 (fixed in 1.4.6) has an invalid use of ...) @@ -26489,13 +26670,13 @@ CVE-2018-11307 (An issue was discovered in FasterXML jackson-databind 2.0.0 thro NOTE: https://github.com/FasterXML/jackson-databind/issues/2032 NOTE: https://github.com/FasterXML/jackson-databind/commit/27b4defc270454dea6842bd9279f17387eceb737 CVE-2018-11306 - RESERVED + REJECTED CVE-2018-11305 (When a series of FDAL messages are sent to the modem, a Use After Free ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11304 (Possible buffer overflow in msm_adsp_stream_callback_put due to lack o ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11303 - RESERVED + REJECTED CVE-2018-11302 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11301 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...) @@ -26597,14 +26778,13 @@ CVE-2018-11256 (An issue was discovered in PoDoFo 0.9.5. The function PdfDocumen NOTE: https://sourceforge.net/p/podofo/tickets/21 NOTE: https://sourceforge.net/p/podofo/code/1938 CVE-2018-11255 (An issue was discovered in PoDoFo 0.9.5. The function PdfPage::GetPage ...) - - libpodofo <unfixed> (low; bug #916584) + - libpodofo 0.9.7+dfsg-2 (low; bug #916584) [buster] - libpodofo <no-dsa> (Minor issue) [stretch] - libpodofo <no-dsa> (Minor issue) [jessie] - libpodofo <no-dsa> (Minor issue) [wheezy] - libpodofo <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1575502 NOTE: https://sourceforge.net/p/podofo/tickets/20 - NOTE: https://sourceforge.net/p/podofo/code/1952 (this commit doesn't fix the crash) CVE-2018-11254 (An issue was discovered in PoDoFo 0.9.5. There is an Excessive Recursi ...) - libpodofo 0.9.6+dfsg-4 (low; bug #916585) [stretch] - libpodofo <no-dsa> (Minor issue) @@ -26630,8 +26810,8 @@ CVE-2018-11248 (util/FileDownloadUtils.java in FileDownloader 1.7.3 does not che NOT-FOR-US: FileDownloader CVE-2018-11247 (The JMX/RMI interface in Nasdaq BWise 5.0 does not require authenticat ...) NOT-FOR-US: SAP -CVE-2018-11246 - RESERVED +CVE-2018-11246 (K7TSMngr.exe in K7Computing K7AntiVirus Premium 15.1.0.53 has a Memory ...) + NOT-FOR-US: K7Computing K7AntiVirus Premium CVE-2018-11245 (app/webroot/js/misp.js in MISP 2.4.91 has a DOM based XSS with cortex ...) NOT-FOR-US: MISP CVE-2018-11244 (The BBE theme before 1.53 for WordPress allows a direct launch of an H ...) @@ -26736,7 +26916,7 @@ CVE-2018-11213 (An issue was discovered in libjpeg 9a. The get_text_gray_row fun - libjpeg9 1:9c-1 (low; bug #902176) - libjpeg-turbo 1:1.4.2-1 NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/6709e4a0cfa44d4f54ee8ad05753d4aa9260cb91 (1.4.2) -CVE-2018-11212 (An issue was discovered in libjpeg 9a. The alloc_sarray function in jm ...) +CVE-2018-11212 (An issue was discovered in libjpeg 9a and 9d. The alloc_sarray functio ...) {DLA-1638-1} - libjpeg9 1:9c-1 (low; bug #902176) - libjpeg-turbo 1:1.4.2-1 @@ -27135,15 +27315,22 @@ CVE-2018-11042 CVE-2018-11041 (Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 excep ...) NOT-FOR-US: Cloud Foundry CVE-2018-11040 (Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3 ...) + {DLA-2635-1} - libspring-java 4.3.19-1 - [stretch] - libspring-java <no-dsa> (Minor issue) - [jessie] - libspring-java <no-dsa> (unable to find relevant commits) + [jessie] - libspring-java <not-affected> (Vulnerable code introduced later) NOTE: https://pivotal.io/security/cve-2018-11040 + NOTE: https://github.com/spring-projects/spring-framework/issues/21338 + NOTE: https://github.com/spring-projects/spring-framework/commit/874859493bbda59739c38c7e52eb3625f247b93a (v4.3.18) + NOTE: Introduced by https://github.com/spring-projects/spring-framework/commit/5dc27ee134d28c7b25d0f6d3e9059f80c95d4402 (v4.1) CVE-2018-11039 (Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior ...) + {DLA-2635-1} - libspring-java 4.3.19-1 - [stretch] - libspring-java <no-dsa> (Minor issue) [jessie] - libspring-java <no-dsa> (Minor issue) NOTE: https://pivotal.io/security/cve-2018-11039 + NOTE: https://jira.spring.io/si/jira.issueviews:issue-html/SPR-16836/SPR-16836.html + NOTE: https://github.com/spring-projects/spring-framework/commit/f64fa3dea10af125d612d3a997aece93d21bc875 (v5.1) + NOTE: https://github.com/spring-projects/spring-framework/commit/a5cd01a4c857aaaba7ccc51545fc73dd25b5cba5 (v5.1) + NOTE: https://github.com/spring-projects/spring-framework/commit/323ccf99e575343f63d56e229c25c35c170b7ec1 (v4.3.18) CVE-2018-11038 RESERVED CVE-2018-11037 (In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimag ...) @@ -27205,18 +27392,18 @@ CVE-2018-11012 (ruibaby Halo 0.0.2 has stored XSS via the loginName and loginPwd NOT-FOR-US: ruibaby Halo CVE-2018-11011 (ruibaby Halo 0.0.2 has stored XSS via the commentAuthor field to Front ...) NOT-FOR-US: ruibaby Halo -CVE-2018-11010 - RESERVED -CVE-2018-11009 - RESERVED -CVE-2018-11008 - RESERVED -CVE-2018-11007 - RESERVED -CVE-2018-11006 - RESERVED -CVE-2018-11005 - RESERVED +CVE-2018-11010 (A Buffer Overflow issue was discovered in K7Computing K7AntiVirus Prem ...) + NOT-FOR-US: K7Computing K7AntiVirus Premium +CVE-2018-11009 (A Buffer Overflow issue was discovered in K7Computing K7AntiVirus Prem ...) + NOT-FOR-US: K7Computing K7AntiVirus Premium +CVE-2018-11008 (An Incorrect Access Control issue was discovered in K7Computing K7Anti ...) + NOT-FOR-US: K7Computing K7AntiVirus Premium +CVE-2018-11007 (A Memory Leak issue was discovered in K7Computing K7AntiVirus Premium ...) + NOT-FOR-US: K7Computing K7AntiVirus Premium +CVE-2018-11006 (An Incorrect Access Control issue was discovered in K7Computing K7Anti ...) + NOT-FOR-US: K7Computing K7AntiVirus Premium +CVE-2018-11005 (A Memory Leak issue was discovered in K7Computing K7AntiVirus Premium ...) + NOT-FOR-US: K7Computing K7AntiVirus Premium CVE-2018-11004 (An issue was discovered in SDcms v1.5. Cross-site request forgery (CSR ...) NOT-FOR-US: SDcms CVE-2018-11003 (An issue was discovered in YXcms 1.4.7. Cross-site request forgery (CS ...) @@ -27430,37 +27617,32 @@ CVE-2018-10931 (It was found that cobbler 2.6.x exposed all functions from its C - cobbler <removed> NOTE: https://www.openwall.com/lists/oss-security/2018/08/09/9 CVE-2018-10930 (A flaw was found in RPC request using gfs3_rename_req in glusterfs ser ...) - {DLA-1510-1} + {DLA-2806-1 DLA-1510-1} - glusterfs 4.1.4-1 (bug #909215) - [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612664 NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651 CVE-2018-10929 (A flaw was found in RPC request using gfs2_create_req in glusterfs ser ...) - {DLA-1510-1} + {DLA-2806-1 DLA-1510-1} - glusterfs 4.1.4-1 (bug #909215) - [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612660 NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651 CVE-2018-10928 (A flaw was found in RPC request using gfs3_symlink_req in glusterfs se ...) - {DLA-1510-1} + {DLA-2806-1 DLA-1510-1} - glusterfs 4.1.4-1 (bug #909215) - [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612659 NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651 CVE-2018-10927 (A flaw was found in RPC request using gfs3_lookup_req in glusterfs ser ...) - {DLA-1510-1} + {DLA-2806-1 DLA-1510-1} - glusterfs 4.1.4-1 (bug #909215) - [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612658 NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651 CVE-2018-10926 (A flaw was found in RPC request using gfs3_mknod_req supported by glus ...) - {DLA-1510-1} + {DLA-2806-1 DLA-1510-1} - glusterfs 4.1.4-1 (bug #909215) - [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1613143 NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651 @@ -27469,7 +27651,6 @@ CVE-2018-10925 (It was discovered that PostgreSQL versions before 10.5, 9.6.10, - postgresql-10 10.5-1 - postgresql-9.6 <removed> - postgresql-9.5 <removed> - - postgresql-9.5 <not-affected> (Only affects PostgreSQL 9.5 onwards) - postgresql-9.4 <not-affected> (Only affects PostgreSQL 9.5 onwards) - postgresql-9.1 <not-affected> (Only affects PostgreSQL 9.5 onwards) NOTE: Fixed in 9.5.14, 9.6.10, 10.5 @@ -27482,9 +27663,8 @@ CVE-2018-10924 (It was discovered that fsync(2) system call in glusterfs client NOTE: Introduced by: http://git.gluster.org/cgit/glusterfs.git/commit/?id=51dfc9c789b8405f595a337eade938aedcb449c4 NOTE: https://review.gluster.org/20723 CVE-2018-10923 (It was found that the "mknod" call derived from mknod(2) can create fi ...) - {DLA-1510-1} + {DLA-2806-1 DLA-1510-1} - glusterfs 4.1.4-1 (bug #909215) - [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1610659 NOTE: https://github.com/gluster/glusterfs/commit/4bafcc97e812acc854dfc436ade35df0308d5a3e CVE-2018-10922 (An input validation flaw exists in ttembed. With a crafted input file, ...) @@ -27523,23 +27703,20 @@ CVE-2018-10915 (A vulnerability was found in libpq, the default PostgreSQL clien NOTE: Fixed in 9.3.24, 9.4.19, 9.5.14, 9.6.10, 10.5 NOTE: https://www.postgresql.org/about/news/1878/ CVE-2018-10914 (It was found that an attacker could issue a xattr request via glusterf ...) - {DLA-1510-1} + {DLA-2806-1 DLA-1510-1} - glusterfs 4.1.4-1 (bug #909215) - [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1607617 NOTE: https://github.com/gluster/glusterfs/commit/13298d2b3893edb5d147ea3bcb9902ee5be4b3ad CVE-2018-10913 (An information disclosure vulnerability was discovered in glusterfs se ...) - {DLA-1510-1} + {DLA-2806-1 DLA-1510-1} - glusterfs 4.1.4-1 (bug #909215) - [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1607618 NOTE: https://github.com/gluster/glusterfs/commit/13298d2b3893edb5d147ea3bcb9902ee5be4b3ad CVE-2018-10912 (keycloak before version 4.0.0.final is vulnerable to a infinite loop i ...) NOT-FOR-US: Keycloak CVE-2018-10911 (A flaw was found in the way dic_unserialize function of glusterfs does ...) - {DLA-1510-1} + {DLA-2806-1 DLA-1510-1} - glusterfs 4.1.4-1 (bug #909215) - [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1601657 NOTE: https://github.com/gluster/glusterfs/commit/cc3271ebf3aacdbbc77fdd527375af78ab12ea8d CVE-2018-10910 (A bug in Bluez may allow for the Bluetooth Discoverable state being se ...) @@ -27553,13 +27730,12 @@ CVE-2018-10910 (A bug in Bluez may allow for the Bluetooth Discoverable state be NOTE: gnome-bluetooth: https://gitlab.gnome.org/GNOME/gnome-bluetooth/commit/6b5086d42ea64d46277f3c93b43984f331d12f89 NOTE: workaround in gnome-bluetooth landed in 3.28.2, BlueZ fixed in 5.51 CVE-2018-10909 - RESERVED + REJECTED CVE-2018-10908 (It was found that vdsm before version 4.20.37 invokes qemu-img on untr ...) - vdsm <itp> (bug #668538) CVE-2018-10907 (It was found that glusterfs server is vulnerable to multiple stack bas ...) - {DLA-1510-1} + {DLA-2806-1 DLA-1510-1} - glusterfs 4.1.4-1 (bug #909215) - [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1601642 NOTE: https://github.com/gluster/glusterfs/commit/35f86ce46240c4f9c216bbc29164ce441cfca1e7 CVE-2018-10906 (In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vuln ...) @@ -27571,9 +27747,8 @@ CVE-2018-10906 (In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount i CVE-2018-10905 (CloudForms Management Engine (cfme) is vulnerable to an improper secur ...) NOT-FOR-US: Red Hat CloudForms Management Engine CVE-2018-10904 (It was found that glusterfs server does not properly sanitize file pat ...) - {DLA-1510-1} + {DLA-2806-1 DLA-1510-1} - glusterfs 4.1.4-1 (bug #909215) - [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1601298 NOTE: https://github.com/gluster/glusterfs/commit/9716ce88b3a1faf135a6badc02d94249898059dd CVE-2018-10903 (A flaw was found in python-cryptography versions between >=1.9.0 an ...) @@ -27617,12 +27792,14 @@ CVE-2018-10895 (qutebrowser before version 1.4.1 is vulnerable to a cross-site r CVE-2018-10894 (It was found that SAML authentication in Keycloak 3.4.3.Final incorrec ...) NOT-FOR-US: Keycloak CVE-2018-10893 (Multiple integer overflow and buffer overflow issues were discovered i ...) - - spice-gtk <unfixed> (bug #904161) + - spice-gtk 0.37-1 (bug #904161) [buster] - spice-gtk <no-dsa> (Minor issue) [stretch] - spice-gtk <no-dsa> (Minor issue) [jessie] - spice-gtk <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1598234 NOTE: Ongoing patch review: https://lists.freedesktop.org/archives/spice-devel/2018-July/044489.html + NOTE: https://gitlab.freedesktop.org/spice/spice-common/-/commit/3050b4e1f6f39c1a9f8a286791d06705fce1ecb7 + NOTE: https://gitlab.freedesktop.org/spice/spice-common/-/commit/5173ff871a7df11e230124b4d1724653ebaa7134 CVE-2018-10892 (The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby f ...) [experimental] - docker.io 18.06.0+dfsg1-1 - docker.io 18.06.1+dfsg1-1 (bug #908057) @@ -27663,8 +27840,10 @@ CVE-2018-10886 NOTE: https://github.com/apache/ant/commit/f72406d53cfb3b3425cc9d000eea421a0e05d8fe NOTE: https://github.com/apache/ant/commit/857095da5153fd18504b46f276d84f1e76a66970 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1584407 - NOTE: The CVE will be rejected, as it was assigned by Red Hat's CNA but is out of - NOTE: scope of the assigning CNA. + NOTE: The CVE was rejected, as it was assigned by Red Hat's CNA but is out of + NOTE: scope of the assigning CNA. The rejection was not due to technical invalid + NOTE: issue but because it was assigned by a CNA which did not cover the scope + NOTE: for ant. Would fall under Apache CNA instead. CVE-2018-10885 (In atomic-openshift before version 3.10.9 a malicious network-policy c ...) NOT-FOR-US: atomic-openshift CVE-2018-10884 (Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-s ...) @@ -27726,7 +27905,7 @@ CVE-2018-10873 (A vulnerability was discovered in SPICE before version 0.14.1 wh {DSA-4319-1 DLA-1489-1 DLA-1486-1} - spice 0.14.0-1.1 (bug #906315) - spice-gtk 0.35-1 (bug #906316) - [stretch] - spice-gtk <no-dsa> (Minor issue) + [stretch] - spice-gtk 0.33-3.3+deb9u1 NOTE: https://gitlab.freedesktop.org/spice/spice-common/commit/bb15d4815ab586b4c4a20f4a565970a44824c42c CVE-2018-10872 (A flaw was found in the way the Linux kernel handled exceptions delive ...) - linux <not-affected> (Red Hat specific CVE-2018-8897 regression in RHEL 6.10) @@ -27741,22 +27920,17 @@ CVE-2018-10870 (redhat-certification does not properly sanitize paths in rhcertS NOT-FOR-US: Red Hat Certification CVE-2018-10869 (redhat-certification does not properly restrict files that can be down ...) NOT-FOR-US: Red Hat Certification -CVE-2018-10868 - RESERVED +CVE-2018-10868 (It has been discovered that redhat-certification does not properly lim ...) NOT-FOR-US: Red Hat Certification -CVE-2018-10867 - RESERVED +CVE-2018-10867 (It has been discovered that redhat-certification does not restrict fil ...) NOT-FOR-US: Red Hat Certification -CVE-2018-10866 - RESERVED +CVE-2018-10866 (It has been discovered that redhat-certification does not perform an a ...) NOT-FOR-US: Red Hat Certification -CVE-2018-10865 - RESERVED +CVE-2018-10865 (It has been discovered that redhat-certification does not perform an a ...) NOT-FOR-US: Red Hat Certification CVE-2018-10864 (An uncontrolled resource consumption flaw has been discovered in redha ...) NOT-FOR-US: Red Hat Certification -CVE-2018-10863 - RESERVED +CVE-2018-10863 (It has been discovered that redhat-certification is not properly confi ...) NOT-FOR-US: Red Hat Certification CVE-2018-10862 (WildFly Core before version 6.0.0.Alpha3 does not properly validate fi ...) - wildfly <itp> (bug #752018) @@ -27877,8 +28051,8 @@ CVE-2018-10843 (source-to-image component of Openshift Container Platform before CVE-2018-10842 REJECTED CVE-2018-10841 (glusterfs is vulnerable to privilege escalation on gluster server node ...) + {DLA-2806-1} - glusterfs 4.1.2-1 (bug #901968) - [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release) [jessie] - glusterfs <not-affected> (vulnerable code not present) NOTE: https://review.gluster.org/#/c/20328/ NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=e8d928e34680079e42be6947ffacc4ddd7defca2 @@ -28026,8 +28200,8 @@ CVE-2018-10792 RESERVED CVE-2018-10791 RESERVED -CVE-2018-10790 - RESERVED +CVE-2018-10790 (The AP4_CttsAtom class in Core/Ap4CttsAtom.cpp in Bento4 1.5.1.0 allow ...) + NOT-FOR-US: Bento4 CVE-2018-10789 RESERVED CVE-2018-10788 @@ -28063,22 +28237,24 @@ CVE-2018-10779 (TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-bas NOTE: bmp2tiff was removed in 4.0.6-3 and DSA 3762, marking as fixed although NOTE: technically still present in the source package CVE-2018-10778 (Read access violation in the III_dequantize_sample function in mpglibD ...) - - mp3gain <removed> + - mp3gain 1.6.2-1 [wheezy] - mp3gain <end-of-life> (Not supported in Wheezy) CVE-2018-10777 (Buffer overflow in the WriteMP3GainAPETag function in apetag.c in mp3g ...) - - mp3gain <removed> + - mp3gain 1.6.2-2 (bug #973932) [wheezy] - mp3gain <end-of-life> (Not supported in Wheezy) + NOTE: Fixed according to https://sourceforge.net/p/mp3gain/bugs/43/ but still causes crash with ASAN + NOTE: According to the CVE this is caught by FORTIFY_SOURCE, so no real vulnerability. CVE-2018-10776 (The getbits function in mpglibDBL/common.c in mp3gain through 1.5.2-r2 ...) - - mp3gain <removed> + - mp3gain 1.6.2-1 [wheezy] - mp3gain <end-of-life> (Not supported in Wheezy) CVE-2018-10775 (NULL pointer dereference in the _fields_add function in fields.c in li ...) - - bibutils <unfixed> (unimportant; bug #898135) + - bibutils 6.10-2 (unimportant; bug #898135) NOTE: Crash in CLI tool, no security impact CVE-2018-10774 (Read access violation in the isiin_keyword function in isiin.c in libb ...) - - bibutils <unfixed> (unimportant; bug #898135) + - bibutils 6.10-2 (unimportant; bug #898135) NOTE: Crash in CLI tool, no security impact CVE-2018-10773 (NULL pointer deference in the addsn function in serialno.c in libbibco ...) - - bibutils <unfixed> (unimportant; bug #898135) + - bibutils 6.10-2 (unimportant; bug #898135) NOTE: Crash in CLI tool, no security impact CVE-2018-10772 (The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allow ...) [experimental] - exiv2 <unfixed> @@ -28291,8 +28467,8 @@ CVE-2018-10687 CVE-2018-10686 (An issue was discovered in Vesta Control Panel 0.9.8-20. There is Refl ...) NOT-FOR-US: Vesta Control Panel CVE-2018-10685 (In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the ...) + {DLA-2725-1} - lrzip 0.631+git180517-1 (low; bug #897645) - [stretch] - lrzip <no-dsa> (Minor issue) [jessie] - lrzip <no-dsa> (Minor issue) [wheezy] - lrzip <ignored> (Minor issue) NOTE: https://github.com/ckolivas/lrzip/issues/95 @@ -28500,8 +28676,8 @@ CVE-2018-10587 (NetGain Enterprise Manager (EM) is affected by OS Command Inject NOT-FOR-US: NetGain Enterprise Manager CVE-2018-10586 (NetGain Enterprise Manager (EM) is affected by multiple Stored Cross-S ...) NOT-FOR-US: NetGain Enterprise Manager -CVE-2018-10585 - RESERVED +CVE-2018-10585 (Pexip Infinity before 18 allows remote Denial of Service (XML parsing) ...) + NOT-FOR-US: Pexip Infinity CVE-2018-10584 RESERVED CVE-2018-10583 (An information disclosure vulnerability occurs when LibreOffice 6.0.3 ...) @@ -28693,14 +28869,14 @@ CVE-2018-10530 RESERVED CVE-2018-10529 (An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds re ...) - libraw 0.18.11-1 (low; bug #897186) - [stretch] - libraw <no-dsa> (Minor issue) + [stretch] - libraw <not-affected> (Vulnerable code not present) [jessie] - libraw <no-dsa> (Minor issue) [wheezy] - libraw <no-dsa> (Minor issue) NOTE: https://github.com/LibRaw/LibRaw/commit/f0c505a3e5d47989a5f69be2d0d4f250af6b1a6c NOTE: https://github.com/LibRaw/LibRaw/issues/144 CVE-2018-10528 (An issue was discovered in LibRaw 0.18.9. There is a stack-based buffe ...) - libraw 0.18.11-1 (low; bug #897185) - [stretch] - libraw <no-dsa> (Minor issue) + [stretch] - libraw <not-affected> (Vulnerable code not present) [jessie] - libraw <no-dsa> (Minor issue) [wheezy] - libraw <no-dsa> (Minor issue) NOTE: https://github.com/LibRaw/LibRaw/commit/895529fc2f2eb8bc633edd6b04b5b237eb4db564 @@ -28901,8 +29077,8 @@ CVE-2018-10472 (An issue was discovered in Xen through 4.10.x allowing x86 HVM g - xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6 [wheezy] - xen <not-affected> (No QMP support in wheezy) NOTE: https://xenbits.xen.org/xsa/advisory-258.html -CVE-2018-10432 - RESERVED +CVE-2018-10432 (Pexip Infinity before 18 allows Remote Denial of Service (TLS handshak ...) + NOT-FOR-US: Pexip Infinity CVE-2018-10431 (D-Link DIR-615 2.5.17 devices allow Remote Code Execution via shell me ...) NOT-FOR-US: D-Link CVE-2018-10430 (An issue was discovered in DiliCMS (aka DiligentCMS) 2.4.0. There is a ...) @@ -28980,17 +29156,15 @@ CVE-2018-10395 CVE-2018-10394 RESERVED CVE-2018-10393 (bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-b ...) - {DLA-2013-1} + {DLA-2828-1 DLA-2013-1} - libvorbis 1.3.6-2 (bug #876780) - [stretch] - libvorbis <no-dsa> (Minor issue) [wheezy] - libvorbis <ignored> (Minor issue) NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2334 NOTE: Fixed by: https://gitlab.xiph.org/xiph/vorbis/commit/018ca26dece618457dd13585cad52941193c4a25 NOTE: Same patch as for CVE-2017-14160 CVE-2018-10392 (mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not va ...) - {DLA-2013-1} + {DLA-2828-1 DLA-2013-1} - libvorbis 1.3.6-2 (bug #876780) - [stretch] - libvorbis <no-dsa> (Minor issue) [wheezy] - libvorbis <ignored> (Minor issue) NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2335 NOTE: Fixed by: https://gitlab.xiph.org/xiph/vorbis/commit/112d3bd0aaacad51305e1464d4b381dabad0e88b @@ -29109,45 +29283,45 @@ CVE-2018-10351 (A vulnerability in Trend Micro Email Encryption Gateway 5.5 coul CVE-2018-10350 (A SQL injection remote code execution vulnerability in Trend Micro Sma ...) NOT-FOR-US: Trend Micro CVE-2018-10349 - RESERVED + REJECTED CVE-2018-10348 - RESERVED + REJECTED CVE-2018-10347 - RESERVED + REJECTED CVE-2018-10346 - RESERVED + REJECTED CVE-2018-10345 - RESERVED + REJECTED CVE-2018-10344 - RESERVED + REJECTED CVE-2018-10343 - RESERVED + REJECTED CVE-2018-10342 - RESERVED + REJECTED CVE-2018-10341 - RESERVED + REJECTED CVE-2018-10340 - RESERVED + REJECTED CVE-2018-10339 - RESERVED + REJECTED CVE-2018-10338 - RESERVED + REJECTED CVE-2018-10337 - RESERVED + REJECTED CVE-2018-10336 - RESERVED + REJECTED CVE-2018-10335 - RESERVED + REJECTED CVE-2018-10334 - RESERVED + REJECTED CVE-2018-10333 - RESERVED + REJECTED CVE-2018-10332 - RESERVED + REJECTED CVE-2018-10331 - RESERVED + REJECTED CVE-2018-10330 - RESERVED + REJECTED CVE-2018-10361 (An issue was discovered in KTextEditor 5.34.0 through 5.45.0. Insecure ...) - ktexteditor 5.47.0-1 (bug #896836) [stretch] - ktexteditor <not-affected> (Introduced in 5.34.0) @@ -29250,6 +29424,7 @@ CVE-2018-10291 CVE-2018-10290 RESERVED CVE-2018-10289 (In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space functi ...) + {DLA-2765-1} - mupdf 1.13.0+ds1-3 (unimportant; bug #896545) [jessie] - mupdf <not-affected> (Vulnerable code introduced later) [wheezy] - mupdf <not-affected> (Vulnerable code introduced later) @@ -29400,8 +29575,8 @@ CVE-2018-10230 (Zend Debugger in Zend Server before 9.1.3 has XSS, aka ZSR-2455. NOT-FOR-US: Zend Server CVE-2018-10229 (A hardware vulnerability in GPU memory modules allows attackers to acc ...) NOT-FOR-US: GPU memory hardware issue -CVE-2018-10228 - RESERVED +CVE-2018-10228 (Cross-site scripting (XSS) vulnerability in /application/controller/ad ...) + - limesurvey <itp> (bug #472802) CVE-2018-10227 (MiniCMS v1.10 has XSS via the mc-admin/conf.php site_link parameter. ...) NOT-FOR-US: MiniCMS CVE-2018-10226 @@ -29467,16 +29642,15 @@ CVE-2018-10198 (An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker CVE-2018-10197 (There is a time-based blind SQL injection vulnerability in the Access ...) NOT-FOR-US: ELO CVE-2018-10196 (NULL pointer dereference vulnerability in the rebuild_vlists function ...) + {DLA-2659-1} - graphviz 2.40.1-6 (low; bug #898841) - [stretch] - graphviz <no-dsa> (Minor issue) [jessie] - graphviz <no-dsa> (Minor issue) [wheezy] - graphviz <no-dsa> (Minor issue) NOTE: https://gitlab.com/graphviz/graphviz/issues/1367 NOTE: https://issuetracker.google.com/issues/77810342 -CVE-2018-10195 [rzsz: sz can leak data to receiving side] - RESERVED +CVE-2018-10195 (lrzsz before version 0.12.21~rc can leak information to the receiving ...) + {DLA-2900-1} - lrzsz 0.12.21-10 (low; bug #897010) - [stretch] - lrzsz <no-dsa> (Minor issue) [jessie] - lrzsz <no-dsa> (Minor issue) [wheezy] - lrzsz <no-dsa> (Minor issue) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1090051 @@ -29742,6 +29916,7 @@ CVE-2018-10113 (An issue was discovered in GEGL through 0.3.32. The process func NOTE: https://gitlab.gnome.org/GNOME/gegl/commit/c83b05d565a1e3392c9606a4ecaa560eb9a4ee29 CVE-2018-10112 (An issue was discovered in GEGL through 0.3.32. The gegl_tile_backend_ ...) - gegl <unfixed> (low) + [bullseye] - gegl <ignored> (Minor issue, architectual limitation) [buster] - gegl <ignored> (Minor issue, architectual limitation) [stretch] - gegl <ignored> (Minor issue, architectual limitation) [jessie] - gegl <no-dsa> (Minor issue) @@ -29751,6 +29926,7 @@ CVE-2018-10112 (An issue was discovered in GEGL through 0.3.32. The gegl_tile_ba NOTE: https://github.com/xiaoqx/pocs/tree/master/gegl#4-gegl-outbound-write-2 CVE-2018-10111 (An issue was discovered in GEGL through 0.3.32. The render_rectangle f ...) - gegl <unfixed> (low) + [bullseye] - gegl <ignored> (Minor issue, architectual limitation) [buster] - gegl <ignored> (Minor issue, architectual limitation) [stretch] - gegl <ignored> (Minor issue, architectual limitation) [jessie] - gegl <no-dsa> (Minor issue) @@ -30059,25 +30235,23 @@ CVE-2018-10002 CVE-2018-10001 (The decode_init function in libavcodec/utvideodec.c in FFmpeg through ...) {DSA-4249-1} - ffmpeg 7:3.4.3-1 (low) - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=47b7c68ae54560e2308bdb6be4fb076c73b93081 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=47b7c68ae54560e2308bdb6be4fb076c73b93081 - libav <removed> [jessie] - libav <not-affected> (Vulnerable code not present) NOTE: Fixed in 3.2.11 CVE-2018-10000 (The Video Downloader professional extension before 2018-04-05 for Chro ...) NOT-FOR-US: The Video Downloader professional extension for Chrome CVE-2018-9989 (ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffe ...) - {DLA-1518-1} + {DLA-2826-1 DLA-1518-1} - mbedtls 2.8.0-1 - [stretch] - mbedtls <no-dsa> (Minor issue) - polarssl <removed> [wheezy] - polarssl <no-dsa> (Minor issue) NOTE: https://github.com/ARMmbed/mbedtls/commit/5224a7544c95552553e2e6be0b4a789956a6464e NOTE: https://github.com/ARMmbed/mbedtls/commit/740b218386083dc708ce98ccc94a63a95cd5629e NOTE: https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-released CVE-2018-9988 (ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffe ...) - {DLA-1518-1} + {DLA-2826-1 DLA-1518-1} - mbedtls 2.8.0-1 - [stretch] - mbedtls <no-dsa> (Minor issue) - polarssl <removed> [wheezy] - polarssl <no-dsa> (Minor issue) NOTE: https://github.com/ARMmbed/mbedtls/commit/027f84c69f4ef30c0693832a6c396ef19e563ca1 @@ -30349,8 +30523,8 @@ CVE-2018-9860 (An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0 CVE-2018-9859 (The path of Whale update service was unquoted in NAVER Whale before 1. ...) NOT-FOR-US: Whale CVE-2018-1000168 (nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Imp ...) + {DLA-2786-1} - nghttp2 1.31.1-1 (low; bug #895566) - [stretch] - nghttp2 <no-dsa> (Minor issue) [jessie] - nghttp2 <not-affected> (Issue introduced in 1.10.0) NOTE: Affected versions: nghttp2 >= 1.10.0 and nghttp2 <= v1.31.0 NOTE: Fixed by: https://github.com/nghttp2/nghttp2/commit/b1bd6035e884b3d83748914a3b5f2a8e52a78a2f @@ -30401,7 +30575,7 @@ CVE-2018-9841 (The export function in libavfilter/vf_signature.c in FFmpeg throu - ffmpeg 7:3.4.3-1 (low) [stretch] - ffmpeg <not-affected> (Vulnerable code not present) - libav <not-affected> (Vulnerable code not present) - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=35eeff30caf34df835206f1c12bcf4b7c2bd6758 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=35eeff30caf34df835206f1c12bcf4b7c2bd6758 CVE-2018-9840 (The Open Whisper Signal app before 2.23.2 for iOS allows physically pr ...) NOT-FOR-US: Open Whisper Signal app for iOS CVE-2018-9839 (An issue was discovered in MantisBT through 1.3.14, and 2.0.0. Using a ...) @@ -31549,10 +31723,10 @@ CVE-2018-9335 (The PAN-OS session browser in PAN-OS 6.1.20 and earlier, PAN-OS 7 NOT-FOR-US: PAN-OS CVE-2018-9334 (The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, ...) NOT-FOR-US: PAN-OS -CVE-2018-9333 - RESERVED -CVE-2018-9332 - RESERVED +CVE-2018-9333 (K7Computing Pvt Ltd K7AntiVirus Premium 15.1.0.53 is affected by: Buff ...) + NOT-FOR-US: K7Computing K7AntiVirus Premium +CVE-2018-9332 (K7Computing Pvt Ltd K7AntiVirus Premium 15.01.00.53 is affected by: In ...) + NOT-FOR-US: K7Computing K7AntiVirus Premium CVE-2018-9331 (An issue was discovered in zzcms 8.2. user/adv.php allows remote attac ...) NOT-FOR-US: zzcms CVE-2018-9330 (register.jsp in Coremail XT3.0 allows stored XSS, as demonstrated by t ...) @@ -32543,8 +32717,8 @@ CVE-2018-8958 CVE-2018-8957 (CoverCMS v1.1.6 has XSS via the fourth input box to index.php, related ...) NOT-FOR-US: CoverCMS CVE-2018-8956 (ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote att ...) - - ntp <unfixed> (low) - [buster] - ntp <no-dsa> (Minor issue) + - ntp 1:4.2.8p14+dfsg-1 (low) + [buster] - ntp <ignored> (Minor issue) [stretch] - ntp <no-dsa> (Minor issue) [jessie] - ntp <postponed> (Minor issue, requires being part of same broadcast network, no patch) - ntpsec <not-affected> (Broadcast mode not present, see #961748) @@ -32853,9 +33027,7 @@ CVE-2018-8833 (Heap-based buffer overflow vulnerabilities in Advantech WebAccess CVE-2018-8832 (enhavo 0.4.0 has XSS via a user-group that contains executable JavaScr ...) NOT-FOR-US: enhavo CVE-2018-8831 (A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through ...) - - kodi <unfixed> (low) - [buster] - kodi <ignored> (Minor issue) - [stretch] - kodi <ignored> (Minor issue) + - kodi <not-affected> (Chorus not included in Kodi as shipped in Debian) - xbmc <removed> [jessie] - xbmc <no-dsa> (Minor issue) [wheezy] - xbmc <no-dsa> (Minor issue) @@ -33180,8 +33352,8 @@ CVE-2018-8743 CVE-2018-8742 RESERVED CVE-2018-8768 (In Jupyter Notebook before 5.4.1, a maliciously forged notebook file c ...) + {DLA-2432-1} - jupyter-notebook 5.4.1-1 (bug #893436) - [stretch] - jupyter-notebook <no-dsa> (Minor issue) - ipython 5.1.0-2 [jessie] - ipython <no-dsa> (Minor issue) [wheezy] - ipython <ignored> (Too invasive to fix) @@ -33238,12 +33410,12 @@ CVE-2018-8728 (server/app/views/static/code.html in Kontena before 1.5.0 allows NOT-FOR-US: Kontena CVE-2018-8727 (Path Traversal in Gateway in Mirasys DVMS Workstation 5.12.6 and earli ...) NOT-FOR-US: Path Traversal in Gateway in Mirasys DVMS Workstation -CVE-2018-8726 - RESERVED -CVE-2018-8725 - RESERVED -CVE-2018-8724 - RESERVED +CVE-2018-8726 (K7Computing Pvt Ltd K7Antivirus Premium 15.1.0.53 is affected by: Buff ...) + NOT-FOR-US: K7Computing K7AntiVirus Premium +CVE-2018-8725 (K7Computing Pvt Ltd K7AntiVirus Premium 15.01.00.53 is affected by: Bu ...) + NOT-FOR-US: K7Computing K7AntiVirus Premium +CVE-2018-8724 (K7Computing Pvt Ltd K7AntiVirus Premium 15.1.0.53 is affected by: Inco ...) + NOT-FOR-US: K7Computing K7AntiVirus Premium CVE-2018-8723 RESERVED CVE-2018-8722 (Zoho ManageEngine Desktop Central version 9.1.0 build 91099 has multip ...) @@ -34648,8 +34820,8 @@ CVE-2018-8064 RESERVED CVE-2018-8063 RESERVED -CVE-2018-8062 - RESERVED +CVE-2018-8062 (A cross-site scripting (XSS) vulnerability on Comtrend AR-5387un devic ...) + NOT-FOR-US: Comtrend CVE-2018-8061 (HWiNFO AMD64 Kernel driver version 8.98 and lower allows an unprivileg ...) NOT-FOR-US: HWiNFO AMD64 Kernel driver CVE-2018-8060 (HWiNFO AMD64 Kernel driver version 8.98 and lower allows an unprivileg ...) @@ -34690,8 +34862,8 @@ CVE-2018-8046 (The getTip() method of Action Columns of Sencha Ext JS 4 to 6 bef NOT-FOR-US: Sencha CVE-2018-8045 (In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable ...) NOT-FOR-US: Joomla! -CVE-2018-8044 - RESERVED +CVE-2018-8044 (K7Computing Pvt Ltd K7Antivirus Premium 15.1.0.53 is affected by: Inco ...) + NOT-FOR-US: K7Computing K7AntiVirus Premium CVE-2018-8043 (The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in ...) - linux 4.16.5-1 (unimportant) [jessie] - linux <not-affected> (Vulnerable code not present) @@ -34722,9 +34894,9 @@ CVE-2018-8037 (If an async request was completed by the application at the same NOTE: https://svn.apache.org/r1833907 (8.5.x) CVE-2018-8036 (In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully c ...) - libpdfbox-java 1:1.8.15-1 (low; bug #902776) - - libpdfbox2-java 2.0.11-1 (low) [stretch] - libpdfbox-java <no-dsa> (Minor issue) [jessie] - libpdfbox-java <no-dsa> (Minor issue) + - libpdfbox2-java 2.0.11-1 (low) NOTE: https://www.openwall.com/lists/oss-security/2018/06/29/2 CVE-2018-8035 (This vulnerability relates to the user's browser processing of DUCC we ...) NOT-FOR-US: UIMA DUCC (subproject of Apache UIMA) @@ -34744,8 +34916,8 @@ CVE-2018-8034 (The host name verification when using TLS with the WebSocket clie CVE-2018-8033 (In Apache OFBiz 16.11.01 to 16.11.04, the OFBiz HTTP engine (org.apach ...) NOT-FOR-US: Apache OFBiz CVE-2018-8032 (Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site ...) + {DLA-2821-1} - axis 1.4-28 (bug #905328) - [stretch] - axis <no-dsa> (Minor issue) [jessie] - axis <no-dsa> (Minor issue) NOTE: https://issues.apache.org/jira/browse/AXIS-2924 NOTE: https://svn.apache.org/r1831943 @@ -34874,6 +35046,7 @@ CVE-2018-8003 (Apache Ambari, versions 1.4.0 to 2.6.1, is susceptible to a direc NOT-FOR-US: Apache Ambari CVE-2018-8002 (In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfPar ...) - libpodofo <unfixed> (low; bug #892557) + [bullseye] - libpodofo <no-dsa> (Minor issue) [buster] - libpodofo <no-dsa> (Minor issue) [stretch] - libpodofo <no-dsa> (Minor issue) [jessie] - libpodofo <no-dsa> (Minor issue) @@ -35464,9 +35637,8 @@ CVE-2018-7751 (The svg_probe function in libavformat/img2dec.c in FFmpeg through - libav <not-affected> (Vulnerable code not present) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/a6cba062051f345e8ebfdff34aba071ed73d923f CVE-2018-7750 (transport.py in the SSH server implementation of Paramiko before 1.17. ...) - {DLA-1556-1} + {DLA-2860-1 DLA-1556-1} - paramiko 2.4.2-0.1 (bug #892859) - [stretch] - paramiko <no-dsa> (Minor issue) [wheezy] - paramiko <no-dsa> (Minor issue) NOTE: https://github.com/paramiko/paramiko/issues/1175 NOTE: https://github.com/paramiko/paramiko/commit/fa29bd8446c8eab237f5187d28787727b4610516 @@ -35837,37 +36009,32 @@ CVE-2018-7642 (The swap_std_reloc_in function in aoutx.h in the Binary File Desc NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22887 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=116acb2c268c89c89186673a7c92620d21825b25 CVE-2018-7641 (An issue was discovered in CImg v.220. A heap-based buffer over-read i ...) - {DLA-1934-1} + {DLA-2421-1 DLA-1934-1} - cimg 2.3.6+dfsg-1 (low; bug #892780) - [stretch] - cimg <no-dsa> (Minor issue) [wheezy] - cimg <no-dsa> (Minor issue) NOTE: https://github.com/dtschump/CImg/issues/185 NOTE: https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb CVE-2018-7640 (An issue was discovered in CImg v.220. A heap-based buffer over-read i ...) - {DLA-1934-1} + {DLA-2421-1 DLA-1934-1} - cimg 2.3.6+dfsg-1 (low; bug #892780) - [stretch] - cimg <no-dsa> (Minor issue) [wheezy] - cimg <no-dsa> (Minor issue) NOTE: https://github.com/dtschump/CImg/issues/185 NOTE: https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb CVE-2018-7639 (An issue was discovered in CImg v.220. A heap-based buffer over-read i ...) - {DLA-1934-1} + {DLA-2421-1 DLA-1934-1} - cimg 2.3.6+dfsg-1 (low; bug #892780) - [stretch] - cimg <no-dsa> (Minor issue) [wheezy] - cimg <no-dsa> (Minor issue) NOTE: https://github.com/dtschump/CImg/issues/185 NOTE: https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb CVE-2018-7638 (An issue was discovered in CImg v.220. A heap-based buffer over-read i ...) - {DLA-1934-1} + {DLA-2421-1 DLA-1934-1} - cimg 2.3.6+dfsg-1 (low; bug #892780) - [stretch] - cimg <no-dsa> (Minor issue) [wheezy] - cimg <no-dsa> (Minor issue) NOTE: https://github.com/dtschump/CImg/issues/185 NOTE: https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb CVE-2018-7637 (An issue was discovered in CImg v.220. A heap-based buffer over-read i ...) - {DLA-1934-1} + {DLA-2421-1 DLA-1934-1} - cimg 2.3.6+dfsg-1 (low; bug #892780) - [stretch] - cimg <no-dsa> (Minor issue) [wheezy] - cimg <no-dsa> (Minor issue) NOTE: https://github.com/dtschump/CImg/issues/185 NOTE: https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb @@ -35968,21 +36135,20 @@ CVE-2018-7591 CVE-2018-7590 (CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in acco ...) NOT-FOR-US: Hoosk CVE-2018-7589 (An issue was discovered in CImg v.220. A double free in load_bmp in CI ...) - {DLA-1934-1} + {DLA-2421-1 DLA-1934-1} - cimg 2.3.6+dfsg-1 (low; bug #892780) - [stretch] - cimg <no-dsa> (Minor issue) [wheezy] - cimg <no-dsa> (Minor issue) NOTE: https://github.com/dtschump/CImg/issues/184 NOTE: https://github.com/dtschump/CImg/commit/8447076ef22322a14a0ce130837e44c5ba8095f4 CVE-2018-7588 (An issue was discovered in CImg v.220. A heap-based buffer over-read i ...) - {DLA-1934-1} + {DLA-2421-1 DLA-1934-1} - cimg 2.3.6+dfsg-1 (low; bug #892780) - [stretch] - cimg <no-dsa> (Minor issue) [wheezy] - cimg <no-dsa> (Minor issue) NOTE: https://github.com/dtschump/CImg/issues/183 NOTE: https://github.com/dtschump/CImg/commit/8447076ef22322a14a0ce130837e44c5ba8095f4 CVE-2018-7587 (An issue was discovered in CImg v.220. DoS occurs when loading a craft ...) - cimg <unfixed> (low; bug #892780; bug #940951) + [bullseye] - cimg <no-dsa> (Minor issue) [buster] - cimg <no-dsa> (Minor issue) [stretch] - cimg <no-dsa> (Minor issue) [jessie] - cimg <no-dsa> (Minor issue) @@ -36006,16 +36172,15 @@ CVE-2018-7582 (WebLog Expert Web Server Enterprise 9.4 allows Remote Denial Of S NOT-FOR-US: WebLog Expert Web Server Enterprise CVE-2018-7581 (\ProgramData\WebLog Expert\WebServer\WebServer.cfg in WebLog Expert We ...) NOT-FOR-US: WebLog Expert Web Server Enterprise -CVE-2018-7580 - RESERVED +CVE-2018-7580 (Philips Hue is vulnerable to a Denial of Service attack. Sending a SYN ...) + NOT-FOR-US: Philips Hue CVE-2018-7579 (\application\admin\controller\update_urls.class.php in YzmCMS 3.6 has ...) NOT-FOR-US: YzmCMS CVE-2018-7578 RESERVED CVE-2018-7577 (Memcpy parameter overlap in Google Snappy library 1.1.4, as used in Go ...) - - snappy <undetermined> + - tensorflow <itp> (bug #804612) NOTE: https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-005.md - NOTE: There are no useful details, could just as well be a misuse of snappy by Tensorflow CVE-2018-7576 (Google TensorFlow 1.6.x and earlier is affected by: Null Pointer Deref ...) - tensorflow <itp> (bug #804612) CVE-2018-7575 (Google TensorFlow 1.7.x and earlier is affected by a Buffer Overflow v ...) @@ -36103,7 +36268,7 @@ CVE-2018-7559 (An issue was discovered in OPC UA .NET Standard Stack and Sample NOT-FOR-US: OPC UA .NET CVE-2018-7558 RESERVED -CVE-2018-7557 (The decode_init function in libavcodec/utvideodec.c in FFmpeg through ...) +CVE-2018-7557 (The decode_init function in libavcodec/utvideodec.c in FFmpeg 2.8 thro ...) {DSA-4249-1 DLA-1630-1} - ffmpeg 7:3.4.3-1 - libav <removed> @@ -36339,13 +36504,14 @@ CVE-2018-1000098 (Teluu PJSIP version 2.7.1 and earlier contains a Integer Overf NOTE: http://downloads.asterisk.org/pub/security/AST-2018-002.html NOTE: https://trac.pjsip.org/repos/ticket/2093 NOTE: In jessie Asterisk doesn't use pjproject for SIP (only for ICE, STUN and TURN) -CVE-2018-1000101 (Mingw-w64 version 5.0.3 and earlier contains an Improper Null Terminat ...) - - mingw-w64 <unfixed> (low; bug #897196) +CVE-2018-1000101 (Mingw-w64 version 5.0.3 and earlier, 5.0.4, 6.0.0 and 7.0.0 contains a ...) + - mingw-w64 8.0.0-1 (low; bug #897196) [buster] - mingw-w64 <ignored> (Minor issue) [stretch] - mingw-w64 <ignored> (Minor issue) [jessie] - mingw-w64 <ignored> (Minor issue) [wheezy] - mingw-w64 <ignored> (Minor issue) NOTE: https://sourceforge.net/p/mingw-w64/bugs/709/ + NOTE: https://sourceforge.net/p/mingw-w64/mingw-w64/ci/dc3b2e2bfa9b5a4fcee6f0123047ecc5a6a35d1f (v8.0.0) CVE-2018-7481 RESERVED CVE-2018-7480 (The blkcg_init_queue function in block/blk-cgroup.c in the Linux kerne ...) @@ -36858,11 +37024,11 @@ CVE-2018-7306 CVE-2018-7305 (MyBB 1.8.14 is not checking for a valid CSRF token, leading to arbitra ...) NOT-FOR-US: MyBB CVE-2018-7304 (Tiki 17.1 does not validate user input for special characters; consequ ...) - NOT-FOR-US: Tiki + - tikiwiki <removed> CVE-2018-7303 (The Calendar component in Tiki 17.1 allows HTML injection. ...) - NOT-FOR-US: Tiki + - tikiwiki <removed> CVE-2018-7302 (Tiki 17.1 allows upload of a .PNG file that actually has SVG content, ...) - NOT-FOR-US: Tiki + - tikiwiki <removed> CVE-2018-7301 (eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port witho ...) NOT-FOR-US: eQ-3 AG HomeMatic CCU2 2.29.22 devices CVE-2018-7300 (Directory Traversal / Arbitrary File Write / Remote Code Execution in ...) @@ -36886,7 +37052,7 @@ CVE-2018-7292 CVE-2018-7291 RESERVED CVE-2018-7290 (Cross Site Scripting (XSS) exists in Tiki before 12.13, 15.6, 17.2, an ...) - NOT-FOR-US: Tiki + - tikiwiki <removed> CVE-2018-7289 (An issue was discovered in armadito-windows-driver/src/communication.c ...) NOT-FOR-US: Armadito CVE-2018-7288 @@ -36936,9 +37102,11 @@ CVE-2018-1000089 (Anymail django-anymail version version 0.2 through 1.3 contain NOTE: https://github.com/anymail/django-anymail/commit/1a6086f2b58478d71f89bf27eb034ed81aefe5ef CVE-2018-1000088 (Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting ...) - ruby-doorkeeper 4.3.1-1 (bug #891069) - [stretch] - ruby-doorkeeper <no-dsa> (Minor issue) + [stretch] - ruby-doorkeeper <ignored> (Minor issue, no reverse dependencies, requires changes in calling code) NOTE: https://github.com/doorkeeper-gem/doorkeeper/issues/969 - NOTE: https://github.com/doorkeeper-gem/doorkeeper/pull/970 + NOTE: https://github.com/doorkeeper-gem/doorkeeper/commit/7b1a8373ecd69768c896000c7971dbf48948c1b5 (v4.2.6) + NOTE: https://blog.justinbull.ca/cve-2018-1000088-stored-xss-in-doorkeeper/ + NOTE: Most reverse dependencies need to manual update their templates CVE-2018-1000087 (WolfCMS version version 0.8.3.1 contains a Reflected Cross Site Script ...) NOT-FOR-US: WolfCMS CVE-2018-1000086 (NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a ...) @@ -36966,7 +37134,7 @@ CVE-2018-1000079 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 - ruby2.1 <removed> - ruby1.9.1 <removed> [wheezy] - ruby1.9.1 <no-dsa> (Minor issue, too intrusive to backport) - - rubygems <removed> + - rubygems 3.2.0~rc.1-1 [wheezy] - rubygems <not-affected> (Vulnerable code not present) - jruby 9.1.17.0-1 (bug #895778) [jessie] - jruby <not-affected> (Vulnerable code not present) @@ -36980,7 +37148,7 @@ CVE-2018-1000078 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 - ruby2.3 <removed> - ruby2.1 <removed> - ruby1.9.1 <removed> - - rubygems <removed> + - rubygems 3.2.0~rc.1-1 - jruby 9.1.17.0-1 (bug #895778) NOTE: https://github.com/rubygems/rubygems/commit/66a28b9275551384fdab45f3591a82d6b59952cb NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/ @@ -36990,7 +37158,7 @@ CVE-2018-1000077 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 - ruby2.3 <removed> - ruby2.1 <removed> - ruby1.9.1 <removed> - - rubygems <removed> + - rubygems 3.2.0~rc.1-1 - jruby 9.1.17.0-1 (bug #895778) NOTE: https://github.com/rubygems/rubygems/commit/feadefc2d351dcb95d6492f5ad17ebca546eb964 NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/ @@ -37000,7 +37168,7 @@ CVE-2018-1000076 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 - ruby2.3 <removed> - ruby2.1 <removed> - ruby1.9.1 <removed> - - rubygems <removed> + - rubygems 3.2.0~rc.1-1 - jruby 9.1.17.0-1 (bug #895778) NOTE: https://github.com/rubygems/rubygems/commit/f5042b879259b1f1ce95a0c5082622c646376693 NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/ @@ -37010,7 +37178,7 @@ CVE-2018-1000075 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 - ruby2.3 <removed> - ruby2.1 <removed> - ruby1.9.1 <removed> - - rubygems <removed> + - rubygems 3.2.0~rc.1-1 - jruby 9.1.17.0-1 (bug #895778) NOTE: https://github.com/rubygems/rubygems/commit/92e98bf8f810bd812f919120d4832df51bc25d83 NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/ @@ -37021,7 +37189,7 @@ CVE-2018-1000074 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 - ruby2.1 <removed> - ruby1.9.1 <removed> [wheezy] - ruby1.9.1 <no-dsa> (Minor issue, too intrusive to backport) - - rubygems <removed> + - rubygems 3.2.0~rc.1-1 [wheezy] - rubygems <no-dsa> (Minor issue) - jruby 9.1.17.0-1 (bug #895778) NOTE: https://github.com/rubygems/rubygems/commit/254e3d0ee873c008c0b74e8b8abcbdab4caa0a6d @@ -37033,7 +37201,7 @@ CVE-2018-1000073 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 - ruby2.1 <removed> - ruby1.9.1 <removed> [wheezy] - ruby1.9.1 <not-affected> (Vulnerable code not present) - - rubygems <removed> + - rubygems 3.2.0~rc.1-1 [wheezy] - rubygems <not-affected> (Vulnerable code not present) - jruby 9.1.17.0-2.1 (bug #895778; bug #925986) [jessie] - jruby <not-affected> (Vulnerable code not present) @@ -37298,7 +37466,7 @@ CVE-2018-7190 CVE-2018-7189 RESERVED CVE-2018-7188 (An XSS vulnerability (via an SVG image) in Tiki before 18 allows an au ...) - NOT-FOR-US: Tiki + - tikiwiki <removed> CVE-2018-7187 (The "go get" implementation in Go 1.9.4, when the -insecure command-li ...) {DSA-4380-1 DSA-4379-1 DLA-1294-1} - golang-1.10 1.10.1-1 @@ -38908,6 +39076,7 @@ CVE-2018-1000037 (In MuPDF 1.12.0 and earlier, multiple reachable assertions in NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=8a3257b01faa899dd9b5e35c6bb3403cd709c371;hp=de39f005f12a1afc6973c1f5cec362d6545f70cb NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=b2e7d38e845c7d4922d05e6e41f3a2dc1bc1b14a;hp=f51836b9732c38d945b87fda0770009a77ba680c CVE-2018-1000036 (In MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser a ...) + {DLA-2765-1} - mupdf 1.14.0+ds1-1 (unimportant; bug #900129) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5502 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699695 @@ -38960,13 +39129,14 @@ CVE-2018-6574 (Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases - golang-1.9 1.9.4-1 - golang-1.8 <removed> - golang-1.7 <removed> - [stretch] - golang-1.7 <ignored> (Minor issue) + [stretch] - golang-1.7 <ignored> (Minor issue, may break packages compilation, ignored for 1.7 by package maintainers) - golang <removed> [jessie] - golang <ignored> (Minor issue) [wheezy] - golang <ignored> (Minor issue) NOTE: https://github.com/golang/go/issues/23672 - NOTE: https://go.googlesource.com/go/+/44821583bc16ff2508664fab94360bb856e9e9d6 - NOTE: https://go.googlesource.com/go/+/867fb18b6d5bc73266b68c9a695558a04e060a8a + NOTE: https://go.googlesource.com/go/+/44821583bc16ff2508664fab94360bb856e9e9d6 (1.8.x) + NOTE: https://go.googlesource.com/go/+/867fb18b6d5bc73266b68c9a695558a04e060a8a (1.9.x) + NOTE: https://github.com/golang/go/issues/23749 (regressions) CVE-2018-6573 RESERVED CVE-2018-6572 @@ -39336,12 +39506,12 @@ CVE-2018-6451 RESERVED CVE-2018-6450 RESERVED -CVE-2018-6449 - RESERVED -CVE-2018-6448 - RESERVED -CVE-2018-6447 - RESERVED +CVE-2018-6449 (Host Header Injection vulnerability in the http management interface i ...) + NOT-FOR-US: Brocade Fabric OS +CVE-2018-6448 (A vulnerability in the management interface in Brocade Fabric OS Versi ...) + NOT-FOR-US: Brocade Fabric OS +CVE-2018-6447 (A Reflective XSS Vulnerability in HTTP Management Interface in Brocade ...) + NOT-FOR-US: Brocade Fabric OS CVE-2018-6446 (A vulnerability in Brocade Network Advisor Version Before 14.3.1 could ...) NOT-FOR-US: Brocade CVE-2018-6445 (A Vulnerability in Brocade Network Advisor versions before 14.0.3 coul ...) @@ -39500,7 +39670,7 @@ CVE-2018-6382 (** DISPUTED ** MantisBT 2.10.0 allows local users to conduct SQL - mantis <removed> [wheezy] - mantis <end-of-life> (Not supported in Wheezy) NOTE: https://mantisbt.org/bugs/view.php?id=23908 -CVE-2018-6381 (In ZZIPlib 0.13.67, there is a segmentation fault caused by invalid me ...) +CVE-2018-6381 (In ZZIPlib 0.13.67, 0.13.66, 0.13.65, 0.13.64, 0.13.63, 0.13.62, 0.13. ...) {DLA-2258-1} - zziplib 0.13.62-3.2 (bug #889096) [stretch] - zziplib 0.13.62-3.2~deb9u1 @@ -39675,7 +39845,7 @@ CVE-2018-6332 (A potential denial-of-service issue in the Proxygen handling of i CVE-2018-6331 (Buck parser-cache command loads/saves state using Java serialized obje ...) NOT-FOR-US: Buck parser-cache CVE-2018-6330 (Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php ...) - NOT-FOR-US: Laravel Framework + - php-laravel-framework <undetermined> CVE-2018-6329 (It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpex ...) NOT-FOR-US: Unitrends Backup CVE-2018-6328 (It was discovered that the Unitrends Backup (UB) before 10.1.0 user in ...) @@ -39838,8 +40008,8 @@ CVE-2018-6260 (NVIDIA graphics driver contains a vulnerability that may allow ac - nvidia-graphics-drivers-legacy-390xx 390.116-1 [buster] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx <unfixed> - [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported) - [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported) + [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia for 340) + [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia for 340) - nvidia-graphics-drivers-legacy-304xx <unfixed> [stretch] - nvidia-graphics-drivers-legacy-304xx <ignored> (Non-free not supported) [jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported) @@ -39864,7 +40034,7 @@ CVE-2018-6253 (NVIDIA GPU Display Driver contains a vulnerability in the DirectX [wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx <unfixed> [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia for 340) - [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported) + [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia for 340) - nvidia-graphics-drivers-legacy-304xx <unfixed> [stretch] - nvidia-graphics-drivers-legacy-304xx <ignored> (Non-free not supported) [jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported) @@ -39882,7 +40052,7 @@ CVE-2018-6249 (NVIDIA GPU Display Driver contains a vulnerability in kernel mode [wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not supported) - nvidia-graphics-drivers-legacy-340xx <unfixed> [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia for 340) - [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported) + [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia for 340) - nvidia-graphics-drivers-legacy-304xx <unfixed> [stretch] - nvidia-graphics-drivers-legacy-304xx <ignored> (Non-free not supported) [jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported) @@ -40000,7 +40170,9 @@ CVE-2018-6192 (In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pd NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698916 NOTE: Fixed by: http://www.ghostscript.com/cgi-bin/findgit.cgi?5e411a99604ff6be5db9e273ee84737204113299 CVE-2018-6191 (The js_strtod function in jsdtoa.c in Artifex MuJS through 1.0.2 has a ...) - NOT-FOR-US: MuJS + - mujs <not-affected> (Fixed before initial upload to Debian) + NOTE: http://git.ghostscript.com/?p=mujs.git;a=commit;h=25821e6d74fab5fcc200fe5e818362e03e114428 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698920 CVE-2018-6190 (Netis WF2419 V3.2.41381 devices allow XSS via the Description field on ...) NOT-FOR-US: Netis WF2419 V3.2.41381 devices CVE-2018-6198 (w3m through 0.5.3 does not properly handle temporary files when the ~/ ...) @@ -40293,8 +40465,7 @@ CVE-2018-6126 (A precision error in Skia in Google Chrome prior to 67.0.3396.62 - firefox-esr 52.8.1esr-1 - skia <itp> (bug #818180) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-14/ -CVE-2018-6125 - RESERVED +CVE-2018-6125 (Insufficient policy enforcement in USB in Google Chrome on Windows pri ...) {DSA-4237-1} - chromium-browser 67.0.3396.62-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) @@ -40309,8 +40480,7 @@ CVE-2018-6123 (A use after free in Blink in Google Chrome prior to 67.0.3396.62 - chromium-browser 67.0.3396.62-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) -CVE-2018-6122 - RESERVED +CVE-2018-6122 (Type confusion in WebAssembly in Google Chrome prior to 66.0.3359.139 ...) {DSA-4237-1} - chromium-browser 66.0.3359.181-1 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) @@ -40625,11 +40795,9 @@ CVE-2018-6060 (Use after free in WebAudio in Google Chrome prior to 65.0.3325.14 [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) CVE-2018-6059 - RESERVED - - chromium-browser <not-affected> (Chromium doesn't bundle Flash) + REJECTED CVE-2018-6058 - RESERVED - - chromium-browser <not-affected> (Chromium doesn't bundle Flash) + REJECTED CVE-2018-6057 (Lack of special casing of Android ashmem in Google Chrome prior to 65. ...) {DSA-4182-1} - chromium-browser 65.0.3325.146-1 @@ -40698,10 +40866,7 @@ CVE-2018-6045 (Insufficient policy enforcement in DevTools in Google Chrome prio [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) CVE-2018-6044 - RESERVED - {DSA-4256-1} - - chromium-browser 68.0.3440.75-1 - [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020) + REJECTED CVE-2018-6043 (Insufficient data validation in External Protocol Handler in Google Ch ...) {DSA-4103-1} - chromium-browser 64.0.3282.119-1 @@ -41239,21 +41404,18 @@ CVE-2018-5821 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android CVE-2018-5820 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-5819 (An error within the "parse_sinar_ia()" function (internal/dcraw_common ...) - {DLA-1734-1} + {DLA-2903-1 DLA-1734-1} - libraw 0.19.1-1 - [stretch] - libraw <no-dsa> (Minor issue) NOTE: https://www.flexera.com/company/secunia-research/advisories/SR-2018-27.html NOTE: https://github.com/LibRaw/LibRaw/commit/9eb76dc153f5acf42ec7325a33fe7ccdcadaf8d6 CVE-2018-5818 (An error within the "parse_rollei()" function (internal/dcraw_common.c ...) - {DLA-1734-1} + {DLA-2903-1 DLA-1734-1} - libraw 0.19.1-1 - [stretch] - libraw <no-dsa> (Minor issue) NOTE: https://www.flexera.com/company/secunia-research/advisories/SR-2018-27.html NOTE: https://github.com/LibRaw/LibRaw/commit/9eb76dc153f5acf42ec7325a33fe7ccdcadaf8d6 CVE-2018-5817 (A type confusion error within the "unpacked_load_raw()" function withi ...) - {DLA-1734-1} + {DLA-2903-1 DLA-1734-1} - libraw 0.19.1-1 - [stretch] - libraw <no-dsa> (Minor issue) NOTE: https://www.flexera.com/company/secunia-research/advisories/SR-2018-27.html NOTE: https://github.com/LibRaw/LibRaw/commit/9eb76dc153f5acf42ec7325a33fe7ccdcadaf8d6 CVE-2018-5816 (An integer overflow error within the "identify()" function (internal/d ...) @@ -41263,8 +41425,8 @@ CVE-2018-5816 (An integer overflow error within the "identify()" function (inter NOTE: http://seclists.org/bugtraq/2018/Jul/58 NOTE: Issue caused by an incomplete fix for CVE-2018-5804 CVE-2018-5815 (An integer overflow error within the "parse_qt()" function (internal/d ...) + {DLA-2903-1} - libraw 0.18.13-1 (low) - [stretch] - libraw <no-dsa> (Minor issue) [jessie] - libraw <no-dsa> (Minor issue) NOTE: http://seclists.org/bugtraq/2018/Jul/58 CVE-2018-5814 (In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4. ...) @@ -41274,55 +41436,54 @@ CVE-2018-5814 (In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and NOTE: https://git.kernel.org/linus/22076557b07c12086eeb16b8ce2b0b735f7a27e7 NOTE: https://git.kernel.org/linus/c171654caa875919be3c533d3518da8be5be966e CVE-2018-5813 (An error within the "parse_minolta()" function (dcraw/dcraw.c) in LibR ...) + {DLA-2903-1} - libraw 0.18.11-1 (low) - [stretch] - libraw <no-dsa> (Minor issue) [jessie] - libraw <no-dsa> (Minor issue) NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-13/ CVE-2018-5812 (An error within the "nikon_coolscan_load_raw()" function (internal/dcr ...) + {DLA-2903-1} - libraw 0.18.11-1 - [stretch] - libraw <no-dsa> (Minor issue) [jessie] - libraw <not-affected> (Vulnerable code not present) NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/ CVE-2018-5811 (An error within the "nikon_coolscan_load_raw()" function (internal/dcr ...) + {DLA-2903-1} - libraw 0.18.11-1 - [stretch] - libraw <no-dsa> (Minor issue) [jessie] - libraw <not-affected> (Vulnerable code not present) NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/ CVE-2018-5810 (An error within the "rollei_load_raw()" function (internal/dcraw_commo ...) + {DLA-2903-1} - libraw 0.18.11-1 - [stretch] - libraw <no-dsa> (Minor issue) [jessie] - libraw <no-dsa> (Minor issue) NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/ CVE-2018-5809 (An error within the "LibRaw::parse_exif()" function (internal/dcraw_co ...) - libraw 0.18.11-1 - [stretch] - libraw <no-dsa> (Minor issue) + [stretch] - libraw <not-affected> (Vulnerable code not present) [jessie] - libraw <not-affected> (Vulnerable code not present) NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-9/ NOTE: https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9 CVE-2018-5808 (An error within the "find_green()" function (internal/dcraw_common.cpp ...) - {DLA-1734-1} + {DLA-2903-1 DLA-1734-1} - libraw 0.18.11-1 - [stretch] - libraw <no-dsa> (Minor issue) NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-9/ NOTE: https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9 CVE-2018-5807 (An error within the "samsung_load_raw()" function (internal/dcraw_comm ...) + {DLA-2903-1} - libraw 0.18.11-1 - [stretch] - libraw <no-dsa> (Minor issue) [jessie] - libraw <no-dsa> (Minor issue) NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/ CVE-2018-5806 (An error within the "leaf_hdr_load_raw()" function (internal/dcraw_com ...) + {DLA-2903-1} - libraw 0.18.8-1 (low) - [stretch] - libraw <no-dsa> (Minor issue) [jessie] - libraw <no-dsa> (Minor issue) NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-03 CVE-2018-5805 (A boundary error within the "quicktake_100_load_raw()" function (inter ...) + {DLA-2903-1} - libraw 0.18.8-1 (low) - [stretch] - libraw <no-dsa> (Minor issue) [jessie] - libraw <no-dsa> (Minor issue) NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-03 CVE-2018-5804 (A type confusion error within the "identify()" function (internal/dcra ...) + {DLA-2903-1} - libraw 0.18.8-1 (low) - [stretch] - libraw <no-dsa> (Minor issue) [jessie] - libraw <no-dsa> (Minor issue) NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-03 CVE-2018-5803 (In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4 ...) @@ -41330,23 +41491,20 @@ CVE-2018-5803 (In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.1 - linux 4.15.11-1 NOTE: Fixed by: https://git.kernel.org/linus/07f2c7ab6f8d0a7e7c5764c4e6cc9c52951b9d9c CVE-2018-5802 (An error within the "kodak_radc_load_raw()" function (internal/dcraw_c ...) - {DLA-1734-1} + {DLA-2903-1 DLA-1734-1} - libraw 0.18.7-1 - [stretch] - libraw <no-dsa> (Minor issue) [wheezy] - libraw <ignored> (Minor issue) NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt NOTE: https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4 CVE-2018-5801 (An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) i ...) - {DLA-1734-1} + {DLA-2903-1 DLA-1734-1} - libraw 0.18.7-1 - [stretch] - libraw <no-dsa> (Minor issue) [wheezy] - libraw <ignored> (Minor issue) NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt NOTE: https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4 CVE-2018-5800 (An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" functi ...) - {DLA-1734-1} + {DLA-2903-1 DLA-1734-1} - libraw 0.18.7-1 - [stretch] - libraw <no-dsa> (Minor issue) [wheezy] - libraw <ignored> (Minor issue) NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt NOTE: https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4 @@ -41382,8 +41540,8 @@ CVE-2018-5788 (An issue was discovered in Extreme Networks ExtremeWireless WiNG CVE-2018-5787 (An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x b ...) NOT-FOR-US: Extreme Networks ExtremeWireless WiNG CVE-2018-5786 (In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and app ...) + {DLA-2725-1} - lrzip 0.631+git180517-1 (bug #888506) - [stretch] - lrzip <no-dsa> (Minor issue) [jessie] - lrzip <no-dsa> (Minor issue) [wheezy] - lrzip <no-dsa> (Minor issue) NOTE: https://github.com/ckolivas/lrzip/issues/91 @@ -41460,9 +41618,8 @@ CVE-2018-5766 (In Libav through 12.2, there is an invalid memcpy in the av_packe CVE-2018-5765 RESERVED CVE-2018-5764 (The parse_arguments function in options.c in rsyncd in rsync before 3. ...) - {DLA-1725-1 DLA-1247-1} + {DLA-2833-1 DLA-1725-1 DLA-1247-1} - rsync 3.1.2-2.2 (bug #887588) - [stretch] - rsync <no-dsa> (Minor issue) NOTE: https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=7706303828fcde524222babb2833864a4bd09e07 CVE-2018-5763 (An issue was discovered in OXID eShop Enterprise Edition before 5.3.7 ...) NOT-FOR-US: OXID eShop Enterprise Edition @@ -41473,7 +41630,9 @@ CVE-2018-5761 (A man-in-the-middle vulnerability related to vCenter access was f CVE-2018-5760 RESERVED CVE-2018-5759 (jsparse.c in Artifex MuJS through 1.0.2 does not properly maintain the ...) - NOT-FOR-US: MuJS + - mujs <not-affected> (Fixed before initial upload to Debian) + NOTE: http://git.ghostscript.com/?p=mujs.git;a=commit;h=4d45a96e57fbabf00a7378b337d0ddcace6f38c1 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698868 CVE-2018-5758 (The Upload File functionality in upload.jspa in Aurea Jive Jive-n 9.0. ...) NOT-FOR-US: Aurea Jive Jive-n CVE-2018-5757 (An issue was discovered on AudioCodes 450HD IP Phone devices with firm ...) @@ -41504,8 +41663,8 @@ CVE-2018-5748 (qemu/qemu_monitor.c in libvirt allows attackers to cause a denial NOTE: https://www.redhat.com/archives/libvir-list/2017-December/msg00749.html NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=bc251ea91bcfddd2622fce6bce701a438b2e7276 CVE-2018-5747 (In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the ...) + {DLA-2725-1} - lrzip 0.631+git180517-1 (bug #898451) - [stretch] - lrzip <no-dsa> (Minor issue) [jessie] - lrzip <no-dsa> (Minor issue) [wheezy] - lrzip <no-dsa> (Minor issue) NOTE: https://github.com/ckolivas/lrzip/issues/90 @@ -41550,9 +41709,8 @@ CVE-2018-5741 (To provide fine-grained controls over the ability to use Dynamic NOTE: No code fix provided; Incorrect documentation of krb5-subdomain and ms-subdomain update policies. NOTE: Will be adressed in 9.11.5, 9.12.3 CVE-2018-5740 ("deny-answer-aliases" is a little-used feature intended to help recurs ...) - {DLA-1485-1} + {DLA-2807-1 DLA-1485-1} - bind9 1:9.11.4.P1+dfsg-1 (bug #905743) - [stretch] - bind9 <postponed> (Can be fixed along in the next DSA) NOTE: https://kb.isc.org/article/AA-01639/74/CVE-2018-5740 NOTE: https://gitlab.isc.org/isc-projects/bind9/merge_requests/607/commits CVE-2018-5739 (An extension to hooks capabilities which debuted in Kea 1.4.0 introduc ...) @@ -41589,15 +41747,15 @@ CVE-2018-5733 (A malicious client which is allowed to send very large amounts of - isc-dhcp 4.3.5-3.1 (bug #891785) NOTE: https://kb.isc.org/article/AA-01567/75/CVE-2018-5733 NOTE: https://bugs.isc.org/Public/Bug/Display.html?id=47140 - NOTE: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=197b26f25309f947b97a83b8fdfc414b767798f8 (4.4.1) - NOTE: Fixes for 4.3.6p1: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=99a25aedea02d9c259cb8fabf4be700fb32571a3 + NOTE: https://gitlab.isc.org/isc-projects/dhcp/-/commit/197b26f25309f947b97a83b8fdfc414b767798f8 (4.4.1) + NOTE: Fixes for 4.3.6p1: https://gitlab.isc.org/isc-projects/dhcp/-/commit/99a25aedea02d9c259cb8fabf4be700fb32571a3 CVE-2018-5732 (Failure to properly bounds-check a buffer used for processing DHCP opt ...) {DSA-4133-1 DLA-1313-1} - isc-dhcp 4.3.5-3.1 (bug #891786) NOTE: https://kb.isc.org/article/AA-01565/75/CVE-2018-5732 NOTE: https://bugs.isc.org/Public/Bug/Display.html?id=47139 - NOTE: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=c5931725b48b121d232df4ba9e45bc41e0ba114d (4.4.1) - NOTE: Fixes for 4.3.6p1: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=99a25aedea02d9c259cb8fabf4be700fb32571a3 + NOTE: https://gitlab.isc.org/isc-projects/dhcp/-/commit/c5931725b48b121d232df4ba9e45bc41e0ba114d (4.4.1) + NOTE: Fixes for 4.3.6p1: https://gitlab.isc.org/isc-projects/dhcp/-/commit/99a25aedea02d9c259cb8fabf4be700fb32571a3 CVE-2018-1000005 (libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in ...) - curl 7.58.0-1 [stretch] - curl 7.52.1-5+deb9u4 @@ -41610,15 +41768,13 @@ CVE-2018-1000005 (libcurl 7.49.0 to and including 7.57.0 contains an out bounds CVE-2018-5731 (An issue was discovered in Heimdal PRO 2.2.190. As part of the scannin ...) NOT-FOR-US: Heimdal PRO CVE-2018-5730 (MIT krb5 1.6 or later allows an authenticated kadmin with permission t ...) - {DLA-1643-1} + {DLA-2771-1 DLA-1643-1} - krb5 1.16.1-1 (bug #891869) - [stretch] - krb5 <no-dsa> (Minor issue) [wheezy] - krb5 <no-dsa> (Minor issue) NOTE: Fixed by: https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1 CVE-2018-5729 (MIT krb5 1.6 or later allows an authenticated kadmin with permission t ...) - {DLA-1643-1} + {DLA-2771-1 DLA-1643-1} - krb5 1.16.1-1 (bug #891869) - [stretch] - krb5 <no-dsa> (Minor issue) [wheezy] - krb5 <no-dsa> (Minor issue) NOTE: Fixed by: https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1 CVE-2018-5728 (Cobham Sea Tel 121 build 222701 devices allow remote attackers to obta ...) @@ -41848,8 +42004,8 @@ CVE-2018-5652 (An issue was discovered in the dark-mode plugin 1.6 for WordPress CVE-2018-5651 (An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS ...) NOT-FOR-US: dark-mode plugin for WordPress CVE-2018-5650 (In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and app ...) + {DLA-2725-1} - lrzip 0.631+git180517-1 (bug #887065) - [stretch] - lrzip <no-dsa> (Minor issue) [jessie] - lrzip <no-dsa> (Minor issue) [wheezy] - lrzip <no-dsa> (Minor issue) NOTE: https://github.com/ckolivas/lrzip/issues/88 @@ -42434,7 +42590,7 @@ CVE-2018-5383 (Bluetooth firmware or operating system software drivers in macOS - firmware-nonfree 20190114-1 [stretch] - firmware-nonfree 20161130-5 NOTE: http://www.cs.technion.ac.il/~biham/BT/ -CVE-2018-5382 (Bouncy Castle BKS version 1 keystore (BKS-V1) files use an HMAC that i ...) +CVE-2018-5382 (The default BKS keystore use an HMAC that is only 16 bits long, which ...) - bouncycastle 1.48+dfsg-2 [wheezy] - bouncycastle <ignored> (this only affects the integrity verification and not the content of the BKS keystore) NOTE: https://insights.sei.cmu.edu/cert/2018/03/the-curious-case-of-the-bouncy-castle-bks-passwords.html @@ -42531,10 +42687,10 @@ CVE-2018-5356 RESERVED CVE-2018-5355 RESERVED -CVE-2018-5354 - RESERVED -CVE-2018-5353 - RESERVED +CVE-2018-5354 (The custom GINA/CP module in ANIXIS Password Reset Client before versi ...) + NOT-FOR-US: ANIXIS +CVE-2018-5353 (The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus befo ...) + NOT-FOR-US: Zoho ManageEngine CVE-2018-5352 RESERVED CVE-2018-5351 @@ -42610,7 +42766,7 @@ CVE-2018-5333 (In the Linux kernel through 4.14.13, the rds_cmsg_atomic function - linux 4.14.17-1 [stretch] - linux 4.9.80-1 NOTE: Fixed by: https://git.kernel.org/linus/7d11f77f84b27cef452cee332f4e469503084737 -CVE-2018-5332 (In the Linux kernel through 4.14.13, the rds_message_alloc_sgs() funct ...) +CVE-2018-5332 (In the Linux kernel through 3.2, the rds_message_alloc_sgs() function ...) {DSA-4187-1 DLA-1369-1} - linux 4.14.17-1 [stretch] - linux 4.9.80-1 @@ -42798,17 +42954,15 @@ CVE-2018-5271 (** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver fil CVE-2018-5270 (** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FA ...) NOT-FOR-US: Malwarebytes Premium CVE-2018-5269 (In OpenCV 3.3.1, an assertion failure happens in cv::RBaseStream::setP ...) - {DLA-1438-1 DLA-1354-1} + {DLA-2799-1 DLA-1438-1 DLA-1354-1} [experimental] - opencv 3.4.4+dfsg-1~exp1 - opencv 3.2.0+dfsg-6 (bug #886675) - [stretch] - opencv <ignored> (Minor issue) NOTE: https://github.com/opencv/opencv/issues/10540 NOTE: 2.4 backport: https://patch-diff.githubusercontent.com/raw/opencv/opencv/pull/10901.patch CVE-2018-5268 (In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDec ...) - {DLA-1438-1 DLA-1354-1} + {DLA-2799-1 DLA-1438-1 DLA-1354-1} [experimental] - opencv 3.4.4+dfsg-1~exp1 - opencv 3.2.0+dfsg-6 (bug #886674) - [stretch] - opencv <no-dsa> (Minor issue) NOTE: https://github.com/opencv/opencv/issues/10541 NOTE: 2.4 backport: https://patch-diff.githubusercontent.com/raw/opencv/opencv/pull/10901.patch CVE-2018-5267 (Cobham Sea Tel 121 build 222701 devices allow remote attackers to bypa ...) @@ -42850,7 +43004,7 @@ CVE-2018-5251 (In libming 0.4.8, there is an integer signedness error vulnerabil CVE-2018-5250 RESERVED CVE-2018-5249 (Cross-site scripting (XSS) vulnerability in Shaarli before 0.8.5 and 0 ...) - - shaarli <itp> (bug #864559) + - shaarli <not-affected> (Fixed before initial re-upload to the archive) CVE-2018-5248 (In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in ...) {DSA-4245-1 DSA-4204-1} - imagemagick 8:6.9.9.34+dfsg-3 (bug #886588) @@ -43201,7 +43355,7 @@ CVE-2018-5146 (An out of bounds memory write while processing Vorbis audio data - firefox-esr 52.7.2esr-1 - thunderbird 1:52.7.0-1 - libvorbis 1.3.5-4.2 (bug #893130) - NOTE: https://git.xiph.org/?p=vorbis.git;a=commit;h=667ceb4aab60c1f74060143bb24e5f427b3cce5f + NOTE: https://github.com/xiph/vorbis/commit/667ceb4aab60c1f74060143bb24e5f427b3cce5f (v1.3.6) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/ CVE-2018-5145 (Memory safety bugs were reported in Firefox ESR 52.6. These bugs showe ...) @@ -43950,9 +44104,9 @@ CVE-2018-4842 (A vulnerability has been identified in SCALANCE X-200IRT switch f NOT-FOR-US: Siemens SCALANCE X switches CVE-2018-4841 (A vulnerability has been identified in TIM 1531 IRC (All versions < ...) NOT-FOR-US: TIM -CVE-2018-4840 (A vulnerability has been identified in Siemens DIGSI 4 (All versions & ...) +CVE-2018-4840 (A vulnerability has been identified in DIGSI 4 (All versions < V4.9 ...) NOT-FOR-US: Siemens -CVE-2018-4839 (A vulnerability has been identified in Siemens DIGSI 4 (All versions & ...) +CVE-2018-4839 (A vulnerability has been identified in DIGSI 4 (All versions < V4.9 ...) NOT-FOR-US: Siemens CVE-2018-4838 (A vulnerability has been identified in EN100 Ethernet module IEC 61850 ...) NOT-FOR-US: Siemens @@ -43964,7 +44118,7 @@ CVE-2018-4835 (A vulnerability has been identified in TeleControl Server Basic & NOT-FOR-US: Siemens / TeleControl Server Basic CVE-2018-4834 (A vulnerability has been identified in Desigo Automation Controllers P ...) NOT-FOR-US: Desigo -CVE-2018-4833 (A vulnerability has been identified in RFID 181-EIP (All versions), RU ...) +CVE-2018-4833 (A vulnerability has been identified in RFID 181EIP (All versions), RUG ...) NOT-FOR-US: Siemens CVE-2018-4832 (A vulnerability has been identified in OpenPCS 7 V7.1 and earlier (All ...) NOT-FOR-US: Siemens @@ -44674,16 +44828,16 @@ CVE-2018-4480 RESERVED CVE-2018-4479 RESERVED -CVE-2018-4478 - RESERVED +CVE-2018-4478 (A validation issue was addressed with improved logic. This issue is fi ...) + NOT-FOR-US: Apple CVE-2018-4477 RESERVED CVE-2018-4476 RESERVED CVE-2018-4475 RESERVED -CVE-2018-4474 - RESERVED +CVE-2018-4474 (A memory consumption issue was addressed with improved memory handling ...) + NOT-FOR-US: Apple CVE-2018-4473 RESERVED CVE-2018-4472 @@ -44694,10 +44848,10 @@ CVE-2018-4470 (A privacy issue in the handling of Open Directory records was add NOT-FOR-US: Apple CVE-2018-4469 RESERVED -CVE-2018-4468 - RESERVED -CVE-2018-4467 - RESERVED +CVE-2018-4468 (This issue was addressed by removing additional entitlements. This iss ...) + NOT-FOR-US: Apple +CVE-2018-4467 (A memory corruption issue was addressed with improved state management ...) + NOT-FOR-US: Apple CVE-2018-4466 RESERVED CVE-2018-4465 (A memory corruption issue was addressed with improved memory handling. ...) @@ -44728,24 +44882,24 @@ CVE-2018-4454 RESERVED CVE-2018-4453 RESERVED -CVE-2018-4452 - RESERVED -CVE-2018-4451 - RESERVED +CVE-2018-4452 (A memory consumption issue was addressed with improved memory handling ...) + NOT-FOR-US: Apple +CVE-2018-4451 (This issue is fixed in macOS Mojave 10.14. A memory corruption issue w ...) + NOT-FOR-US: Apple CVE-2018-4450 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2018-4449 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple -CVE-2018-4448 - RESERVED +CVE-2018-4448 (A memory initialization issue was addressed with improved memory handl ...) + NOT-FOR-US: Apple CVE-2018-4447 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2018-4446 (This issue was addressed with improved entitlements. This issue affect ...) NOT-FOR-US: Apple CVE-2018-4445 ("Clear History and Website Data" did not clear the history. The issue ...) NOT-FOR-US: Apple -CVE-2018-4444 - RESERVED +CVE-2018-4444 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple CVE-2018-4443 (A memory corruption issue was addressed with improved memory handling. ...) - webkit2gtk 2.22.3-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2018-0009.html @@ -44776,8 +44930,8 @@ CVE-2018-4435 (A logic issue was addressed with improved restrictions. This issu NOT-FOR-US: Apple CVE-2018-4434 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple -CVE-2018-4433 - RESERVED +CVE-2018-4433 (A configuration issue was addressed with additional restrictions. This ...) + NOT-FOR-US: Apple CVE-2018-4432 RESERVED CVE-2018-4431 (A memory initialization issue was addressed with improved memory handl ...) @@ -44786,8 +44940,8 @@ CVE-2018-4430 (A lock screen issue allowed access to contacts on a locked device NOT-FOR-US: Apple CVE-2018-4429 (A spoofing issue existed in the handling of URLs. This issue was addre ...) NOT-FOR-US: Apple -CVE-2018-4428 - RESERVED +CVE-2018-4428 (A lock screen issue allowed access to the share function on a locked d ...) + NOT-FOR-US: Apple CVE-2018-4427 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2018-4426 (A memory corruption issue was addressed with improved memory handling. ...) @@ -44864,10 +45018,10 @@ CVE-2018-4392 (Multiple memory corruption issues were addressed with improved me - webkit2gtk 2.22.1-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2018-0008.html NOTE: Not covered by security support -CVE-2018-4391 - RESERVED -CVE-2018-4390 - RESERVED +CVE-2018-4391 (An inconsistent user interface issue was addressed with improved state ...) + NOT-FOR-US: Apple +CVE-2018-4390 (An inconsistent user interface issue was addressed with improved state ...) + NOT-FOR-US: Apple CVE-2018-4389 (An inconsistent user interface issue was addressed with improved state ...) NOT-FOR-US: Apple CVE-2018-4388 (A lock screen issue allowed access to the share function on a locked d ...) @@ -44888,8 +45042,8 @@ CVE-2018-4382 (Multiple memory corruption issues were addressed with improved me - webkit2gtk 2.22.1-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2018-0008.html NOTE: Not covered by security support -CVE-2018-4381 - RESERVED +CVE-2018-4381 (A resource exhaustion issue was addressed with improved input validati ...) + NOT-FOR-US: Apple CVE-2018-4380 (A lock screen issue allowed access to photos and contacts on a locked ...) NOT-FOR-US: Apple CVE-2018-4379 (A lock screen issue allowed access to the share function on a locked d ...) @@ -44990,8 +45144,8 @@ CVE-2018-4341 (A memory corruption issue was addressed with improved memory hand NOT-FOR-US: Apple CVE-2018-4340 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple -CVE-2018-4339 - RESERVED +CVE-2018-4339 (This issue was addressed with a new entitlement. This issue is fixed i ...) + NOT-FOR-US: Apple CVE-2018-4338 (A validation issue was addressed with improved input sanitization. Thi ...) NOT-FOR-US: Apple CVE-2018-4337 (A memory corruption issue was addressed with improved memory handling. ...) @@ -45088,8 +45242,8 @@ CVE-2018-4304 (A denial of service issue was addressed with improved validation. NOT-FOR-US: Apple CVE-2018-4303 (An input validation issue was addressed with improved input validation ...) NOT-FOR-US: Apple -CVE-2018-4302 - RESERVED +CVE-2018-4302 (A null pointer dereference was addressed with improved validation. Thi ...) + NOT-FOR-US: Apple CVE-2018-4301 RESERVED NOT-FOR-US: Apple @@ -45108,8 +45262,8 @@ CVE-2018-4298 (In macOS High Sierra before 10.13.3, Security Update 2018-001 Sie NOT-FOR-US: Apple CVE-2018-4297 RESERVED -CVE-2018-4296 - RESERVED +CVE-2018-4296 (This issue is fixed in macOS Mojave 10.14. A permissions issue existed ...) + NOT-FOR-US: Apple CVE-2018-4295 (An input validation issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2018-4294 @@ -45878,6 +46032,7 @@ CVE-2018-3980 (An exploitable out-of-bounds write exists in the TIFF-parsing fun NOT-FOR-US: Canvas Draw CVE-2018-3979 (A remote denial-of-service vulnerability exists in the way the Nouveau ...) - xserver-xorg-video-nouveau <unfixed> (low) + [bullseye] - xserver-xorg-video-nouveau <ignored> (Minor issue) [buster] - xserver-xorg-video-nouveau <ignored> (Minor issue) [stretch] - xserver-xorg-video-nouveau <ignored> (Minor issue) [jessie] - xserver-xorg-video-nouveau <ignored> (Minor issue) @@ -46565,7 +46720,8 @@ CVE-2018-3695 CVE-2018-3694 RESERVED CVE-2018-3693 (Systems with microprocessors utilizing speculative execution and branc ...) - - linux <unfixed> + - linux 4.15.11-1 + [stretch] - linux 4.9.88-1 NOTE: https://access.redhat.com/solutions/3523601 NOTE: https://01.org/security/advisories/intel-oss-10002 NOTE: Speculative Bounds Checks Bypass with Store (BCBS) @@ -46729,7 +46885,7 @@ CVE-2018-3635 (Insufficient input validation in installer in Intel Rapid Store T CVE-2018-3634 (Parameter corruption in NDIS filter driver in Intel Online Connect Acc ...) NOT-FOR-US: Intel CVE-2018-3633 - RESERVED + REJECTED CVE-2018-3632 (Memory corruption in Intel Active Management Technology in Intel Conve ...) NOT-FOR-US: Intel CVE-2018-3631 @@ -49177,9 +49333,9 @@ CVE-2018-2642 (Vulnerability in the Oracle Argus Safety component of Oracle Heal NOT-FOR-US: Oracle CVE-2018-2641 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) {DSA-4166-1 DSA-4144-1 DLA-1339-1} - [experimental] - openjdk-7 7u171-2.6.13-1 - openjdk-9 9.0.4+12-1 - openjdk-8 8u162-b12-1 + [experimental] - openjdk-7 7u171-2.6.13-1 - openjdk-7 <removed> - openjdk-6 <removed> [wheezy] - openjdk-6 <end-of-life> @@ -51124,8 +51280,8 @@ CVE-2018-1727 (IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vu NOT-FOR-US: IBM CVE-2018-1726 RESERVED -CVE-2018-1725 - RESERVED +CVE-2018-1725 (IBM QRadar SIEM 7.3 and 7.4 n a multi tenant configuration could be vu ...) + NOT-FOR-US: IBM CVE-2018-1724 (IBM Spectrum LSF 9.1.1 9.1.2, 9.1.3, and 10.1 could allow a local user ...) NOT-FOR-US: IBM CVE-2018-1723 (IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0 ...) @@ -52003,9 +52159,9 @@ CVE-2018-1312 (In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest a {DSA-4164-1 DLA-1389-1} - apache2 2.4.33-1 NOTE: https://www.openwall.com/lists/oss-security/2018/03/24/7 -CVE-2018-1311 (The Apache Xerces-C 3.0.0 to 3.2.2 XML parser contains a use-after-fre ...) - - xerces-c <unfixed> (bug #947431) - [buster] - xerces-c <postponed> (Minor issue, revisit when fixed upstream) +CVE-2018-1311 (The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-fre ...) + {DSA-4814-1} + - xerces-c 3.2.3+debian-2 (bug #947431) [stretch] - xerces-c <postponed> (Minor issue, revisit when fixed upstream) [jessie] - xerces-c <postponed> (slow upstream interest, proper fix likely to break ABI compatibility) NOTE: http://xerces.apache.org/xerces-c/secadv/CVE-2018-1311.txt @@ -52082,6 +52238,7 @@ CVE-2018-1298 (A Denial of Service vulnerability was found in Apache Qpid Broker NOTE: https://git-wip-us.apache.org/repos/asf?p=qpid-broker-j.git;h=4b9fb37 CVE-2018-1297 (When using Distributed Test only (RMI based), Apache JMeter 2.x and 3. ...) - jakarta-jmeter <unfixed> (low; bug #897259) + [bullseye] - jakarta-jmeter <ignored> (Minor issue, too intrusive to backport) [buster] - jakarta-jmeter <ignored> (Minor issue, too intrusive to backport) [stretch] - jakarta-jmeter <ignored> (Minor issue, too intrusive to backport) [jessie] - jakarta-jmeter <ignored> (Minor issue, too intrusive to backport) @@ -52110,6 +52267,7 @@ CVE-2018-1288 (In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0. - kafka <itp> (bug #786460) CVE-2018-1287 (In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI ba ...) - jakarta-jmeter <unfixed> (low) + [bullseye] - jakarta-jmeter <no-dsa> (Minor issue) [buster] - jakarta-jmeter <no-dsa> (Minor issue) [stretch] - jakarta-jmeter <no-dsa> (Minor issue) [jessie] - jakarta-jmeter <no-dsa> (Minor issue) @@ -52120,7 +52278,7 @@ CVE-2018-1286 (In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileg NOT-FOR-US: Apache OpenMeetings CVE-2018-1285 (Apache log4net versions before 2.0.10 do not disable XML external enti ...) {DLA-2211-1} - - log4net <unfixed> (low) + - log4net 1.2.10+dfsg-8 (low; bug #977468) [buster] - log4net <no-dsa> (Minor issue) [stretch] - log4net <no-dsa> (Minor issue; requires application to accept arbitrary configuration files) NOTE: https://issues.apache.org/jira/browse/LOG4NET-575 @@ -52139,7 +52297,10 @@ CVE-2018-1281 (The clustered setup of Apache MXNet allows users to specify which CVE-2018-1280 (Pivotal Greenplum Command Center versions 2.x prior to 2.5.1 contains ...) NOT-FOR-US: Pivotal CVE-2018-1279 (Pivotal RabbitMQ for PCF, all versions, uses a deterministically gener ...) - - rabbitmq-server <not-affected> (Specific to RabbitMQ setup in Pivotal, see bug #924768) + - rabbitmq-server 3.9.8-5 (bug #924768) + [bullseye] - rabbitmq-server <no-dsa> (Minor issue) + [buster] - rabbitmq-server <no-dsa> (Minor issue) + [stretch] - rabbitmq-server <postponed> (Minor issue; documentation-only fix) NOTE: https://pivotal.io/security/cve-2018-1279 CVE-2018-1278 (Apps Manager included in Pivotal Application Service, versions 1.12.x ...) NOT-FOR-US: Pivotal @@ -52156,18 +52317,20 @@ CVE-2018-1273 (Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2. NOT-FOR-US: Spring Data Commons CVE-2018-1272 (Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior t ...) - libspring-java 4.3.19-1 (bug #895114) - [stretch] - libspring-java <no-dsa> (Minor issue) - [jessie] - libspring-java <not-affected> (vulnerable code not found) - [wheezy] - libspring-java <not-affected> (Vulnerable broker code introduced in various commits re. https://github.com/spring-projects/spring-framework/blame/0009806debb578e884f6dc98bd1f2dc668020021/spring-messaging/src/main/java/org/springframework/messaging/simp/broker/DefaultSubscriptionRegistry.java) + [stretch] - libspring-java <ignored> (Minor issue, no known patch) + [jessie] - libspring-java <no-dsa> (Minor issue) + [wheezy] - libspring-java <no-dsa> (Minor issue) NOTE: https://pivotal.io/security/cve-2018-1272 + NOTE: https://github.com/spring-projects/spring-framework/issues/26821 (patch unidentifiable) CVE-2018-1271 (Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior t ...) - libspring-java <not-affected> (Issue specific when served from a file system on Windows) NOTE: https://pivotal.io/security/cve-2018-1271 CVE-2018-1270 (Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior t ...) + {DLA-2635-1} - libspring-java 4.3.19-1 (bug #895114) - [stretch] - libspring-java <no-dsa> (Minor issue) - [jessie] - libspring-java <not-affected> (vulnerable code not found) - [wheezy] - libspring-java <not-affected> (Vulnerable broker code introduced in various commits re. https://github.com/spring-projects/spring-framework/blame/0009806debb578e884f6dc98bd1f2dc668020021/spring-messaging/src/main/java/org/springframework/messaging/simp/broker/DefaultSubscriptionRegistry.java) + [jessie] - libspring-java <not-affected> (Vulnerable code not present) + [wheezy] - libspring-java <not-affected> (Vulnerable code not present) + NOTE: Introduced by https://github.com/spring-projects/spring-framework/commit/b6327acec825aefadead62bd7825425b048b214c (v4.2.0) NOTE: https://pivotal.io/security/cve-2018-1270 NOTE: when addressing this issue make sure to not only apply a partial fix but NOTE: make it complete, cf. https://bugzilla.redhat.com/show_bug.cgi?id=1565307 @@ -52199,9 +52362,11 @@ CVE-2018-1258 (Spring Framework version 5.0.5 when used in combination with any NOTE: https://pivotal.io/security/cve-2018-1258 CVE-2018-1257 (Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior ...) - libspring-java 4.3.19-1 - [stretch] - libspring-java <no-dsa> (Minor issue) - [jessie] - libspring-java <no-dsa> (hard to find upstream commits regarding this) + [stretch] - libspring-java <ignored> (Minor issue, no known patch) + [jessie] - libspring-java <not-affected> (Vulnerable code introduced later) NOTE: https://pivotal.io/security/cve-2018-1257 + NOTE: websocket introduced in v4 https://github.com/spring-projects/spring-framework/commit/4e67f809fbc1957e40fc787686b63254eaa8d7fa + NOTE: https://github.com/spring-projects/spring-framework/issues/26821 (patch unidentifiable) CVE-2018-1256 (Spring Cloud SSO Connector, version 2.1.2, contains a regression which ...) NOT-FOR-US: Spring Cloud SSO Connector CVE-2018-1255 (RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 ...) @@ -52318,11 +52483,14 @@ CVE-2018-1200 (Apps Manager for PCF (Pivotal Application Service 1.11.x before 1 NOT-FOR-US: Pivotal CVE-2018-1199 (Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2. ...) - libspring-java 4.3.14-1 (bug #890001) - [stretch] - libspring-java <no-dsa> (Minor issue) - [wheezy] - libspring-java <ignored> (Too intrusive to fix by upgrade) + [stretch] - libspring-java <ignored> (Minor issue, no known patch for spring-framework) [jessie] - libspring-java <no-dsa> (fix for spring-security available but not for springframework) + [wheezy] - libspring-java <ignored> (Too intrusive to fix by upgrade) + - libspring-security-2.0-java <removed> - libspring-security-java <itp> (bug #582181) NOTE: https://pivotal.io/security/cve-2018-1199 + NOTE: https://github.com/spring-projects/spring-security/commit/65da28e4bf62f58fb130ba727cbbd621b44a36d1 (spring-security 4.1.5) + NOTE: https://github.com/spring-projects/spring-framework/issues/26821 (spring-framework patch unidentifiable) CVE-2018-1198 (Pivotal Cloud Cache, versions prior to 1.3.1, prints a superuser passw ...) NOT-FOR-US: Pivotal Cloud Cache CVE-2018-1197 (In Windows Stemcells versions prior to 1200.14, apps running inside co ...) @@ -52427,7 +52595,7 @@ CVE-2018-1153 (Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate t CVE-2018-1152 (libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerabilit ...) {DLA-2302-1 DLA-1638-1} - libjpeg-turbo 1:2.0.5-1 (low; bug #902950) - [buster] - libjpeg-turbo <no-dsa> (Minor issue) + [buster] - libjpeg-turbo 1:1.5.2-2+deb10u1 NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/43e84cff1bb2bd8293066f6ac4eb0df61ddddbc6 CVE-2018-1151 (The web server on Western Digital TV Media Player 1.03.07 and TV Live ...) NOT-FOR-US: web server on Western Digital TV Media Player and TV Live Hub @@ -52462,7 +52630,7 @@ CVE-2018-1139 (A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed [jessie] - samba <not-affected> (Issue introduced in 4.7.0) NOTE: https://www.samba.org/samba/security/CVE-2018-1139.html CVE-2018-1138 - RESERVED + REJECTED CVE-2018-1137 (An issue was discovered in Moodle 3.x. By substituting URLs in portfol ...) - moodle <removed> CVE-2018-1136 (An issue was discovered in Moodle 3.x. An authenticated user is allowe ...) @@ -52593,12 +52761,10 @@ CVE-2018-1112 (glusterfs server before versions 3.10.12, 4.0.2 is vulnerable whe CVE-2018-1111 (DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earl ...) NOT-FOR-US: Red Hat Specific script NOTE: https://access.redhat.com/security/vulnerabilities/3442151 -CVE-2018-1110 [Improper Input Validation] - RESERVED +CVE-2018-1110 (A flaw was found in knot-resolver before version 2.3.0. Malformed DNS ...) - knot-resolver 2.3.0-1 (bug #896681) NOTE: https://www.openwall.com/lists/oss-security/2018/04/23/2 -CVE-2018-1109 - RESERVED +CVE-2018-1109 (A vulnerability was found in Braces versions prior to 2.3.1. Affected ...) - node-braces <not-affected> (Vulnerable code introduced in 2.2.0) NOTE: https://snyk.io/vuln/npm:braces:20180219 NOTE: Introduced by: https://github.com/micromatch/braces/commit/dcc1acab4de9a43e86ab4be4acde209ff1dca113 (2.2.0) @@ -52611,8 +52777,7 @@ CVE-2018-1108 (kernel drivers before version 4.17-rc1 are vulnerable to a weakne [wheezy] - linux <not-affected> (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/43838a23a05fbd13e47d750d3dfd77001536dd33 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1559 -CVE-2018-1107 - RESERVED +CVE-2018-1107 (It was discovered that the is-my-json-valid JavaScript library used an ...) NOT-FOR-US: is-my-json-valid package for Node.js CVE-2018-1106 (An authentication bypass flaw has been found in PackageKit before 1.1. ...) {DSA-4207-1} @@ -52624,7 +52789,7 @@ CVE-2018-1106 (An authentication bypass flaw has been found in PackageKit before NOTE: Introduced by: https://github.com/hughsie/PackageKit/commit/f176976e24e8c17b80eff222572275517c16bdad NOTE: Resulting affected (upstream) versions: >= 1.0.10 up until current 1.1.9 CVE-2018-1105 - RESERVED + REJECTED CVE-2018-1104 (Ansible Tower through version 3.2.3 has a vulnerability that allows us ...) NOT-FOR-US: Ansible Tower CVE-2018-1103 (Openshift Enterprise source-to-image before version 1.1.10 is vulnerab ...) @@ -52634,21 +52799,25 @@ CVE-2018-1102 (A flaw was found in source-to-image function as shipped with Open CVE-2018-1101 (Ansible Tower before version 3.2.4 has a flaw in the management of sys ...) NOT-FOR-US: Ansible Tower CVE-2018-1100 (zsh through version 5.4.2 is vulnerable to a stack-based buffer overfl ...) + {DLA-2470-1} - zsh 5.5-1 (bug #895225) - [stretch] - zsh <no-dsa> (Minor issue) [jessie] - zsh <no-dsa> (Minor issue) [wheezy] - zsh <no-dsa> (Minor issue) NOTE: https://www.zsh.org/cgi-bin/mla/redirect?WORKERNUMBER=42607 NOTE: https://sourceforge.net/p/zsh/code/ci/31f72205630687c1cef89347863aab355296a27f/ CVE-2018-1099 (DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attack ...) - etcd <unfixed> (low; bug #921156) + [bullseye] - etcd <no-dsa> (Minor issue) [buster] - etcd <no-dsa> (Minor issue) NOTE: https://github.com/coreos/etcd/issues/9353 + NOTE: https://github.com/etcd-io/etcd/pull/9372 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1552717 CVE-2018-1098 (A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. ...) - etcd <unfixed> (low; bug #921156) + [bullseye] - etcd <no-dsa> (Minor issue) [buster] - etcd <no-dsa> (Minor issue) NOTE: https://github.com/coreos/etcd/issues/9353 + NOTE: https://github.com/etcd-io/etcd/pull/9372 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1552714 CVE-2018-1097 (A flaw was found in foreman before 1.16.1. The issue allows users with ...) - foreman <itp> (bug #663101) @@ -52693,8 +52862,8 @@ CVE-2018-1089 (389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not pr [stretch] - 389-ds-base <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2018/05/07/2 CVE-2018-1088 (A privilege escalation flaw was found in gluster 3.x snapshot schedule ...) + {DLA-2806-1} - glusterfs 4.0.2-1 (bug #896128) - [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release) [jessie] - glusterfs <not-affected> (vulnerable code not present) [wheezy] - glusterfs <not-affected> (vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1558721 @@ -52726,9 +52895,8 @@ CVE-2018-1084 (corosync before version 2.4.4 is vulnerable to an integer overflo NOTE: Fixed by: https://github.com/corosync/corosync/commit/fc1d5418533c1faf21616b282c2559bed7d361c4 NOTE: https://oss.clusterlabs.org/pipermail/users/2018-April/014856.html CVE-2018-1083 (Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in ...) - {DLA-1335-1} + {DLA-2470-1 DLA-1335-1} - zsh 5.4.2-4 (low; bug #894043) - [stretch] - zsh <no-dsa> (Minor issue) [jessie] - zsh <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/zsh/code/ci/259ac472eac291c8c103c7a0d8a4eaf3c2942ed7 CVE-2018-1082 (A flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. If a user a ...) @@ -52760,9 +52928,8 @@ CVE-2018-1073 (The web console login form in ovirt-engine before version 4.2.3 r CVE-2018-1072 (ovirt-engine before version ovirt 4.2.2 is vulnerable to an informatio ...) NOT-FOR-US: ovirt-engine CVE-2018-1071 (zsh through version 5.4.2 is vulnerable to a stack-based buffer overfl ...) - {DLA-1335-1} + {DLA-2470-1 DLA-1335-1} - zsh 5.4.2-4 (low; bug #894044) - [stretch] - zsh <no-dsa> (Minor issue) [jessie] - zsh <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/zsh/code/ci/679b71ec4d852037fe5f73d35bf557b0f406c8d4 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1553531 @@ -52854,7 +53021,7 @@ CVE-2018-1058 (A flaw was found in the way Postgresql allowed a user to modify t - postgresql-9.6 <removed> [stretch] - postgresql-9.6 9.6.8-0+deb9u1 - postgresql-9.4 <removed> - [jessie] - postgresql-9.4 <no-dsa> (Minor issue; documentation update for recommendations) + [jessie] - postgresql-9.4 9.4.17-0+deb8u1 - postgresql-9.1 <removed> [jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie is PL/Perl only) [wheezy] - postgresql-9.1 <no-dsa> (Minor issue) @@ -52868,9 +53035,8 @@ CVE-2018-1057 (On a Samba 4 AD DC the LDAP server in all versions of Samba from NOTE: https://www.samba.org/samba/security/CVE-2018-1057.html NOTE: https://wiki.samba.org/index.php/CVE-2018-1057 CVE-2018-1056 (An out-of-bounds heap buffer read flaw was found in the way advancecom ...) - {DLA-1702-1 DLA-1281-1} + {DLA-2868-1 DLA-1702-1 DLA-1281-1} - advancecomp 2.1-1 (bug #889270) - [stretch] - advancecomp <no-dsa> (Minor issue, can be fixed via point release) NOTE: https://sourceforge.net/p/advancemame/bugs/259/ NOTE: https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5 CVE-2018-1055 @@ -52888,7 +53054,7 @@ CVE-2018-1053 (In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x bef - postgresql-9.6 <removed> [stretch] - postgresql-9.6 9.6.7-0+deb9u1 - postgresql-9.4 <removed> - [jessie] - postgresql-9.4 <no-dsa> (Minor issue) + [jessie] - postgresql-9.4 9.4.16-0+deb8u1 - postgresql-9.1 <removed> [jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie is PL/Perl only) NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=6ba52aeb24e62586b51e77723d87627c18a844ca @@ -52910,7 +53076,7 @@ CVE-2018-1049 (In systemd prior to 234 a race condition exists between .mount an {DLA-1580-1} - systemd 234-1 [stretch] - systemd 232-25+deb9u10 - [wheezy] - systemd <postponed> (Minor issue, can be fixed along in next DLA) + [wheezy] - systemd <postponed> (Minor issue, can be fixed along in next DLA) NOTE: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1709649 NOTE: https://github.com/systemd/systemd/pull/5916 NOTE: https://github.com/systemd/systemd/commit/e7d54bf58789545a9eb0b3964233defa0b007318 @@ -54083,8 +54249,8 @@ CVE-2018-0503 (Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html NOTE: https://phabricator.wikimedia.org/T169545 CVE-2018-0502 (An issue was discovered in zsh before 5.6. The beginning of a #! scrip ...) + {DLA-2470-1} - zsh 5.6-1 (bug #908000) - [stretch] - zsh <no-dsa> (Minor issue) [jessie] - zsh <no-dsa> (Minor issue) NOTE: https://www.zsh.org/mla/zsh-announce/136 NOTE: https://sourceforge.net/p/zsh/code/ci/1c4c7b6a4d17294df028322b70c53803a402233d |