Todo Lists

Pending advisories

Group	Package	Severity	Affected	Fixed	Ticket
AVG-778	jenkins	Medium	2.145-1	2.146-1
AVG-784	linux	Low	4.18.12.arch1-1	4.18.13.arch1-1

Bumped packages

Group	Package	Severity	Affected	Current
AVG-767	linux-lts	High	4.14.71-1	4.14.77-1 [testing] 4.14.76-1 [core]
AVG-762	linux-hardened	High	4.18.1.a-1	4.18.15.a-1 [extra]
AVG-761	linux-zen	High	4.18.zen1-1	4.18.15.zen1-1 [testing] 4.18.14.zen1-1 [extra]
AVG-760	linux	High	4.18.arch1-1	4.18.15.arch1-1 [testing] 4.18.14.arch1-1 [core]
AVG-758	linux-lts	High	4.14.62-1	4.14.77-1 [testing] 4.14.76-1 [core]
AVG-757	linux-zen	High	4.17.14.zen1-1	4.18.15.zen1-1 [testing] 4.18.14.zen1-1 [extra]
AVG-756	linux	High	4.17.14.arch1-1	4.18.15.arch1-1 [testing] 4.18.14.arch1-1 [core]
AVG-685	linux-zen	High	4.16.8-1	4.18.15.zen1-1 [testing] 4.18.14.zen1-1 [extra]
AVG-684	linux-lts	High	4.14.40-1	4.14.77-1 [testing] 4.14.76-1 [core]
AVG-683	linux-hardened	High	4.16.7.b-1	4.18.15.a-1 [extra]
AVG-682	linux	High	4.16.8-1	4.18.15.arch1-1 [testing] 4.18.14.arch1-1 [core]
AVG-572	linux-zen	High	4.14.11-1	4.18.15.zen1-1 [testing] 4.18.14.zen1-1 [extra]
AVG-566	linux-lts	High	4.9.74-1	4.14.77-1 [testing] 4.14.76-1 [core]
AVG-559	linux-lts	High	4.9.74-1	4.14.77-1 [testing] 4.14.76-1 [core]
AVG-558	linux-hardened	High	4.14.11.a-1	4.18.15.a-1 [extra]
AVG-557	linux-zen	High	4.14.11-1	4.18.15.zen1-1 [testing] 4.18.14.zen1-1 [extra]
AVG-553	linux	High	4.14.11-1	4.18.15.arch1-1 [testing] 4.18.14.arch1-1 [core]
AVG-359	libsass	High	3.4.9-1	3.5.4-1 [community]
AVG-704	linux-zen	Medium	4.16.9-1	4.18.15.zen1-1 [testing] 4.18.14.zen1-1 [extra]
AVG-703	linux-hardened	Medium	4.16.9.a-1	4.18.15.a-1 [extra]
AVG-702	linux-lts	Medium	4.14.41-1	4.14.77-1 [testing] 4.14.76-1 [core]
AVG-701	linux	Medium	4.16.9-1	4.18.15.arch1-1 [testing] 4.18.14.arch1-1 [core]
AVG-573	linux-hardened	Medium	4.14.11-1	4.18.15.a-1 [extra]
AVG-312	linux-lts	Medium	4.9.33-1	4.14.77-1 [testing] 4.14.76-1 [core]

Orphan issues

Issue	Severity	Remote	Type	Description
CVE-2016-1000000	High	Yes	Sql injection	Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection
CVE-2016-1951	Medium	Yes	Arbitrary code execution	Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) before...
CVE-2016-5258	Critical	Yes	Arbitrary code execution	Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and...
CVE-2016-7053	Medium	Yes	Denial of service	Applications parsing invalid CMS structures can crash with a NULL pointer dereference. This...
CVE-2016-9427	High	Yes	Arbitrary code execution	An integer overflow problem has been discovered leading to hep corruption. When calling...
CVE-2016-9443	High	Yes	Arbitrary code execution	Null pointer dereference in formUpdateBuffer
CVE-2017-1000410	High	Yes	Information disclosure	The Linux kernel version 3.3-rc1 and later is affected by a vulnerability in the processing...
CVE-2017-10979	Critical	Yes	Arbitrary code execution	A security issue has been found in freeradius <= 2.2.9, where the rad_coalesce() function...
CVE-2017-10980	Medium	Yes	Denial of service	A security issue has been found in freeradius <= 2.2.9, where thedecode_tlv() function...
CVE-2017-10981	Low	Yes	Denial of service	A security issue has been found in freeradius <= 2.2.9, where the fr_dhcp_decode() function...
CVE-2017-11333	Low	Yes	Denial of service	A security issue has been found in libvorbis <= 1.3.5, where a specially crafted WAV file...
CVE-2017-12925	Medium	No	Arbitrary code execution	Invalid memory read in SetImageColorCallBack.
CVE-2017-14497	Medium	No	Denial of service	The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel before 4.13...
CVE-2017-15994	Critical	Yes	Access restriction bypass	rsync 3.1.3-development before 2017-10-24, as used in the xlucas svfs rsync fork and other...
CVE-2017-7223	Medium	No	Denial of service	GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1)...
CVE-2017-7224	Medium	No	Denial of service	The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid...
CVE-2017-7225	Medium	No	Denial of service	The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case...
CVE-2017-7226	High	No	Information disclosure	The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as...
CVE-2017-7227	Medium	No	Denial of service	GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while...
CVE-2017-7980	High	No	Arbitrary code execution	Quick emulator(Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to...
CVE-2017-9098	High	Yes	Information disclosure	Chris Evans discovered that ImageMagick uses unitialized memory in the RLE decoder,...
CVE-2018-0492	High	No	Privilege escalation	beep through version 1.3.4 is vulnerable to local privilege escalation if the setuid bit is...
CVE-2018-1000115	High	Yes	Insufficient validation	Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network...
CVE-2018-4101	Critical	Yes	Arbitrary code execution	A security issue has been found in WebKitGTK+ < 2.20.0, where processing maliciously...
CVE-2018-4113	Low	Yes	Denial of service	A security issue has been found in the handling of a function in JavaScriptCore of...
CVE-2018-5709	Low	Yes	Information disclosure	An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable...
CVE-2018-9234	Low	No	Insufficient validation	When using a GnuPG smartcard in 2.2.4+ with an offline master [C]ertify key, it is possible...