diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2020-05-28 19:02:51 +0200 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2020-05-28 19:02:51 +0200 |
commit | ec043d7c5e9615c93836f6ab6ea5234b53e2ff66 (patch) | |
tree | 9bd48eb2d16b1aa69ad32f2c8af287459d9eae62 /data/CVE | |
parent | db3201bcb1f7aa0b3e74651b02482b240c6da8cf (diff) |
new ntp issue
NFUs
add and take ffmpeg
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/2013.list | 2 | ||||
-rw-r--r-- | data/CVE/2014.list | 2 | ||||
-rw-r--r-- | data/CVE/2015.list | 2 | ||||
-rw-r--r-- | data/CVE/2018.list | 8 |
4 files changed, 10 insertions, 4 deletions
diff --git a/data/CVE/2013.list b/data/CVE/2013.list index 927f853020..44ea8b402e 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -14801,7 +14801,7 @@ CVE-2013-1868 (Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and CVE-2013-1867 (Gemalto Tokend 2013 has an Arbitrary File Creation/Overwrite Vulnerabi ...) NOT-FOR-US: Gemalto Tokend CVE-2013-1866 (OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerab ...) - TODO: check + NOT-FOR-US: OpenSC.tokend (different from src:opensc) CVE-2013-1865 (OpenStack Keystone Folsom (2012.2) does not properly perform revocatio ...) - keystone <not-affected> (only affects folsom) NOTE: fixed in experimental with keystone/2012.2.3-2 diff --git a/data/CVE/2014.list b/data/CVE/2014.list index fb33ed7771..0e49d906c4 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -23698,7 +23698,7 @@ CVE-2014-1424 (apparmor_parser in the apparmor package before 2.8.95~2430-0ubunt NOTE: affected one that we ever had in Debian (2.8.96~2652) did not NOTE: include the faulty patch. CVE-2014-1423 (signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch ...) - TODO: check + NOT-FOR-US: signond from Ubuntu Touch CVE-2014-1422 RESERVED CVE-2014-1421 (mountall 1.54, as used in Ubuntu 14.10, does not properly handle the u ...) diff --git a/data/CVE/2015.list b/data/CVE/2015.list index 74a64d335d..50db83ee19 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -4978,7 +4978,7 @@ CVE-2015-7948 CVE-2015-7947 REJECTED CVE-2015-7946 (Information Exposure vulnerability in Unity8 as used on the Ubuntu pho ...) - TODO: check + NOT-FOR-US: Unity8 (predates Lomiri) CVE-2015-7945 (The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti befo ...) {DSA-3431-1} - ganeti 2.15.2-1 (bug #809538) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 5118ef55dc..75edfe207d 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -32449,7 +32449,13 @@ CVE-2018-8958 CVE-2018-8957 (CoverCMS v1.1.6 has XSS via the fourth input box to index.php, related ...) NOT-FOR-US: CoverCMS CVE-2018-8956 (ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote att ...) - TODO: check + - ntp <unfixed> (low) + [buster] - ntp <no-dsa> (Minor issue) + [stretch] - ntp <no-dsa> (Minor issue) + NOTE: MISC:https://arxiv.org/abs/2005.01783 + NOTE: MISC:https://nikhiltripathi.in/NTP_attack.pdf + NOTE: MISC:https://tools.ietf.org/html/rfc5905 + TODO: check ntpsec CVE-2018-8955 (The installer for BitDefender GravityZone relies on an encoded string ...) NOT-FOR-US: BitDefender GravityZone CVE-2018-8954 (CA Workload Control Center before r11.4 SP6 allows remote attackers to ...) |