Todo Lists
Scheduled advisories
| Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|
| ASA-201902-17 | AVG-899 | webkit2gtk | Critical | arbitrary code execution |
| ASA-201902-16 | AVG-896 | firefox | High | multiple issues |
Pending advisories
| Group | Package | Severity | Affected | Fixed | Ticket |
|---|---|---|---|---|---|
| AVG-762 | linux-hardened | High | 4.18.1.a-1 | 4.19.4.a-1 | |
| AVG-880 | flatpak | High | 1.2.2-1 | 1.2.3-1 | |
| AVG-898 | python-mysql-connector | High | 8.0.13-1 | 8.0.15-1 | FS#61758 |
| AVG-869 | poppler | Low | 0.73.0-1 | 0.74.0-1 |
Bumped packages
| Group | Package | Severity | Affected | Current | Ticket |
|---|---|---|---|---|---|
| AVG-842 | linux | High | 4.20.arch1-1 |
4.20.10.arch1-1 [testing] 4.20.8.arch1-1 [core] |
|
| AVG-832 | binutils | High | 2.31.1-3 |
2.31.1-4 [core] |
|
| AVG-767 | linux-lts | High | 4.14.71-1 |
4.19.23-1 [testing] 4.19.21-1 [core] |
|
| AVG-758 | linux-lts | High | 4.14.62-1 |
4.19.23-1 [testing] 4.19.21-1 [core] |
|
| AVG-757 | linux-zen | High | 4.17.14.zen1-1 |
4.20.10.zen1-1 [testing] 4.20.8.zen1-1 [extra] |
|
| AVG-756 | linux | High | 4.17.14.arch1-1 |
4.20.10.arch1-1 [testing] 4.20.8.arch1-1 [core] |
|
| AVG-685 | linux-zen | High | 4.16.8-1 |
4.20.10.zen1-1 [testing] 4.20.8.zen1-1 [extra] |
|
| AVG-684 | linux-lts | High | 4.14.40-1 |
4.19.23-1 [testing] 4.19.21-1 [core] |
|
| AVG-683 | linux-hardened | High | 4.16.7.b-1 |
4.20.10.a-1 [extra] |
|
| AVG-682 | linux | High | 4.16.8-1 |
4.20.10.arch1-1 [testing] 4.20.8.arch1-1 [core] |
|
| AVG-628 | libvncserver | High | 0.9.11-3 |
0.9.12-1 [extra] |
|
| AVG-572 | linux-zen | High | 4.14.11-1 |
4.20.10.zen1-1 [testing] 4.20.8.zen1-1 [extra] |
|
| AVG-566 | linux-lts | High | 4.9.74-1 |
4.19.23-1 [testing] 4.19.21-1 [core] |
|
| AVG-559 | linux-lts | High | 4.9.74-1 |
4.19.23-1 [testing] 4.19.21-1 [core] |
|
| AVG-558 | linux-hardened | High | 4.14.11.a-1 |
4.20.10.a-1 [extra] |
|
| AVG-557 | linux-zen | High | 4.14.11-1 |
4.20.10.zen1-1 [testing] 4.20.8.zen1-1 [extra] |
|
| AVG-553 | linux | High | 4.14.11-1 |
4.20.10.arch1-1 [testing] 4.20.8.arch1-1 [core] |
|
| AVG-850 | linux | Medium | 4.20.arch1-1 |
4.20.10.arch1-1 [testing] 4.20.8.arch1-1 [core] |
|
| AVG-704 | linux-zen | Medium | 4.16.9-1 |
4.20.10.zen1-1 [testing] 4.20.8.zen1-1 [extra] |
|
| AVG-703 | linux-hardened | Medium | 4.16.9.a-1 |
4.20.10.a-1 [extra] |
|
| AVG-702 | linux-lts | Medium | 4.14.41-1 |
4.19.23-1 [testing] 4.19.21-1 [core] |
|
| AVG-701 | linux | Medium | 4.16.9-1 |
4.20.10.arch1-1 [testing] 4.20.8.arch1-1 [core] |
|
| AVG-573 | linux-hardened | Medium | 4.14.11-1 |
4.20.10.a-1 [extra] |
|
| AVG-312 | linux-lts | Medium | 4.9.33-1 |
4.19.23-1 [testing] 4.19.21-1 [core] |
Issues missing details
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2018-5711 | Unknown | Unknown | Unknown | gd_gif_in.c in the libgd has an integer signedness error that leads to an infinite loop via... |
| CVE-2018-20781 | Unknown | Unknown | Unknown | |
| CVE-2018-1000866 | Unknown | Unknown | Unknown |
Orphan issues
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2016-1000000 | High | Yes | Sql injection | Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection |
| CVE-2016-1951 | Medium | Yes | Arbitrary code execution | Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) before... |
| CVE-2016-5258 | Critical | Yes | Arbitrary code execution | Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and... |
| CVE-2016-7053 | Medium | Yes | Denial of service | Applications parsing invalid CMS structures can crash with a NULL pointer dereference. This... |
| CVE-2016-9427 | High | Yes | Arbitrary code execution | An integer overflow problem has been discovered leading to hep corruption. When calling... |
| CVE-2016-9443 | High | Yes | Arbitrary code execution | Null pointer dereference in formUpdateBuffer |
| CVE-2017-1000410 | High | Yes | Information disclosure | The Linux kernel version 3.3-rc1 and later is affected by a vulnerability in the processing... |
| CVE-2017-10979 | Critical | Yes | Arbitrary code execution | A security issue has been found in freeradius <= 2.2.9, where the rad_coalesce() function... |
| CVE-2017-10980 | Medium | Yes | Denial of service | A security issue has been found in freeradius <= 2.2.9, where thedecode_tlv() function... |
| CVE-2017-10981 | Low | Yes | Denial of service | A security issue has been found in freeradius <= 2.2.9, where the fr_dhcp_decode() function... |
| CVE-2017-11333 | Low | Yes | Denial of service | A security issue has been found in libvorbis <= 1.3.5, where a specially crafted WAV file... |
| CVE-2017-12925 | Medium | No | Arbitrary code execution | Invalid memory read in SetImageColorCallBack. |
| CVE-2017-14497 | Medium | No | Denial of service | The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel before 4.13... |
| CVE-2017-15994 | Critical | Yes | Access restriction bypass | rsync 3.1.3-development before 2017-10-24, as used in the xlucas svfs rsync fork and other... |
| CVE-2017-7223 | Medium | No | Denial of service | GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1)... |
| CVE-2017-7224 | Medium | No | Denial of service | The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid... |
| CVE-2017-7225 | Medium | No | Denial of service | The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case... |
| CVE-2017-7226 | High | No | Information disclosure | The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as... |
| CVE-2017-7227 | Medium | No | Denial of service | GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while... |
| CVE-2017-7980 | High | No | Arbitrary code execution | Quick emulator(Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to... |
| CVE-2017-9098 | High | Yes | Information disclosure | Chris Evans discovered that ImageMagick uses unitialized memory in the RLE decoder,... |
| CVE-2018-0492 | High | No | Privilege escalation | beep through version 1.3.4 is vulnerable to local privilege escalation if the setuid bit is... |
| CVE-2018-1000115 | High | Yes | Insufficient validation | Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network... |
| CVE-2018-1000866 | Unknown | Unknown | Unknown | |
| CVE-2018-18642 | Medium | Yes | Cross-site scripting | A security issue has been found in gitlab versions prior to 11.4.3, where the license... |
| CVE-2018-18644 | Medium | Yes | Information disclosure | A security issue has been found in gitlab versions prior to 11.4.3, where the Prometheus... |
| CVE-2018-18647 | Medium | Yes | Access restriction bypass | A security issue has been found in gitlab versions prior to 11.4.3, where the... |
| CVE-2018-20781 | Unknown | Unknown | Unknown | |
| CVE-2018-4101 | Critical | Yes | Arbitrary code execution | A security issue has been found in WebKitGTK+ < 2.20.0, where processing maliciously... |
| CVE-2018-4113 | Low | Yes | Denial of service | A security issue has been found in the handling of a function in JavaScriptCore of... |
| CVE-2018-5709 | Low | Yes | Information disclosure | An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable... |
| CVE-2018-9234 | Low | No | Insufficient validation | When using a GnuPG smartcard in 2.2.4+ with an offline master [C]ertify key, it is possible... |