{"CVE-2010-3908":{"scope":"remote","description":"FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed WMV file.","releases":{"buster":{"fixed_version":"7:2.4.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:2.4.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-11719":{"scope":"remote","description":"The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a crafted DNxHD file.","releases":{"buster":{"fixed_version":"7:3.3.3-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:3.2.7-1~deb9u1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:3.3.3-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-4048":{"debianbug":342207,"scope":"remote","description":"Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes.","releases":{"buster":{"fixed_version":"0.cvs20050918-5.1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"0.cvs20050918-5.1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"0.cvs20050918-5.1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2011-3934":{"scope":"remote","description":"Double free vulnerability in the vp3_update_thread_context function in libavcodec/vp3.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted vp3 data.","releases":{"buster":{"fixed_version":"7:2.4.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"7:2.4.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"7:2.4.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-1999013":{"scope":"remote","description":"FFmpeg before commit a7e032a277452366771951e29fd0bf2bd5c029f0 contains a use-after-free vulnerability in the realmedia demuxer that can result in vulnerability allows attacker to read heap memory. This attack appear to be exploitable via specially crafted RM file has to be provided as input. This vulnerability appears to have been fixed in a7e032a277452366771951e29fd0bf2bd5c029f0 and later.","releases":{"buster":{"fixed_version":"7:4.0.2-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:3.2.11-1~deb9u1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:4.0.2-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-3670":{"scope":"remote","description":"The rle_unpack function in vmdav.c in libavcodec in FFmpeg git 20130328 through 20130501 does not properly use the bytestream2 API, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted RLE data.  NOTE: the vendor has listed this as an issue fixed in 1.2.1, but the issue is actually in new code that was not shipped with the 1.2.1 release or any earlier release.","releases":{"buster":{"fixed_version":"7:2.4.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:2.4.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-1999012":{"scope":"remote","description":"FFmpeg before commit 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 contains a CWE-835: Infinite loop vulnerability in pva format demuxer that can result in a Vulnerability that allows attackers to consume excessive amount of resources like CPU and RAM. This attack appear to be exploitable via specially crafted PVA file has to be provided as input. This vulnerability appears to have been fixed in 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 and later.","releases":{"buster":{"fixed_version":"7:4.0.2-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"7:3.2.11-1~deb9u1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7:4.0.2-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-3671":{"scope":"remote","description":"The format_line function in log.c in libavutil in FFmpeg before 1.2.1 uses inapplicable offset data during a certain category calculation, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via crafted data that triggers a log message.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"7:4.1.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"7:4.1.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"TEMP-0407003-DA457C":{"debianbug":407003,"releases":{"buster":{"fixed_version":"0.cvs20060823-8","repositories":{"buster":"7:4.1.1-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.cvs20060823-8","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.cvs20060823-8","repositories":{"sid":"7:4.1.3-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-1196":{"scope":"remote","description":"The OGG container implementation in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"7:4.1.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"7:4.1.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-1999015":{"scope":"remote","description":"FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASF_F format demuxer that can result in heap memory reading. This attack appear to be exploitable via specially crafted ASF file that has to provided as input. This vulnerability appears to have been fixed in 5aba5b89d0b1d73164d3b81764828bb8b20ff32a and later.","releases":{"buster":{"fixed_version":"7:4.0.2-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"7:4.0.2-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-1999014":{"scope":"remote","description":"FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains an out of array access vulnerability in MXF format demuxer that can result in DoS. This attack appear to be exploitable via specially crafted MXF file which has to be provided as input. This vulnerability appears to have been fixed in bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 and later.","releases":{"buster":{"fixed_version":"7:4.0.2-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"7:4.0.2-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-8547":{"debianbug":773626,"scope":"remote","description":"libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute image heights, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted GIF data.","releases":{"buster":{"fixed_version":"7:2.4.3-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.3-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7:2.4.3-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-8546":{"scope":"remote","description":"Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Cinepak video data.","releases":{"buster":{"fixed_version":"7:2.4.3-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.3-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7:2.4.3-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-8549":{"debianbug":773626,"scope":"remote","description":"libavcodec/on2avc.c in FFmpeg before 2.4.2 does not constrain the number of channels to at most 2, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted On2 data.","releases":{"buster":{"fixed_version":"7:2.4.3-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.3-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7:2.4.3-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-1999011":{"scope":"remote","description":"FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains a Buffer Overflow vulnerability in asf_o format demuxer that can result in heap-buffer-overflow that may result in remote code execution. This attack appears to be exploitable via specially crafted ASF file that has to be provided as input to FFmpeg. This vulnerability appears to have been fixed in 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 and later.","releases":{"buster":{"fixed_version":"7:4.0.2-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue, wait for next 3.2 release","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","nodsa_reason":"postponed","status":"open"},"sid":{"fixed_version":"7:4.0.2-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-3230":{"debianbug":498764,"scope":"local","description":"The ffmpeg lavf demuxer allows user-assisted attackers to cause a denial of service (application crash) via a crafted GIF file, possibly related to gstreamer, as demonstrated by lol-giftopnm.gif.","releases":{"buster":{"fixed_version":"0.svn20080206-16","repositories":{"buster":"7:4.1.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0.svn20080206-16","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0.svn20080206-16","repositories":{"sid":"7:4.1.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-8548":{"debianbug":773626,"scope":"remote","description":"Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Quicktime Graphics (aka SMC) video data.","releases":{"buster":{"fixed_version":"7:2.4.3-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.3-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7:2.4.3-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-1999010":{"scope":"remote","description":"FFmpeg before commit cced03dd667a5df6df8fd40d8de0bff477ee02e8 contains multiple out of array access vulnerabilities in the mms protocol that can result in attackers accessing out of bound data. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in cced03dd667a5df6df8fd40d8de0bff477ee02e8 and later.","releases":{"buster":{"fixed_version":"7:4.0.2-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"7:3.2.11-1~deb9u1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7:4.0.2-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-8543":{"debianbug":773626,"scope":"remote","description":"libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all lines of HHV Intra blocks during validation of image height, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MM video data.","releases":{"buster":{"fixed_version":"7:2.4.3-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.3-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7:2.4.3-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-11399":{"scope":"remote","description":"Integer overflow in the ape_decode_frame function in libavcodec/apedec.c in FFmpeg through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access and application crash) or possibly have unspecified other impact via a crafted APE file.","releases":{"buster":{"fixed_version":"7:3.3.3-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:3.2.7-1~deb9u1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:3.3.3-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-0385":{"debianbug":524799,"scope":"remote","description":"Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference.","releases":{"buster":{"fixed_version":"0.svn20080206-16","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.svn20080206-16","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.svn20080206-16","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-8542":{"debianbug":773626,"scope":"remote","description":"libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during enforcement of alignment, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted JV data.","releases":{"buster":{"fixed_version":"7:2.4.3-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.3-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7:2.4.3-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-5272":{"scope":"remote","description":"libavcodec/iff.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.2.x before 2.2.7, and 2.3.x before 2.3.2 allows remote attackers to have unspecified impact via a crafted iff image, which triggers an out-of-bounds array access, related to the rgb8 and rgbn formats.","releases":{"buster":{"fixed_version":"7:2.4.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:2.4.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-8545":{"scope":"remote","description":"libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the monochrome-black format without verifying that the bits-per-pixel value is 1, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted PNG data.","releases":{"buster":{"fixed_version":"7:2.4.3-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.3-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7:2.4.3-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-8544":{"debianbug":773626,"scope":"remote","description":"libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted TIFF data.","releases":{"buster":{"fixed_version":"7:2.4.3-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.3-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7:2.4.3-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-5271":{"scope":"remote","description":"Heap-based buffer overflow in the encode_slice function in libavcodec/proresenc_kostya.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.x before 2.2.7, and 2.3.x before 2.3.3 and Libav before 10.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"7:4.1.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"7:4.1.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-2162":{"debianbug":628448,"scope":"remote","description":"Multiple unspecified vulnerabilities in FFmpeg 0.4.x through 0.6.x, as used in MPlayer 1.0 and other products, in Mandriva Linux 2009.0, 2010.0, and 2010.1; Corporate Server 4.0 (aka CS4.0); and Mandriva Enterprise Server 5 (aka MES5) have unknown impact and attack vectors, related to issues \"originally discovered by Google Chrome developers.\"","releases":{"buster":{"fixed_version":"7:2.4.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7:2.4.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-3674":{"scope":"remote","description":"The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg before 1.2.1 does not validate the presence of non-header data in a buffer, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted CD Graphics Video data.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"7:4.1.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"7:4.1.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-2161":{"debianbug":628448,"scope":"remote","description":"The ape_read_header function in ape.c in libavformat in FFmpeg before 0.5.4, as used in MPlayer, VideoLAN VLC media player, and other products, allows remote attackers to cause a denial of service (application crash) via an APE (aka Monkey's Audio) file that contains a header but no frames.","releases":{"buster":{"fixed_version":"7:2.4.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:2.4.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-3675":{"scope":"remote","description":"The process_frame_obj function in sanm.c in libavcodec in FFmpeg before 1.2.1 does not validate width and height values, which allows remote attackers to cause a denial of service (integer overflow, out-of-bounds array access, and application crash) via crafted LucasArts Smush video data.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"7:4.1.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"7:4.1.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-1898":{"scope":"remote","description":"FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains an arbitrary line of a local file.","releases":{"buster":{"fixed_version":"7:2.8.5-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:2.8.5-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:2.8.5-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-8541":{"debianbug":773626,"scope":"remote","description":"libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MJPEG data.","releases":{"buster":{"fixed_version":"7:2.4.3-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.3-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7:2.4.3-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-2160":{"debianbug":628448,"scope":"remote","description":"The VC-1 decoding functionality in FFmpeg before 0.5.4, as used in MPlayer and other products, does not properly restrict read operations, which allows remote attackers to have an unspecified impact via a crafted VC-1 file, a related issue to CVE-2011-0723.","releases":{"buster":{"fixed_version":"7:2.4.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7:2.4.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-3672":{"scope":"remote","description":"The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg before 1.2.1 does not validate the relationship between a horizontal coordinate and a width value, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted American Laser Games (ALG) MM Video data.","releases":{"buster":{"fixed_version":"7:2.4.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:2.4.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-1897":{"scope":"remote","description":"FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains the first line of a local file.","releases":{"buster":{"fixed_version":"7:2.8.5-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:2.8.5-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:2.8.5-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-3673":{"scope":"remote","description":"The gif_decode_frame function in gifdec.c in libavcodec in FFmpeg before 1.2.1 does not properly manage the disposal methods of frames, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted GIF data.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"7:4.1.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"7:4.1.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-0846":{"debianbug":717009,"scope":"remote","description":"Array index error in the qdm2_decode_super_block function in libavcodec/qdm2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted QDM2 data, which triggers an out-of-bounds array access.","releases":{"buster":{"fixed_version":"7:2.4.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7:2.4.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-0847":{"scope":"remote","description":"The ff_id3v2_parse function in libavformat/id3v2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via ID3v2 header data, which triggers an out-of-bounds array access.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"7:4.1.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"7:4.1.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-16840":{"scope":"remote","description":"The VC-2 Video Compression encoder in FFmpeg 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer padding for non-Haar wavelets, related to libavcodec/vc2enc.c and libavcodec/vc2enc_dwt.c.","releases":{"buster":{"fixed_version":"7:3.4.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"7:3.2.9-1~deb9u1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7:3.4.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-0848":{"scope":"remote","description":"The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted width in huffyuv data with the predictor set to median and the colorspace set to YUV422P, which triggers an out-of-bounds array access.","releases":{"buster":{"fixed_version":"7:2.4.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7:2.4.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-0849":{"debianbug":717009,"scope":"remote","description":"The roq_decode_init function in libavcodec/roqvideodec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted (1) width or (2) height dimension that is not a multiple of sixteen in id RoQ video data.","releases":{"buster":{"fixed_version":"7:2.4.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7:2.4.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-3929":{"scope":"remote","description":"The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly execute arbitrary code via a crafted DV file.","releases":{"buster":{"fixed_version":"7:2.4.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:2.4.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-0844":{"scope":"remote","description":"Off-by-one error in the adpcm_decode_frame function in libavcodec/adpcm.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via crafted DK4 data, which triggers an out-of-bounds array access.","releases":{"buster":{"fixed_version":"7:2.4.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7:2.4.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-0845":{"scope":"remote","description":"libavcodec/alsdec.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via a crafted block length, which triggers an out-of-bounds write.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"7:4.1.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"7:4.1.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-5479":{"scope":"remote","description":"The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"7:4.1.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"7:4.1.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"TEMP-0000000-C0C622":{"releases":{"buster":{"fixed_version":"0.cvs20060823-6","repositories":{"buster":"7:4.1.1-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"0.cvs20060823-6","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"0.cvs20060823-6","repositories":{"sid":"7:4.1.3-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2016-7502":{"debianbug":840434,"scope":"remote","description":"The cavs_idct8_add_c function in libavcodec/cavsdsp.c in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when decoding with cavs_decode.","releases":{"buster":{"fixed_version":"7:3.1.4-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:3.1.4-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:3.1.4-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-4610":{"releases":{"buster":{"fixed_version":"7:2.4.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"7:2.4.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"7:2.4.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2016-8710":{"scope":"remote","description":"An exploitable heap write out of bounds vulnerability exists in the decoding of BPG images in Libbpg library. A crafted BPG image decoded by libbpg can cause an integer underflow vulnerability causing an out of bounds heap write leading to remote code execution. This vulnerability can be triggered via attempting to decode a crafted BPG image using Libbpg.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"7:4.1.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"7:4.1.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-4637":{"debianbug":550442,"scope":"remote","description":"FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a stack-based buffer overflow.","releases":{"buster":{"fixed_version":"4:0.5+svn20090706-3","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4:0.5+svn20090706-3","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4:0.5+svn20090706-3","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-4636":{"debianbug":550442,"scope":"remote","description":"FFmpeg 0.5 allows remote attackers to cause a denial of service (hang) via a crafted file that triggers an infinite loop.","releases":{"buster":{"fixed_version":"4:0.5+svn20090706-3","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4:0.5+svn20090706-3","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4:0.5+svn20090706-3","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-11338":{"scope":"remote","description":"libavcodec/hevcdec.c in FFmpeg 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data.","releases":{"buster":{"repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"open"},"stretch":{"repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"open"},"sid":{"fixed_version":"7:4.1.3-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-4639":{"debianbug":550442,"scope":"remote","description":"The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) via a crafted AVI file that triggers a divide-by-zero error.","releases":{"buster":{"fixed_version":"7:2.4.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"7:2.4.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"7:2.4.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-11339":{"scope":"remote","description":"The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via crafted MPEG-4 video data.","releases":{"buster":{"repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"open"},"stretch":{"repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"open"},"sid":{"fixed_version":"7:4.1.3-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-4638":{"debianbug":550442,"scope":"remote","description":"Integer overflow in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.","releases":{"buster":{"fixed_version":"4:0.5+svn20090706-3","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4:0.5+svn20090706-3","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4:0.5+svn20090706-3","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-0848":{"scope":"remote","description":"Heap-based buffer overflow in the ws_snd_decode_frame function in libavcodec/ws-snd1.c in FFmpeg 0.9.1 allows remote attackers to cause a denial of service (application crash) via a crafted media file, related to an incorrect calculation, aka \"wrong samples count.\"","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"7:4.1.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"7:4.1.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-4633":{"debianbug":550442,"scope":"remote","description":"vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that modifies a loop counter and triggers a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"4:0.5+svn20090706-3","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4:0.5+svn20090706-3","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4:0.5+svn20090706-3","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-4632":{"debianbug":550442,"scope":"remote","description":"oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted file that triggers an out-of-bounds read.","releases":{"buster":{"fixed_version":"4:0.5+svn20090706-3","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4:0.5+svn20090706-3","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4:0.5+svn20090706-3","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-0847":{"scope":"remote","description":"Heap-based buffer overflow in the avfilter_filter_samples function in libavfilter/avfilter.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via a crafted media file.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"7:4.1.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"7:4.1.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-4635":{"debianbug":550442,"scope":"remote","description":"FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause (1) mov.c and (2) utils.c to use inconsistent codec types and identifiers, leading to processing of a video-structure pointer by the mp3 decoder, and a stack-based buffer overflow.","releases":{"buster":{"fixed_version":"4:0.5+svn20090706-3","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4:0.5+svn20090706-3","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4:0.5+svn20090706-3","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-4634":{"debianbug":550442,"scope":"remote","description":"Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that (1) bypasses a validation check in vorbis_dec.c and triggers a wraparound of the stack pointer, or (2) access a pointer from out-of-bounds memory in mov.c, related to an elst tag that appears before a tag that creates a stream.","releases":{"buster":{"fixed_version":"4:0.5+svn20090706-3","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4:0.5+svn20090706-3","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4:0.5+svn20090706-3","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-4631":{"debianbug":550442,"scope":"remote","description":"Off-by-one error in the VP3 decoder (vp3.c) in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted VP3 file that triggers an out-of-bounds read and possibly memory corruption.","releases":{"buster":{"fixed_version":"4:0.5+svn20090706-3","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4:0.5+svn20090706-3","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4:0.5+svn20090706-3","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-15186":{"scope":"remote","description":"Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file.","releases":{"buster":{"fixed_version":"7:3.4-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:3.2.9-1~deb9u1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:3.4-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-4800":{"debianbug":401304,"scope":"remote","description":"Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4) sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10) shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c.  NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802.","releases":{"buster":{"fixed_version":"0.cvs20060329-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.cvs20060329-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.cvs20060329-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-6392":{"scope":"remote","description":"The filter_slice function in libavfilter/vf_transpose.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out-of-array access) via a crafted MP4 file.","releases":{"buster":{"fixed_version":"7:3.4.2-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:3.2.11-1~deb9u1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:3.4.2-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-0849":{"scope":"remote","description":"Integer overflow in the ff_j2k_dwt_init function in libavcodec/j2k_dwt.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted JPEG2000 image that triggers an incorrect check for a negative value.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"7:4.1.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"7:4.1.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-6881":{"scope":"remote","description":"The zlib_refill function in libavformat/swfdec.c in FFmpeg before 3.1.3 allows remote attackers to cause an infinite loop denial of service via a crafted SWF file.","releases":{"buster":{"fixed_version":"7:3.1.3-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"7:3.1.3-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"7:3.1.3-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-14767":{"scope":"remote","description":"The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service (heap buffer overflow) or possibly have unspecified other impact via a crafted sdp file.","releases":{"buster":{"fixed_version":"7:3.3.4-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:3.2.8-1~deb9u1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:3.3.4-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-0859":{"debianbug":688849,"scope":"remote","description":"The render_line function in the vorbis codec (vorbis.c) in libavcodec in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Vorbis file, related to a large multiplier.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3893.","releases":{"buster":{"fixed_version":"7:2.4.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:2.4.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-0858":{"scope":"remote","description":"The Shorten codec (shorten.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Shorten file, related to an \"invalid free\".","releases":{"buster":{"fixed_version":"7:2.2.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:2.2.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:2.2.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-0857":{"scope":"remote","description":"Multiple buffer overflows in the get_qcx function in the J2K decoder (j2kdec.c) in libavcode in FFmpeg before 0.9.1 allow remote attackers to cause a denial of service (application crash) via unspecified vectors.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"7:4.1.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"7:4.1.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-0856":{"scope":"remote","description":"Heap-based buffer overflow in the MPV_frame_start function in libavcodec/mpegvideo.c in FFmpeg before 0.9.1, when the lowres option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted H263 media file.  NOTE: this vulnerability exists because of a regression error.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"7:4.1.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"7:4.1.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-13304":{"scope":"remote","description":"In libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency between the context profile field and studio_profile in libavcodec may trigger an assertion failure while converting a crafted AVI file to MPEG4, leading to a denial of service, related to error_resilience.c, h263dec.c, and mpeg4videodec.c.","releases":{"buster":{"fixed_version":"7:4.0.2-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"7:4.0.2-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-0855":{"scope":"remote","description":"Heap-based buffer overflow in the get_sot function in the J2K decoder (j2k.c) in libavcodec in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via unspecified vectors related to the curtileno variable.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"7:4.1.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"7:4.1.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-4640":{"debianbug":550442,"scope":"remote","description":"Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Vorbis file that triggers an out-of-bounds read.","releases":{"buster":{"fixed_version":"4:0.5+svn20090706-3","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4:0.5+svn20090706-3","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4:0.5+svn20090706-3","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-12458":{"scope":"remote","description":"An improper integer type in the mpeg4_encode_gop_header function in libavcodec/mpeg4videoenc.c in FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service.","releases":{"buster":{"fixed_version":"7:3.4.3-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"7:3.2.11-1~deb9u1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:3.4.3-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-13305":{"scope":"remote","description":"In FFmpeg 4.0.1, due to a missing check for negative values of the mquant variable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to an information disclosure or a denial of service.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"7:4.1.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"7:4.1.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-0854":{"scope":"remote","description":"The dpcm_decode_frame function in libavcodec/dpcm.c in FFmpeg before 0.9.1 does not use the proper pointer after an audio API change, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors, which triggers a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"7:4.1.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"7:4.1.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-12459":{"scope":"remote","description":"An inconsistent bits-per-sample value in the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c in FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service.","releases":{"buster":{"fixed_version":"7:4.0.1-2","repositories":{"buster":"7:4.1.1-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"7:4.0.1-2","repositories":{"sid":"7:4.1.3-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-0853":{"scope":"remote","description":"The decodeTonalComponents function in the Actrac3 codec (atrac3.c) in libavcodec in FFmpeg 0.7.x before 0.7.12, and 0.8.x before 0.8.11; and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (infinite loop and crash) and possibly execute arbitrary code via a large component count in an Atrac 3 file.","releases":{"buster":{"fixed_version":"7:2.4.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:2.4.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-0852":{"scope":"remote","description":"The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an ADPCM file with the number of channels not equal to two.","releases":{"buster":{"fixed_version":"7:2.4.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:2.4.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-13300":{"scope":"remote","description":"In FFmpeg 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI file to MPEG4, leading to a denial of service and possibly an information disclosure.","releases":{"buster":{"fixed_version":"7:3.4.3-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:3.2.11-1~deb9u1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:3.4.3-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-0851":{"scope":"remote","description":"The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted H.264 file, related to the chroma_format_idc value.","releases":{"buster":{"fixed_version":"7:2.4.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:2.4.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-13301":{"scope":"remote","description":"In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service.","releases":{"buster":{"fixed_version":"7:4.0.2-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"7:4.0.2-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-0850":{"scope":"remote","description":"The sbr_qmf_synthesis function in libavcodec/aacsbr.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via a crafted mpg file that triggers memory corruption involving the v_off variable, probably a buffer underflow.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"7:4.1.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"7:4.1.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-13302":{"scope":"remote","description":"In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to a denial of service or possibly unspecified other impact.","releases":{"buster":{"fixed_version":"7:3.4.3-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:3.2.11-1~deb9u1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:3.4.3-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-13303":{"scope":"remote","description":"In FFmpeg 4.0.1, a missing check for failure of a call to init_get_bits8() in the avpriv_ac3_parse_header function in libavcodec/ac3_parser.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service.","releases":{"buster":{"fixed_version":"7:4.0.2-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"7:4.0.2-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-3162":{"debianbug":489965,"scope":"remote","description":"Stack-based buffer overflow in the str_read_packet function in libavformat/psxstr.c in FFmpeg before r13993 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted STR file that interleaves audio and video sectors.","releases":{"buster":{"fixed_version":"0.svn20080206-10","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.svn20080206-10","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.svn20080206-10","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-2801":{"debianbug":688847,"scope":"remote","description":"Unspecified vulnerability in libavcodec/avs.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to dimensions and \"out of array writes.\"","releases":{"buster":{"fixed_version":"7:2.4.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7:2.4.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-2802":{"debianbug":688847,"scope":"remote","description":"Unspecified vulnerability in the ac3_decode_frame function in libavcodec/ac3dec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to the \"number of output channels\" and \"out of array writes.\"","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"7:4.1.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"7:4.1.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-2803":{"debianbug":688847,"scope":"remote","description":"Double free vulnerability in the mpeg_decode_frame function in libavcodec/mpeg12.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, has unknown impact and attack vectors, related to resetting the data size value.","releases":{"buster":{"fixed_version":"7:2.4.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7:2.4.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-2804":{"debianbug":688847,"scope":"remote","description":"Unspecified vulnerability in libavcodec/indeo3.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.5 has unknown impact and attack vectors, related to \"reallocation code\" and the luma height and width.","releases":{"buster":{"fixed_version":"7:2.4.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7:2.4.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-2805":{"scope":"remote","description":"Unspecified vulnerability in FFMPEG 0.10 allows remote attackers to cause a denial of service.","releases":{"buster":{"fixed_version":"7:2.4.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:2.4.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5024":{"scope":"remote","description":"FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file.","releases":{"buster":{"fixed_version":"7:3.2.4-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:3.2.4-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:3.2.4-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7206":{"scope":"remote","description":"The ff_h2645_extract_rbsp function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"7:4.1.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"7:4.1.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-5025":{"scope":"remote","description":"FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file.","releases":{"buster":{"fixed_version":"7:3.2.4-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:3.2.4-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:3.2.4-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-7393":{"scope":"remote","description":"Stack-based buffer overflow in the aac_sync function in aac_parser.c in Libav before 11.5 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.","releases":{"buster":{"fixed_version":"7:2.4-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:2.4-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:2.4-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-6615":{"scope":"remote","description":"The ff_ass_split_override_codes function in libavcodec/ass_split.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a subtitle dialog without text.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"7:4.1.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"7:4.1.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-6618":{"scope":"remote","description":"The av_probe_input_buffer function in libavformat/utils.c in FFmpeg before 1.0.2, when running with certain -probesize values, allows remote attackers to cause a denial of service (crash) via a crafted MP3 file, possibly related to frame size or lack of sufficient \"frames to estimate rate.\"","releases":{"buster":{"fixed_version":"7:2.4.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"7:2.4.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2012-6616":{"scope":"remote","description":"The mov_text_decode_frame function in libavcodec/movtextdec.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via crafted 3GPP TS 26.245 data.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"7:4.1.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"7:4.1.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-3973":{"debianbug":641478,"scope":"remote","description":"cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, related to the decode_residual_block, check_for_slice, and cavs_decode_frame functions, a different vulnerability than CVE-2011-3362.","releases":{"buster":{"fixed_version":"7:2.4.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:2.4.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-6617":{"scope":"remote","description":"The prepare_sdp_description function in ffserver.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (crash) via vectors related to the rtp format.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"7:4.1.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"7:4.1.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-7937":{"scope":"remote","description":"Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data.","releases":{"buster":{"fixed_version":"7:2.4.2-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.2-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7:2.4.2-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-3974":{"debianbug":641478,"scope":"remote","description":"Integer signedness error in the decode_residual_inter function in cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, a different vulnerability than CVE-2011-3362.","releases":{"buster":{"fixed_version":"7:2.4.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:2.4.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-9317":{"scope":"remote","description":"The decode_ihdr_chunk function in libavcodec/pngdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via an IDAT before an IHDR in a PNG file.","releases":{"buster":{"fixed_version":"2.4.4-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.4.4-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.4.4-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-9316":{"scope":"remote","description":"The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via vectors related to LJIF tags in an MJPEG file.","releases":{"buster":{"fixed_version":"2.4.4-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.4.4-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.4.4-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-9319":{"scope":"remote","description":"The ff_hevc_decode_nal_sps function in libavcodec/hevc_ps.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted .bit file.","releases":{"buster":{"fixed_version":"2.4.4-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.4-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.4-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-9318":{"scope":"remote","description":"The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via a crafted .cine file that triggers the avpicture_get_size function to return a negative frame size.","releases":{"buster":{"fixed_version":"2.4.4-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.4.4-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.4.4-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-7933":{"scope":"remote","description":"Use-after-free vulnerability in the matroska_read_seek function in libavformat/matroskadec.c in FFmpeg before 2.5.1, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Matroska file that triggers improper maintenance of tracks data.","releases":{"buster":{"fixed_version":"7:2.5.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"7:2.5.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7:2.5.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-9676":{"scope":"remote","description":"The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 and earlier does not free the correct memory location, which allows remote attackers to cause a denial of service (\"invalid memory handler\") and possibly execute arbitrary code via a crafted video that triggers a use after free.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"7:4.1.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"7:4.1.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-14225":{"scope":"remote","description":"The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer dereference. (It is also conceivable that there is security relevance for a NULL pointer dereference in av_color_primaries_name calls within the ffprobe command-line program.)","releases":{"buster":{"fixed_version":"7:3.3.4-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"7:3.2.8-1~deb9u1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:3.3.4-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-9993":{"scope":"remote","description":"FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data.","releases":{"buster":{"fixed_version":"7:3.2.6-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:3.2.7-1~deb9u1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:3.2.6-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-9994":{"scope":"remote","description":"libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pix_fmt is set, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the vp8_decode_mb_row_no_filter and pred8x8_128_dc_8_c functions.","releases":{"buster":{"fixed_version":"7:3.2.5-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:3.2.5-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:3.2.5-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-14223":{"scope":"remote","description":"In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted ASF file, which claims a large \"ict\" field in the header but does not contain sufficient backing data, is provided, the for loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.","releases":{"buster":{"fixed_version":"7:3.3.4-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"7:3.2.8-1~deb9u1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7:3.3.4-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-14222":{"scope":"remote","description":"In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large \"item_count\" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.","releases":{"buster":{"fixed_version":"7:3.3.4-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"7:3.2.8-1~deb9u1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7:3.3.4-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-9995":{"scope":"remote","description":"libavcodec/scpr.c in FFmpeg 3.3 before 3.3.1 does not properly validate height and width data, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"7:4.1.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"7:4.1.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-1207":{"scope":"remote","description":"Double-free vulnerability in libavformat/mov.c in FFMPEG in Google Chrome 41.0.2251.0 allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted .m4a file.","releases":{"buster":{"fixed_version":"7:2.6.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:2.6.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:2.6.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-1208":{"scope":"remote","description":"Integer underflow in the mov_read_default function in libavformat/mov.c in FFmpeg before 2.4.6 allows remote attackers to obtain sensitive information from heap and/or stack memory via a crafted MP4 file.","releases":{"buster":{"fixed_version":"7:2.5.3-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:2.5.3-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:2.5.3-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-9996":{"scope":"remote","description":"The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not exclude the CHUNKY format, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.","releases":{"buster":{"fixed_version":"7:3.2.5-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:3.2.5-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:3.2.5-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-9990":{"scope":"remote","description":"Stack-based buffer overflow in the color_string_to_rgba function in libavcodec/xpmdec.c in FFmpeg 3.3 before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"7:4.1.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"7:4.1.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-9991":{"scope":"remote","description":"Heap-based buffer overflow in the xwd_decode_frame function in libavcodec/xwddec.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.","releases":{"buster":{"fixed_version":"7:3.2.5-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:3.2.5-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:3.2.5-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-9992":{"scope":"remote","description":"Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.","releases":{"buster":{"fixed_version":"7:3.2.5-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:3.2.5-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:3.2.5-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-3946":{"scope":"remote","description":"The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Supplemental enhancement information (SEI) data, which triggers an infinite loop.","releases":{"buster":{"fixed_version":"7:2.4.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"7:2.4.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"7:2.4.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-9561":{"scope":"remote","description":"The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a crafted MOV file.","releases":{"buster":{"fixed_version":"7:3.2.4-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"7:3.2.4-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"7:3.2.4-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-3947":{"scope":"remote","description":"Buffer overflow in mjpegbdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MJPEG-B file.","releases":{"buster":{"fixed_version":"7:2.4.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:2.4.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-6621":{"scope":"remote","description":"The decode_frame function in libavcodec/utvideodec.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file.","releases":{"buster":{"fixed_version":"7:3.4.2-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"7:3.2.11-1~deb9u1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:3.4.2-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-3949":{"scope":"remote","description":"The dirac_unpack_idwt_params function in libavcodec/diracdec.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Dirac data.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"7:4.1.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"7:4.1.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-3944":{"scope":"remote","description":"The smacker_decode_header_tree function in libavcodec/smacker.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Smacker data.","releases":{"buster":{"fixed_version":"7:2.4.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:2.4.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-3945":{"scope":"remote","description":"The decode_frame function in the KVG1 decoder (kgv1dec.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted media file.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"7:4.1.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"7:4.1.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-15672":{"scope":"remote","description":"The read_header function in libavcodec/ffv1dec.c in FFmpeg 3.3.4 and earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read.","releases":{"buster":{"fixed_version":"7:3.4-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:3.2.9-1~deb9u1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:3.4-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-3940":{"scope":"remote","description":"nsvdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted NSV file that triggers \"use of uninitialized streams.\"","releases":{"buster":{"fixed_version":"7:2.4.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:2.4.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-3941":{"scope":"remote","description":"The decode_mb function in libavcodec/error_resilience.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via vectors related to an uninitialized block index, which triggers an out-of-bounds write.","releases":{"buster":{"fixed_version":"7:2.4.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7:2.4.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-4352":{"scope":"remote","description":"Integer overflow in the vp3_dequant function in the VP3 decoder (vp3.c) in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VP3 stream, which triggers a buffer overflow.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"7:4.1.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"7:4.1.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-4353":{"scope":"remote","description":"The (1) av_image_fill_pointers, (2) vp5_parse_coeff, and (3) vp6_parse_coeff functions in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allow remote attackers to cause a denial of service (out-of-bounds read) via a crafted VP5 or VP6 stream.","releases":{"buster":{"fixed_version":"7:2.4.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:2.4.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-8595":{"scope":"remote","description":"The gsm_parse function in libavcodec/gsm_parser.c in FFmpeg before 3.1.5 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file.","releases":{"buster":{"fixed_version":"7:3.1.5-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:3.1.5-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:3.1.5-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-1000460":{"scope":"remote","description":"In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exception.","releases":{"buster":{"fixed_version":"7:3.1.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:3.1.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:3.1.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-4351":{"scope":"remote","description":"Buffer overflow in FFmpeg before 0.5.6, 0.6.x before 0.6.4, 0.7.x before 0.7.8, and 0.8.x before 0.8.8 allows remote attackers to execute arbitrary code via unspecified vectors.","releases":{"buster":{"fixed_version":"7:2.4.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7:2.4.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-3417":{"scope":"remote","description":"Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data.","releases":{"buster":{"fixed_version":"7:2.6.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:2.6.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:2.6.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8662":{"scope":"remote","description":"The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.8.4 does not validate the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data.","releases":{"buster":{"fixed_version":"7:2.8.4-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"7:2.8.4-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7:2.8.4-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-8663":{"scope":"remote","description":"The ff_get_buffer function in libavcodec/utils.c in FFmpeg before 2.8.4 preserves width and height values after a failure, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .mov file.","releases":{"buster":{"fixed_version":"7:2.8.4-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"7:2.8.4-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7:2.8.4-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-8661":{"scope":"remote","description":"The h264_slice_header_init function in libavcodec/h264_slice.c in FFmpeg before 2.8.3 does not validate the relationship between the number of threads and the number of slices, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted H.264 data.","releases":{"buster":{"fixed_version":"7:2.8.3-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"7:2.8.3-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7:2.8.3-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"TEMP-0000000-B138FB":{"releases":{"buster":{"fixed_version":"0.cvs20060823-6","repositories":{"buster":"7:4.1.1-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"0.cvs20060823-6","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"0.cvs20060823-6","repositories":{"sid":"7:4.1.3-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"TEMP-0320150-40E143":{"debianbug":320150,"releases":{"buster":{"fixed_version":"0.cvs20050811-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"0.cvs20050811-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"0.cvs20050811-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium","status":"resolved"}}}}
{"TEMP-0379922-FA0DE2":{"debianbug":379922,"releases":{"buster":{"fixed_version":"0.cvs20060823-8","repositories":{"buster":"7:4.1.1-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.cvs20060823-8","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.cvs20060823-8","repositories":{"sid":"7:4.1.3-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-4264":{"scope":"remote","description":"The kempf_decode_tile function in libavcodec/g2meet.c in FFmpeg before 2.0.1 allows remote attackers to cause a denial of service (out-of-bounds heap write) via a G2M4 encoded file.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"7:4.1.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"7:4.1.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-4265":{"scope":"remote","description":"The av_reallocp_array function in libavutil/mem.c in FFmpeg before 2.0.1 has an unspecified impact and remote vectors related to a \"wrong return code\" and a resultant NULL pointer dereference.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"7:4.1.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"7:4.1.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-3950":{"scope":"remote","description":"The dirac_decode_data_unit function in libavcodec/diracdec.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via a crafted value in the reference pictures number.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"7:4.1.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"7:4.1.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-3951":{"scope":"remote","description":"The dpcm_decode_frame function in dpcm.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted stereo stream in a media file.","releases":{"buster":{"fixed_version":"7:2.4.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:2.4.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-4263":{"scope":"remote","description":"libavfilter in FFmpeg before 2.0.1 has unspecified impact and remote vectors related to a crafted \"plane,\" which triggers an out-of-bounds heap write.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"7:4.1.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"7:4.1.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-3952":{"scope":"remote","description":"The decode_init function in kmvc.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large palette size in a KMVC encoded file.","releases":{"buster":{"fixed_version":"7:2.4.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:2.4.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-6164":{"scope":"remote","description":"Integer overflow in the mov_build_index function in libavformat/mov.c in FFmpeg before 2.8.8, 3.0.x before 3.0.3 and 3.1.x before 3.1.1 allows remote attackers to have unspecified impact via vectors involving sample size.","releases":{"buster":{"fixed_version":"7:3.1.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"7:3.1.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7:3.1.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-4364":{"scope":"remote","description":"Buffer overflow in the Sierra VMD decoder in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9 and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VMD file, related to corrupted streams.","releases":{"buster":{"fixed_version":"7:2.4.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:2.4.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5199":{"scope":"remote","description":"An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted video file.","releases":{"buster":{"fixed_version":"7:3.2-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:3.2-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:3.2-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-6821":{"scope":"remote","description":"The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmpeg before 2.7.2 does not properly maintain the encoding context, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted MPEG data.","releases":{"buster":{"fixed_version":"7:2.7.2-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"7:2.7.2-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7:2.7.2-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-6820":{"scope":"remote","description":"The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before 2.7.2 does not check for a matching AAC frame syntax element before proceeding with Spectral Band Replication calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted AAC data.","releases":{"buster":{"fixed_version":"7:2.7.2-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"7:2.7.2-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7:2.7.2-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-6823":{"scope":"remote","description":"The allocate_buffers function in libavcodec/alac.c in FFmpeg before 2.7.2 does not initialize certain context data, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted Apple Lossless Audio Codec (ALAC) data.","releases":{"buster":{"fixed_version":"7:2.7.2-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"7:2.7.2-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7:2.7.2-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-6822":{"scope":"remote","description":"The destroy_buffers function in libavcodec/sanm.c in FFmpeg before 2.7.2 does not properly maintain height and width values in the video context, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via crafted LucasArts Smush video data.","releases":{"buster":{"fixed_version":"7:2.7.2-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"7:2.7.2-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7:2.7.2-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-6825":{"scope":"remote","description":"The ff_frame_thread_init function in libavcodec/pthread_frame.c in FFmpeg before 2.7.2 mishandles certain memory-allocation failures, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via a crafted file, as demonstrated by an AVI file.","releases":{"buster":{"fixed_version":"7:2.7.2-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"7:2.7.2-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7:2.7.2-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-4610":{"debianbug":407010,"scope":"remote","description":"MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as demonstrated by lol-ffplay.ogm, different vectors than CVE-2007-6718.","releases":{"buster":{"fixed_version":"7:2.4.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"7:2.4.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"7:2.4.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-6824":{"scope":"remote","description":"The sws_init_context function in libswscale/utils.c in FFmpeg before 2.7.2 does not initialize certain pixbuf data structures, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted video data.","releases":{"buster":{"fixed_version":"7:2.7.2-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"7:2.7.2-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7:2.7.2-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-6826":{"scope":"remote","description":"The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in FFmpeg before 2.7.2 does not initialize certain structure members, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted (1) RV30 or (2) RV40 RealVideo data.","releases":{"buster":{"fixed_version":"7:2.7.2-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"7:2.7.2-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7:2.7.2-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-7122":{"debianbug":840434,"scope":"remote","description":"The avi_read_nikon function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to infinite loop when it decodes an AVI file that has a crafted 'nctg' structure.","releases":{"buster":{"fixed_version":"7:3.1.4-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:3.1.4-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:3.1.4-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-11684":{"scope":"remote","description":"There is an illegal address access in the build_table function in libavcodec/bitstream.c of Libav 12.1 that will lead to remote denial of service via crafted input.","releases":{"buster":{"fixed_version":"7:2.3.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:2.3.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:2.3.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-4358":{"scope":"remote","description":"libavcodec/h264.c in FFmpeg before 0.11.4 allows remote attackers to cause a denial of service (crash) via vectors related to alternating bit depths in H.264 data.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"7:4.1.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"7:4.1.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-6818":{"scope":"remote","description":"The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR (aka image header) chunk in a PNG image, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted image with two or more of these chunks.","releases":{"buster":{"fixed_version":"7:2.7.2-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"7:2.7.2-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7:2.7.2-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-3895":{"debianbug":654534,"scope":"remote","description":"Heap-based buffer overflow in the Vorbis decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream.","releases":{"buster":{"fixed_version":"7:2.4.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7:2.4.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-6819":{"scope":"remote","description":"Multiple integer underflows in the ff_mjpeg_decode_frame function in libavcodec/mjpegdec.c in FFmpeg before 2.7.2 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data.","releases":{"buster":{"fixed_version":"7:2.7.2-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"7:2.7.2-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7:2.7.2-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-3892":{"debianbug":654534,"scope":"remote","description":"Double free vulnerability in the Theora decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream.","releases":{"buster":{"fixed_version":"7:2.4.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7:2.4.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-3893":{"debianbug":654534,"scope":"remote","description":"Google Chrome before 15.0.874.120 does not properly implement the MKV and Vorbis media handlers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.","releases":{"buster":{"fixed_version":"7:2.4.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:2.4.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-1000016":{"debianbug":922066,"scope":"remote","description":"FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array Index vulnerability in libavcodec/cbs_av1.c that can result in Denial of service. This attack appears to be exploitable via specially crafted AV1 file has to be provided as input. This vulnerability appears to have been fixed in after commit b97a4b658814b2de8b9f2a3bce491c002d34de31.","releases":{"buster":{"fixed_version":"7:4.1.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"7:4.1.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-9841":{"scope":"remote","description":"The export function in libavfilter/vf_signature.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a long filename.","releases":{"buster":{"fixed_version":"7:3.4.3-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"7:3.4.3-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-3504":{"debianbug":643859,"scope":"remote","description":"The Matroska format decoder in FFmpeg before 0.8.3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file.","releases":{"buster":{"fixed_version":"7:2.4.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7:2.4.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-2330":{"scope":"remote","description":"libavcodec/gif.c in FFmpeg before 2.8.6 does not properly calculate a buffer size, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .tga file, related to the gif_image_write_image, gif_encode_init, and gif_encode_close functions.","releases":{"buster":{"fixed_version":"2.8.6-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.8.6-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.8.6-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-9608":{"scope":"remote","description":"The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted mov file.","releases":{"buster":{"fixed_version":"7:3.3.3-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:3.2.7-1~deb9u1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:3.3.3-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-7905":{"debianbug":840434,"scope":"remote","description":"The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file.","releases":{"buster":{"fixed_version":"7:3.1.4-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:3.1.4-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:3.1.4-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-0894":{"debianbug":703200,"scope":"remote","description":"Buffer overflow in the vorbis_parse_setup_hdr_floors function in the Vorbis decoder in vorbisdec.c in libavcodec in FFmpeg through 1.1.3, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds array access) or possibly have unspecified other impact via vectors involving a zero value for a bark map size.","releases":{"buster":{"fixed_version":"7:2.4.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7:2.4.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-4031":{"debianbug":675767,"scope":"remote","description":"Integer underflow in the asfrtp_parse_packet function in libavformat/rtpdec_asf.c in FFmpeg before 0.8.3 allows remote attackers to execute arbitrary code via a crafted ASF packet.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"7:4.1.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"7:4.1.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-11665":{"scope":"remote","description":"The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service (Segmentation Violation and application crash) via a crafted stream.","releases":{"buster":{"fixed_version":"7:3.3.3-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:3.2.7-1~deb9u1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:3.3.3-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-2276":{"scope":"remote","description":"The avcodec_decode_audio4 function in utils.c in libavcodec in FFmpeg before 1.1.3 does not verify the decoding state before proceeding with certain skip operations, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted audio data.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"7:4.1.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"7:4.1.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-2213":{"scope":"remote","description":"The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.6 allows remote attackers to cause a denial of service (out-of-bounds array read access) via crafted JPEG 2000 data.","releases":{"buster":{"fixed_version":"7:2.8.6-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:2.8.6-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:2.8.6-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-2277":{"debianbug":703200,"scope":"remote","description":"The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in FFmpeg before 1.1.3 does not validate the relationship between luma depth and chroma depth, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted H.264 data.","releases":{"buster":{"fixed_version":"7:2.4.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7:2.4.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-7751":{"scope":"remote","description":"The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Infinite Loop) via a crafted XML file.","releases":{"buster":{"fixed_version":"7:3.4.3-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"7:3.4.3-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-3429":{"debianbug":598590,"scope":"remote","description":"flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an \"arbitrary offset dereference vulnerability.\"","releases":{"buster":{"fixed_version":"4:0.5.2-6","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4:0.5.2-6","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4:0.5.2-6","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8218":{"scope":"remote","description":"The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg before 2.8.2 does not validate uncompressed runs, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted CCITT FAX data.","releases":{"buster":{"fixed_version":"7:2.8.2-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:2.8.2-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:2.8.2-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-7450":{"debianbug":840434,"scope":"remote","description":"The ff_log2_16bit_c function in libavutil/intmath.h in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when it decodes a malformed AIFF file.","releases":{"buster":{"fixed_version":"7:3.1.4-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:3.1.4-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:3.1.4-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8217":{"scope":"remote","description":"The ff_hevc_parse_sps function in libavcodec/hevc_ps.c in FFmpeg before 2.8.2 does not validate the Chroma Format Indicator, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted High Efficiency Video Coding (HEVC) data.","releases":{"buster":{"fixed_version":"7:2.8.2-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"7:2.8.2-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7:2.8.2-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-8219":{"scope":"remote","description":"The init_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.2 does not enforce minimum-value and maximum-value constraints on tile coordinates, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data.","releases":{"buster":{"fixed_version":"7:2.8.2-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"7:2.8.2-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7:2.8.2-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-0480":{"debianbug":610550,"scope":"remote","description":"Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted WebM file, related to buffers for (1) the channel floor and (2) the channel residue.","releases":{"buster":{"fixed_version":"7:2.4.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7:2.4.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-17081":{"scope":"remote","description":"The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read) via a crafted MPEG file.","releases":{"buster":{"fixed_version":"7:3.4.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:3.2.10-1~deb9u1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:3.4.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2326":{"scope":"remote","description":"Integer overflow in the asf_write_packet function in libavformat/asfenc.c in FFmpeg before 2.8.5 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PTS (aka presentation timestamp) value in a .mov file.","releases":{"buster":{"fixed_version":"2.8.5-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.8.5-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.8.5-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2327":{"scope":"remote","description":"libavcodec/pngenc.c in FFmpeg before 2.8.5 uses incorrect line sizes in certain row calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .avi file, related to the apng_encode_frame and encode_apng functions.","releases":{"buster":{"fixed_version":"2.8.5-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.8.5-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.8.5-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2328":{"scope":"remote","description":"libswscale/swscale_unscaled.c in FFmpeg before 2.8.6 does not validate certain height values, which allows remote attackers to cause a denial of service (out-of-bounds array read access) or possibly have unspecified other impact via a crafted .cine file, related to the bayer_to_rgb24_wrapper and bayer_to_yv12_wrapper functions.","releases":{"buster":{"fixed_version":"2.8.6-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.8.6-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.8.6-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2329":{"scope":"remote","description":"libavcodec/tiff.c in FFmpeg before 2.8.6 does not properly validate RowsPerStrip values and YCbCr chrominance subsampling factors, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted TIFF file, related to the tiff_decode_tag and decode_frame functions.","releases":{"buster":{"fixed_version":"2.8.6-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.8.6-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.8.6-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-2263":{"scope":"remote","description":"The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) muxer (libavformat/mpegtsenc.c) in FFmpeg, possibly 2.1 and earlier, allows remote attackers to have unspecified impact and vectors, which trigger an out-of-bounds write.","releases":{"buster":{"fixed_version":"7:2.4.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:2.4.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:2.4.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-6920":{"scope":"remote","description":"Heap-based buffer overflow in the decode_block function in libavcodec/exr.c in FFmpeg before 3.1.3 allows remote attackers to cause a denial of service (application crash) via vectors involving tile positions.","releases":{"buster":{"fixed_version":"7:3.1.3-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"7:3.1.3-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7:3.1.3-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-9051":{"scope":"remote","description":"libav before 12.1 is vulnerable to an invalid read of size 1 due to NULL pointer dereferencing in the nsv_read_chunk function in libavformat/nsvdec.c.","releases":{"buster":{"fixed_version":"7:2.6.1-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"7:2.6.1-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"7:2.6.1-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-8216":{"scope":"remote","description":"The ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c in FFmpeg before 2.8.2 omits certain width and height checks, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data.","releases":{"buster":{"fixed_version":"7:2.8.2-1","repositories":{"buster":"7:4.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"7:2.8.2-1","repositories":{"stretch-security":"7:3.2.12-1~deb9u1","stretch":"7:3.2.12-1~deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7:2.8.2-1","repositories":{"sid":"7:4.1.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-5989":{"debianbug":400589,"scope":"remote","description":"Off-by-one error in the der_get_oid function in mod_auth_kerb 5.0 allows remote attackers to cause a denial of service (crash) via a crafted Kerberos message that triggers a heap-based buffer overflow in the component array.","releases":{"buster":{"fixed_version":"5.3-1","repositories":{"buster":"5.4-2.3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"5.3-1","repositories":{"stretch":"5.4-2.3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"5.3-1","repositories":{"jessie":"5.4-2.2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"5.3-1","repositories":{"sid":"5.4-2.3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-5220":{"scope":"local","description":"The mdcheck script of the mdadm package for openSUSE 13.2 prior to version 3.3.1-5.14.1 does not properly sanitize device names, which allows local attackers to execute arbitrary commands as root.","releases":{"buster":{"fixed_version":"3.3.4-1","repositories":{"buster":"4.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"3.3.4-1","repositories":{"stretch":"3.4-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"3.3.2-5+deb8u2"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"3.3.4-1","repositories":{"sid":"4.1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-16042":{"debianbug":900868,"scope":"remote","description":"Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution.","releases":{"buster":{"fixed_version":"1.10.5-1","repositories":{"buster":"1.10.5-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"1.7.0-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1.7.0-1"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"1.10.5-1","repositories":{"sid":"1.10.5-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2004-0980":{"scope":"remote","description":"Format string vulnerability in ez-ipupdate.c for ez-ipupdate 3.0.10 through 3.0.11b8, when running in daemon mode with certain service types in use, allows remote servers to execute arbitrary code.","releases":{"buster":{"fixed_version":"3.0.11b8-8","repositories":{"buster":"3.0.11b8-13.4.1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.0.11b8-8","repositories":{"stretch":"3.0.11b8-13.4.1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.0.11b8-8","repositories":{"jessie":"3.0.11b8-13.4.1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.0.11b8-8","repositories":{"sid":"3.0.11b8-13.4.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-7062":{"releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"2.13.22-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.13.22-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-6661":{"scope":"remote","description":"Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors.  NOTE: this issue was SPLIT from CVE-2012-5508 due to different vulnerability types (ADT2).","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"2.13.22-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.13.22-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-0254":{"debianbug":779621,"scope":"remote","description":"Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) <x:parse> or (2) <x:transform> JSTL XML tag.","releases":{"jessie":{"fixed_version":"1.1.2-3","repositories":{"jessie":"1.1.2-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-14780":{"debianbug":906128,"scope":"local","description":"An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `_ykpiv_fetch_object()`: {% highlight c %} if(sw == SW_SUCCESS) { size_t outlen; int offs = _ykpiv_get_length(data + 1, &outlen); if(offs == 0) { return YKPIV_SIZE_ERROR; } memmove(data, data + 1 + offs, outlen); *len = outlen; return YKPIV_OK; } else { return YKPIV_GENERIC_ERROR; } {% endhighlight %} -- in the end, a `memmove()` occurs with a length retrieved from APDU data. This length is not checked for whether it is outside of the APDU data retrieved. Therefore the `memmove()` could copy bytes behind the allocated data buffer into this buffer.","releases":{"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.4.2-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.6.1-1","repositories":{"sid":"1.6.2-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-14779":{"debianbug":906128,"scope":"local","description":"A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `ykpiv_transfer_data()`: {% highlight c %} if(*out_len + recv_len - 2 > max_out) { fprintf(stderr, \"Output buffer to small, wanted to write %lu, max was %lu.\", *out_len + recv_len - 2, max_out); } if(out_data) { memcpy(out_data, data, recv_len - 2); out_data += recv_len - 2; *out_len += recv_len - 2; } {% endhighlight %} -- it is clearly checked whether the buffer is big enough to hold the data copied using `memcpy()`, but no error handling happens to avoid the `memcpy()` in such cases. This code path can be triggered with malicious data coming from a smartcard.","releases":{"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.4.2-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.6.1-1","repositories":{"sid":"1.6.2-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2006-0707":{"scope":"remote","description":"PyBlosxom before 1.3.2, when running on certain webservers, allows remote attackers to read arbitrary files via an HTTP request with multiple leading / (slash) characters, which is accessed using the PATH_INFO variable.","releases":{"buster":{"fixed_version":"1.3.2-1","repositories":{"buster":"1.5.3-3"},"urgency":"high","status":"resolved"},"stretch":{"fixed_version":"1.3.2-1","repositories":{"stretch":"1.5.3-2"},"urgency":"high","status":"resolved"},"jessie":{"fixed_version":"1.3.2-1","repositories":{"jessie":"1.5.3-1"},"urgency":"high","status":"resolved"},"sid":{"fixed_version":"1.3.2-1","repositories":{"sid":"1.5.3-3"},"urgency":"high","status":"resolved"}}}}
{"CVE-2016-5391":{"scope":"remote","description":"libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart).","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.27-4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.27-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-3071":{"scope":"remote","description":"Libreswan 3.16 might allow remote attackers to cause a denial of service (daemon restart) via an IKEv2 aes_xcbc transform.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.27-4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.27-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-5389":{"scope":"remote","description":"The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline dictionary or brute force attacks. For the main mode, however, only an online attack against PSK authentication was thought to be feasible. This vulnerability could allow an attacker to recover a weak Pre-Shared Key or enable the impersonation of a victim host or network.","releases":{"buster":{"repositories":{"buster":"3.27-4"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.27-4"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2015-3240":{"scope":"remote","description":"The pluto IKE daemon in libreswan before 3.15 and Openswan before 2.6.45, when built with NSS, allows remote attackers to cause a denial of service (assertion failure and daemon restart) via a zero DH g^x value in a KE payload in a IKE packet.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.27-4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.27-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-6467":{"scope":"remote","description":"Libreswan 3.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.27-4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.27-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-4564":{"scope":"remote","description":"Libreswan 3.6 allows remote attackers to cause a denial of service (crash) via a small length value and (1) no version or (2) an invalid major number in an IKE packet.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.27-4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.27-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-2052":{"scope":"remote","description":"Buffer overflow in the atodn function in libreswan 3.0 and 3.1, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE daemon crash) and possibly execute arbitrary code via crafted DNS TXT records.  NOTE: this might be the same vulnerability as CVE-2013-2053 and CVE-2013-2054.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.27-4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.27-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-3204":{"scope":"remote","description":"libreswan 3.9 through 3.12 allows remote attackers to cause a denial of service (daemon restart) via an IKEv1 packet with (1) unassigned bits set in the IPSEC DOI value or (2) the next payload value set to ISAKMP_NEXT_SAK.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.27-4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.27-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-5361":{"scope":"remote","description":"programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial-responder states, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed UDP packet. NOTE: the original behavior complies with the IKEv1 protocol, but has a required security update from the libreswan vendor; as of 2016-06-10, it is expected that several other IKEv1 implementations will have vendor-required security updates, with separate CVE IDs assigned to each.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.27-4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.27-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-7283":{"scope":"remote","description":"Race condition in the libreswan.spec files for Red Hat Enterprise Linux (RHEL) and Fedora packages in libreswan 3.6 has unspecified impact and attack vectors, involving the /var/tmp/libreswan-nss-pwd temporary file.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.27-4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.27-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-3912":{"debianbug":440411,"scope":"local","description":"checkrestart in debian-goodies before 0.34 allows local users to gain privileges via shell metacharacters in the name of the executable file for a running process.","releases":{"buster":{"fixed_version":"0.34","repositories":{"buster":"0.84"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"0.34","repositories":{"stretch":"0.69.1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"0.34","repositories":{"jessie":"0.63"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"0.34","repositories":{"sid":"0.84"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2008-3533":{"scope":"remote","description":"Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs.","releases":{"buster":{"fixed_version":"2.22.1-4","repositories":{"buster":"3.31.90-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.22.1-4","repositories":{"stretch":"3.22.0-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.22.1-4","repositories":{"jessie":"3.14.1-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.22.1-4","repositories":{"sid":"3.31.90-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-11353":{"debianbug":868300,"scope":"remote","description":"yadm (yet another dotfile manager) 1.10.0 has a race condition (related to the behavior of git commands in setting permissions for new files and directories), which potentially allows access to SSH and PGP keys.","releases":{"buster":{"fixed_version":"1.11.1-1","repositories":{"buster":"1.12.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.06-1+deb9u1","repositories":{"stretch":"1.06-1+deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.11.1-1","repositories":{"sid":"1.12.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-1927":{"debianbug":738509,"scope":"remote","description":"The shell_quote function in python-gnupg 0.3.5 does not properly quote strings, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using \"$(\" command-substitution sequences, a different vulnerability than CVE-2014-1928.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323.","releases":{"buster":{"fixed_version":"0.3.6-1","repositories":{"buster":"0.4.4-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.3.6-1","repositories":{"stretch":"0.3.9-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.3.6-1","repositories":{"jessie":"0.3.6-1","jessie-security":"0.3.6-1+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.3.6-1","repositories":{"sid":"0.4.4-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1928":{"debianbug":738509,"scope":"local","description":"The shell_quote function in python-gnupg 0.3.5 does not properly escape characters, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using \"\\\" (backslash) characters to form multi-command sequences, a different vulnerability than CVE-2014-1927.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323.","releases":{"buster":{"fixed_version":"0.3.6-1","repositories":{"buster":"0.4.4-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.3.6-1","repositories":{"stretch":"0.3.9-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.3.6-1","repositories":{"jessie":"0.3.6-1","jessie-security":"0.3.6-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.3.6-1","repositories":{"sid":"0.4.4-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-6690":{"scope":"remote","description":"python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a \"CWE-20: Improper Input Validation\" issue affecting the affect functionality component.","releases":{"buster":{"fixed_version":"0.4.4-1","repositories":{"buster":"0.4.4-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.3.9-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"0.3.6-1+deb8u1","repositories":{"jessie":"0.3.6-1","jessie-security":"0.3.6-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.4.4-1","repositories":{"sid":"0.4.4-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-7323":{"debianbug":738509,"scope":"remote","description":"python-gnupg before 0.3.5 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.","releases":{"buster":{"fixed_version":"0.3.6-1","repositories":{"buster":"0.4.4-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.3.6-1","repositories":{"stretch":"0.3.9-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.3.6-1","repositories":{"jessie":"0.3.6-1","jessie-security":"0.3.6-1+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.3.6-1","repositories":{"sid":"0.4.4-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1929":{"debianbug":738509,"scope":"local","description":"python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspecified impact via vectors related to \"option injection through positional arguments.\" NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323.","releases":{"buster":{"fixed_version":"0.3.6-1","repositories":{"buster":"0.4.4-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.3.6-1","repositories":{"stretch":"0.3.9-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.3.6-1","repositories":{"jessie":"0.3.6-1","jessie-security":"0.3.6-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.3.6-1","repositories":{"sid":"0.4.4-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-4058":{"scope":"remote","description":"An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide access to other private services running on that host, which can lead to further attacks. An attacker can set up a relay with a loopback address as the peer on an affected TURN server to trigger this vulnerability.","releases":{"buster":{"fixed_version":"4.5.1.0-1","repositories":{"buster":"4.5.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.5.0.5-1+deb9u1","repositories":{"stretch-security":"4.5.0.5-1+deb9u1","stretch":"4.5.0.5-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.2.1.2-1+deb8u1","repositories":{"jessie":"4.2.1.2-1","jessie-security":"4.2.1.2-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.5.1.0-1","repositories":{"sid":"4.5.1.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-4059":{"scope":"remote","description":"An exploitable unsafe default configuration vulnerability exists in the TURN server function of coTURN prior to version 4.5.0.9. By default, the TURN server runs an unauthenticated telnet admin portal on the loopback interface. This can provide administrator access to the TURN server configuration, which can lead to additional attacks. An attacker who can get access to the telnet port can gain administrator access to the TURN server.","releases":{"buster":{"fixed_version":"4.5.1.0-1","repositories":{"buster":"4.5.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.5.0.5-1+deb9u1","repositories":{"stretch-security":"4.5.0.5-1+deb9u1","stretch":"4.5.0.5-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.2.1.2-1+deb8u1","repositories":{"jessie":"4.2.1.2-1","jessie-security":"4.2.1.2-1+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.5.1.0-1","repositories":{"sid":"4.5.1.1-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-4056":{"scope":"remote","description":"An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a specially crafted username can cause an SQL injection, resulting in authentication bypass, which could give access to the TURN server administrator web portal. An attacker can log in via the external interface of the TURN server to trigger this vulnerability.","releases":{"buster":{"fixed_version":"4.5.1.0-1","repositories":{"buster":"4.5.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.5.0.5-1+deb9u1","repositories":{"stretch-security":"4.5.0.5-1+deb9u1","stretch":"4.5.0.5-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.2.1.2-1+deb8u1","repositories":{"jessie":"4.2.1.2-1","jessie-security":"4.2.1.2-1+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.5.1.0-1","repositories":{"sid":"4.5.1.1-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-8026":{"scope":"remote","description":"Heap-based buffer overflow in the verify_vbr_checksum function in exfatfsck in exfat-utils before 1.2.1 allows remote attackers to cause a denial of service (infinite loop) or possibly execute arbitrary code via a crafted filesystem.","releases":{"buster":{"fixed_version":"1.2.1-1","repositories":{"buster":"1.3.0-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.2.1-1","repositories":{"stretch":"1.2.5-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.1.0-2+deb8u1","repositories":{"jessie":"1.1.0-2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.2.1-1","repositories":{"sid":"1.3.0-1"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0000000-EA2D06":{"releases":{"buster":{"fixed_version":"1.2.1-1","repositories":{"buster":"1.3.0-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"1.2.1-1","repositories":{"stretch":"1.2.5-2"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"1.1.0-2+deb8u1","repositories":{"jessie":"1.1.0-2+deb8u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"1.2.1-1","repositories":{"sid":"1.3.0-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2005-0706":{"debianbug":304799,"scope":"remote","description":"Buffer overflow in discdb.c for grip 3.1.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the cddb lookup to return more matches than expected.","releases":{"stretch":{"fixed_version":"1.0.5-5.1","repositories":{"stretch":"1:2.24.4-6.1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.0.5-5.1","repositories":{"jessie":"1:2.24.4-6"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.0.5-5.1","repositories":{"sid":"1:2.24.4-6.1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2004-0494":{"scope":"remote","description":"Multiple extfs backend scripts for GNOME virtual file system (VFS) before 1.0.1 may allow remote attackers to perform certain unauthorized actions via a gnome-vfs URI.","releases":{"stretch":{"fixed_version":"1.0.1","repositories":{"stretch":"1:2.24.4-6.1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.0.1","repositories":{"jessie":"1:2.24.4-6"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0.1","repositories":{"sid":"1:2.24.4-6.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-10109":{"scope":"remote","description":"Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remote attackers to cause denial of service (crash) via a command that uses \"cardsList\" after the handle has been released through the SCardReleaseContext function.","releases":{"buster":{"fixed_version":"1.8.20-1","repositories":{"buster":"1.8.24-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.8.20-1","repositories":{"stretch":"1.8.20-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.8.13-1+deb8u1","repositories":{"jessie":"1.8.13-1+deb8u1","jessie-security":"1.8.13-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.8.20-1","repositories":{"sid":"1.8.25-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-4531":{"debianbug":607781,"scope":"local","description":"Stack-based buffer overflow in the ATRDecodeAtr function in the Answer-to-Reset (ATR) Handler (atrhandler.c) for pcscd in PCSC-Lite 1.5.3, and possibly other 1.5.x and 1.6.x versions, allows physically proximate attackers to cause a denial of service (crash) and possibly execute arbitrary code via a smart card with an ATR message containing a long attribute value.","releases":{"buster":{"fixed_version":"1.5.5-4","repositories":{"buster":"1.8.24-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.5.5-4","repositories":{"stretch":"1.8.20-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.5.5-4","repositories":{"jessie":"1.8.13-1+deb8u1","jessie-security":"1.8.13-1+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.5.5-4","repositories":{"sid":"1.8.25-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-0407":{"scope":"local","description":"Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled.","releases":{"buster":{"fixed_version":"1.5.4-1","repositories":{"buster":"1.8.24-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.5.4-1","repositories":{"stretch":"1.8.20-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.5.4-1","repositories":{"jessie":"1.8.13-1+deb8u1","jessie-security":"1.8.13-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.5.4-1","repositories":{"sid":"1.8.25-1"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0533670-BB9FF7":{"debianbug":533670,"releases":{"buster":{"fixed_version":"1.5.4-1","repositories":{"buster":"1.8.24-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.5.4-1","repositories":{"stretch":"1.8.20-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.5.4-1","repositories":{"jessie":"1.8.13-1+deb8u1","jessie-security":"1.8.13-1+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.5.4-1","repositories":{"sid":"1.8.25-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-4901":{"scope":"local","description":"The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.8.24-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.8.20-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.8.13-1+deb8u1","jessie-security":"1.8.13-1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.8.25-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-4902":{"scope":"local","description":"Buffer overflow in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite 1.5.4 and earlier might allow local users to gain privileges via crafted SCARD_CONTROL message data, which is improperly demarshalled.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0407.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.8.24-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.8.20-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.8.13-1+deb8u1","jessie-security":"1.8.13-1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.8.25-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-6299":{"debianbug":850320,"scope":"remote","description":"The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file.","releases":{"buster":{"fixed_version":"1.3.2-1","repositories":{"buster":"1.3.2-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.3.2-1","repositories":{"stretch":"1.3.2-2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.1.33-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.3.2-1","repositories":{"sid":"1.3.2-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-5104":{"debianbug":825553,"scope":"remote","description":"The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket.","releases":{"buster":{"fixed_version":"1.0.10-3","repositories":{"buster":"1.1.0~git20181007.07a493a-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.10-3","repositories":{"stretch":"1.0.10-3"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.0.9-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.0.10-3","repositories":{"sid":"1.1.0~git20181007.07a493a-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-3120":{"debianbug":334423,"scope":"remote","description":"Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters.","releases":{"jessie":{"fixed_version":"2.8.6-16","repositories":{"jessie":"2.8.9dev1-2+deb8u1"},"urgency":"high","status":"resolved"}}}}
{"TEMP-0000000-0D6EB6":{"releases":{"jessie":{"fixed_version":"2.8.8dev.4-1","repositories":{"jessie":"2.8.9dev1-2+deb8u1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2012-5821":{"debianbug":692443,"scope":"remote","description":"Lynx does not verify that the server's certificate is signed by a trusted certification authority, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate, related to improper use of a certain GnuTLS function.","releases":{"jessie":{"fixed_version":"2.8.8dev.15-1","repositories":{"jessie":"2.8.9dev1-2+deb8u1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-1000211":{"scope":"remote","description":"Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTML_put_string() can append a chunk onto itself.","releases":{"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.8.9dev1-2+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"}}}}
{"CVE-2004-1617":{"debianbug":296340,"scope":"remote","description":"Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme.  NOTE: a followup suggests that the relevant trigger for this issue is the large COLS value.","releases":{"jessie":{"fixed_version":"2.8.6-6","repositories":{"jessie":"2.8.9dev1-2+deb8u1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2006-7234":{"scope":"local","description":"Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory.","releases":{"jessie":{"fixed_version":"2.8.7dev4-1","repositories":{"jessie":"2.8.9dev1-2+deb8u1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-2810":{"debianbug":594300,"scope":"remote","description":"Heap-based buffer overflow in the convert_to_idna function in WWW/Library/Implementation/HTParse.c in Lynx 2.8.8dev.1 through 2.8.8dev.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed URL containing a % (percent) character in the domain name.","releases":{"jessie":{"fixed_version":"2.8.8dev.5-1","repositories":{"jessie":"2.8.9dev1-2+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9179":{"debianbug":843258,"scope":"remote","description":"lynx: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host.","releases":{"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.8.9dev1-2+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"}}}}
{"CVE-2017-11421":{"debianbug":868705,"scope":"local","description":"gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection when generating thumbnails for MSI files, aka the \"Bad Taste\" issue. There is a local attack if the victim uses the GNOME Files file manager, and navigates to a directory containing a .msi file with VBScript code in its filename.","releases":{"stretch":{"fixed_version":"0.9.4-2+deb9u1","repositories":{"stretch":"0.9.4-2+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-1386":{"debianbug":776193,"scope":"remote","description":"Directory traversal vulnerability in unshield 1.0-1.","releases":{"buster":{"fixed_version":"1.4-1","repositories":{"buster":"1.4.2-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.4-1","repositories":{"stretch":"1.4.2-1"},"urgency":"low","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.0-1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.4-1","repositories":{"sid":"1.4.2-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-11610":{"debianbug":870187,"scope":"remote","description":"The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.","releases":{"buster":{"fixed_version":"3.3.1-1.1","repositories":{"buster":"3.3.5-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.3.1-1+deb9u1","repositories":{"stretch-security":"3.3.1-1+deb9u1","stretch":"3.3.1-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.0r1-1+deb8u1","repositories":{"jessie":"3.0r1-1+deb8u1","jessie-security":"3.0r1-1+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.3.1-1.1","repositories":{"sid":"3.3.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2003-0366":{"scope":"remote","description":"lyskom-server 2.0.7 and earlier allows unauthenticated users to cause a denial of service (CPU consumption) via a large query.","releases":{"buster":{"fixed_version":"2.0.7-2","repositories":{"buster":"2.1.2-16"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.0.7-2","repositories":{"stretch":"2.1.2-14"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.0.7-2","repositories":{"jessie":"2.1.2-13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.0.7-2","repositories":{"sid":"2.1.2-16"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-5111":{"debianbug":606808,"scope":"remote","description":"Multiple buffer overflows in readline.c in Echoping 6.0.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted reply in the (1) TLS_readline or (2) SSL_readline function, related to the EchoPingHttps Smokeping probe.","releases":{"buster":{"fixed_version":"6.0.2-4","repositories":{"buster":"6.0.2-10"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"6.0.2-4","repositories":{"stretch":"6.0.2-10"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"6.0.2-4","repositories":{"jessie":"6.0.2-8"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"6.0.2-4","repositories":{"sid":"6.0.2-10"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-17969":{"debianbug":888297,"scope":"remote","description":"Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive.","releases":{"buster":{"fixed_version":"16.02+dfsg-5","repositories":{"buster":"16.02+dfsg-6"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"16.02+dfsg-3+deb9u1","repositories":{"stretch-security":"16.02+dfsg-3+deb9u1","stretch":"16.02+dfsg-3+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"9.20.1~dfsg.1-4.1+deb8u3","repositories":{"jessie":"9.20.1~dfsg.1-4.1+deb8u3","jessie-security":"9.20.1~dfsg.1-4.1+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"16.02+dfsg-5","repositories":{"sid":"16.02+dfsg-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9296":{"debianbug":844344,"scope":"remote","description":"A null pointer dereference bug affects the 16.02 and many old versions of p7zip. A lack of null pointer check for the variable folders.PackPositions in function CInArchive::ReadAndDecodePackedStreams in CPP/7zip/Archive/7z/7zIn.cpp, as used in the 7z.so library and in 7z applications, will cause a crash and a denial of service when decoding malformed 7z files.","releases":{"buster":{"fixed_version":"16.02+dfsg-2","repositories":{"buster":"16.02+dfsg-6"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"16.02+dfsg-2","repositories":{"stretch-security":"16.02+dfsg-3+deb9u1","stretch":"16.02+dfsg-3+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"9.20.1~dfsg.1-4.1+deb8u3","jessie-security":"9.20.1~dfsg.1-4.1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"16.02+dfsg-2","repositories":{"sid":"16.02+dfsg-6"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-2334":{"debianbug":824160,"scope":"remote","description":"Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image.","releases":{"buster":{"fixed_version":"15.14.1+dfsg-2","repositories":{"buster":"16.02+dfsg-6"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"15.14.1+dfsg-2","repositories":{"stretch-security":"16.02+dfsg-3+deb9u1","stretch":"16.02+dfsg-3+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"9.20.1~dfsg.1-4.1+deb8u3","jessie-security":"9.20.1~dfsg.1-4.1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"15.14.1+dfsg-2","repositories":{"sid":"16.02+dfsg-6"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-2335":{"debianbug":824160,"scope":"remote","description":"The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip 9.20 and 15.05 beta and p7zip allows remote attackers to cause a denial of service (out-of-bounds read) or execute arbitrary code via the PartitionRef field in the Long Allocation Descriptor in a UDF file.","releases":{"buster":{"fixed_version":"15.14.1+dfsg-2","repositories":{"buster":"16.02+dfsg-6"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"15.14.1+dfsg-2","repositories":{"stretch-security":"16.02+dfsg-3+deb9u1","stretch":"16.02+dfsg-3+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"9.20.1~dfsg.1-4.1+deb8u2","repositories":{"jessie":"9.20.1~dfsg.1-4.1+deb8u3","jessie-security":"9.20.1~dfsg.1-4.1+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"15.14.1+dfsg-2","repositories":{"sid":"16.02+dfsg-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-6536":{"scope":"remote","description":"Unspecified vulnerability in 7-zip before 4.5.7 has unknown impact and remote attack vectors, as demonstrated by the PROTOS GENOME test suite for Archive Formats (c10).","releases":{"buster":{"fixed_version":"4.57~dfsg.1-1","repositories":{"buster":"16.02+dfsg-6"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.57~dfsg.1-1","repositories":{"stretch-security":"16.02+dfsg-3+deb9u1","stretch":"16.02+dfsg-3+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.57~dfsg.1-1","repositories":{"jessie":"9.20.1~dfsg.1-4.1+deb8u3","jessie-security":"9.20.1~dfsg.1-4.1+deb8u3"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.57~dfsg.1-1","repositories":{"sid":"16.02+dfsg-6"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-1038":{"debianbug":774660,"scope":"remote","description":"p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive.","releases":{"buster":{"fixed_version":"9.20.1~dfsg.1-4.2","repositories":{"buster":"16.02+dfsg-6"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"9.20.1~dfsg.1-4.2","repositories":{"stretch-security":"16.02+dfsg-3+deb9u1","stretch":"16.02+dfsg-3+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"9.20.1~dfsg.1-4.1+deb8u1","repositories":{"jessie":"9.20.1~dfsg.1-4.1+deb8u3","jessie-security":"9.20.1~dfsg.1-4.1+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"9.20.1~dfsg.1-4.2","repositories":{"sid":"16.02+dfsg-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-16849":{"debianbug":912714,"scope":"remote","description":"A flaw was found in openstack-mistral. By manipulating the SSH private key filename, the std.ssh action can be used to disclose the presence of arbitrary files within the filesystem of the executor running the action. Since std.ssh private_key_filename can take an absolute path, it can be used to assess whether or not a file exists on the executor's filesystem.","releases":{"buster":{"fixed_version":"7.0.0-2","repositories":{"buster":"7.0.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.0.0-4+deb9u1","repositories":{"stretch":"3.0.0-4+deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7.0.0-2","repositories":{"sid":"7.0.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-2622":{"scope":"local","description":"An accessibility flaw was found in the OpenStack Workflow (mistral) service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"7.0.0-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"3.0.0-4+deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"7.0.0-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-4456":{"scope":"remote","description":"ownCloud Desktop Client before 1.8.2 does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which allows man-in-the-middle attackers to bypass the user's certificate distrust decision and obtain sensitive information by leveraging a self-signed certificate and a connection to a server using its own self-signed certificate.","releases":{"buster":{"fixed_version":"1.8.4+dfsg-1","repositories":{"buster":"2.5.1.10973+dfsg-1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.8.4+dfsg-1","repositories":{"stretch":"2.2.4+dfsg-2"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.7.0~beta1+really1.6.4+dfsg-1+deb8u1","repositories":{"jessie":"1.7.0~beta1+really1.6.4+dfsg-1+deb8u1","jessie-security":"1.7.0~beta1+really1.6.4+dfsg-1+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.8.4+dfsg-1","repositories":{"sid":"2.5.1.10973+dfsg-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2015-7298":{"scope":"remote","description":"ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate.  NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression.","releases":{"buster":{"fixed_version":"2.0.0+dfsg-1","repositories":{"buster":"2.5.1.10973+dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.0.0+dfsg-1","repositories":{"stretch":"2.2.4+dfsg-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.7.0~beta1+really1.6.4+dfsg-1+deb8u1","jessie-security":"1.7.0~beta1+really1.6.4+dfsg-1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.0.0+dfsg-1","repositories":{"sid":"2.5.1.10973+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-2663":{"debianbug":675445,"scope":"remote","description":"extensions/libxt_tcp.c in iptables through 1.4.21 does not match TCP SYN+FIN packets in --syn rules, which might allow remote attackers to bypass intended firewall restrictions via crafted packets.  NOTE: the CVE-2012-6638 fix makes this issue less relevant.","releases":{"buster":{"repositories":{"buster":"1.8.2-4"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"1.6.0+snapshot20161117-6"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1.4.21-2"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"1.8.2-4"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2004-0986":{"scope":"remote","description":"Iptables before 1.2.11, under certain conditions, does not properly load the required modules at system startup, which causes the firewall rules to fail to load and protect the system from remote attackers.","releases":{"buster":{"fixed_version":"1.2.11-4","repositories":{"buster":"1.8.2-4"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.2.11-4","repositories":{"stretch":"1.6.0+snapshot20161117-6"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.2.11-4","repositories":{"jessie":"1.4.21-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.2.11-4","repositories":{"sid":"1.8.2-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-10510":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in the Security component of Kohana before 3.3.6 allows remote attackers to inject arbitrary web script or HTML by bypassing the strip_image_tags protection mechanism in system/classes/Kohana/Security.php.","releases":{"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.3.4-2"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"}}}}
{"CVE-2019-8979":{"scope":"remote","description":"Kohana through 3.3.6 has SQL Injection when the order_by() parameter can be controlled.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"2.3.4-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-2146":{"debianbug":670919,"scope":"remote","description":"Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector (IV), which makes it easier for context-dependent users to obtain sensitive information and decrypt the database.","releases":{"buster":{"fixed_version":"0.7.1-4","repositories":{"buster":"0.7.1-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.7.1-4","repositories":{"stretch":"0.7.1-4"},"urgency":"low","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.7.1-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.7.1-4","repositories":{"sid":"0.7.1-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-6517":{"scope":"remote","description":"Cross-site request forgery (CSRF) vulnerability in phpLiteAdmin 1.1 allows remote attackers to hijack the authentication of users for requests that drop database tables via the droptable parameter to phpliteadmin.php.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.9.7.1-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.9.7.1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-6518":{"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in phpLiteAdmin 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, (2) droptable parameter, or (3) table parameter to phpliteadmin.php.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.9.7.1-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.9.7.1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-10362":{"debianbug":896682,"scope":"remote","description":"An issue was discovered in phpLiteAdmin 1.9.5 through 1.9.7.1. Due to loose comparison with '==' instead of '===' in classes/Authorization.php for the user-provided login password, it is possible to login with a simpler password if the password has the form of a power in scientific notation (like '2e2' for '200' or '0e1234' for '0'). This is possible because, in the loose comparison case, PHP interprets the string as a number in scientific notation, and thus converts it to a number. After that, the comparison with '==' casts the user input (e.g., the string '200' or '0') to a number, too. Hence the attacker can login with just a '0' or a simple number he has to brute force. Strong comparison with '===' prevents the cast into numbers.","releases":{"buster":{"fixed_version":"1.9.7.1-2","repositories":{"buster":"1.9.7.1-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.9.7.1-2","repositories":{"sid":"1.9.7.1-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-1002209":{"debianbug":902786,"scope":"remote","description":"QuaZIP before 0.7.6 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.","releases":{"buster":{"fixed_version":"0.7.6-1","repositories":{"buster":"0.7.6-2"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.7.2-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.7-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.7.6-1","repositories":{"sid":"0.7.6-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-4334":{"debianbug":606058,"scope":"remote","description":"The IO::Socket::SSL module 1.35 for Perl, when verify_mode is not VERIFY_NONE, fails open to VERIFY_NONE instead of throwing an error when a ca_file/ca_path cannot be verified, which allows remote attackers to bypass intended certificate restrictions.","releases":{"buster":{"fixed_version":"1.35-1","repositories":{"buster":"2.060-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.35-1","repositories":{"stretch":"2.044-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.35-1","repositories":{"jessie":"2.002-2+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.35-1","repositories":{"sid":"2.060-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-3024":{"scope":"remote","description":"The verify_hostname_of_cert function in the certificate checking feature in IO-Socket-SSL (IO::Socket::SSL) 1.14 through 1.25 only matches the prefix of a hostname when no wildcard is used, which allows remote attackers to bypass the hostname check for a certificate.","releases":{"buster":{"fixed_version":"1.30-1","repositories":{"buster":"2.060-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.30-1","repositories":{"stretch":"2.044-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.30-1","repositories":{"jessie":"2.002-2+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.30-1","repositories":{"sid":"2.060-3"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0535946-7636B8":{"debianbug":535946,"releases":{"buster":{"fixed_version":"1.26-1","repositories":{"buster":"2.060-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.26-1","repositories":{"stretch":"2.044-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.26-1","repositories":{"jessie":"2.002-2+deb8u3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.26-1","repositories":{"sid":"2.060-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-6401":{"debianbug":738647,"scope":"remote","description":"Jansson, possibly 2.4 and earlier, does not restrict the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted JSON document.","releases":{"buster":{"fixed_version":"2.6-1","repositories":{"buster":"2.12-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.6-1","repositories":{"stretch":"2.9-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.6-1","repositories":{"jessie":"2.7-1+deb8u1","jessie-security":"2.7-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.6-1","repositories":{"sid":"2.12-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-4425":{"debianbug":823238,"scope":"remote","description":"Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service (deep recursion, stack consumption, and crash) via crafted JSON data.","releases":{"buster":{"fixed_version":"2.7-5","repositories":{"buster":"2.12-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.7-5","repositories":{"stretch":"2.9-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.7-1+deb8u1","repositories":{"jessie":"2.7-1+deb8u1","jessie-security":"2.7-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.7-5","repositories":{"sid":"2.12-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-8605":{"debianbug":840556,"scope":"remote","description":"The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected.","releases":{"buster":{"fixed_version":"2.0.13+1-1","repositories":{"buster":"2.0.13+1-5.1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.0.13+1-1","repositories":{"stretch":"2.0.13+1-4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.0.11+1-9+deb8u1","repositories":{"jessie":"2.0.11+1-9+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.0.13+1-1","repositories":{"sid":"2.0.13+1-5.1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-8606":{"debianbug":840555,"scope":"remote","description":"The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack.","releases":{"buster":{"fixed_version":"2.0.13+1-1","repositories":{"buster":"2.0.13+1-5.1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.0.13+1-1","repositories":{"stretch":"2.0.13+1-4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.0.11+1-9+deb8u1","repositories":{"jessie":"2.0.11+1-9+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.0.13+1-1","repositories":{"sid":"2.0.13+1-5.1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2019-3827":{"debianbug":921816,"scope":"local","description":"An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user's knowledge. Successful exploitation requires uncommon system configuration.","releases":{"buster":{"fixed_version":"1.38.1-3","repositories":{"buster":"1.38.1-3"},"urgency":"low**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.30.4-1"},"urgency":"low**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.22.2-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.38.1-3","repositories":{"sid":"1.38.1-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2010-0001":{"debianbug":566002,"scope":"remote","description":"Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.46"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.38"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.33"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.46"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-2312":{"scope":"local","description":"The main function in android_main.cpp in thermald allows local users to write to arbitrary files via a symlink attack on /tmp/thermald.pid.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.8.0-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.5.4-2.1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.3-6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.8.0-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2005-4796":{"scope":"local","description":"Unspecified vulnerability in the XView library (libxview.so) in Solaris 2.5 to 10 allows local users to corrupt files via unknown vectors related to the handling of the clipboard selection while an XView application exits.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"3.2p1.4-28.1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2005-0076":{"scope":"local","description":"Multiple buffer overflows in the XView library 3.2 may allow local users to execute arbitrary code via setuid applications that use the library.","releases":{"jessie":{"fixed_version":"3.2p1.4-19","repositories":{"jessie":"3.2p1.4-28.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-0039":{"debianbug":737495,"scope":"local","description":"Untrusted search path vulnerability in fwsnort before 1.6.4, when not running as root, allows local users to execute arbitrary code via a Trojan horse fwsnort.conf in the current working directory.","releases":{"buster":{"fixed_version":"1.6.4-1","repositories":{"buster":"1.6.7-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.6.4-1","repositories":{"stretch":"1.6.5-4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.6.4-1","repositories":{"jessie":"1.6.5-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.6.4-1","repositories":{"sid":"1.6.7-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-0853":{"debianbug":798863,"scope":"remote","description":"svn-workbench 1.6.2 and earlier on a system with xeyes installed allows local users to execute arbitrary commands by using the \"Command Shell\" menu item while in the directory trunk/$(xeyes).","releases":{"buster":{"fixed_version":"1.7.0-1","repositories":{"buster":"1.8.2-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.7.0-1","repositories":{"stretch":"1.8.1-1"},"urgency":"low","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.6.8-2.1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.7.0-1","repositories":{"sid":"1.8.2-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-19120":{"debianbug":913595,"scope":"remote","description":"The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address.","releases":{"buster":{"fixed_version":"4:18.08.3-1","repositories":{"buster":"4:18.08.3-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"4:16.08.3-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"4:18.08.3-1","repositories":{"sid":"4:18.08.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5946":{"debianbug":856269,"scope":"remote","description":"The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses \"../\" pathname substrings to write arbitrary files to the filesystem.","releases":{"buster":{"fixed_version":"1.2.0-1.1","repositories":{"buster":"1.2.2-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.2.0-1.1","repositories":{"stretch":"1.2.0-1.1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.1.6-1+deb8u1","repositories":{"jessie":"1.1.6-1+deb8u1","jessie-security":"1.1.6-1+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.2.0-1.1","repositories":{"sid":"1.2.2-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-1000544":{"debianbug":902720,"scope":"remote","description":"rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file that contains symlinks or files with absolute pathnames \"../\" to write arbitrary files to the filesystem..","releases":{"buster":{"fixed_version":"1.2.2-1","repositories":{"buster":"1.2.2-1"},"urgency":"high**","status":"resolved"},"stretch":{"repositories":{"stretch":"1.2.0-1.1"},"urgency":"high**","status":"open"},"jessie":{"fixed_version":"1.1.6-1+deb8u2","repositories":{"jessie":"1.1.6-1+deb8u1","jessie-security":"1.1.6-1+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.2.2-1","repositories":{"sid":"1.2.2-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-1293":{"debianbug":469462,"scope":"remote","description":"ldm in Linux Terminal Server Project (LTSP) 0.99 and 2 passes the -ac option to the X server on each LTSP client, which allows remote attackers to connect to this server via TCP port 6006 (aka display :6).","releases":{"buster":{"fixed_version":"5.0.40~bzr20071229-1","repositories":{"buster":"5.18.12-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"5.0.40~bzr20071229-1","repositories":{"stretch":"5.5.9-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"5.0.40~bzr20071229-1","repositories":{"jessie":"5.5.4-4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"5.0.40~bzr20071229-1","repositories":{"sid":"5.18.12-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-0633":{"debianbug":669126,"scope":"remote","description":"The Net::HTTPS module in libwww-perl (LWP) before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote attackers to spoof servers via man-in-the-middle (MITM) attacks involving hostnames that are not properly validated.  NOTE: it could be argued that this is a design limitation of the Net::HTTPS API, and separate implementations should be independently assigned CVE identifiers for not working around this limitation. However, because this API was modified within LWP, a single CVE identifier has been assigned.","releases":{"buster":{"fixed_version":"6.01-1","repositories":{"buster":"6.36-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"6.01-1","repositories":{"stretch":"6.15-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"6.01-1","repositories":{"jessie":"6.08-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"6.01-1","repositories":{"sid":"6.36-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-2253":{"scope":"remote","description":"lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to a URL with a crafted filename or (2) a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.","releases":{"buster":{"fixed_version":"5.835-1","repositories":{"buster":"6.36-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"5.835-1","repositories":{"stretch":"6.15-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"5.835-1","repositories":{"jessie":"6.08-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"5.835-1","repositories":{"sid":"6.36-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-16392":{"debianbug":909444,"scope":"local","description":"Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.","releases":{"buster":{"fixed_version":"0.19.0~rc1-1","repositories":{"buster":"0.19.0-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.16.0-3+deb9u1","repositories":{"stretch":"0.16.0-3+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.14.0-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.19.0~rc1-1","repositories":{"sid":"0.19.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-3972":{"scope":"local","description":"pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card's label matches the \"OpenSC\" string, which might allow physically proximate attackers to exploit vulnerabilities that the card owner expected were patched, as demonstrated by exploitation of CVE-2008-2235.","releases":{"buster":{"fixed_version":"0.11.4-5","repositories":{"buster":"0.19.0-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.11.4-5","repositories":{"stretch":"0.16.0-3+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.11.4-5","repositories":{"jessie":"0.14.0-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.11.4-5","repositories":{"sid":"0.19.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-16393":{"debianbug":909444,"scope":"local","description":"Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.","releases":{"buster":{"fixed_version":"0.19.0~rc1-1","repositories":{"buster":"0.19.0-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.16.0-3+deb9u1","repositories":{"stretch":"0.16.0-3+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.14.0-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.19.0~rc1-1","repositories":{"sid":"0.19.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-16391":{"debianbug":909444,"scope":"local","description":"Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.","releases":{"buster":{"fixed_version":"0.19.0~rc1-1","repositories":{"buster":"0.19.0-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.16.0-3+deb9u1","repositories":{"stretch":"0.16.0-3+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.14.0-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.19.0~rc1-1","repositories":{"sid":"0.19.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-1603":{"debianbug":527640,"scope":"remote","description":"src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted.","releases":{"buster":{"fixed_version":"0.11.8","repositories":{"buster":"0.19.0-1"},"urgency":"high","status":"resolved"},"stretch":{"fixed_version":"0.11.8","repositories":{"stretch":"0.16.0-3+deb9u1"},"urgency":"high","status":"resolved"},"jessie":{"fixed_version":"0.11.8","repositories":{"jessie":"0.14.0-2"},"urgency":"high","status":"resolved"},"sid":{"fixed_version":"0.11.8","repositories":{"sid":"0.19.0-2"},"urgency":"high","status":"resolved"}}}}
{"CVE-2019-6502":{"scope":"remote","description":"sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv.","releases":{"buster":{"repositories":{"buster":"0.19.0-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"0.16.0-3+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"0.14.0-2"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"0.19.0-2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2008-2235":{"scope":"local","description":"OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN.","releases":{"buster":{"fixed_version":"0.11.4-4","repositories":{"buster":"0.19.0-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.11.4-4","repositories":{"stretch":"0.16.0-3+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.11.4-4","repositories":{"jessie":"0.14.0-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.11.4-4","repositories":{"sid":"0.19.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-0368":{"scope":"local","description":"OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program.","releases":{"buster":{"fixed_version":"0.11.7-1","repositories":{"buster":"0.19.0-1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"0.11.7-1","repositories":{"stretch":"0.16.0-3+deb9u1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"0.11.7-1","repositories":{"jessie":"0.14.0-2"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"0.11.7-1","repositories":{"sid":"0.19.0-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2010-4523":{"debianbug":607427,"scope":"local","description":"Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13 and earlier allow physically proximate attackers to execute arbitrary code via a long serial-number field on a smart card, related to (1) card-acos5.c, (2) card-atrust-acos.c, and (3) card-starcos.c.","releases":{"buster":{"fixed_version":"0.11.13-1.1","repositories":{"buster":"0.19.0-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.11.13-1.1","repositories":{"stretch":"0.16.0-3+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.11.13-1.1","repositories":{"jessie":"0.14.0-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.11.13-1.1","repositories":{"sid":"0.19.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-16419":{"debianbug":909444,"scope":"local","description":"Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.","releases":{"buster":{"fixed_version":"0.19.0~rc1-1","repositories":{"buster":"0.19.0-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.16.0-3+deb9u1","repositories":{"stretch":"0.16.0-3+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.14.0-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.19.0~rc1-1","repositories":{"sid":"0.19.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-16418":{"debianbug":909444,"scope":"local","description":"A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.","releases":{"buster":{"fixed_version":"0.19.0~rc1-1","repositories":{"buster":"0.19.0-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.16.0-3+deb9u1","repositories":{"stretch":"0.16.0-3+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.14.0-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.19.0~rc1-1","repositories":{"sid":"0.19.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-16426":{"debianbug":909444,"scope":"local","description":"Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs.","releases":{"buster":{"fixed_version":"0.19.0~rc1-1","repositories":{"buster":"0.19.0-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.16.0-3+deb9u1","repositories":{"stretch":"0.16.0-3+deb9u1"},"urgency":"low**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.14.0-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.19.0~rc1-1","repositories":{"sid":"0.19.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-16427":{"debianbug":909444,"scope":"local","description":"Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs.","releases":{"buster":{"fixed_version":"0.19.0~rc1-1","repositories":{"buster":"0.19.0-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.16.0-3+deb9u1","repositories":{"stretch":"0.16.0-3+deb9u1"},"urgency":"low**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.14.0-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.19.0~rc1-1","repositories":{"sid":"0.19.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-16424":{"debianbug":909444,"scope":"local","description":"A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.","releases":{"buster":{"fixed_version":"0.19.0~rc1-1","repositories":{"buster":"0.19.0-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.16.0-3+deb9u1","repositories":{"stretch":"0.16.0-3+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.14.0-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.19.0~rc1-1","repositories":{"sid":"0.19.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-16425":{"debianbug":909444,"scope":"local","description":"A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.","releases":{"buster":{"fixed_version":"0.19.0~rc1-1","repositories":{"buster":"0.19.0-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.16.0-3+deb9u1","repositories":{"stretch":"0.16.0-3+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.14.0-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.19.0~rc1-1","repositories":{"sid":"0.19.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-16422":{"debianbug":909444,"scope":"local","description":"A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.","releases":{"buster":{"fixed_version":"0.19.0~rc1-1","repositories":{"buster":"0.19.0-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.16.0-3+deb9u1","repositories":{"stretch":"0.16.0-3+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.14.0-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.19.0~rc1-1","repositories":{"sid":"0.19.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-16423":{"debianbug":909444,"scope":"local","description":"A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.","releases":{"buster":{"fixed_version":"0.19.0~rc1-1","repositories":{"buster":"0.19.0-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.16.0-3+deb9u1","repositories":{"stretch":"0.16.0-3+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.14.0-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.19.0~rc1-1","repositories":{"sid":"0.19.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-16420":{"debianbug":909444,"scope":"local","description":"Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.","releases":{"buster":{"fixed_version":"0.19.0~rc1-1","repositories":{"buster":"0.19.0-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.16.0-3+deb9u1","repositories":{"stretch":"0.16.0-3+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.14.0-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.19.0~rc1-1","repositories":{"sid":"0.19.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-16421":{"debianbug":909444,"scope":"local","description":"Several buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.","releases":{"buster":{"fixed_version":"0.19.0~rc1-1","repositories":{"buster":"0.19.0-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.16.0-3+deb9u1","repositories":{"stretch":"0.16.0-3+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.14.0-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.19.0~rc1-1","repositories":{"sid":"0.19.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2002-1956":{"scope":"local","description":"ROX Filer 1.1.9 and 1.2 is installed with world writable permissions, which allows local users to write to arbitrary files.","releases":{"buster":{"fixed_version":"1.3.0-1","repositories":{"buster":"1:2.11-1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.3.0-1","repositories":{"stretch":"1:2.11-1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.3.0-1","repositories":{"jessie":"1:2.11-1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.3.0-1","repositories":{"sid":"1:2.11-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-6557":{"scope":"local","description":"The MOTD update script in the base-files package in Ubuntu 18.04 LTS before 10.1ubuntu2.2, and Ubuntu 18.10 before 10.1ubuntu6 incorrectly handled temporary files. A local attacker could use this issue to cause a denial of service, or possibly escalate privileges if kernel symlink restrictions were disabled.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"10.3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"9.9+deb9u9"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"8+deb8u11"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"10.3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-0834":{"scope":"remote","description":"The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110 netbooks, does not require authentication for package installation, which allows remote archive servers and man-in-the-middle attackers to execute arbitrary code via a crafted package.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"10.3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"9.9+deb9u9"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"8+deb8u11"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"10.3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2005-2096":{"debianbug":309196,"scope":"remote","description":"zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.","releases":{"buster":{"fixed_version":"0.4b40-1","repositories":{"buster":"0.4b46-5"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.4b40-1","repositories":{"stretch":"0.4b46-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.4b40-1","repositories":{"jessie":"0.4b44-5"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.4b40-1","repositories":{"sid":"0.4b46-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2002-1914":{"scope":"local","description":"dump 0.4 b10 through b29 allows local users to cause a denial of service (execution prevention) by using flock() to lock the /etc/dumpdates file.","releases":{"buster":{"fixed_version":"0.4b31-1","repositories":{"buster":"0.4b46-5"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"0.4b31-1","repositories":{"stretch":"0.4b46-3"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"0.4b31-1","repositories":{"jessie":"0.4b44-5"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"0.4b31-1","repositories":{"sid":"0.4b46-5"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2015-1609":{"debianbug":780129,"scope":"remote","description":"MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string in a BSON request.","releases":{"stretch":{"fixed_version":"1:2.4.10-5","repositories":{"stretch":"1:3.2.11-2+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:2.4.10-5","repositories":{"jessie":"1:2.4.10-5+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:2.4.10-5","repositories":{"sid":"1:3.4.18-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-15535":{"scope":"remote","description":"MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"1:3.2.11-2+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.4.10-5+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:3.4.18-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-3104":{"scope":"remote","description":"mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service (memory consumption and process termination) by leveraging in-memory database representation when authenticating against a non-existent database.","releases":{"stretch":{"fixed_version":"1:3.2.11-1","repositories":{"stretch":"1:3.2.11-2+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1:2.4.10-5+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1:3.2.11-1","repositories":{"sid":"1:3.4.18-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-1892":{"debianbug":704042,"scope":"remote","description":"MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arbitrary code via a crafted memory address in the first argument.","releases":{"stretch":{"fixed_version":"1:2.4.1-1","repositories":{"stretch":"1:3.2.11-2+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:2.4.1-1","repositories":{"jessie":"1:2.4.10-5+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:2.4.1-1","repositories":{"sid":"1:3.4.18-2"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0833087-C5410D":{"debianbug":833087,"releases":{"stretch":{"fixed_version":"1:2.6.12-1","repositories":{"stretch":"1:3.2.11-2+deb9u1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"1:2.4.10-5+deb8u1","repositories":{"jessie":"1:2.4.10-5+deb8u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"1:2.6.12-1","repositories":{"sid":"1:3.4.18-2"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2015-2328":{"scope":"remote","description":"PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.","releases":{"stretch":{"repositories":{"stretch":"1:3.2.11-2+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1:2.4.10-5+deb8u1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"1:3.4.18-2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2012-6619":{"scope":"remote","description":"The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read.","releases":{"stretch":{"fixed_version":"1:2.4.1-1","repositories":{"stretch":"1:3.2.11-2+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:2.4.1-1","repositories":{"jessie":"1:2.4.10-5+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:2.4.1-1","repositories":{"sid":"1:3.4.18-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-4650":{"debianbug":715007,"scope":"remote","description":"MongoDB 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allows remote authenticated users to obtain internal system privileges by leveraging a username of __system in an arbitrary database.","releases":{"stretch":{"fixed_version":"1:2.4.5-1","repositories":{"stretch":"1:3.2.11-2+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:2.4.5-1","repositories":{"jessie":"1:2.4.10-5+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:2.4.5-1","repositories":{"sid":"1:3.4.18-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-2327":{"scope":"remote","description":"PCRE before 8.36 mishandles the /(((a\\2)|(a*)\\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.","releases":{"stretch":{"repositories":{"stretch":"1:3.2.11-2+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1:2.4.10-5+deb8u1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"1:3.4.18-2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2014-3971":{"scope":"remote","description":"The CmdAuthenticate::_authenticateX509 function in db/commands/authentication_commands.cpp in mongod in MongoDB 2.6.x before 2.6.2 allows remote attackers to cause a denial of service (daemon crash) by attempting authentication with an invalid X.509 client certificate.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"1:3.2.11-2+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.4.10-5+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:3.4.18-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-3969":{"debianbug":715007,"scope":"remote","description":"The find prototype in scripting/engine_v8.h in MongoDB 2.4.0 through 2.4.4 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and server crash) or possibly execute arbitrary code via an invalid RefDB object.","releases":{"stretch":{"fixed_version":"1:2.4.5-1","repositories":{"stretch":"1:3.2.11-2+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:2.4.5-1","repositories":{"jessie":"1:2.4.10-5+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:2.4.5-1","repositories":{"sid":"1:3.4.18-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-6494":{"debianbug":832908,"scope":"local","description":"The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files.","releases":{"stretch":{"fixed_version":"1:2.6.12-3","repositories":{"stretch":"1:3.2.11-2+deb9u1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1:2.4.10-5+deb8u1","repositories":{"jessie":"1:2.4.10-5+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1:2.6.12-3","repositories":{"sid":"1:3.4.18-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2014-0979":{"debianbug":734472,"scope":"local","description":"The start_authentication function in lightdm-gtk-greeter.c in LightDM GTK+ Greeter before 1.7.1 does not properly handle the return value from the lightdm_greeter_get_authentication_user function, which allows local users to cause a denial of service (NULL pointer dereference) via an empty username.","releases":{"buster":{"fixed_version":"1.6.1-5","repositories":{"buster":"2.0.6-1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.6.1-5","repositories":{"stretch":"2.0.2-1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.6.1-5","repositories":{"jessie":"1.8.5-2"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.6.1-5","repositories":{"sid":"2.0.6-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2013-6050":{"scope":"remote","description":"Integer overflow in Links before 2.8 allows remote attackers to cause a denial of service (crash) via crafted HTML tables.","releases":{"buster":{"fixed_version":"2.8-1","repositories":{"buster":"2.18-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.8-1","repositories":{"stretch":"2.14-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.8-1","repositories":{"jessie":"2.8-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.8-1","repositories":{"sid":"2.18-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2002-2060":{"scope":"remote","description":"Buffer overflow in Links 2.0 pre4 allows remote attackers to crash client browsers and possibly execute arbitrary code via gamma tables in large 16-bit PNG images.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.18-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.14-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.8-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.18-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-11114":{"debianbug":870299,"scope":"remote","description":"The put_chars function in html_r.c in Twibright Links 2.14 allows remote attackers to cause a denial of service (buffer over-read) via a crafted HTML file.","releases":{"buster":{"fixed_version":"2.14-3","repositories":{"buster":"2.18-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.14-2"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.8-2"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14-3","repositories":{"sid":"2.18-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-3329":{"debianbug":492744,"scope":"remote","description":"Unspecified vulnerability in Links before 2.1, when \"only proxies\" is enabled, has unknown impact and attack vectors related to providing \"URLs to external programs.\"","releases":{"buster":{"fixed_version":"2.1pre37-1.1","repositories":{"buster":"2.18-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.1pre37-1.1","repositories":{"stretch":"2.14-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.1pre37-1.1","repositories":{"jessie":"2.8-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.1pre37-1.1","repositories":{"sid":"2.18-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2006-5925":{"debianbug":399187,"scope":"remote","description":"Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements.","releases":{"buster":{"fixed_version":"2.1pre25-2","repositories":{"buster":"2.18-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.1pre25-2","repositories":{"stretch":"2.14-2"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.1pre25-2","repositories":{"jessie":"2.8-2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.1pre25-2","repositories":{"sid":"2.18-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2012-6709":{"debianbug":510417,"scope":"remote","description":"ELinks 0.12 and Twibright Links 2.3 have Missing SSL Certificate Validation.","releases":{"buster":{"fixed_version":"2.6-1","repositories":{"buster":"2.18-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.6-1","repositories":{"stretch":"2.14-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.6-1","repositories":{"jessie":"2.8-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.6-1","repositories":{"sid":"2.18-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-5207":{"debianbug":445308,"scope":"local","description":"guilt 0.27 allows local users to overwrite arbitrary files via a symlink attack on a guilt.log.[PID] temporary file.","releases":{"buster":{"fixed_version":"0.27-1.2","repositories":{"buster":"0.36-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"0.27-1.2","repositories":{"stretch":"0.36-1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"0.27-1.2","repositories":{"jessie":"0.35-1.2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"0.27-1.2","repositories":{"sid":"0.36-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2009-4013":{"scope":"remote","description":"Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to overwrite arbitrary files or obtain sensitive information via vectors involving (1) control field names, (2) control field values, and (3) control files of patch systems.","releases":{"buster":{"fixed_version":"2.3.2","repositories":{"buster":"2.9.1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.3.2","repositories":{"stretch":"2.5.50.4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.3.2","repositories":{"jessie":"2.5.30+deb8u4"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.3.2","repositories":{"sid":"2.13.0"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2009-4015":{"scope":"remote","description":"Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allows remote attackers to execute arbitrary commands via shell metacharacters in filename arguments.","releases":{"buster":{"fixed_version":"2.3.2","repositories":{"buster":"2.9.1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.3.2","repositories":{"stretch":"2.5.50.4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.3.2","repositories":{"jessie":"2.5.30+deb8u4"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.3.2","repositories":{"sid":"2.13.0"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2009-4014":{"scope":"remote","description":"Multiple format string vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to have an unspecified impact via vectors involving (1) check scripts and (2) the Lintian::Schedule module.","releases":{"buster":{"fixed_version":"2.3.2","repositories":{"buster":"2.9.1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.3.2","repositories":{"stretch":"2.5.50.4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.3.2","repositories":{"jessie":"2.5.30+deb8u4"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.3.2","repositories":{"sid":"2.13.0"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2013-1429":{"debianbug":705553,"releases":{"buster":{"fixed_version":"2.5.10.5","repositories":{"buster":"2.9.1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.5.10.5","repositories":{"stretch":"2.5.50.4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.5.10.5","repositories":{"jessie":"2.5.30+deb8u4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.5.10.5","repositories":{"sid":"2.13.0"},"urgency":"unimportant","status":"resolved"}}}}
{"TEMP-0000000-58BE54":{"releases":{"buster":{"fixed_version":"2.5.2","repositories":{"buster":"2.9.1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.5.2","repositories":{"stretch":"2.5.50.4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.5.2","repositories":{"jessie":"2.5.30+deb8u4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.5.2","repositories":{"sid":"2.13.0"},"urgency":"unimportant","status":"resolved"}}}}
{"TEMP-0000000-8F74CD":{"releases":{"buster":{"fixed_version":"1.23.28","repositories":{"buster":"2.9.1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.23.28","repositories":{"stretch":"2.5.50.4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.23.28","repositories":{"jessie":"2.5.30+deb8u4"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.23.28","repositories":{"sid":"2.13.0"},"urgency":"low","status":"resolved"}}}}
{"CVE-2004-1000":{"debianbug":286379,"scope":"local","description":"lintian 1.23 and earlier removes the working directory even if it was not created by lintian, which may allow local users to delete arbitrary files or directories via a symlink attack.","releases":{"buster":{"fixed_version":"1.23.6","repositories":{"buster":"2.9.1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.23.6","repositories":{"stretch":"2.5.50.4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.23.6","repositories":{"jessie":"2.5.30+deb8u4"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.23.6","repositories":{"sid":"2.13.0"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-8829":{"debianbug":861958,"scope":"remote","description":"Deserialization vulnerability in lintian through 2.5.50.3 allows attackers to trigger code execution by requesting a review of a source package with a crafted YAML file.","releases":{"buster":{"fixed_version":"2.5.50.4","repositories":{"buster":"2.9.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.5.50.4","repositories":{"stretch":"2.5.50.4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.5.30+deb8u4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.5.50.4","repositories":{"sid":"2.13.0"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-5723":{"scope":"local","description":"Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code.","releases":{"buster":{"fixed_version":"2.4.3-1","repositories":{"buster":"2.10.0-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.4.3-1","repositories":{"stretch":"2.6.1-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.4.2-2+deb8u1","repositories":{"jessie":"2.4.2-2+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.4.3-1","repositories":{"sid":"2.10.0-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2004-1014":{"scope":"remote","description":"statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service (server process crash) via a TCP connection that is prematurely terminated.","releases":{"buster":{"fixed_version":"1:1.0.6-3.1","repositories":{"buster":"1:1.3.4-2.5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.0.6-3.1","repositories":{"stretch":"1:1.3.4-2.1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:1.0.6-3.1","repositories":{"jessie":"1:1.2.8-9"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.0.6-3.1","repositories":{"sid":"1:1.3.4-2.5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-4552":{"scope":"remote","description":"The good_client function in nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the hosts_ctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups and allows remote attackers to bypass intended access restrictions.","releases":{"buster":{"fixed_version":"1:1.1.3-1","repositories":{"buster":"1:1.3.4-2.5"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:1.1.3-1","repositories":{"stretch":"1:1.3.4-2.1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:1.1.3-1","repositories":{"jessie":"1:1.2.8-9"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:1.1.3-1","repositories":{"sid":"1:1.3.4-2.5"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2004-0154":{"scope":"remote","description":"rpc.mountd in nfs-utils after 1.0.3 and before 1.0.6 allows attackers to cause a denial of service (crash) via an NFS mount of a directory from a client whose reverse DNS lookup name is different from the forward lookup name.","releases":{"buster":{"fixed_version":"1:1.0.5-3","repositories":{"buster":"1:1.3.4-2.5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.0.5-3","repositories":{"stretch":"1:1.3.4-2.1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:1.0.5-3","repositories":{"jessie":"1:1.2.8-9"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.0.5-3","repositories":{"sid":"1:1.3.4-2.5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-1749":{"debianbug":629420,"scope":"local","description":"The nfs_addmntent function in support/nfs/nfs_mntent.c in the mount.nsf tool in nfs-utils before 1.2.4 attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to corrupt this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.","releases":{"buster":{"fixed_version":"1:1.2.3-3","repositories":{"buster":"1:1.3.4-2.5"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:1.2.3-3","repositories":{"stretch":"1:1.3.4-2.1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:1.2.3-3","repositories":{"jessie":"1:1.2.8-9"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:1.2.3-3","repositories":{"sid":"1:1.3.4-2.5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2004-0946":{"scope":"remote","description":"rquotad in nfs-utils (rquota_server.c) before 1.0.6-r6 on 64-bit architectures does not properly perform an integer conversion, which leads to a stack-based buffer overflow and allows remote attackers to execute arbitrary code via a crafted NFS request.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:1.3.4-2.5"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1:1.3.4-2.1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:1.2.8-9"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:1.3.4-2.5"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-2500":{"debianbug":633155,"scope":"remote","description":"The host_reliable_addrinfo function in support/export/hostname.c in nfs-utils before 1.2.4 does not properly use DNS to verify access to NFS exports, which allows remote attackers to mount filesystems by establishing crafted DNS A and PTR records.","releases":{"buster":{"fixed_version":"1:1.2.4-1","repositories":{"buster":"1:1.3.4-2.5"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:1.2.4-1","repositories":{"stretch":"1:1.3.4-2.1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:1.2.4-1","repositories":{"jessie":"1:1.2.8-9"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:1.2.4-1","repositories":{"sid":"1:1.3.4-2.5"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-1923":{"debianbug":707401,"scope":"remote","description":"rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks.","releases":{"buster":{"fixed_version":"1:1.2.8-1","repositories":{"buster":"1:1.3.4-2.5"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:1.2.8-1","repositories":{"stretch":"1:1.3.4-2.1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:1.2.8-1","repositories":{"jessie":"1:1.2.8-9"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:1.2.8-1","repositories":{"sid":"1:1.3.4-2.5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2003-0252":{"scope":"remote","description":"Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines.","releases":{"buster":{"fixed_version":"1:1.0.3-2","repositories":{"buster":"1:1.3.4-2.5"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:1.0.3-2","repositories":{"stretch":"1:1.3.4-2.1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:1.0.3-2","repositories":{"jessie":"1:1.2.8-9"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:1.0.3-2","repositories":{"sid":"1:1.3.4-2.5"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-18197":{"debianbug":891796,"scope":"remote","description":"In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert() is missing flags to prevent XML External Entity (XXE) attacks, as demonstrated by /ServerView.","releases":{"buster":{"fixed_version":"2.1.0.7-2","repositories":{"buster":"2.1.0.7-2"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.1.0.7-1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.1.0.7-1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.1.0.7-2","repositories":{"sid":"2.1.0.7-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-0159":{"debianbug":406628,"scope":"remote","description":"Directory traversal vulnerability in the GeoIP_update_database_general function in libGeoIP/GeoIPUpdate.c in GeoIP 1.4.0 allows remote malicious update servers (possibly only update.maxmind.com) to overwrite arbitrary files via a .. (dot dot) in the database filename, which is returned by a request to app/update_getfilename.","releases":{"buster":{"fixed_version":"1.3.17-1.1","repositories":{"buster":"1.6.12-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.3.17-1.1","repositories":{"stretch":"1.6.9-4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.3.17-1.1","repositories":{"jessie":"1.6.2-4"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.3.17-1.1","repositories":{"sid":"1.6.12-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-2132":{"debianbug":710597,"scope":"remote","description":"bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an \"invalid DBRef.\"","releases":{"buster":{"fixed_version":"2.5.2-1","repositories":{"buster":"3.7.1-1.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.5.2-1","repositories":{"stretch":"3.4.0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.5.2-1","repositories":{"jessie":"2.7.2-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.5.2-1","repositories":{"sid":"3.7.1-1.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-5060":{"debianbug":650707,"scope":"local","description":"The par_mktmpdir function in the PAR module before 1.003 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program, a different vulnerability in a different package than CVE-2011-4114.","releases":{"buster":{"fixed_version":"1.005-1","repositories":{"buster":"1.015-1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.005-1","repositories":{"stretch":"1.014-1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.005-1","repositories":{"jessie":"1.007-1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.005-1","repositories":{"sid":"1.015-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-10886":{"scope":"local","description":"** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: none.  Reason: this candidate is not about any specific product, protocol, or design, that falls into the scope of the assigning CNA. Notes: None.","releases":{"buster":{"fixed_version":"1.10.4-1","repositories":{"buster":"1.10.5-2"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"1.9.9-1+deb9u1","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"1.9.4-3+deb8u1","repositories":{"jessie":"1.9.4-3","jessie-security":"1.9.4-3+deb8u2"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"1.10.4-1","repositories":{"sid":"1.10.5-3"},"urgency":"not yet assigned","status":"resolved"}}}}
{"TEMP-0904191-9063D5":{"debianbug":904191,"releases":{"buster":{"fixed_version":"1.10.5-1","repositories":{"buster":"1.10.5-2"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1.9.4-3+deb8u2","repositories":{"jessie":"1.9.4-3","jessie-security":"1.9.4-3+deb8u2"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"1.10.5-1","repositories":{"sid":"1.10.5-3"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2013-2018":{"releases":{"buster":{"fixed_version":"7.0.65+dfsg-1","repositories":{"buster":"7.14.2+dfsg-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"7.0.65+dfsg-1","repositories":{"stretch":"7.6.33+dfsg-12"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"7.0.65+dfsg-1","repositories":{"jessie":"7.4.23+dfsg-1+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"7.0.65+dfsg-1","repositories":{"sid":"7.14.2+dfsg-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-5280":{"scope":"remote","description":"Multiple stack-based buffer overflows in BOINC 6.13.x allow remote attackers to cause a denial of service (crash) via a long trickle-up to (1) client/cs_trickle.cpp or (2) db/db_base.cpp.","releases":{"buster":{"fixed_version":"7.0.2+dfsg-1","repositories":{"buster":"7.14.2+dfsg-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"7.0.2+dfsg-1","repositories":{"stretch":"7.6.33+dfsg-12"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"7.0.2+dfsg-1","repositories":{"jessie":"7.4.23+dfsg-1+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"7.0.2+dfsg-1","repositories":{"sid":"7.14.2+dfsg-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-2298":{"scope":"remote","description":"Multiple stack-based buffer overflows in the XML parser in BOINC 7.x allow attackers to have unspecified impact via a crafted XML file, related to the scheduler.","releases":{"buster":{"fixed_version":"7.0.65+dfsg-1","repositories":{"buster":"7.14.2+dfsg-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"7.0.65+dfsg-1","repositories":{"stretch":"7.6.33+dfsg-12"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"7.0.65+dfsg-1","repositories":{"jessie":"7.4.23+dfsg-1+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"7.0.65+dfsg-1","repositories":{"sid":"7.14.2+dfsg-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-7386":{"scope":"remote","description":"Format string vulnerability in the PROJECT::write_account_file function in client/cs_account.cpp in BOINC, possibly 7.2.33, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the gui_urls item in an account file.","releases":{"buster":{"fixed_version":"7.1.10+dfsg-1","repositories":{"buster":"7.14.2+dfsg-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"7.1.10+dfsg-1","repositories":{"stretch":"7.6.33+dfsg-12"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"7.1.10+dfsg-1","repositories":{"jessie":"7.4.23+dfsg-1+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"7.1.10+dfsg-1","repositories":{"sid":"7.14.2+dfsg-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-0126":{"debianbug":511521,"scope":"remote","description":"The decrypt_public function in lib/crypt.cpp in the client in Berkeley Open Infrastructure for Network Computing (BOINC) 6.2.14 and 6.4.5 does not check the return value from the OpenSSL RSA_public_decrypt function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.","releases":{"buster":{"fixed_version":"6.2.14-3","repositories":{"buster":"7.14.2+dfsg-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"6.2.14-3","repositories":{"stretch":"7.6.33+dfsg-12"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"6.2.14-3","repositories":{"jessie":"7.4.23+dfsg-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"6.2.14-3","repositories":{"sid":"7.14.2+dfsg-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-2019":{"scope":"remote","description":"Stack-based buffer overflow in BOINC 6.10.58 and 6.12.34 allows remote attackers to have unspecified impact via multiple file_signature elements.","releases":{"buster":{"fixed_version":"6.13.6+dfsg-1","repositories":{"buster":"7.14.2+dfsg-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"6.13.6+dfsg-1","repositories":{"stretch":"7.6.33+dfsg-12"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"6.13.6+dfsg-1","repositories":{"jessie":"7.4.23+dfsg-1+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"6.13.6+dfsg-1","repositories":{"sid":"7.14.2+dfsg-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2005-4347":{"debianbug":329087,"scope":"remote","description":"The Linux 2.4 kernel patch in kernel-patch-vserver before 1.9.5.5 and 2.x before 2.3 for Debian GNU/Linux does not correctly set the \"chroot barrier\" with util-vserver, which allows attackers to access files on the host system that are outside of the vserver.","releases":{"buster":{"fixed_version":"0.30.208-1","repositories":{"buster":"0.30.216-pre3120-1.4"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"0.30.208-1","repositories":{"stretch":"0.30.216-pre3120-1.4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"0.30.208-1","repositories":{"jessie":"0.30.216-pre3054-1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"0.30.208-1","repositories":{"sid":"0.30.216-pre3120-1.4"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2006-1656":{"debianbug":360438,"scope":"local","description":"vserver in util-vserver 0.30.209 executes a command as root when the suexec userid parameter is invalid and non-numeric, which might cause local users to inadvertently execute dangerous commands as root.","releases":{"buster":{"fixed_version":"0.30.210-1","repositories":{"buster":"0.30.216-pre3120-1.4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0.30.210-1","repositories":{"stretch":"0.30.216-pre3120-1.4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0.30.210-1","repositories":{"jessie":"0.30.216-pre3054-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0.30.210-1","repositories":{"sid":"0.30.216-pre3120-1.4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2005-4418":{"scope":"remote","description":"util-vserver before 0.30.208-1 with kernel-patch-vserver before 1.9.5.5 and 2.x before 2.3 for Debian GNU/Linux sets a default policy that trusts unknown capabilities, which could allow local users to conduct unauthorized activities.","releases":{"buster":{"fixed_version":"0.30.208-1","repositories":{"buster":"0.30.216-pre3120-1.4"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.30.208-1","repositories":{"stretch":"0.30.216-pre3120-1.4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.30.208-1","repositories":{"jessie":"0.30.216-pre3054-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.30.208-1","repositories":{"sid":"0.30.216-pre3120-1.4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-3720":{"debianbug":551936,"scope":"remote","description":"The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.","releases":{"jessie":{"fixed_version":"1.13.0-2","repositories":{"jessie":"1.17.0.dfsg-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-3560":{"debianbug":560901,"scope":"remote","description":"The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.","releases":{"jessie":{"fixed_version":"1.13.0-2","repositories":{"jessie":"1.17.0.dfsg-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-17530":{"scope":"remote","description":"common/help.c in Geomview 1.9.5 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.","releases":{"buster":{"repositories":{"buster":"1.9.5-2"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"1.9.5-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1.9.4-4.1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"1.9.5-2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2012-0061":{"debianbug":667031,"scope":"remote","description":"The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large region size in a package header.","releases":{"buster":{"fixed_version":"4.9.1.3-1","repositories":{"buster":"4.14.2.1+dfsg1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.9.1.3-1","repositories":{"stretch":"4.12.0.2+dfsg1-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.9.1.3-1","repositories":{"jessie":"4.11.3-1.1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.9.1.3-1","repositories":{"sid":"4.14.2.1+dfsg1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-0060":{"debianbug":667031,"scope":"remote","description":"RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function.","releases":{"buster":{"fixed_version":"4.9.1.3-1","repositories":{"buster":"4.14.2.1+dfsg1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.9.1.3-1","repositories":{"stretch":"4.12.0.2+dfsg1-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.9.1.3-1","repositories":{"jessie":"4.11.3-1.1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.9.1.3-1","repositories":{"sid":"4.14.2.1+dfsg1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-2096":{"debianbug":309196,"scope":"remote","description":"zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.","releases":{"buster":{"fixed_version":"4.0.4-31.1","repositories":{"buster":"4.14.2.1+dfsg1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"4.0.4-31.1","repositories":{"stretch":"4.12.0.2+dfsg1-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"4.0.4-31.1","repositories":{"jessie":"4.11.3-1.1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"4.0.4-31.1","repositories":{"sid":"4.14.2.1+dfsg1-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-3378":{"debianbug":645325,"scope":"remote","description":"RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c.","releases":{"buster":{"fixed_version":"4.9.1.2-1","repositories":{"buster":"4.14.2.1+dfsg1-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"4.9.1.2-1","repositories":{"stretch":"4.12.0.2+dfsg1-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"4.9.1.2-1","repositories":{"jessie":"4.11.3-1.1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"4.9.1.2-1","repositories":{"sid":"4.14.2.1+dfsg1-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-8118":{"debianbug":773101,"scope":"remote","description":"Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow.","releases":{"buster":{"fixed_version":"4.11.3-1.1","repositories":{"buster":"4.14.2.1+dfsg1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.11.3-1.1","repositories":{"stretch":"4.12.0.2+dfsg1-2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.11.3-1.1","repositories":{"jessie":"4.11.3-1.1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.11.3-1.1","repositories":{"sid":"4.14.2.1+dfsg1-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-0815":{"debianbug":667031,"scope":"remote","description":"The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison.","releases":{"buster":{"fixed_version":"4.9.1.3-1","repositories":{"buster":"4.14.2.1+dfsg1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.9.1.3-1","repositories":{"stretch":"4.12.0.2+dfsg1-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.9.1.3-1","repositories":{"jessie":"4.11.3-1.1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.9.1.3-1","repositories":{"sid":"4.14.2.1+dfsg1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-2059":{"debianbug":584257,"scope":"local","description":"lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file.","releases":{"buster":{"fixed_version":"4.8.1-1","repositories":{"buster":"4.14.2.1+dfsg1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"4.8.1-1","repositories":{"stretch":"4.12.0.2+dfsg1-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"4.8.1-1","repositories":{"jessie":"4.11.3-1.1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"4.8.1-1","repositories":{"sid":"4.14.2.1+dfsg1-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-5466":{"debianbug":397076,"scope":"remote","description":"Heap-based buffer overflow in the showQueryPackage function in librpm in RPM Package Manager 4.4.8, when the LANG environment variable is set to ru_RU.UTF-8, might allow user-assisted attackers to execute arbitrary code via crafted RPM packages.","releases":{"buster":{"fixed_version":"4.4.1-11","repositories":{"buster":"4.14.2.1+dfsg1-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"4.4.1-11","repositories":{"stretch":"4.12.0.2+dfsg1-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"4.4.1-11","repositories":{"jessie":"4.11.3-1.1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"4.4.1-11","repositories":{"sid":"4.14.2.1+dfsg1-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-2199":{"debianbug":584257,"scope":"local","description":"lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to a vulnerable file that has a POSIX ACL, a related issue to CVE-2010-2059.","releases":{"buster":{"repositories":{"buster":"4.14.2.1+dfsg1-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"4.12.0.2+dfsg1-2"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"4.11.3-1.1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"4.14.2.1+dfsg1-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2010-2197":{"debianbug":584257,"scope":"remote","description":"rpmbuild in RPM 4.8.0 and earlier does not properly parse the syntax of spec files, which allows user-assisted remote attackers to remove home directories via vectors involving a ;~ (semicolon tilde) sequence in a Name tag.","releases":{"buster":{"fixed_version":"4.8.1-1","repositories":{"buster":"4.14.2.1+dfsg1-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"4.8.1-1","repositories":{"stretch":"4.12.0.2+dfsg1-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"4.8.1-1","repositories":{"jessie":"4.11.3-1.1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"4.8.1-1","repositories":{"sid":"4.14.2.1+dfsg1-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-2198":{"debianbug":584257,"scope":"local","description":"lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to gain privileges or bypass intended access restrictions by creating a hard link to a vulnerable file that has (1) POSIX file capabilities or (2) SELinux context information, a related issue to CVE-2010-2059.","releases":{"buster":{"repositories":{"buster":"4.14.2.1+dfsg1-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"4.12.0.2+dfsg1-2"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"4.11.3-1.1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"4.14.2.1+dfsg1-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2013-6435":{"debianbug":773101,"scope":"remote","description":"Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory.","releases":{"buster":{"fixed_version":"4.11.3-1.1","repositories":{"buster":"4.14.2.1+dfsg1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.11.3-1.1","repositories":{"stretch":"4.12.0.2+dfsg1-2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.11.3-1.1","repositories":{"jessie":"4.11.3-1.1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.11.3-1.1","repositories":{"sid":"4.14.2.1+dfsg1-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7501":{"scope":"local","description":"It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.","releases":{"buster":{"repositories":{"buster":"4.14.2.1+dfsg1-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"4.12.0.2+dfsg1-2"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"4.11.3-1.1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"4.14.2.1+dfsg1-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-7500":{"scope":"local","description":"It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.","releases":{"buster":{"repositories":{"buster":"4.14.2.1+dfsg1-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"4.12.0.2+dfsg1-2"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"4.11.3-1.1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"4.14.2.1+dfsg1-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2005-4889":{"debianbug":584257,"scope":"local","description":"lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file, a related issue to CVE-2010-2059.","releases":{"buster":{"fixed_version":"4.7.0-1","repositories":{"buster":"4.14.2.1+dfsg1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"4.7.0-1","repositories":{"stretch":"4.12.0.2+dfsg1-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"4.7.0-1","repositories":{"jessie":"4.11.3-1.1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"4.7.0-1","repositories":{"sid":"4.14.2.1+dfsg1-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-6088":{"debianbug":697375,"scope":"remote","description":"The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 does not return an error code in certain situations involving an \"unparseable signature,\" which allows remote attackers to bypass RPM signature checks via a crafted package.","releases":{"buster":{"fixed_version":"4.10.1-2.1","repositories":{"buster":"4.14.2.1+dfsg1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.10.1-2.1","repositories":{"stretch":"4.12.0.2+dfsg1-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.10.1-2.1","repositories":{"jessie":"4.11.3-1.1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.10.1-2.1","repositories":{"sid":"4.14.2.1+dfsg1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-2776":{"scope":"local","description":"Buffer overflow in the Error function in super.c in Super 3.30.0 might allow local users to execute arbitrary code via vectors related to syslog logging.  NOTE: some of these details are obtained from third party information.","releases":{"buster":{"fixed_version":"3.30.0-6","repositories":{"buster":"3.30.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.30.0-6","repositories":{"stretch":"3.30.0-7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.30.0-6","repositories":{"jessie":"3.30.0-7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.30.0-6","repositories":{"sid":"3.30.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2004-0579":{"scope":"local","description":"Format string vulnerability in super before 3.23 allows local users to execute arbitrary code as root.","releases":{"buster":{"fixed_version":"3.23.0-1","repositories":{"buster":"3.30.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.23.0-1","repositories":{"stretch":"3.30.0-7"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.23.0-1","repositories":{"jessie":"3.30.0-7"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.23.0-1","repositories":{"sid":"3.30.1-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-0470":{"scope":"local","description":"super.c in Super 3.30.0 does not check the return value of the setuid function when the -F flag is set, which allows local users to gain privileges via unspecified vectors, aka an RLIMIT_NPROC attack.","releases":{"buster":{"fixed_version":"3.30.0-7","repositories":{"buster":"3.30.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.30.0-7","repositories":{"stretch":"3.30.0-7"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.30.0-7","repositories":{"jessie":"3.30.0-7"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.30.0-7","repositories":{"sid":"3.30.1-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2002-0817":{"scope":"local","description":"Format string vulnerability in super for Linux allows local users to gain root privileges via a long command line argument.","releases":{"buster":{"fixed_version":"3.18.0-3","repositories":{"buster":"3.30.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.18.0-3","repositories":{"stretch":"3.30.0-7"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.18.0-3","repositories":{"jessie":"3.30.0-7"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.18.0-3","repositories":{"sid":"3.30.1-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7653":{"debianbug":911266,"scope":"remote","description":"The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic string which is not valid UTF-8, and so cause a denial of service for the clients.","releases":{"buster":{"fixed_version":"1.5.4-1","repositories":{"buster":"1.5.7-1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.4.10-3+deb9u2","repositories":{"stretch-security":"1.4.10-3+deb9u4","stretch":"1.4.10-3+deb9u4"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.3.4-2+deb8u3","repositories":{"jessie":"1.3.4-2+deb8u1","jessie-security":"1.3.4-2+deb8u3"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.5.4-1","repositories":{"sid":"1.5.7-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-7652":{"scope":"remote","description":"In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running with a configuration file, then sending a HUP signal to server triggers the configuration to be reloaded from disk. If there are lots of clients connected so that there are no more file descriptors/sockets available (default limit typically 1024 file descriptors on Linux), then opening the configuration file will fail.","releases":{"buster":{"fixed_version":"1.4.15-1","repositories":{"buster":"1.5.7-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.4.10-3+deb9u2","repositories":{"stretch-security":"1.4.10-3+deb9u4","stretch":"1.4.10-3+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.3.4-2+deb8u2","repositories":{"jessie":"1.3.4-2+deb8u1","jessie-security":"1.3.4-2+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.4.15-1","repositories":{"sid":"1.5.7-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7651":{"scope":"remote","description":"In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server simply by filling the RAM memory with a lot of connections with large payload. This can be done without authentications if occur in connection phase of MQTT protocol.","releases":{"buster":{"fixed_version":"1.4.15-1","repositories":{"buster":"1.5.7-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.4.10-3+deb9u2","repositories":{"stretch-security":"1.4.10-3+deb9u4","stretch":"1.4.10-3+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.3.4-2+deb8u2","repositories":{"jessie":"1.3.4-2+deb8u1","jessie-security":"1.3.4-2+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.4.15-1","repositories":{"sid":"1.5.7-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7650":{"scope":"remote","description":"In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '#' or '+'. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third party authentication/access control plugins for Mosquitto.","releases":{"buster":{"fixed_version":"1.4.10-3","repositories":{"buster":"1.5.7-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.4.10-3","repositories":{"stretch-security":"1.4.10-3+deb9u4","stretch":"1.4.10-3+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.3.4-2+deb8u1","repositories":{"jessie":"1.3.4-2+deb8u1","jessie-security":"1.3.4-2+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.4.10-3","repositories":{"sid":"1.5.7-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-9868":{"debianbug":865959,"scope":"local","description":"In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) is world readable, which allows local users to obtain sensitive MQTT topic information.","releases":{"buster":{"fixed_version":"1.4.14-1","repositories":{"buster":"1.5.7-1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.4.10-3+deb9u1","repositories":{"stretch-security":"1.4.10-3+deb9u4","stretch":"1.4.10-3+deb9u4"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.3.4-2+deb8u3","repositories":{"jessie":"1.3.4-2+deb8u1","jessie-security":"1.3.4-2+deb8u3"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.4.14-1","repositories":{"sid":"1.5.7-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-12546":{"debianbug":921976,"scope":"remote","description":"In Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. In some applications this may result in clients being able cause effects that would otherwise not be allowed.","releases":{"buster":{"fixed_version":"1.5.6-1","repositories":{"buster":"1.5.7-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.4.10-3+deb9u3","repositories":{"stretch-security":"1.4.10-3+deb9u4","stretch":"1.4.10-3+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.3.4-2+deb8u1","jessie-security":"1.3.4-2+deb8u3"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"1.5.6-1","repositories":{"sid":"1.5.7-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7655":{"scope":"remote","description":"In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vulnerability was found in the Mosquitto library which could lead to crashes for those applications using the library.","releases":{"buster":{"fixed_version":"1.5.4-1","repositories":{"buster":"1.5.7-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch-security":"1.4.10-3+deb9u4","stretch":"1.4.10-3+deb9u4"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.3.4-2+deb8u1","jessie-security":"1.3.4-2+deb8u3"},"urgency":"low","nodsa_reason":"postponed","status":"open"},"sid":{"fixed_version":"1.5.4-1","repositories":{"sid":"1.5.7-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-7654":{"debianbug":911265,"scope":"remote","description":"In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto Broker. Unauthenticated clients can send crafted CONNECT packets which could cause a denial of service in the Mosquitto Broker.","releases":{"buster":{"fixed_version":"1.5.4-1","repositories":{"buster":"1.5.7-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.4.10-3+deb9u2","repositories":{"stretch-security":"1.4.10-3+deb9u4","stretch":"1.4.10-3+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.3.4-2+deb8u3","repositories":{"jessie":"1.3.4-2+deb8u1","jessie-security":"1.3.4-2+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.5.4-1","repositories":{"sid":"1.5.7-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-12543":{"scope":"remote","description":"In Eclipse Mosquitto versions 1.5 to 1.5.2 inclusive, if a message is published to Mosquitto that has a topic starting with $, but that is not $SYS, e.g. $test/test, then an assert is triggered that should otherwise not be reachable and Mosquitto will exit.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.5.7-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1.4.10-3+deb9u4","stretch":"1.4.10-3+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.3.4-2+deb8u1","jessie-security":"1.3.4-2+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.5.7-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-12550":{"debianbug":921976,"scope":"remote","description":"When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour is to have an empty ACL file mean that all access is denied, which is not a useful configuration but is not unexpected.","releases":{"buster":{"fixed_version":"1.5.6-1","repositories":{"buster":"1.5.7-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.4.10-3+deb9u3","repositories":{"stretch-security":"1.4.10-3+deb9u4","stretch":"1.4.10-3+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.3.4-2+deb8u1","jessie-security":"1.3.4-2+deb8u3"},"urgency":"medium**","nodsa_reason":"postponed","status":"open"},"sid":{"fixed_version":"1.5.6-1","repositories":{"sid":"1.5.7-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-20145":{"scope":"remote","description":"Eclipse Mosquitto 1.5.x before 1.5.5 allows ACL bypass: if the option per_listener_settings was set to true, and the default listener was in use, and the default listener specified an acl_file, then the acl file was being ignored.","releases":{"buster":{"fixed_version":"1.5.5-1","repositories":{"buster":"1.5.7-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1.4.10-3+deb9u4","stretch":"1.4.10-3+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.3.4-2+deb8u1","jessie-security":"1.3.4-2+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.5.5-1","repositories":{"sid":"1.5.7-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-12551":{"debianbug":921976,"scope":"remote","description":"When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no password. If this occurs, clients can circumvent authentication and get access to the broker by using the malformed username. In particular, a blank line will be treated as a valid empty username. Other security measures are unaffected. Users who have only used the mosquitto_passwd utility to create and modify their password files are unaffected by this vulnerability.","releases":{"buster":{"fixed_version":"1.5.6-1","repositories":{"buster":"1.5.7-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.4.10-3+deb9u3","repositories":{"stretch-security":"1.4.10-3+deb9u4","stretch":"1.4.10-3+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.3.4-2+deb8u1","jessie-security":"1.3.4-2+deb8u3"},"urgency":"medium**","nodsa_reason":"postponed","status":"open"},"sid":{"fixed_version":"1.5.6-1","repositories":{"sid":"1.5.7-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-7031":{"debianbug":838026,"scope":"remote","description":"The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL.","releases":{"buster":{"fixed_version":"10.2.5-1","repositories":{"buster":"12.2.11+dfsg1-2.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"10.2.5-1","repositories":{"stretch-security":"10.2.11-2","stretch":"10.2.11-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.80.7-2+deb8u2","repositories":{"jessie":"0.80.7-2+deb8u2","jessie-security":"0.80.7-2+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"10.2.5-1","repositories":{"sid":"12.2.11+dfsg1-2.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9579":{"debianbug":849048,"scope":"remote","description":"A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request. Ceph branches 1.3.x and 2.x are affected.","releases":{"buster":{"fixed_version":"10.2.5-2","repositories":{"buster":"12.2.11+dfsg1-2.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"10.2.5-2","repositories":{"stretch-security":"10.2.11-2","stretch":"10.2.11-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.80.7-2+deb8u2","repositories":{"jessie":"0.80.7-2+deb8u2","jessie-security":"0.80.7-2+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"10.2.5-2","repositories":{"sid":"12.2.11+dfsg1-2.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7519":{"debianbug":864535,"scope":"local","description":"In Ceph, a format string flaw was found in the way libradosstriper parses input from user. A user could crash an application or service using the libradosstriper library.","releases":{"buster":{"fixed_version":"12.2.8+dfsg1-1","repositories":{"buster":"12.2.11+dfsg1-2.1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"10.2.11-1","repositories":{"stretch-security":"10.2.11-2","stretch":"10.2.11-2"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.80.7-2+deb8u2","jessie-security":"0.80.7-2+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"12.2.8+dfsg1-1","repositories":{"sid":"12.2.11+dfsg1-2.1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2019-3821":{"scope":"remote","description":"A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. An unauthenticated attacker could create multiple connections to ceph RADOS gateway to exhaust file descriptors for ceph-radosgw service resulting in a remote denial of service.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"12.2.11+dfsg1-2.1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"10.2.11-2","stretch":"10.2.11-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.80.7-2+deb8u2","jessie-security":"0.80.7-2+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"12.2.11+dfsg1-2.1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-16818":{"scope":"remote","description":"RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging \"full\" (not necessarily admin) privileges to post an invalid profile to the admin API, related to rgw/rgw_iam_policy.cc, rgw/rgw_basic_types.h, and rgw/rgw_iam_types.h.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"12.2.11+dfsg1-2.1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"10.2.11-2","stretch":"10.2.11-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.80.7-2+deb8u2","jessie-security":"0.80.7-2+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"12.2.11+dfsg1-2.1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-7262":{"scope":"remote","description":"In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"12.2.11+dfsg1-2.1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"10.2.11-2","stretch":"10.2.11-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.80.7-2+deb8u2","jessie-security":"0.80.7-2+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"12.2.11+dfsg1-2.1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-5009":{"debianbug":829661,"scope":"remote","description":"The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix.","releases":{"buster":{"fixed_version":"10.2.5-1","repositories":{"buster":"12.2.11+dfsg1-2.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"10.2.5-1","repositories":{"stretch-security":"10.2.11-2","stretch":"10.2.11-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.80.7-2+deb8u2","repositories":{"jessie":"0.80.7-2+deb8u2","jessie-security":"0.80.7-2+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"10.2.5-1","repositories":{"sid":"12.2.11+dfsg1-2.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-16846":{"debianbug":921947,"scope":"remote","description":"It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices.","releases":{"buster":{"fixed_version":"12.2.11+dfsg1-1","repositories":{"buster":"12.2.11+dfsg1-2.1"},"urgency":"medium**","status":"resolved"},"stretch":{"repositories":{"stretch-security":"10.2.11-2","stretch":"10.2.11-2"},"urgency":"medium**","status":"open"},"jessie":{"fixed_version":"0.80.7-2+deb8u3","repositories":{"jessie":"0.80.7-2+deb8u2","jessie-security":"0.80.7-2+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"12.2.11+dfsg1-1","repositories":{"sid":"12.2.11+dfsg1-2.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-8626":{"debianbug":844200,"scope":"remote","description":"A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object requests permits an authenticated attacker to launch a denial of service attack by sending null or specially crafted POST object requests.","releases":{"buster":{"fixed_version":"10.2.5-1","repositories":{"buster":"12.2.11+dfsg1-2.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"10.2.5-1","repositories":{"stretch-security":"10.2.11-2","stretch":"10.2.11-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.80.7-2+deb8u2","repositories":{"jessie":"0.80.7-2+deb8u2","jessie-security":"0.80.7-2+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"10.2.5-1","repositories":{"sid":"12.2.11+dfsg1-2.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-16889":{"debianbug":918969,"scope":"remote","description":"Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable.","releases":{"buster":{"fixed_version":"12.2.11+dfsg1-1","repositories":{"buster":"12.2.11+dfsg1-2.1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch-security":"10.2.11-2","stretch":"10.2.11-2"},"urgency":"low","nodsa_reason":"postponed","status":"open"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.80.7-2+deb8u2","jessie-security":"0.80.7-2+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"12.2.11+dfsg1-1","repositories":{"sid":"12.2.11+dfsg1-2.1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-1129":{"debianbug":913472,"scope":"remote","description":"A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.","releases":{"buster":{"fixed_version":"12.2.8+dfsg1-1","repositories":{"buster":"12.2.11+dfsg1-2.1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"10.2.11-1","repositories":{"stretch-security":"10.2.11-2","stretch":"10.2.11-2"},"urgency":"low**","status":"resolved"},"jessie":{"nodsa":"Intrusive changes","repositories":{"jessie":"0.80.7-2+deb8u2","jessie-security":"0.80.7-2+deb8u3"},"urgency":"low**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"12.2.8+dfsg1-1","repositories":{"sid":"12.2.11+dfsg1-2.1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-10861":{"debianbug":913470,"scope":"remote","description":"A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected.","releases":{"buster":{"fixed_version":"12.2.8+dfsg1-1","repositories":{"buster":"12.2.11+dfsg1-2.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"10.2.11-1","repositories":{"stretch-security":"10.2.11-2","stretch":"10.2.11-2"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Intrusive changes","repositories":{"jessie":"0.80.7-2+deb8u2","jessie-security":"0.80.7-2+deb8u3"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"12.2.8+dfsg1-1","repositories":{"sid":"12.2.11+dfsg1-2.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-1128":{"debianbug":913471,"scope":"remote","description":"It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.","releases":{"buster":{"fixed_version":"12.2.8+dfsg1-1","repositories":{"buster":"12.2.11+dfsg1-2.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"10.2.11-1","repositories":{"stretch-security":"10.2.11-2","stretch":"10.2.11-2"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Intrusive changes","repositories":{"jessie":"0.80.7-2+deb8u2","jessie-security":"0.80.7-2+deb8u3"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"12.2.8+dfsg1-1","repositories":{"sid":"12.2.11+dfsg1-2.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-5245":{"debianbug":798567,"scope":"remote","description":"CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name.","releases":{"buster":{"fixed_version":"0.80.10-1","repositories":{"buster":"12.2.11+dfsg1-2.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.80.10-1","repositories":{"stretch-security":"10.2.11-2","stretch":"10.2.11-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.80.7-2+deb8u1","repositories":{"jessie":"0.80.7-2+deb8u2","jessie-security":"0.80.7-2+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.80.10-1","repositories":{"sid":"12.2.11+dfsg1-2.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-14662":{"debianbug":921948,"scope":"remote","description":"It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.","releases":{"buster":{"fixed_version":"12.2.11+dfsg1-1","repositories":{"buster":"12.2.11+dfsg1-2.1"},"urgency":"low**","status":"resolved"},"stretch":{"repositories":{"stretch-security":"10.2.11-2","stretch":"10.2.11-2"},"urgency":"low**","status":"open"},"jessie":{"fixed_version":"0.80.7-2+deb8u3","repositories":{"jessie":"0.80.7-2+deb8u2","jessie-security":"0.80.7-2+deb8u3"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"12.2.11+dfsg1-1","repositories":{"sid":"12.2.11+dfsg1-2.1"},"urgency":"low**","status":"resolved"}}}}
{"TEMP-0853951-A77B7B":{"debianbug":853951,"releases":{"buster":{"fixed_version":"2.0-4","repositories":{"buster":"2.4-2"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"2.0-4","repositories":{"stretch":"2.0-4"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"2.0-4","repositories":{"sid":"2.4-2"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2015-5228":{"debianbug":797111,"scope":"local","description":"The service daemon in CRIU creates log and dump files insecurely, which allows local users to create arbitrary files and take ownership of existing files via unspecified vectors related to a directory path.","releases":{"sid":{"fixed_version":"1.8-2","repositories":{"sid":"3.8.1-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-5231":{"debianbug":797110,"scope":"local","description":"The service daemon in CRIU does not properly restrict access to non-dumpable processes, which allows local users to obtain sensitive information via (1) process dumps or (2) ptrace access.","releases":{"sid":{"fixed_version":"1.8-2","repositories":{"sid":"3.8.1-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2013-1820":{"releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.10.0-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.10.0-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-6136":{"releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.10.0-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.10.0-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-2383":{"debianbug":555217,"scope":"remote","description":"The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka \"JavaScript Hijacking.\"","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"3.4.0.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-7220":{"debianbug":555217,"scope":"remote","description":"Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make \"cross-site ajax requests\" via unknown vectors.","releases":{"jessie":{"fixed_version":"0.2.14+debian-2.2","repositories":{"jessie":"3.4.0.2-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-5376":{"debianbug":509275,"scope":"local","description":"editcomment in crip 3.7 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.tag.tmp temporary file.","releases":{"buster":{"fixed_version":"3.7-5","repositories":{"buster":"3.9-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.7-5","repositories":{"stretch":"3.9-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3.7-5","repositories":{"jessie":"3.9-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"3.7-5","repositories":{"sid":"3.9-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2005-0393":{"scope":"local","description":"The helper scripts for crip 3.5 do not properly use temporary files, which allows local users to have an unknown impact with unknown attack vectors.","releases":{"buster":{"fixed_version":"3.5-1sarge2","repositories":{"buster":"3.9-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.5-1sarge2","repositories":{"stretch":"3.9-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3.5-1sarge2","repositories":{"jessie":"3.9-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"3.5-1sarge2","repositories":{"sid":"3.9-2"},"urgency":"low","status":"resolved"}}}}
{"TEMP-0532514-9137E0":{"debianbug":520324,"releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.0.5-5"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"3.0.5-3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.0.4-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.0.5-5"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2005-0012":{"scope":"remote","description":"Format string vulnerability in the a_Interface_msg function in Dillo before 0.8.3-r4 allows remote attackers to execute arbitrary code via format string specifiers in a web page.","releases":{"buster":{"fixed_version":"0.8.3-1","repositories":{"buster":"3.0.5-5"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.8.3-1","repositories":{"stretch":"3.0.5-3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.8.3-1","repositories":{"jessie":"3.0.4-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.8.3-1","repositories":{"sid":"3.0.5-5"},"urgency":"high**","status":"resolved"}}}}
{"TEMP-0560108-565B70":{"debianbug":560108,"releases":{"buster":{"repositories":{"buster":"3.0.5-5"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.0.5-3"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.0.4-2"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.0.5-5"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2009-2294":{"debianbug":535788,"scope":"remote","description":"Integer overflow in the Png_datainfo_callback function in Dillo 2.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG image with crafted (1) width or (2) height values.","releases":{"buster":{"fixed_version":"3.0-1","repositories":{"buster":"3.0.5-5"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"3.0-1","repositories":{"stretch":"3.0.5-3"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"3.0-1","repositories":{"jessie":"3.0.4-2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"3.0-1","repositories":{"sid":"3.0.5-5"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2005-2962":{"scope":"local","description":"The post-installation script for ntlmaps before 0.9.9 sets world-readable permissions for the configuration file, which allows local users to obtain the username and password.","releases":{"buster":{"fixed_version":"0.9.9-4","repositories":{"buster":"0.9.9.0.1-11.5"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"0.9.9-4","repositories":{"stretch":"0.9.9.0.1-11.5"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"0.9.9-4","repositories":{"jessie":"0.9.9.0.1-11.3"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"0.9.9-4","repositories":{"sid":"0.9.9.0.1-11.5"},"urgency":"low**","status":"resolved"}}}}
{"TEMP-0779573-6C7D15":{"debianbug":779573,"releases":{"buster":{"fixed_version":"2.57+ds-3","repositories":{"buster":"2.67+ds-5"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"2.57+ds-3","repositories":{"stretch":"2.66+ds-4"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"2.57+ds-3","repositories":{"jessie":"2.57+ds-3"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"2.57+ds-3","repositories":{"sid":"2.67+ds-5"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2014-1875":{"debianbug":737835,"scope":"local","description":"The Capture::Tiny module before 0.24 for Perl allows local users to write to arbitrary files via a symlink attack on a temporary file.","releases":{"buster":{"fixed_version":"0.24-1","repositories":{"buster":"0.48-1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"0.24-1","repositories":{"stretch":"0.44-1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"0.24-1","repositories":{"jessie":"0.25-1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"0.24-1","repositories":{"sid":"0.48-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-3977":{"debianbug":820526,"scope":"remote","description":"Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib 5.1.2 allows remote attackers to cause a denial of service (application crash) via the background color index in a GIF file.","releases":{"buster":{"fixed_version":"5.1.4-3","repositories":{"buster":"5.1.4-3"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"5.1.4-0.4"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"4.1.6-11+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"5.1.4-3","repositories":{"sid":"5.1.4-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-11490":{"debianbug":904114,"scope":"remote","description":"The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain \"Private->RunningCode - 2\" array index is not checked. This will lead to a denial of service or possibly unspecified other impact.","releases":{"buster":{"nodsa":"Minor issue","repositories":{"buster":"5.1.4-3"},"urgency":"medium**","nodsa_reason":"","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"5.1.4-0.4"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"4.1.6-11+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"5.1.4-3"},"urgency":"medium**","status":"open"}}}}
{"CVE-2005-3350":{"debianbug":337972,"scope":"remote","description":"libungif library before 4.1.0 allows attackers to corrupt memory and possibly execute arbitrary code via a crafted GIF file that leads to an out-of-bounds write.","releases":{"buster":{"fixed_version":"4.1.4-1","repositories":{"buster":"5.1.4-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.1.4-1","repositories":{"stretch":"5.1.4-0.4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.1.4-1","repositories":{"jessie":"4.1.6-11+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.1.4-1","repositories":{"sid":"5.1.4-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-11489":{"debianbug":904113,"scope":"remote","description":"The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. This will lead to a denial of service or possibly unspecified other impact.","releases":{"buster":{"nodsa":"Minor issue","repositories":{"buster":"5.1.4-3"},"urgency":"medium**","nodsa_reason":"","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"5.1.4-0.4"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"4.1.6-11+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"5.1.4-3"},"urgency":"medium**","status":"open"}}}}
{"TEMP-0820594-BC6826":{"debianbug":820594,"releases":{"buster":{"fixed_version":"5.1.4-0.1","repositories":{"buster":"5.1.4-3"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"5.1.4-0.1","repositories":{"stretch":"5.1.4-0.4"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"4.1.6-11+deb8u1"},"urgency":"not yet assigned","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"5.1.4-0.1","repositories":{"sid":"5.1.4-3"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2016-3177":{"scope":"remote","description":"Multiple use-after-free and double-free vulnerabilities in gifcolor.c in GIFLIB 5.1.2 have unspecified impact and attack vectors.","releases":{"buster":{"repositories":{"buster":"5.1.4-3"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"5.1.4-0.4"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"4.1.6-11+deb8u1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"5.1.4-3"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2005-2974":{"debianbug":337972,"scope":"remote","description":"libungif library before 4.1.0 allows attackers to cause a denial of service via a crafted GIF file that triggers a null dereference.","releases":{"buster":{"fixed_version":"4.1.4-1","repositories":{"buster":"5.1.4-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"4.1.4-1","repositories":{"stretch":"5.1.4-0.4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"4.1.4-1","repositories":{"jessie":"4.1.6-11+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"4.1.4-1","repositories":{"sid":"5.1.4-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-7555":{"debianbug":808704,"scope":"remote","description":"Heap-based buffer overflow in giffix.c in giffix in giflib 5.1.1 allows attackers to cause a denial of service (program crash) via crafted image and logical screen width fields in a GIF file.","releases":{"buster":{"fixed_version":"5.1.2-0.1","repositories":{"buster":"5.1.4-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"5.1.2-0.1","repositories":{"stretch":"5.1.4-0.4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.1.6-11+deb8u1","repositories":{"jessie":"4.1.6-11+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"5.1.2-0.1","repositories":{"sid":"5.1.4-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-13722":{"scope":"local","description":"In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server.","releases":{"stretch":{"repositories":{"stretch":"1:1.5.2-4"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-13720":{"scope":"local","description":"In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). This occurs because '\\0' characters are incorrectly skipped in situations involving ? characters.","releases":{"stretch":{"repositories":{"stretch":"1:1.5.2-4"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-16611":{"debianbug":883929,"scope":"local","description":"In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files.","releases":{"stretch":{"repositories":{"stretch":"1:1.5.2-4"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2014-1640":{"debianbug":736358,"scope":"local","description":"axiom-test.sh in axiom 20100701-1.1 uses tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename.","releases":{"buster":{"fixed_version":"20120501-17","repositories":{"buster":"20170501-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"20120501-17","repositories":{"stretch":"20140801-12"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"20120501-17","repositories":{"jessie":"20140801-6"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"20120501-17","repositories":{"sid":"20170501-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-3736":{"debianbug":559797,"scope":"local","description":"ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.","releases":{"buster":{"fixed_version":"2.4.0b-5","repositories":{"buster":"2.15.1-5"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.4.0b-5","repositories":{"stretch":"2.11.1-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.4.0b-5","repositories":{"jessie":"2.8.0b-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.4.0b-5","repositories":{"sid":"2.15.1-5"},"urgency":"low","status":"resolved"}}}}
{"TEMP-0361913-F8E45A":{"debianbug":361913,"releases":{"buster":{"fixed_version":"1.3.5-1","repositories":{"buster":"3.12.0-3"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"1.3.5-1","repositories":{"stretch":"3.6.1-3"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"1.3.5-1","repositories":{"jessie":"3.6.1-2.4"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"1.3.5-1","repositories":{"sid":"3.12.0-3"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2005-3656":{"scope":"remote","description":"Multiple format string vulnerabilities in logging functions in mod_auth_pgsql before 2.0.3, when used for user authentication against a PostgreSQL database, allows remote unauthenticated attackers to execute arbitrary code, as demonstrated via the username.","releases":{"buster":{"fixed_version":"2.0.2b1-7","repositories":{"buster":"2.0.3-6.1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.0.2b1-7","repositories":{"stretch":"2.0.3-6.1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.0.2b1-7","repositories":{"jessie":"2.0.3-6.1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.0.2b1-7","repositories":{"sid":"2.0.3-6.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-10689":{"debianbug":897695,"scope":"remote","description":"blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small, as demonstrated by an invalid free when using the btt program with a crafted file.","releases":{"buster":{"fixed_version":"1.2.0-1","repositories":{"buster":"1.2.0-5"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.1.0-2+deb9u1","repositories":{"stretch":"1.1.0-2+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.5-1+deb8u1","repositories":{"jessie":"1.0.5-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.2.0-1","repositories":{"sid":"1.2.0-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-2383":{"debianbug":555217,"scope":"remote","description":"The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka \"JavaScript Hijacking.\"","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.9.0-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.9.0-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.9.0-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.9.0-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-7220":{"debianbug":555217,"scope":"remote","description":"Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make \"cross-site ajax requests\" via unknown vectors.","releases":{"buster":{"fixed_version":"1.8.3-1","repositories":{"buster":"1.9.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.8.3-1","repositories":{"stretch":"1.9.0-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.8.3-1","repositories":{"jessie":"1.9.0-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.8.3-1","repositories":{"sid":"1.9.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-2094":{"debianbug":739958,"scope":"local","description":"Untrusted search path vulnerability in Catfish through 0.4.0.3, when a Fedora package such as 0.4.0.2-2 is not used, allows local users to gain privileges via a Trojan horse catfish.pyc in the current working directory.","releases":{"buster":{"fixed_version":"1.0.1-1","repositories":{"buster":"1.4.7-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.0.1-1","repositories":{"stretch":"1.2.2-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.0.1-1","repositories":{"jessie":"1.2.2-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.0.1-1","repositories":{"sid":"1.4.7-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-2095":{"debianbug":739958,"scope":"local","description":"Untrusted search path vulnerability in Catfish 0.6.0 through 1.0.0, when a Fedora package such as 0.8.2-1 is not used, allows local users to gain privileges via a Trojan horse bin/catfish.pyc under the current working directory.","releases":{"buster":{"fixed_version":"1.0.1-1","repositories":{"buster":"1.4.7-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.0.1-1","repositories":{"stretch":"1.2.2-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.0.1-1","repositories":{"jessie":"1.2.2-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.0.1-1","repositories":{"sid":"1.4.7-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-2093":{"debianbug":739958,"scope":"local","description":"Untrusted search path vulnerability in Catfish through 0.4.0.3 allows local users to gain privileges via a Trojan horse catfish.py in the current working directory.","releases":{"buster":{"fixed_version":"1.0.1-1","repositories":{"buster":"1.4.7-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.0.1-1","repositories":{"stretch":"1.2.2-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.0.1-1","repositories":{"jessie":"1.2.2-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.0.1-1","repositories":{"sid":"1.4.7-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-2096":{"debianbug":739958,"scope":"local","description":"Untrusted search path vulnerability in Catfish 0.6.0 through 1.0.0 allows local users to gain privileges via a Trojan horse bin/catfish.py under the current working directory.","releases":{"buster":{"fixed_version":"1.0.1-1","repositories":{"buster":"1.4.7-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.0.1-1","repositories":{"stretch":"1.2.2-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.0.1-1","repositories":{"jessie":"1.2.2-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.0.1-1","repositories":{"sid":"1.4.7-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-0209":{"scope":"local","description":"Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata.","releases":{"buster":{"fixed_version":"1:1.4.7-2","repositories":{"buster":"1:2.0.3-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.4.7-2","repositories":{"stretch-security":"1:2.0.1-3+deb9u1","stretch":"1:2.0.1-3+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:1.4.7-2","repositories":{"jessie":"1:1.5.1-1+deb8u1","jessie-security":"1:1.5.1-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.4.7-2","repositories":{"sid":"1:2.0.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-3739":{"scope":"local","description":"Integer overflow in the CIDAFM function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted Adobe Font Metrics (AFM) files with a modified number of character metrics (StartCharMetrics), which leads to a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"1:1.2.2-1","repositories":{"buster":"1:2.0.3-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:1.2.2-1","repositories":{"stretch-security":"1:2.0.1-3+deb9u1","stretch":"1:2.0.1-3+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:1.2.2-1","repositories":{"jessie":"1:1.5.1-1+deb8u1","jessie-security":"1:1.5.1-1+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:1.2.2-1","repositories":{"sid":"1:2.0.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-0211":{"scope":"remote","description":"Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow.","releases":{"buster":{"fixed_version":"1:1.4.7-2","repositories":{"buster":"1:2.0.3-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1:1.4.7-2","repositories":{"stretch-security":"1:2.0.1-3+deb9u1","stretch":"1:2.0.1-3+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1:1.4.7-2","repositories":{"jessie":"1:1.5.1-1+deb8u1","jessie-security":"1:1.5.1-1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:1.4.7-2","repositories":{"sid":"1:2.0.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-0210":{"scope":"remote","description":"Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function.","releases":{"buster":{"fixed_version":"1:1.4.7-2","repositories":{"buster":"1:2.0.3-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1:1.4.7-2","repositories":{"stretch-security":"1:2.0.1-3+deb9u1","stretch":"1:2.0.1-3+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1:1.4.7-2","repositories":{"jessie":"1:1.5.1-1+deb8u1","jessie-security":"1:1.5.1-1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:1.4.7-2","repositories":{"sid":"1:2.0.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-6462":{"scope":"remote","description":"Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in a character name in a BDF font file.","releases":{"buster":{"fixed_version":"1:1.4.7-1","repositories":{"buster":"1:2.0.3-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:1.4.7-1","repositories":{"stretch-security":"1:2.0.1-3+deb9u1","stretch":"1:2.0.1-3+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:1.4.7-1","repositories":{"jessie":"1:1.5.1-1+deb8u1","jessie-security":"1:1.5.1-1+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:1.4.7-1","repositories":{"sid":"1:2.0.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-2895":{"scope":"remote","description":"The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.","releases":{"buster":{"fixed_version":"1:1.4.4-1","repositories":{"buster":"1:2.0.3-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:1.4.4-1","repositories":{"stretch-security":"1:2.0.1-3+deb9u1","stretch":"1:2.0.1-3+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:1.4.4-1","repositories":{"jessie":"1:1.5.1-1+deb8u1","jessie-security":"1:1.5.1-1+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:1.4.4-1","repositories":{"sid":"1:2.0.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-3467":{"debianbug":379920,"scope":"remote","description":"Integer overflow in FreeType before 2.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PCF file, as demonstrated by the Red Hat bad1.pcf test file, due to a partial fix of CVE-2006-1861.","releases":{"buster":{"fixed_version":"1:1.2.0-2","repositories":{"buster":"1:2.0.3-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1:1.2.0-2","repositories":{"stretch-security":"1:2.0.1-3+deb9u1","stretch":"1:2.0.1-3+deb9u1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1:1.2.0-2","repositories":{"jessie":"1:1.5.1-1+deb8u1","jessie-security":"1:1.5.1-1+deb8u1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1:1.2.0-2","repositories":{"sid":"1:2.0.3-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2006-3740":{"scope":"local","description":"Integer overflow in the scan_cidfont function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted (1) CMap and (2) CIDFont font data with modified item counts in the (a) begincodespacerange, (b) cidrange, and (c) notdefrange sections.","releases":{"buster":{"fixed_version":"1:1.2.2-1","repositories":{"buster":"1:2.0.3-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:1.2.2-1","repositories":{"stretch-security":"1:2.0.1-3+deb9u1","stretch":"1:2.0.1-3+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:1.2.2-1","repositories":{"jessie":"1:1.5.1-1+deb8u1","jessie-security":"1:1.5.1-1+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:1.2.2-1","repositories":{"sid":"1:2.0.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-13722":{"scope":"local","description":"In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server.","releases":{"buster":{"fixed_version":"1:2.0.1-4","repositories":{"buster":"1:2.0.3-1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1:2.0.1-3+deb9u1","repositories":{"stretch-security":"1:2.0.1-3+deb9u1","stretch":"1:2.0.1-3+deb9u1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1:1.5.1-1+deb8u1","repositories":{"jessie":"1:1.5.1-1+deb8u1","jessie-security":"1:1.5.1-1+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1:2.0.1-4","repositories":{"sid":"1:2.0.3-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-13720":{"scope":"local","description":"In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). This occurs because '\\0' characters are incorrectly skipped in situations involving ? characters.","releases":{"buster":{"fixed_version":"1:2.0.1-4","repositories":{"buster":"1:2.0.3-1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1:2.0.1-3+deb9u1","repositories":{"stretch-security":"1:2.0.1-3+deb9u1","stretch":"1:2.0.1-3+deb9u1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1:1.5.1-1+deb8u1","repositories":{"jessie":"1:1.5.1-1+deb8u1","jessie-security":"1:1.5.1-1+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1:2.0.1-4","repositories":{"sid":"1:2.0.3-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2008-0006":{"scope":"remote","description":"Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table.","releases":{"buster":{"fixed_version":"1:1.3.1-2","repositories":{"buster":"1:2.0.3-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:1.3.1-2","repositories":{"stretch-security":"1:2.0.1-3+deb9u1","stretch":"1:2.0.1-3+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:1.3.1-2","repositories":{"jessie":"1:1.5.1-1+deb8u1","jessie-security":"1:1.5.1-1+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:1.3.1-2","repositories":{"sid":"1:2.0.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-1803":{"scope":"remote","description":"The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file.","releases":{"buster":{"fixed_version":"1:1.5.1-1","repositories":{"buster":"1:2.0.3-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:1.5.1-1","repositories":{"stretch-security":"1:2.0.1-3+deb9u1","stretch":"1:2.0.1-3+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:1.5.1-1","repositories":{"jessie":"1:1.5.1-1+deb8u1","jessie-security":"1:1.5.1-1+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:1.5.1-1","repositories":{"sid":"1:2.0.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-1804":{"scope":"remote","description":"The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file.","releases":{"buster":{"fixed_version":"1:1.5.1-1","repositories":{"buster":"1:2.0.3-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:1.5.1-1","repositories":{"stretch-security":"1:2.0.1-3+deb9u1","stretch":"1:2.0.1-3+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:1.5.1-1","repositories":{"jessie":"1:1.5.1-1+deb8u1","jessie-security":"1:1.5.1-1+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:1.5.1-1","repositories":{"sid":"1:2.0.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-1802":{"scope":"remote","description":"The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative or (2) large property count in a BDF font file.","releases":{"buster":{"fixed_version":"1:1.5.1-1","repositories":{"buster":"1:2.0.3-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:1.5.1-1","repositories":{"stretch-security":"1:2.0.1-3+deb9u1","stretch":"1:2.0.1-3+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:1.5.1-1","repositories":{"jessie":"1:1.5.1-1+deb8u1","jessie-security":"1:1.5.1-1+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:1.5.1-1","repositories":{"sid":"1:2.0.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-1351":{"debianbug":426771,"scope":"remote","description":"Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.","releases":{"buster":{"fixed_version":"1:1.2.2-2","repositories":{"buster":"1:2.0.3-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1:1.2.2-2","repositories":{"stretch-security":"1:2.0.1-3+deb9u1","stretch":"1:2.0.1-3+deb9u1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1:1.2.2-2","repositories":{"jessie":"1:1.5.1-1+deb8u1","jessie-security":"1:1.5.1-1+deb8u1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1:1.2.2-2","repositories":{"sid":"1:2.0.3-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2017-16611":{"debianbug":883929,"scope":"local","description":"In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files.","releases":{"buster":{"fixed_version":"1:2.0.3-1","repositories":{"buster":"1:2.0.3-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch-security":"1:2.0.1-3+deb9u1","stretch":"1:2.0.1-3+deb9u1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1:1.5.1-1+deb8u1","jessie-security":"1:1.5.1-1+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1:2.0.3-1","repositories":{"sid":"1:2.0.3-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-5199":{"scope":"remote","description":"A single byte overflow in catalogue.c in X.Org libXfont 1.3.1 allows remote attackers to have unspecified impact.","releases":{"buster":{"fixed_version":"1:1.3.2-1","repositories":{"buster":"1:2.0.3-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:1.3.2-1","repositories":{"stretch-security":"1:2.0.1-3+deb9u1","stretch":"1:2.0.1-3+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:1.3.2-1","repositories":{"jessie":"1:1.5.1-1+deb8u1","jessie-security":"1:1.5.1-1+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:1.3.2-1","repositories":{"sid":"1:2.0.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-1352":{"scope":"remote","description":"Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow.","releases":{"buster":{"fixed_version":"1:1.2.2-2","repositories":{"buster":"1:2.0.3-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1:1.2.2-2","repositories":{"stretch-security":"1:2.0.1-3+deb9u1","stretch":"1:2.0.1-3+deb9u1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1:1.2.2-2","repositories":{"jessie":"1:1.5.1-1+deb8u1","jessie-security":"1:1.5.1-1+deb8u1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1:1.2.2-2","repositories":{"sid":"1:2.0.3-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2004-2167":{"scope":"remote","description":"Multiple buffer overflows in LaTeX2rtf 1.9.15, and possibly other versions, allow remote attackers to execute arbitrary code via (1) the expandmacro function, and possibly (2) Environments and (3) TranslateCommand.","releases":{"buster":{"fixed_version":"1.9.16","repositories":{"buster":"2.3.16-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.9.16","repositories":{"stretch":"2.3.10-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.9.16","repositories":{"jessie":"2.3.8-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.9.16","repositories":{"sid":"2.3.16-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-8106":{"debianbug":805398,"scope":"remote","description":"Format string vulnerability in the CmdKeywords function in funct1.c in latex2rtf before 2.3.10 allows remote attackers to execute arbitrary code via format string specifiers in the \\keywords command in a crafted TeX file.","releases":{"buster":{"fixed_version":"2.3.10-1","repositories":{"buster":"2.3.16-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.3.10-1","repositories":{"stretch":"2.3.10-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.3.8-1"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.3.10-1","repositories":{"sid":"2.3.16-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-9888":{"scope":"remote","description":"An error within the \"tar_directory_for_file()\" function (gsf-infile-tar.c) in GNOME Structured File Library before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently cause a crash via a crafted TAR file.","releases":{"buster":{"fixed_version":"1.14.41-1","repositories":{"buster":"1.14.45-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.14.41-1","repositories":{"stretch":"1.14.41-1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.14.30-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.14.41-1","repositories":{"sid":"1.14.45-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-4514":{"scope":"remote","description":"Heap-based buffer overflow in the ole_info_read_metabat function in Gnome Structured File library (libgsf) 1.14.0, and other versions before 1.14.2, allows context-dependent attackers to execute arbitrary code via a large num_metabat value in an OLE document, which causes the ole_init_info function to allocate insufficient memory.","releases":{"buster":{"fixed_version":"1.14.2-1","repositories":{"buster":"1.14.45-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.14.2-1","repositories":{"stretch":"1.14.41-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.14.2-1","repositories":{"jessie":"1.14.30-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.14.2-1","repositories":{"sid":"1.14.45-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-7299":{"debianbug":735881,"scope":"remote","description":"framework/common/messageheaderparser.cpp in Tntnet before 2.2.1 allows remote attackers to obtain sensitive information via a header that ends in \\n instead of \\r\\n, which prevents a null terminator from being added and causes Tntnet to include headers from other requests.","releases":{"buster":{"fixed_version":"2.2.1-1","repositories":{"buster":"2.2.1-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.2.1-1","repositories":{"stretch":"2.2.1-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.2.1-1","repositories":{"jessie":"2.2.1-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.2.1-1","repositories":{"sid":"2.2.1-3"},"urgency":"low","status":"resolved"}}}}
{"TEMP-0548909-2413C6":{"debianbug":548909,"releases":{"buster":{"fixed_version":"4.2~beta1-1","repositories":{"buster":"4.8-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"4.2~beta1-1","repositories":{"stretch":"4.7-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"4.2~beta1-1","repositories":{"jessie":"4.5-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"4.2~beta1-1","repositories":{"sid":"4.8-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-3618":{"debianbug":760443,"scope":"remote","description":"Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted email header, related to \"unbalanced quotes.\"","releases":{"buster":{"fixed_version":"3.22-22","repositories":{"buster":"3.22-26"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.22-22","repositories":{"stretch-security":"3.22-25+deb9u1","stretch":"3.22-25+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.22-22","repositories":{"jessie":"3.22-24+deb8u1","jessie-security":"3.22-24+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.22-22","repositories":{"sid":"3.22-26"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-16844":{"debianbug":876511,"scope":"remote","description":"Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618.","releases":{"buster":{"fixed_version":"3.22-26","repositories":{"buster":"3.22-26"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.22-25+deb9u1","repositories":{"stretch-security":"3.22-25+deb9u1","stretch":"3.22-25+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.22-24+deb8u1","repositories":{"jessie":"3.22-24+deb8u1","jessie-security":"3.22-24+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.22-26","repositories":{"sid":"3.22-26"},"urgency":"high**","status":"resolved"}}}}
{"TEMP-0769937-FD49EE":{"debianbug":769937,"releases":{"buster":{"fixed_version":"3.22-24","repositories":{"buster":"3.22-26"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"3.22-24","repositories":{"stretch-security":"3.22-25+deb9u1","stretch":"3.22-25+deb9u1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"3.22-24","repositories":{"jessie":"3.22-24+deb8u1","jessie-security":"3.22-24+deb8u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"3.22-24","repositories":{"sid":"3.22-26"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2014-8156":{"scope":"local","description":"The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4, and fso-usaged 0.12.0-2 as packaged in Debian, the upstream cornucopia.git (fsoaudiod, fsodatad, fsodeviced, fsogsmd, fsonetworkd, fsotdld, fsousaged) git master on 2015-01-19, the upstream framework.git 0.10.1 and git master on 2015-01-19, phonefsod 0.1+git20121018-1 as packaged in Debian, Ubuntu and potentially other packages, and potentially other fso modules do not properly filter D-Bus message paths, which might allow local users to cause a denial of service (dbus-daemon memory consumption), or execute arbitrary code as root by sending a crafted D-Bus message to any D-Bus system service.","releases":{"stretch":{"fixed_version":"0.12.0-4","repositories":{"stretch":"0.12.0-5"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.12.0-4","repositories":{"jessie":"0.12.0-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-0862":{"debianbug":672381,"scope":"remote","description":"builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1.","releases":{"buster":{"fixed_version":"1:2.3.14-7.1","repositories":{"buster":"1:2.3.15.3-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:2.3.14-7.1","repositories":{"stretch":"1:2.3.15-7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:2.3.14-7.1","repositories":{"jessie":"1:2.3.15-3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:2.3.14-7.1","repositories":{"sid":"1:2.3.15.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-4342":{"debianbug":324678,"scope":"remote","description":"xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging another vulnerability in a service.","releases":{"buster":{"fixed_version":"1:2.3.15-2","repositories":{"buster":"1:2.3.15.3-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:2.3.15-2","repositories":{"stretch":"1:2.3.15-7"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:2.3.15-2","repositories":{"jessie":"1:2.3.15-3"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:2.3.15-2","repositories":{"sid":"1:2.3.15.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2003-0211":{"scope":"remote","description":"Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial of service (memory consumption) via a large number of rejected connections.","releases":{"buster":{"fixed_version":"1:2.3.11","repositories":{"buster":"1:2.3.15.3-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:2.3.11","repositories":{"stretch":"1:2.3.15-7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:2.3.11","repositories":{"jessie":"1:2.3.15-3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:2.3.11","repositories":{"sid":"1:2.3.15.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2002-0871":{"scope":"local","description":"xinetd 2.3.4 leaks file descriptors for the signal pipe to services that are launched by xinetd, which could allow those services to cause a denial of service via the pipe.","releases":{"buster":{"fixed_version":"1:2.3.7-1","repositories":{"buster":"1:2.3.15.3-1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1:2.3.7-1","repositories":{"stretch":"1:2.3.15-7"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1:2.3.7-1","repositories":{"jessie":"1:2.3.15-3"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1:2.3.7-1","repositories":{"sid":"1:2.3.15.3-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2003-0251":{"scope":"remote","description":"ypserv NIS server before 2.7 allows remote attackers to cause a denial of service via a TCP client request that does not respond to the server, which causes ypserv to block.","releases":{"buster":{"fixed_version":"3.11","repositories":{"buster":"3.17.1-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.11","repositories":{"stretch":"3.17.1-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.11","repositories":{"jessie":"3.17-33"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.11","repositories":{"sid":"3.17.1-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2002-1232":{"scope":"remote","description":"Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist.","releases":{"buster":{"fixed_version":"3.9-6.2","repositories":{"buster":"3.17.1-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.9-6.2","repositories":{"stretch":"3.17.1-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.9-6.2","repositories":{"jessie":"3.17-33"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.9-6.2","repositories":{"sid":"3.17.1-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-0978":{"debianbug":734745,"scope":"remote","description":"Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file.","releases":{"buster":{"fixed_version":"2.26.3-16","repositories":{"buster":"2.40.1-6"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.26.3-16","repositories":{"stretch":"2.38.0-17"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.26.3-16","repositories":{"jessie":"2.38.0-7"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.26.3-16","repositories":{"sid":"2.40.1-6"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-4555":{"scope":"remote","description":"Stack-based buffer overflow in the push_subg function in parser.y (lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a DOT file with a large number of Agraph_t elements.","releases":{"buster":{"fixed_version":"2.20.2-3","repositories":{"buster":"2.40.1-6"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.20.2-3","repositories":{"stretch":"2.38.0-17"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.20.2-3","repositories":{"jessie":"2.38.0-7"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.20.2-3","repositories":{"sid":"2.40.1-6"},"urgency":"low","status":"resolved"}}}}
{"CVE-2019-9904":{"debianbug":925284,"scope":"remote","description":"An issue was discovered in lib\\cdt\\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\\cgraph\\graph.c in libcgraph.a, related to agfstsubg in lib\\cgraph\\subg.c.","releases":{"buster":{"nodsa":"Minor issue","repositories":{"buster":"2.40.1-6"},"urgency":"low","nodsa_reason":"","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.38.0-17"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.38.0-7"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"2.40.1-6"},"urgency":"low","status":"open"}}}}
{"CVE-2014-9157":{"debianbug":772648,"scope":"remote","description":"Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.","releases":{"buster":{"fixed_version":"2.38.0-7","repositories":{"buster":"2.40.1-6"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.38.0-7","repositories":{"stretch":"2.38.0-17"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.38.0-7","repositories":{"jessie":"2.38.0-7"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.38.0-7","repositories":{"sid":"2.40.1-6"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2019-11023":{"debianbug":926724,"scope":"remote","description":"The agroot() function in cgraph\\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv.","releases":{"buster":{"repositories":{"buster":"2.40.1-6"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"2.38.0-17"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.38.0-7"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2.40.1-6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2018-10196":{"debianbug":898841,"scope":"remote","description":"NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file.","releases":{"buster":{"fixed_version":"2.40.1-6","repositories":{"buster":"2.40.1-6"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.38.0-17"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.38.0-7"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.40.1-6","repositories":{"sid":"2.40.1-6"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-1236":{"debianbug":734745,"scope":"remote","description":"Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via vectors related to a \"badly formed number\" and a \"long digit list.\"","releases":{"buster":{"fixed_version":"2.26.3-16.1","repositories":{"buster":"2.40.1-6"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.26.3-16.1","repositories":{"stretch":"2.38.0-17"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.26.3-16.1","repositories":{"jessie":"2.38.0-7"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.26.3-16.1","repositories":{"sid":"2.40.1-6"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1235":{"debianbug":734745,"scope":"remote","description":"Stack-based buffer overflow in the \"yyerror\" function in Graphviz 2.34.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file.  NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-0978.","releases":{"buster":{"fixed_version":"2.26.3-16.1","repositories":{"buster":"2.40.1-6"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.26.3-16.1","repositories":{"stretch":"2.38.0-17"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.26.3-16.1","repositories":{"jessie":"2.38.0-7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.26.3-16.1","repositories":{"sid":"2.40.1-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-3736":{"debianbug":559797,"scope":"local","description":"ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.","releases":{"buster":{"fixed_version":"2.26.3-14","repositories":{"buster":"2.40.1-6"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.26.3-14","repositories":{"stretch":"2.38.0-17"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.26.3-14","repositories":{"jessie":"2.38.0-7"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.26.3-14","repositories":{"sid":"2.40.1-6"},"urgency":"low","status":"resolved"}}}}
{"CVE-2005-4803":{"debianbug":336985,"scope":"local","description":"graphviz before 2.2.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files.  NOTE: this issue was originally associated with a different CVE identifier, CVE-2005-2965, which had been used for multiple different issues.  This is the correct identifier.","releases":{"buster":{"fixed_version":"2.2.1-1sarge1","repositories":{"buster":"2.40.1-6"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.2.1-1sarge1","repositories":{"stretch":"2.38.0-17"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.2.1-1sarge1","repositories":{"jessie":"2.38.0-7"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.2.1-1sarge1","repositories":{"sid":"2.40.1-6"},"urgency":"low","status":"resolved"}}}}
{"TEMP-0412618-38583E":{"debianbug":412618,"releases":{"buster":{"fixed_version":"2.2.3.dfsg.1-2","repositories":{"buster":"2.2.3.dfsg.1-5"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.2.3.dfsg.1-2","repositories":{"stretch":"2.2.3.dfsg.1-4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.2.3.dfsg.1-2","repositories":{"jessie":"2.2.3.dfsg.1-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.2.3.dfsg.1-2","repositories":{"sid":"2.2.3.dfsg.1-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-1078":{"scope":"local","description":"expn in the am-utils and net-fs packages for Gentoo, rPath Linux, and other distributions, allows local users to overwrite arbitrary files via a symlink attack on the expn[PID] temporary file.  NOTE: this is the same issue as CVE-2003-0308.1.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"6.2+rc20110530-3.2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"6.2+rc20110530-3.2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-5078":{"debianbug":506261,"scope":"remote","description":"Multiple buffer overflows in the (1) recognize_eps_file function (src/psgen.c) and (2) tilde_subst function (src/util.c) in GNU enscript 1.6.1, and possibly earlier, might allow remote attackers to execute arbitrary code via an epsf escape sequence with a long filename.","releases":{"buster":{"fixed_version":"1.6.4-13","repositories":{"buster":"1.6.5.90-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.6.4-13","repositories":{"stretch":"1.6.5.90-3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.6.4-13","repositories":{"jessie":"1.6.5.90-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.6.4-13","repositories":{"sid":"1.6.5.90-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-3863":{"debianbug":506261,"scope":"remote","description":"Stack-based buffer overflow in the read_special_escape function in src/psgen.c in GNU Enscript 1.6.1 and 1.6.4 beta, when the -e (aka special escapes processing) option is enabled, allows user-assisted remote attackers to execute arbitrary code via a crafted ASCII file, related to the setfilename command.","releases":{"buster":{"fixed_version":"1.6.4-13","repositories":{"buster":"1.6.5.90-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.6.4-13","repositories":{"stretch":"1.6.5.90-3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.6.4-13","repositories":{"jessie":"1.6.5.90-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.6.4-13","repositories":{"sid":"1.6.5.90-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-4306":{"debianbug":506261,"scope":"remote","description":"Buffer overflow in enscript before 1.6.4 has unknown impact and attack vectors, possibly related to the font escape sequence.","releases":{"buster":{"fixed_version":"1.6.4-13","repositories":{"buster":"1.6.5.90-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.6.4-13","repositories":{"stretch":"1.6.5.90-3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.6.4-13","repositories":{"jessie":"1.6.5.90-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.6.4-13","repositories":{"sid":"1.6.5.90-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2004-1186":{"scope":"remote","description":"Multiple buffer overflows in enscript 1.6.3 allow remote attackers or local users to cause a denial of service (application crash).","releases":{"buster":{"fixed_version":"1.6.4-6","repositories":{"buster":"1.6.5.90-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.6.4-6","repositories":{"stretch":"1.6.5.90-3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.6.4-6","repositories":{"jessie":"1.6.5.90-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.6.4-6","repositories":{"sid":"1.6.5.90-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2004-1185":{"scope":"remote","description":"Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames.","releases":{"buster":{"fixed_version":"1.6.4-6","repositories":{"buster":"1.6.5.90-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.6.4-6","repositories":{"stretch":"1.6.5.90-3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.6.4-6","repositories":{"jessie":"1.6.5.90-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.6.4-6","repositories":{"sid":"1.6.5.90-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2004-1184":{"scope":"local","description":"The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters.","releases":{"buster":{"fixed_version":"1.6.4-6","repositories":{"buster":"1.6.5.90-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.6.4-6","repositories":{"stretch":"1.6.5.90-3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.6.4-6","repositories":{"jessie":"1.6.5.90-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.6.4-6","repositories":{"sid":"1.6.5.90-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-2767":{"debianbug":644169,"scope":"remote","description":"mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes.","releases":{"buster":{"fixed_version":"2.0.10-3","repositories":{"buster":"2.0.10-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.0.10-2+deb9u1","repositories":{"stretch":"2.0.10-2+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.0.9~1624218-2+deb8u3","repositories":{"jessie":"2.0.9~1624218-2+deb8u2","jessie-security":"2.0.9~1624218-2+deb8u3"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.0.10-3","repositories":{"sid":"2.0.10-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-0796":{"debianbug":567635,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.","releases":{"buster":{"fixed_version":"2.0.4-6","repositories":{"buster":"2.0.10-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.0.4-6","repositories":{"stretch":"2.0.10-2+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.0.4-6","repositories":{"jessie":"2.0.9~1624218-2+deb8u2","jessie-security":"2.0.9~1624218-2+deb8u3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.0.4-6","repositories":{"sid":"2.0.10-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-1349":{"debianbug":433549,"scope":"remote","description":"PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.","releases":{"buster":{"fixed_version":"2.0.2-5","repositories":{"buster":"2.0.10-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.0.2-5","repositories":{"stretch":"2.0.10-2+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.0.2-5","repositories":{"jessie":"2.0.9~1624218-2+deb8u2","jessie-security":"2.0.9~1624218-2+deb8u3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.0.2-5","repositories":{"sid":"2.0.10-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-7546":{"scope":"remote","description":"The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers, which allows remote authenticated users to bypass intended access restrictions and gain access to cloud resources by manipulating byte fields within a revoked token.","releases":{"buster":{"fixed_version":"3.0.0-1","repositories":{"buster":"5.2.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.0.0-1","repositories":{"stretch":"4.9.0-2"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Too intrusive to backport, needs to switch to different token provider","repositories":{"jessie":"1.0.0-3+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3.0.0-1","repositories":{"sid":"5.2.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-7144":{"debianbug":762748,"scope":"remote","description":"OpenStack keystonemiddleware (formerly python-keystoneclient) 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the \"insecure\" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate.","releases":{"buster":{"fixed_version":"1.0.0-3","repositories":{"buster":"5.2.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.0-3","repositories":{"stretch":"4.9.0-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.0-3","repositories":{"jessie":"1.0.0-3+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.0-3","repositories":{"sid":"5.2.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-1852":{"debianbug":783164,"scope":"remote","description":"The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the \"insecure\" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate, a different vulnerability than CVE-2014-7144.","releases":{"buster":{"fixed_version":"1.5.0-2","repositories":{"buster":"5.2.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.5.0-2","repositories":{"stretch":"4.9.0-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.0-3+deb8u1","repositories":{"jessie":"1.0.0-3+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.5.0-2","repositories":{"sid":"5.2.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-2412":{"scope":"remote","description":"Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows.  NOTE: some of these details are obtained from third party information.","releases":{"buster":{"fixed_version":"1.3.8-1","repositories":{"buster":"1.6.5-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.3.8-1","repositories":{"stretch":"1.5.2-5"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.3.8-1","repositories":{"jessie":"1.5.1-3"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.3.8-1","repositories":{"sid":"1.6.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-2699":{"scope":"remote","description":"The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.6.5-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.5.2-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.5.1-3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.6.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-0840":{"debianbug":655435,"scope":"remote","description":"tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.","releases":{"buster":{"fixed_version":"1.4.6-1","repositories":{"buster":"1.6.5-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.4.6-1","repositories":{"stretch":"1.5.2-5"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.4.6-1","repositories":{"jessie":"1.5.1-3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.4.6-1","repositories":{"sid":"1.6.5-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-1928":{"debianbug":627182,"scope":"remote","description":"The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used.  NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.","releases":{"buster":{"fixed_version":"1.4.5-1","repositories":{"buster":"1.6.5-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.4.5-1","repositories":{"stretch":"1.5.2-5"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.4.5-1","repositories":{"jessie":"1.5.1-3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.4.5-1","repositories":{"sid":"1.6.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-0419":{"scope":"remote","description":"Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.","releases":{"buster":{"fixed_version":"1.4.4-1","repositories":{"buster":"1.6.5-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.4.4-1","repositories":{"stretch":"1.5.2-5"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.4.4-1","repositories":{"jessie":"1.5.1-3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.4.4-1","repositories":{"sid":"1.6.5-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-12613":{"debianbug":879708,"scope":"local","description":"When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input.","releases":{"buster":{"fixed_version":"1.6.3-1","repositories":{"buster":"1.6.5-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.5.2-5"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.5.1-3"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.6.3-1","repositories":{"sid":"1.6.5-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-3634":{"scope":"remote","description":"methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors.","releases":{"buster":{"fixed_version":"0.8.11","repositories":{"buster":"1.8.1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.8.11","repositories":{"stretch-security":"1.4.9","stretch":"1.4.9"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.8.11","repositories":{"jessie":"1.0.9.8.4","jessie-security":"1.0.9.8.5"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.8.11","repositories":{"sid":"1.8.1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-3587":{"scope":"remote","description":"APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack.","releases":{"buster":{"fixed_version":"0.7.25","repositories":{"buster":"1.8.1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0.7.25","repositories":{"stretch-security":"1.4.9","stretch":"1.4.9"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0.7.25","repositories":{"jessie":"1.0.9.8.4","jessie-security":"1.0.9.8.5"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0.7.25","repositories":{"sid":"1.8.1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-1051":{"scope":"remote","description":"apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories.","releases":{"buster":{"fixed_version":"0.9.7.8","repositories":{"buster":"1.8.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.9.7.8","repositories":{"stretch-security":"1.4.9","stretch":"1.4.9"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.9.7.8","repositories":{"jessie":"1.0.9.8.4","jessie-security":"1.0.9.8.5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.9.7.8","repositories":{"sid":"1.8.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-3462":{"scope":"remote","description":"Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.","releases":{"buster":{"fixed_version":"1.8.0~alpha3.1","repositories":{"buster":"1.8.1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.4.9","repositories":{"stretch-security":"1.4.9","stretch":"1.4.9"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.0.9.8.5","repositories":{"jessie":"1.0.9.8.4","jessie-security":"1.0.9.8.5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.8.0~alpha3.1","repositories":{"sid":"1.8.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-1358":{"debianbug":433091,"scope":"remote","description":"apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories.","releases":{"buster":{"fixed_version":"0.7.21","repositories":{"buster":"1.8.1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.7.21","repositories":{"stretch-security":"1.4.9","stretch":"1.4.9"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.7.21","repositories":{"jessie":"1.0.9.8.4","jessie-security":"1.0.9.8.5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.7.21","repositories":{"sid":"1.8.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-0488":{"scope":"remote","description":"APT before 1.0.9 does not \"invalidate repository data\" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data.","releases":{"buster":{"fixed_version":"1.0.9","repositories":{"buster":"1.8.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.9","repositories":{"stretch-security":"1.4.9","stretch":"1.4.9"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.9","repositories":{"jessie":"1.0.9.8.4","jessie-security":"1.0.9.8.5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.9","repositories":{"sid":"1.8.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-3374":{"debianbug":642480,"releases":{"buster":{"repositories":{"buster":"1.8.1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"1.4.9","stretch":"1.4.9"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1.0.9.8.4","jessie-security":"1.0.9.8.5"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"1.8.1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2014-0487":{"scope":"remote","description":"APT before 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since header, which has unspecified impact and attack vectors.","releases":{"buster":{"fixed_version":"1.0.9","repositories":{"buster":"1.8.1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0.9","repositories":{"stretch-security":"1.4.9","stretch":"1.4.9"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.0.9","repositories":{"jessie":"1.0.9.8.4","jessie-security":"1.0.9.8.5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0.9","repositories":{"sid":"1.8.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-7206":{"debianbug":763780,"scope":"local","description":"The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file.","releases":{"buster":{"fixed_version":"1.0.9.2","repositories":{"buster":"1.8.1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.0.9.2","repositories":{"stretch-security":"1.4.9","stretch":"1.4.9"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.0.9.2","repositories":{"jessie":"1.0.9.8.4","jessie-security":"1.0.9.8.5"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.0.9.2","repositories":{"sid":"1.8.1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-1252":{"scope":"remote","description":"The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures.","releases":{"buster":{"fixed_version":"1.4~beta2","repositories":{"buster":"1.8.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.4~beta2","repositories":{"stretch-security":"1.4.9","stretch":"1.4.9"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.9.8.4","repositories":{"jessie":"1.0.9.8.4","jessie-security":"1.0.9.8.5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.4~beta2","repositories":{"sid":"1.8.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-0478":{"debianbug":749795,"scope":"remote","description":"APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature.","releases":{"buster":{"fixed_version":"1.0.4","repositories":{"buster":"1.8.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.4","repositories":{"stretch-security":"1.4.9","stretch":"1.4.9"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.4","repositories":{"jessie":"1.0.9.8.4","jessie-security":"1.0.9.8.5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.4","repositories":{"sid":"1.8.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-0489":{"scope":"remote","description":"APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package.","releases":{"buster":{"fixed_version":"1.0.9","repositories":{"buster":"1.8.1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0.9","repositories":{"stretch-security":"1.4.9","stretch":"1.4.9"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.0.9","repositories":{"jessie":"1.0.9.8.4","jessie-security":"1.0.9.8.5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0.9","repositories":{"sid":"1.8.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-0954":{"scope":"remote","description":"APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587.","releases":{"buster":{"fixed_version":"0.7.25","repositories":{"buster":"1.8.1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0.7.25","repositories":{"stretch-security":"1.4.9","stretch":"1.4.9"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0.7.25","repositories":{"jessie":"1.0.9.8.4","jessie-security":"1.0.9.8.5"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0.7.25","repositories":{"sid":"1.8.1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-6273":{"scope":"remote","description":"Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted URL.","releases":{"buster":{"fixed_version":"1.0.3","repositories":{"buster":"1.8.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.3","repositories":{"stretch-security":"1.4.9","stretch":"1.4.9"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.3","repositories":{"jessie":"1.0.9.8.4","jessie-security":"1.0.9.8.5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.3","repositories":{"sid":"1.8.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-0490":{"scope":"remote","description":"The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package.","releases":{"buster":{"fixed_version":"0.9.12","repositories":{"buster":"1.8.1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.9.12","repositories":{"stretch-security":"1.4.9","stretch":"1.4.9"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.9.12","repositories":{"jessie":"1.0.9.8.4","jessie-security":"1.0.9.8.5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.9.12","repositories":{"sid":"1.8.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-1300":{"debianbug":523213,"scope":"remote","description":"apt 0.7.20 does not check when the date command returns an \"invalid date\" error, which can prevent apt from loading security updates in time zones for which DST occurs at midnight.","releases":{"buster":{"fixed_version":"0.7.21","repositories":{"buster":"1.8.1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.7.21","repositories":{"stretch-security":"1.4.9","stretch":"1.4.9"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.7.21","repositories":{"jessie":"1.0.9.8.4","jessie-security":"1.0.9.8.5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.7.21","repositories":{"sid":"1.8.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-0214":{"scope":"remote","description":"The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool (APT) 0.8.11 through 0.8.15.10 and 0.8.16 before 0.8.16~exp13, when updating from repositories that use InRelease files, allows man-in-the-middle attackers to install arbitrary packages by preventing a user from downloading the new InRelease file, which leaves the original InRelease file active and makes it more difficult to detect that the Packages file is modified and unsigned.","releases":{"buster":{"fixed_version":"0.8.15.10","repositories":{"buster":"1.8.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.8.15.10","repositories":{"stretch-security":"1.4.9","stretch":"1.4.9"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.8.15.10","repositories":{"jessie":"1.0.9.8.4","jessie-security":"1.0.9.8.5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.8.15.10","repositories":{"sid":"1.8.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-0961":{"debianbug":695832,"scope":"local","description":"Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x before 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x before 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable permissions for /var/log/apt/term.log, which allows local users to obtain sensitive shell information by reading the log file.","releases":{"buster":{"fixed_version":"0.9.7.7","repositories":{"buster":"1.8.1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"0.9.7.7","repositories":{"stretch-security":"1.4.9","stretch":"1.4.9"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"0.9.7.7","repositories":{"jessie":"1.0.9.8.4","jessie-security":"1.0.9.8.5"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"0.9.7.7","repositories":{"sid":"1.8.1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2011-1829":{"scope":"remote","description":"APT before 0.8.15.2 does not properly validate inline GPG signatures, which allows man-in-the-middle attackers to install modified packages via vectors involving lack of an initial clearsigned message.","releases":{"buster":{"fixed_version":"0.8.15.2","repositories":{"buster":"1.8.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.8.15.2","repositories":{"stretch-security":"1.4.9","stretch":"1.4.9"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.8.15.2","repositories":{"jessie":"1.0.9.8.4","jessie-security":"1.0.9.8.5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.8.15.2","repositories":{"sid":"1.8.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-0501":{"scope":"remote","description":"The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail.","releases":{"buster":{"fixed_version":"1.6.4","repositories":{"buster":"1.8.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1.4.9","stretch":"1.4.9"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.0.9.8.4","jessie-security":"1.0.9.8.5"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.6.4","repositories":{"sid":"1.8.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-4533":{"debianbug":606962,"releases":{"buster":{"fixed_version":"6.3.4-1","repositories":{"buster":"7.2.3+dfsg1-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"6.3.4-1","repositories":{"stretch":"7.0.12+dfsg1-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"6.3.4-1","repositories":{"jessie":"6.3.4-1+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"6.3.4-1","repositories":{"sid":"7.2.3+dfsg1-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-4532":{"debianbug":603450,"releases":{"buster":{"fixed_version":"6.3.2~rc3-2","repositories":{"buster":"7.2.3+dfsg1-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"6.3.2~rc3-2","repositories":{"stretch":"7.0.12+dfsg1-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"6.3.2~rc3-2","repositories":{"jessie":"6.3.4-1+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"6.3.2~rc3-2","repositories":{"sid":"7.2.3+dfsg1-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-4303":{"debianbug":827116,"scope":"remote","description":"The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"3.1.3-1","repositories":{"buster":"3.6-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.1.3-1","repositories":{"stretch":"3.1.3-1"},"urgency":"high**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.0.7-1"},"urgency":"high**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3.1.3-1","repositories":{"sid":"3.6-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-10173":{"debianbug":853075,"scope":"remote","description":"Directory traversal vulnerability in the minitar before 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote attackers to write to arbitrary files via a .. (dot dot) in a TAR archive entry.","releases":{"jessie":{"fixed_version":"0.5.2-2+deb8u1","repositories":{"jessie":"0.5.2-2+deb8u1","jessie-security":"0.5.2-2+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-4114":{"debianbug":716718,"scope":"remote","description":"The automatic update request in Nagstamont before 0.9.10 uses a cleartext base64 format for transmission of a username and password, which allows remote attackers to obtain sensitive information by sniffing the network.","releases":{"buster":{"fixed_version":"0.9.9-2","repositories":{"buster":"3.2.1-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.9.9-2","repositories":{"stretch":"2.0.1-5+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.9.9-2","repositories":{"jessie":"1.0.1-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.9.9-2","repositories":{"sid":"3.2.1-1"},"urgency":"low","status":"resolved"}}}}
{"TEMP-0497452-F45308":{"debianbug":497452,"releases":{"buster":{"fixed_version":"1.5.7-5","repositories":{"buster":"1.6.17-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"1.5.7-5","repositories":{"stretch":"1.6.15-3"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"1.5.7-5","repositories":{"sid":"1.6.17-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2003-0949":{"scope":"local","description":"xsok 1.02 does not properly drop privileges before finding and executing the \"gunzip\" program, which allows local users to execute arbitrary commands.","releases":{"buster":{"fixed_version":"1.02-11","repositories":{"buster":"1.02-19"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.02-11","repositories":{"stretch":"1.02-17.1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.02-11","repositories":{"jessie":"1.02-17"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.02-11","repositories":{"sid":"1.02-19"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2004-0074":{"scope":"local","description":"Multiple buffer overflows in xsok 1.02 allows local users to gain privileges via (1) a long LANG environment variable, or (2) a long -xsokdir command line argument, a different vulnerability than CVE-2003-0949.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.02-19"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.02-17.1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.02-17"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.02-19"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-18342":{"debianbug":902878,"scope":"remote","description":"In PyYAML before 4.1, the yaml.load() API could execute arbitrary code. In other words, yaml.safe_load is not used.","releases":{"buster":{"repositories":{"buster":"3.13-2"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.12-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.11-2"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.13-2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2014-9130":{"debianbug":771365,"scope":"remote","description":"scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.","releases":{"buster":{"fixed_version":"3.11-2","repositories":{"buster":"3.13-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.11-2","repositories":{"stretch":"3.12-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.11-2","repositories":{"jessie":"3.11-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.11-2","repositories":{"sid":"3.13-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-2675":{"debianbug":780101,"scope":"remote","description":"The OAuth implementation in librest before 0.7.93 incorrectly truncates the pointer returned by the rest_proxy_call_get_url function, which allows remote attackers to cause a denial of service (application crash) via running the EnsureCredentials method from the org.gnome.OnlineAccounts.Account interface on an object representing a Flickr account.","releases":{"buster":{"fixed_version":"0.7.92-3","repositories":{"buster":"0.8.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.7.92-3","repositories":{"stretch":"0.8.0-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.7.92-3","repositories":{"jessie":"0.7.92-3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.7.92-3","repositories":{"sid":"0.8.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-5576":{"debianbug":693977,"scope":"remote","description":"Multiple stack-based buffer overflows in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.8.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large (1) red, (2) green, or (3) blue color mask in an XWD file.","releases":{"buster":{"fixed_version":"2.8.2-2","repositories":{"buster":"2.10.8-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.8.2-2","repositories":{"stretch-security":"2.8.18-1+deb9u1","stretch":"2.8.18-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.8.2-2","repositories":{"jessie":"2.8.14-1+deb8u2","jessie-security":"2.8.14-1+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.8.2-2","repositories":{"sid":"2.10.8-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-4245":{"scope":"remote","description":"The scriptfu network server in GIMP 2.6 does not require authentication, which allows remote attackers to execute arbitrary commands via the python-fu-eval command.","releases":{"buster":{"repositories":{"buster":"2.10.8-2"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"2.8.18-1+deb9u1","stretch":"2.8.18-1+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.8.14-1+deb8u2","jessie-security":"2.8.14-1+deb8u2"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2.10.8-2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2012-3236":{"scope":"remote","description":"fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated using a long string.","releases":{"buster":{"fixed_version":"2.8.2-1","repositories":{"buster":"2.10.8-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.8.2-1","repositories":{"stretch-security":"2.8.18-1+deb9u1","stretch":"2.8.18-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.8.2-1","repositories":{"jessie":"2.8.14-1+deb8u2","jessie-security":"2.8.14-1+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.8.2-1","repositories":{"sid":"2.10.8-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-2763":{"scope":"remote","description":"Buffer overflow in the readstr_upto function in plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.12 and earlier, and possibly 2.6.13, allows remote attackers to execute arbitrary code via a long string in a command to the script-fu server.","releases":{"buster":{"fixed_version":"2.8.0-1","repositories":{"buster":"2.10.8-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.8.0-1","repositories":{"stretch-security":"2.8.18-1+deb9u1","stretch":"2.8.18-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.8.0-1","repositories":{"jessie":"2.8.14-1+deb8u2","jessie-security":"2.8.14-1+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.8.0-1","repositories":{"sid":"2.10.8-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-3909":{"debianbug":556750,"scope":"remote","description":"Integer overflow in the read_channel_data function in plug-ins/file-psd/psd-load.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a crafted PSD file that triggers a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"2.6.7-1.1","repositories":{"buster":"2.10.8-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.6.7-1.1","repositories":{"stretch-security":"2.8.18-1+deb9u1","stretch":"2.8.18-1+deb9u1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.6.7-1.1","repositories":{"jessie":"2.8.14-1+deb8u2","jessie-security":"2.8.14-1+deb8u2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.6.7-1.1","repositories":{"sid":"2.10.8-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2006-4519":{"scope":"remote","description":"Multiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, and (7) XWD files.","releases":{"buster":{"fixed_version":"2.2.16-1","repositories":{"buster":"2.10.8-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.2.16-1","repositories":{"stretch-security":"2.8.18-1+deb9u1","stretch":"2.8.18-1+deb9u1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.2.16-1","repositories":{"jessie":"2.8.14-1+deb8u2","jessie-security":"2.8.14-1+deb8u2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.2.16-1","repositories":{"sid":"2.10.8-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2016-4994":{"debianbug":828179,"scope":"remote","description":"Use-after-free vulnerability in the xcf_load_image function in app/xcf/xcf-load.c in GIMP allows remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted XCF file.","releases":{"buster":{"fixed_version":"2.8.16-2.2","repositories":{"buster":"2.10.8-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.8.16-2.2","repositories":{"stretch-security":"2.8.18-1+deb9u1","stretch":"2.8.18-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.8.14-1+deb8u1","repositories":{"jessie":"2.8.14-1+deb8u2","jessie-security":"2.8.14-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.8.16-2.2","repositories":{"sid":"2.10.8-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-2949":{"scope":"remote","description":"Integer overflow in the seek_to_and_unpack_pixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute arbitrary code via a crafted PSD file that contains a large (1) width or (2) height value.","releases":{"buster":{"fixed_version":"2.2.16-1","repositories":{"buster":"2.10.8-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.2.16-1","repositories":{"stretch-security":"2.8.18-1+deb9u1","stretch":"2.8.18-1+deb9u1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.2.16-1","repositories":{"jessie":"2.8.14-1+deb8u2","jessie-security":"2.8.14-1+deb8u2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.2.16-1","repositories":{"sid":"2.10.8-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2011-2896":{"debianbug":643753,"scope":"remote","description":"The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895.","releases":{"buster":{"fixed_version":"2.6.11-5","repositories":{"buster":"2.10.8-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.6.11-5","repositories":{"stretch-security":"2.8.18-1+deb9u1","stretch":"2.8.18-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.6.11-5","repositories":{"jessie":"2.8.14-1+deb8u2","jessie-security":"2.8.14-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.6.11-5","repositories":{"sid":"2.10.8-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-3404":{"debianbug":377049,"scope":"remote","description":"Buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c for gimp before 2.2.12 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XCF file with a large num_axes value in the VECTORS property.","releases":{"buster":{"fixed_version":"2.2.11-3.1","repositories":{"buster":"2.10.8-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.2.11-3.1","repositories":{"stretch-security":"2.8.18-1+deb9u1","stretch":"2.8.18-1+deb9u1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.2.11-3.1","repositories":{"jessie":"2.8.14-1+deb8u2","jessie-security":"2.8.14-1+deb8u2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.2.11-3.1","repositories":{"sid":"2.10.8-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2011-1782":{"debianbug":629830,"scope":"remote","description":"Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at the end of the image.  NOTE: some of these details are obtained from third party information.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4543.","releases":{"buster":{"fixed_version":"2.6.11-3","repositories":{"buster":"2.10.8-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.6.11-3","repositories":{"stretch-security":"2.8.18-1+deb9u1","stretch":"2.8.18-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.6.11-3","repositories":{"jessie":"2.8.14-1+deb8u2","jessie-security":"2.8.14-1+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.6.11-3","repositories":{"sid":"2.10.8-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-17785":{"debianbug":884836,"scope":"remote","description":"In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c.","releases":{"buster":{"fixed_version":"2.8.20-1.1","repositories":{"buster":"2.10.8-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.8.18-1+deb9u1","repositories":{"stretch-security":"2.8.18-1+deb9u1","stretch":"2.8.18-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.8.14-1+deb8u2","repositories":{"jessie":"2.8.14-1+deb8u2","jessie-security":"2.8.14-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.8.20-1.1","repositories":{"sid":"2.10.8-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-17786":{"debianbug":884862,"scope":"remote","description":"In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/common/file-tga.c (related to bgr2rgb.part.1) via an unexpected bits-per-pixel value for an RGBA image.","releases":{"buster":{"fixed_version":"2.8.20-1.1","repositories":{"buster":"2.10.8-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.8.18-1+deb9u1","repositories":{"stretch-security":"2.8.18-1+deb9u1","stretch":"2.8.18-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.8.14-1+deb8u2","repositories":{"jessie":"2.8.14-1+deb8u2","jessie-security":"2.8.14-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.8.20-1.1","repositories":{"sid":"2.10.8-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-17787":{"debianbug":884927,"scope":"remote","description":"In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator_block in plug-ins/common/file-psp.c.","releases":{"buster":{"fixed_version":"2.8.20-1.1","repositories":{"buster":"2.10.8-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.8.18-1+deb9u1","repositories":{"stretch-security":"2.8.18-1+deb9u1","stretch":"2.8.18-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.8.14-1+deb8u2","repositories":{"jessie":"2.8.14-1+deb8u2","jessie-security":"2.8.14-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.8.20-1.1","repositories":{"sid":"2.10.8-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-17788":{"debianbug":885347,"scope":"remote","description":"In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no '\\0' character after the version string.","releases":{"buster":{"fixed_version":"2.8.20-1.1","repositories":{"buster":"2.10.8-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.8.18-1+deb9u1","repositories":{"stretch-security":"2.8.18-1+deb9u1","stretch":"2.8.18-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.8.14-1+deb8u2","repositories":{"jessie":"2.8.14-1+deb8u2","jessie-security":"2.8.14-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.8.20-1.1","repositories":{"sid":"2.10.8-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-17789":{"debianbug":884837,"scope":"remote","description":"In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c.","releases":{"buster":{"fixed_version":"2.8.20-1.1","repositories":{"buster":"2.10.8-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.8.18-1+deb9u1","repositories":{"stretch-security":"2.8.18-1+deb9u1","stretch":"2.8.18-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.8.14-1+deb8u2","repositories":{"jessie":"2.8.14-1+deb8u2","jessie-security":"2.8.14-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.8.20-1.1","repositories":{"sid":"2.10.8-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-3403":{"debianbug":685397,"scope":"remote","description":"Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted KiSS palette file, which triggers an \"invalid free.\"","releases":{"buster":{"fixed_version":"2.8.2-1","repositories":{"buster":"2.10.8-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.8.2-1","repositories":{"stretch-security":"2.8.18-1+deb9u1","stretch":"2.8.18-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.8.2-1","repositories":{"jessie":"2.8.14-1+deb8u2","jessie-security":"2.8.14-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.8.2-1","repositories":{"sid":"2.10.8-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-3402":{"scope":"remote","description":"Integer overflow in plug-ins/common/psd.c in the Adobe Photoshop PSD plugin in GIMP 2.2.13 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted channels header value in a PSD image file, which triggers a heap-based buffer overflow, a different vulnerability than CVE-2009-3909.","releases":{"buster":{"fixed_version":"2.4.0~rc1-1","repositories":{"buster":"2.10.8-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.0~rc1-1","repositories":{"stretch-security":"2.8.18-1+deb9u1","stretch":"2.8.18-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.0~rc1-1","repositories":{"jessie":"2.8.14-1+deb8u2","jessie-security":"2.8.14-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.0~rc1-1","repositories":{"sid":"2.10.8-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-17784":{"debianbug":884925,"scope":"remote","description":"In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data.","releases":{"buster":{"fixed_version":"2.8.20-1.1","repositories":{"buster":"2.10.8-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.8.18-1+deb9u1","repositories":{"stretch-security":"2.8.18-1+deb9u1","stretch":"2.8.18-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.8.14-1+deb8u2","repositories":{"jessie":"2.8.14-1+deb8u2","jessie-security":"2.8.14-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.8.20-1.1","repositories":{"sid":"2.10.8-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-1178":{"scope":"remote","description":"Multiple integer overflows in the load_image function in file-pcx.c in the Personal Computer Exchange (PCX) plugin in GIMP 2.6.x and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PCX image that triggers a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"2.6.10-1","repositories":{"buster":"2.10.8-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.6.10-1","repositories":{"stretch-security":"2.8.18-1+deb9u1","stretch":"2.8.18-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.6.10-1","repositories":{"jessie":"2.8.14-1+deb8u2","jessie-security":"2.8.14-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.6.10-1","repositories":{"sid":"2.10.8-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-4543":{"debianbug":608497,"scope":"remote","description":"Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at the end of the image.  NOTE: some of these details are obtained from third party information.","releases":{"buster":{"fixed_version":"2.6.11-2","repositories":{"buster":"2.10.8-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.6.11-2","repositories":{"stretch-security":"2.8.18-1+deb9u1","stretch":"2.8.18-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.6.11-2","repositories":{"jessie":"2.8.14-1+deb8u2","jessie-security":"2.8.14-1+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.6.11-2","repositories":{"sid":"2.10.8-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-1570":{"debianbug":555929,"scope":"remote","description":"Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a BMP file with crafted width and height values that trigger a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"2.6.7-1.1","repositories":{"buster":"2.10.8-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.6.7-1.1","repositories":{"stretch-security":"2.8.18-1+deb9u1","stretch":"2.8.18-1+deb9u1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.6.7-1.1","repositories":{"jessie":"2.8.14-1+deb8u2","jessie-security":"2.8.14-1+deb8u2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.6.7-1.1","repositories":{"sid":"2.10.8-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2010-4542":{"debianbug":608497,"scope":"remote","description":"Stack-based buffer overflow in the gfig_read_parameter_gimp_rgb function in plug-ins/gfig/gfig-style.c in the GFIG plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Foreground field in a plugin configuration file.  NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself. NOTE: some of these details are obtained from third party information.","releases":{"buster":{"fixed_version":"2.6.11-2","repositories":{"buster":"2.10.8-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.6.11-2","repositories":{"stretch-security":"2.8.18-1+deb9u1","stretch":"2.8.18-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.6.11-2","repositories":{"jessie":"2.8.14-1+deb8u2","jessie-security":"2.8.14-1+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.6.11-2","repositories":{"sid":"2.10.8-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-4541":{"debianbug":608497,"scope":"remote","description":"Stack-based buffer overflow in the loadit function in plug-ins/common/sphere-designer.c in the SPHERE DESIGNER plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long \"Number of lights\" field in a plugin configuration file.  NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself.","releases":{"buster":{"fixed_version":"2.6.11-2","repositories":{"buster":"2.10.8-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.6.11-2","repositories":{"stretch-security":"2.8.18-1+deb9u1","stretch":"2.8.18-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.6.11-2","repositories":{"jessie":"2.8.14-1+deb8u2","jessie-security":"2.8.14-1+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.6.11-2","repositories":{"sid":"2.10.8-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-4540":{"debianbug":608497,"scope":"remote","description":"Stack-based buffer overflow in the load_preset_response function in plug-ins/lighting/lighting-ui.c in the \"LIGHTING EFFECTS > LIGHT\" plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Position field in a plugin configuration file.  NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself.  NOTE: some of these details are obtained from third party information.","releases":{"buster":{"fixed_version":"2.6.11-2","repositories":{"buster":"2.10.8-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.6.11-2","repositories":{"stretch-security":"2.8.18-1+deb9u1","stretch":"2.8.18-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.6.11-2","repositories":{"jessie":"2.8.14-1+deb8u2","jessie-security":"2.8.14-1+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.6.11-2","repositories":{"sid":"2.10.8-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-12713":{"scope":"remote","description":"GIMP through 2.10.2 makes g_get_tmp_dir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by the gimp_write_and_read_file function in app/tests/test-xcf.c. This might be leveraged by attackers to overwrite files or read file content that was intended to be private.","releases":{"buster":{"repositories":{"buster":"2.10.8-2"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"2.8.18-1+deb9u1","stretch":"2.8.18-1+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.8.14-1+deb8u2","jessie-security":"2.8.14-1+deb8u2"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2.10.8-2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2013-1913":{"debianbug":731305,"scope":"remote","description":"Integer overflow in the load_image function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large color entries value in an X Window System (XWD) image dump.","releases":{"buster":{"fixed_version":"2.8.10-0.1","repositories":{"buster":"2.10.8-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.8.10-0.1","repositories":{"stretch-security":"2.8.18-1+deb9u1","stretch":"2.8.18-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.8.10-0.1","repositories":{"jessie":"2.8.14-1+deb8u2","jessie-security":"2.8.14-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.8.10-0.1","repositories":{"sid":"2.10.8-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-3481":{"debianbug":685397,"scope":"remote","description":"Integer overflow in the ReadImage function in plug-ins/common/file-gif-load.c in the GIF image format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted height and len properties in a GIF image file, which triggers a heap-based buffer overflow.  NOTE: some of these details are obtained from third party information.","releases":{"buster":{"fixed_version":"2.8.2-1","repositories":{"buster":"2.10.8-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.8.2-1","repositories":{"stretch-security":"2.8.18-1+deb9u1","stretch":"2.8.18-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.8.2-1","repositories":{"jessie":"2.8.14-1+deb8u2","jessie-security":"2.8.14-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.8.2-1","repositories":{"sid":"2.10.8-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-3126":{"debianbug":885382,"scope":"remote","description":"Gimp before 2.8.22 allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, a similar issue to CVE-2007-2237.","releases":{"buster":{"fixed_version":"2.8.22-1","repositories":{"buster":"2.10.8-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch-security":"2.8.18-1+deb9u1","stretch":"2.8.18-1+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.8.14-1+deb8u2","jessie-security":"2.8.14-1+deb8u2"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.8.22-1","repositories":{"sid":"2.10.8-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-3741":{"scope":"remote","description":"The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp allow user-assisted remote attackers to cause a denial of service (crash or memory consumption) via crafted image files, as discovered using the fusil fuzzing tool.","releases":{"buster":{"fixed_version":"2.2.17-1","repositories":{"buster":"2.10.8-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.2.17-1","repositories":{"stretch-security":"2.8.18-1+deb9u1","stretch":"2.8.18-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.2.17-1","repositories":{"jessie":"2.8.14-1+deb8u2","jessie-security":"2.8.14-1+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.2.17-1","repositories":{"sid":"2.10.8-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-2356":{"scope":"remote","description":"Stack-based buffer overflow in the set_color_table function in sunras.c in the SUNRAS plugin in Gimp 2.2.14 allows user-assisted remote attackers to execute arbitrary code via a crafted RAS file.","releases":{"buster":{"fixed_version":"2.2.14-2","repositories":{"buster":"2.10.8-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.2.14-2","repositories":{"stretch-security":"2.8.18-1+deb9u1","stretch":"2.8.18-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.2.14-2","repositories":{"jessie":"2.8.14-1+deb8u2","jessie-security":"2.8.14-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.2.14-2","repositories":{"sid":"2.10.8-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-1953":{"debianbug":742873,"scope":"remote","description":"Integer underflow in the input_bmp_reader function in input-bmp.c in AutoTrace 0.31.1 allows context-dependent attackers to have an unspecified impact via a small value in the biSize field in the header of a BMP file, which triggers a buffer overflow.","releases":{"buster":{"fixed_version":"2.6.10-1","repositories":{"buster":"2.10.8-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.6.10-1","repositories":{"stretch-security":"2.8.18-1+deb9u1","stretch":"2.8.18-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.6.10-1","repositories":{"jessie":"2.8.14-1+deb8u2","jessie-security":"2.8.14-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.6.10-1","repositories":{"sid":"2.10.8-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-1978":{"debianbug":731305,"scope":"remote","description":"Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more colors than color map entries.","releases":{"buster":{"fixed_version":"2.8.10-0.1","repositories":{"buster":"2.10.8-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.8.10-0.1","repositories":{"stretch-security":"2.8.18-1+deb9u1","stretch":"2.8.18-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.8.10-0.1","repositories":{"jessie":"2.8.14-1+deb8u2","jessie-security":"2.8.14-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.8.10-0.1","repositories":{"sid":"2.10.8-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-2913":{"debianbug":745272,"scope":"remote","description":"** DISPUTED ** Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe.  NOTE: this issue is disputed by multiple parties. It has been reported that the vendor allows newlines as \"expected behavior.\" Also, this issue can only occur when the administrator enables the \"dont_blame_nrpe\" option in nrpe.conf despite the \"HIGH security risk\" warning within the comments.","releases":{"buster":{"fixed_version":"2.15-1","repositories":{"buster":"3.2.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.15-1","repositories":{"stretch":"3.0.1-3+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.15-1","repositories":{"jessie":"2.15-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.15-1","repositories":{"sid":"3.2.1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-1362":{"debianbug":701227,"scope":"remote","description":"Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via \"$()\" shell metacharacters, which are processed by bash.","releases":{"buster":{"fixed_version":"2.13-3","repositories":{"buster":"3.2.1-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.13-3","repositories":{"stretch":"3.0.1-3+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.13-3","repositories":{"jessie":"2.15-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.13-3","repositories":{"sid":"3.2.1-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-1424":{"debianbug":775691,"releases":{"buster":{"fixed_version":"1.4.2-3.1","repositories":{"buster":"3.0.2-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.4.2-3.1","repositories":{"stretch":"2.0.0+dfsg1-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.4.2-3.1","repositories":{"jessie":"1.4.2-3.1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.4.2-3.1","repositories":{"sid":"3.0.2-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-5982":{"debianbug":855225,"scope":"remote","description":"Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the image path, as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd.","releases":{"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2:13.2+dfsg1-4"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"}}}}
{"CVE-2017-8314":{"debianbug":863230,"scope":"remote","description":"Directory Traversal in Zip Extraction built-in function in Kodi 17.1 and earlier allows arbitrary file write on disk via a Zip file as subtitles.","releases":{"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2:13.2+dfsg1-4"},"urgency":"medium**","nodsa_reason":"","status":"open"}}}}
{"CVE-2015-8366":{"debianbug":806809,"releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"2:13.2+dfsg1-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-8831":{"scope":"remote","description":"A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist.","releases":{"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2:13.2+dfsg1-4"},"urgency":"medium**","nodsa_reason":"","status":"open"}}}}
{"CVE-2014-3800":{"debianbug":747428,"scope":"local","description":"XBMC 13.0 uses world-readable permissions for .xbmc/userdata/sources.xml, which allows local users to obtain user names and passwords by reading this file.","releases":{"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2:13.2+dfsg1-4"},"urgency":"low","nodsa_reason":"","status":"open"}}}}
{"CVE-2015-3885":{"debianbug":785019,"scope":"remote","description":"Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.","releases":{"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2:13.2+dfsg1-4"},"urgency":"medium**","nodsa_reason":"","status":"open"}}}}
{"CVE-2015-8367":{"debianbug":806809,"releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"2:13.2+dfsg1-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-1438":{"debianbug":721231,"scope":"remote","description":"Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in libraw, ufraw, shotwell, and other products, allows context-dependent attackers to cause a denial of service via a crafted photo file that triggers a (1) divide-by-zero, (2) infinite loop, or (3) NULL pointer dereference.","releases":{"jessie":{"repositories":{"jessie":"2:13.2+dfsg1-4"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2012-5630":{"debianbug":705690,"releases":{"buster":{"fixed_version":"1:0.60~dfsg-1","repositories":{"buster":"1:0.62~dfsg-0.1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:0.60~dfsg-1","repositories":{"stretch":"1:0.62~dfsg-0.1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:0.60~dfsg-1","repositories":{"jessie":"1:0.60~dfsg-1.2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:0.60~dfsg-1","repositories":{"sid":"1:0.62~dfsg-0.1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-5644":{"debianbug":705690,"releases":{"buster":{"fixed_version":"1:0.60~dfsg-1","repositories":{"buster":"1:0.62~dfsg-0.1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:0.60~dfsg-1","repositories":{"stretch":"1:0.62~dfsg-0.1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:0.60~dfsg-1","repositories":{"jessie":"1:0.60~dfsg-1.2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:0.60~dfsg-1","repositories":{"sid":"1:0.62~dfsg-0.1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-0002":{"debianbug":610034,"scope":"remote","description":"libuser before 0.57 uses a cleartext password value of (1) !! or (2) x for new LDAP user accounts, which makes it easier for remote attackers to obtain access by specifying one of these values.","releases":{"buster":{"fixed_version":"1:0.56.9.dfsg.1-1.1","repositories":{"buster":"1:0.62~dfsg-0.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:0.56.9.dfsg.1-1.1","repositories":{"stretch":"1:0.62~dfsg-0.1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:0.56.9.dfsg.1-1.1","repositories":{"jessie":"1:0.60~dfsg-1.2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:0.56.9.dfsg.1-1.1","repositories":{"sid":"1:0.62~dfsg-0.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-3246":{"debianbug":793465,"scope":"local","description":"libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the modification. NOTE: this issue can be combined with CVE-2015-3245 to gain privileges.","releases":{"buster":{"fixed_version":"1:0.62~dfsg-0.1","repositories":{"buster":"1:0.62~dfsg-0.1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:0.62~dfsg-0.1","repositories":{"stretch":"1:0.62~dfsg-0.1"},"urgency":"high**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1:0.60~dfsg-1.2"},"urgency":"high**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1:0.62~dfsg-0.1","repositories":{"sid":"1:0.62~dfsg-0.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-3245":{"debianbug":793465,"scope":"local","description":"Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of service (/etc/passwd corruption) via a newline character in the GECOS field.","releases":{"buster":{"fixed_version":"1:0.62~dfsg-0.1","repositories":{"buster":"1:0.62~dfsg-0.1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1:0.62~dfsg-0.1","repositories":{"stretch":"1:0.62~dfsg-0.1"},"urgency":"low**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1:0.60~dfsg-1.2"},"urgency":"low**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1:0.62~dfsg-0.1","repositories":{"sid":"1:0.62~dfsg-0.1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-1001001":{"debianbug":881796,"scope":"remote","description":"PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges.","releases":{"buster":{"fixed_version":"5.6-1","repositories":{"buster":"5.6-1"},"urgency":"low**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"5.5-2"},"urgency":"low**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"5.3.1-2"},"urgency":"low**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"5.6-1","repositories":{"sid":"5.6-1"},"urgency":"low**","status":"resolved"}}}}
{"TEMP-0781608-198474":{"debianbug":781608,"releases":{"buster":{"fixed_version":"1.8.2-4","repositories":{"buster":"1.20.3-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"1.8.2-4","repositories":{"stretch":"1.16.6-1+deb9u1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"1.8.2-3+deb8u1","repositories":{"jessie":"1.8.2-3+deb8u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"1.8.2-4","repositories":{"sid":"1.20.3-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-1000656":{"scope":"remote","description":"The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This vulnerability appears to have been fixed in 0.12.3.","releases":{"buster":{"fixed_version":"1.0.2-1","repositories":{"buster":"1.0.2-3"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.12.1-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.10.1-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.0.2-1","repositories":{"sid":"1.0.2-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-2537":{"debianbug":919817,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","releases":{"buster":{"fixed_version":"1:10.3.13-1","repositories":{"buster":"1:10.3.14-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:10.3.13-1","repositories":{"sid":"1:10.3.14-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-2614":{"debianbug":927308,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).","releases":{"buster":{"repositories":{"buster":"1:10.3.14-1"},"urgency":"low**","status":"open"},"sid":{"repositories":{"sid":"1:10.3.14-1"},"urgency":"low**","status":"open"}}}}
{"CVE-2019-2628":{"debianbug":927308,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","releases":{"buster":{"repositories":{"buster":"1:10.3.14-1"},"urgency":"medium**","status":"open"},"sid":{"repositories":{"sid":"1:10.3.14-1"},"urgency":"medium**","status":"open"}}}}
{"CVE-2019-2627":{"debianbug":927308,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","releases":{"buster":{"repositories":{"buster":"1:10.3.14-1"},"urgency":"medium**","status":"open"},"sid":{"repositories":{"sid":"1:10.3.14-1"},"urgency":"medium**","status":"open"}}}}
{"CVE-2019-2510":{"debianbug":919817,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","releases":{"buster":{"fixed_version":"1:10.3.13-1","repositories":{"buster":"1:10.3.14-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:10.3.13-1","repositories":{"sid":"1:10.3.14-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-3736":{"debianbug":559797,"scope":"local","description":"ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.","releases":{"buster":{"fixed_version":"2.9.0-5","repositories":{"buster":"3.8.0+dfsg-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.9.0-5","repositories":{"stretch":"3.5.0+dfsg-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.9.0-5","repositories":{"jessie":"3.4.0+dfsg-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.9.0-5","repositories":{"sid":"3.8.0+dfsg-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-2419":{"debianbug":744910,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-2562":{"debianbug":898444,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).","releases":{"jessie":{"fixed_version":"10.0.35-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-7440":{"debianbug":841049,"scope":"local","description":"The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.","releases":{"jessie":{"fixed_version":"10.0.28-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2013-2378":{"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-0409":{"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-3521":{"debianbug":831844,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.","releases":{"jessie":{"fixed_version":"10.0.26-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-3244":{"debianbug":851233,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).","releases":{"jessie":{"fixed_version":"10.0.29-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-2375":{"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-3243":{"debianbug":851233,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).","releases":{"jessie":{"fixed_version":"10.0.29-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2014-4274":{"scope":"local","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to SERVER:MyISAM.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-2376":{"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-3258":{"debianbug":851233,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).","releases":{"jessie":{"fixed_version":"10.0.29-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-5891":{"scope":"remote","description":"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-6568":{"debianbug":775881,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.","releases":{"jessie":{"fixed_version":"10.0.16-1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2019-2503":{"debianbug":919817,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H).","releases":{"jessie":{"fixed_version":"10.0.37-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2014-6564":{"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-4260":{"debianbug":754940,"scope":"remote","description":"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-10268":{"debianbug":878398,"scope":"local","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).","releases":{"jessie":{"fixed_version":"10.0.35-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-3257":{"debianbug":851234,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).","releases":{"jessie":{"fixed_version":"10.0.29-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-10384":{"debianbug":878398,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","releases":{"jessie":{"fixed_version":"10.0.32-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-4792":{"debianbug":802563,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802.","releases":{"jessie":{"fixed_version":"10.0.22-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-2782":{"debianbug":895997,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","releases":{"jessie":{"fixed_version":"10.0.35-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-2784":{"debianbug":895997,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","releases":{"jessie":{"fixed_version":"10.0.35-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-2781":{"debianbug":895997,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","releases":{"jessie":{"fixed_version":"10.0.35-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-6559":{"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.","releases":{"jessie":{"fixed_version":"10.0.15-1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-4258":{"debianbug":754940,"scope":"remote","description":"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-6555":{"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.","releases":{"jessie":{"fixed_version":"10.0.15-1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-0598":{"debianbug":811428,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.","releases":{"jessie":{"fixed_version":"10.0.23-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2014-6551":{"scope":"local","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-0597":{"debianbug":811428,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.","releases":{"jessie":{"fixed_version":"10.0.23-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-10378":{"debianbug":878402,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","releases":{"jessie":{"fixed_version":"10.0.35-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-0596":{"debianbug":811428,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.","releases":{"jessie":{"fixed_version":"10.0.23-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-3265":{"debianbug":851233,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).","releases":{"jessie":{"fixed_version":"10.0.29-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-2787":{"debianbug":895997,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).","releases":{"jessie":{"fixed_version":"10.0.35-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-2665":{"debianbug":887477,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","releases":{"jessie":{"fixed_version":"10.0.35-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-10379":{"debianbug":878398,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).","releases":{"jessie":{"fixed_version":"10.0.32-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-2668":{"debianbug":887477,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","releases":{"jessie":{"fixed_version":"10.0.35-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-3081":{"debianbug":904121,"scope":"remote","description":"Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.0 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).","releases":{"jessie":{"fixed_version":"10.0.35-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-3615":{"debianbug":831844,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.","releases":{"jessie":{"fixed_version":"10.0.26-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-2529":{"debianbug":919817,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","releases":{"jessie":{"fixed_version":"10.0.38-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-4243":{"debianbug":754940,"scope":"remote","description":"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-0411":{"debianbug":775881,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption.","releases":{"jessie":{"fixed_version":"10.0.16-1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-3152":{"scope":"remote","description":"Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a \"BACKRONYM\" attack.","releases":{"jessie":{"fixed_version":"10.0.20-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-4802":{"debianbug":802563,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792.","releases":{"jessie":{"fixed_version":"10.0.22-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-4807":{"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier, when running on Windows, allows remote authenticated users to affect availability via unknown vectors related to Server : Query Cache.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-5584":{"debianbug":841049,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.","releases":{"jessie":{"fixed_version":"10.0.28-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2014-6496":{"debianbug":770229,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6494.","releases":{"jessie":{"fixed_version":"10.0.15-1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-2537":{"debianbug":919817,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","releases":{"jessie":{"fixed_version":"10.0.38-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-6494":{"debianbug":770229,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6496.","releases":{"jessie":{"fixed_version":"10.0.15-1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-3783":{"scope":"remote","description":"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-0393":{"scope":"remote","description":"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-6495":{"debianbug":770229,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-6491":{"debianbug":770229,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6500.","releases":{"jessie":{"fixed_version":"10.0.15-1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-2620":{"debianbug":792445,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.","releases":{"jessie":{"fixed_version":"10.0.20-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-0441":{"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.","releases":{"jessie":{"fixed_version":"10.0.20-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-7744":{"scope":"remote","description":"wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack.","releases":{"jessie":{"fixed_version":"10.0.22-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-8283":{"debianbug":841049,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.","releases":{"jessie":{"fixed_version":"10.0.28-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-4913":{"debianbug":802563,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858.","releases":{"jessie":{"fixed_version":"10.0.22-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-6664":{"debianbug":841049,"scope":"local","description":"mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.","releases":{"jessie":{"fixed_version":"10.0.29-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-0384":{"debianbug":744910,"scope":"remote","description":"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-3456":{"debianbug":860544,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","releases":{"jessie":{"fixed_version":"10.0.32-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-6663":{"debianbug":841049,"scope":"local","description":"Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.","releases":{"jessie":{"fixed_version":"10.0.28-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-0386":{"scope":"remote","description":"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-6489":{"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect integrity and availability via vectors related to SERVER:SP.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-6662":{"scope":"remote","description":"Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.","releases":{"jessie":{"fixed_version":"10.0.27-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-2817":{"debianbug":895997,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","releases":{"jessie":{"fixed_version":"10.0.35-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-3453":{"debianbug":860544,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","releases":{"jessie":{"fixed_version":"10.0.32-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-2440":{"debianbug":744910,"scope":"remote","description":"Unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-3793":{"scope":"remote","description":"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-2819":{"debianbug":895997,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","releases":{"jessie":{"fixed_version":"10.0.35-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-3794":{"scope":"remote","description":"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-6484":{"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:DML.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-2813":{"debianbug":895997,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).","releases":{"jessie":{"fixed_version":"10.0.35-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-0433":{"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML.","releases":{"jessie":{"fixed_version":"10.0.20-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-0432":{"debianbug":775881,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.","releases":{"jessie":{"fixed_version":"10.0.16-1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-2438":{"debianbug":744910,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-2432":{"debianbug":744910,"scope":"remote","description":"Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-4826":{"debianbug":802563,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.","releases":{"jessie":{"fixed_version":"10.0.22-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-2430":{"debianbug":744910,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-2431":{"debianbug":744910,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-5444":{"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.","releases":{"jessie":{"fixed_version":"10.0.25-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-2436":{"debianbug":744910,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RBR.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-6478":{"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-5440":{"debianbug":831844,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.","releases":{"jessie":{"fixed_version":"10.0.26-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-6474":{"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:MEMCACHED.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-3464":{"debianbug":860544,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).","releases":{"jessie":{"fixed_version":"10.0.32-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-2648":{"debianbug":792445,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.","releases":{"jessie":{"fixed_version":"10.0.20-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-2643":{"debianbug":792445,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.","releases":{"jessie":{"fixed_version":"10.0.20-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-4815":{"debianbug":802563,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.","releases":{"jessie":{"fixed_version":"10.0.22-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-4816":{"debianbug":802564,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.","releases":{"jessie":{"fixed_version":"10.0.22-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-3238":{"debianbug":851233,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).","releases":{"jessie":{"fixed_version":"10.0.29-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-4819":{"debianbug":802563,"scope":"local","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs.","releases":{"jessie":{"fixed_version":"10.0.22-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-3492":{"debianbug":841049,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.","releases":{"jessie":{"fixed_version":"10.0.28-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-6469":{"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER.","releases":{"jessie":{"fixed_version":"10.0.15-1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-6463":{"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-6464":{"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS.","releases":{"jessie":{"fixed_version":"10.0.15-1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-0668":{"debianbug":821094,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to InnoDB.","releases":{"jessie":{"fixed_version":"10.0.25-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-2047":{"debianbug":821094,"scope":"remote","description":"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a \"/CN=\" string in a field in a certificate, as demonstrated by \"/OU=/CN=bar.com/CN=foo.com.\"","releases":{"jessie":{"fixed_version":"10.0.23-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-0546":{"debianbug":811428,"scope":"local","description":"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.","releases":{"jessie":{"fixed_version":"10.0.23-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-4287":{"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-0666":{"debianbug":821094,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to Security: Privileges.","releases":{"jessie":{"fixed_version":"10.0.25-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-10286":{"debianbug":878398,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).","releases":{"jessie":{"fixed_version":"10.0.32-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-3251":{"debianbug":911221,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","releases":{"jessie":{"fixed_version":"10.0.37-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-0651":{"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer.","releases":{"jessie":{"fixed_version":"10.0.23-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-0650":{"debianbug":821094,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to Replication.","releases":{"jessie":{"fixed_version":"10.0.25-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-2494":{"debianbug":754940,"scope":"remote","description":"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-0655":{"debianbug":821094,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to InnoDB.","releases":{"jessie":{"fixed_version":"10.0.25-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-3641":{"debianbug":868788,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","releases":{"jessie":{"fixed_version":"10.0.32-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-5807":{"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Replication.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-4830":{"debianbug":802563,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.","releases":{"jessie":{"fixed_version":"10.0.22-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-3143":{"debianbug":911221,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","releases":{"jessie":{"fixed_version":"10.0.37-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-4836":{"debianbug":802563,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP.","releases":{"jessie":{"fixed_version":"10.0.22-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-3471":{"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option.","releases":{"jessie":{"fixed_version":"10.0.22-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-0642":{"debianbug":821094,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated.","releases":{"jessie":{"fixed_version":"10.0.23-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-0641":{"debianbug":821094,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect confidentiality and availability via vectors related to MyISAM.","releases":{"jessie":{"fixed_version":"10.0.25-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-0640":{"debianbug":821094,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect integrity and availability via vectors related to DML.","releases":{"jessie":{"fixed_version":"10.0.25-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-0646":{"debianbug":821094,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DML.","releases":{"jessie":{"fixed_version":"10.0.25-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-3477":{"debianbug":831844,"scope":"local","description":"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser.","releases":{"jessie":{"fixed_version":"10.0.26-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-3653":{"debianbug":868788,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).","releases":{"jessie":{"fixed_version":"10.0.32-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-0644":{"debianbug":821094,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DDL.","releases":{"jessie":{"fixed_version":"10.0.25-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-0643":{"debianbug":821094,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect confidentiality via vectors related to DML.","releases":{"jessie":{"fixed_version":"10.0.25-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-0649":{"debianbug":821094,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to PS.","releases":{"jessie":{"fixed_version":"10.0.25-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-0648":{"debianbug":821094,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to PS.","releases":{"jessie":{"fixed_version":"10.0.25-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-0647":{"debianbug":821094,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to FTS.","releases":{"jessie":{"fixed_version":"10.0.25-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-2612":{"debianbug":887477,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).","releases":{"jessie":{"fixed_version":"10.0.35-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-0381":{"debianbug":775881,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382.","releases":{"jessie":{"fixed_version":"10.0.16-1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-0382":{"debianbug":775881,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381.","releases":{"jessie":{"fixed_version":"10.0.16-1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-4866":{"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.","releases":{"jessie":{"fixed_version":"10.0.20-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-3302":{"debianbug":854713,"scope":"remote","description":"Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3.","releases":{"jessie":{"fixed_version":"10.0.30-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-3309":{"debianbug":860544,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).","releases":{"jessie":{"fixed_version":"10.0.32-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-3308":{"debianbug":860544,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).","releases":{"jessie":{"fixed_version":"10.0.32-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-1544":{"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-5908":{"scope":"remote","description":"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-2568":{"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.","releases":{"jessie":{"fixed_version":"10.0.20-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-0385":{"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Pluggable Auth.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-4861":{"debianbug":802563,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.","releases":{"jessie":{"fixed_version":"10.0.22-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2013-1548":{"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-4858":{"debianbug":802563,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913.","releases":{"jessie":{"fixed_version":"10.0.22-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-4737":{"debianbug":792445,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-5630":{"debianbug":841049,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.","releases":{"jessie":{"fixed_version":"10.0.27-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-3452":{"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.","releases":{"jessie":{"fixed_version":"10.0.25-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-3313":{"debianbug":851233,"scope":"local","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).","releases":{"jessie":{"fixed_version":"10.0.30-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-3318":{"debianbug":851233,"scope":"local","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).","releases":{"jessie":{"fixed_version":"10.0.29-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-3317":{"debianbug":851233,"scope":"local","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).","releases":{"jessie":{"fixed_version":"10.0.29-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-3459":{"debianbug":831844,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.","releases":{"jessie":{"fixed_version":"10.0.25-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-1555":{"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, and 5.5.29 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Partition.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-0502":{"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-3312":{"debianbug":851233,"scope":"local","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality, Integrity and Availability impacts).","releases":{"jessie":{"fixed_version":"10.0.29-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2013-1552":{"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-0499":{"debianbug":782645,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.","releases":{"jessie":{"fixed_version":"10.0.20-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-0505":{"debianbug":811428,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Options.","releases":{"jessie":{"fixed_version":"10.0.23-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-0374":{"debianbug":775881,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.","releases":{"jessie":{"fixed_version":"10.0.16-1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2014-0437":{"scope":"remote","description":"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-2761":{"debianbug":895997,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).","releases":{"jessie":{"fixed_version":"10.0.35-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-2640":{"debianbug":887477,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","releases":{"jessie":{"fixed_version":"10.0.35-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-2582":{"debianbug":792445,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.","releases":{"jessie":{"fixed_version":"10.0.20-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-3058":{"debianbug":904121,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).","releases":{"jessie":{"fixed_version":"10.0.36-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-3174":{"debianbug":911221,"scope":"local","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H).","releases":{"jessie":{"fixed_version":"10.0.37-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-3600":{"debianbug":860544,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).","releases":{"jessie":{"fixed_version":"10.0.28-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-1521":{"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Locking.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-6530":{"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to CLIENT:MYSQLDUMP.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-5626":{"debianbug":841049,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.","releases":{"jessie":{"fixed_version":"10.0.28-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5629":{"debianbug":841049,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.","releases":{"jessie":{"fixed_version":"10.0.28-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-1523":{"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Optimizer.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-15365":{"debianbug":884065,"scope":"remote","description":"sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.","releases":{"jessie":{"repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"undetermined"}}}}
{"CVE-2016-5624":{"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML.","releases":{"jessie":{"fixed_version":"10.0.28-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-0610":{"debianbug":811443,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and MariaDB before 10.0.22 and 10.1.x before 10.1.9 allows remote authenticated users to affect availability via unknown vectors related to InnoDB.","releases":{"jessie":{"fixed_version":"10.0.22-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-0616":{"debianbug":811428,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.","releases":{"jessie":{"fixed_version":"10.0.23-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-2767":{"debianbug":904121,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).","releases":{"jessie":{"fixed_version":"10.0.35-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-2766":{"debianbug":895997,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","releases":{"jessie":{"fixed_version":"10.0.35-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-1526":{"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-2573":{"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.","releases":{"jessie":{"fixed_version":"10.0.20-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-4752":{"debianbug":792445,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.","releases":{"jessie":{"fixed_version":"10.0.20-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-2771":{"debianbug":895997,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).","releases":{"jessie":{"fixed_version":"10.0.35-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2015-2571":{"debianbug":782645,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.","releases":{"jessie":{"fixed_version":"10.0.20-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-3066":{"debianbug":904121,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N).","releases":{"jessie":{"fixed_version":"10.0.36-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-0391":{"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.","releases":{"jessie":{"fixed_version":"10.0.14-2","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-4757":{"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.","releases":{"jessie":{"fixed_version":"10.0.20-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2015-4879":{"debianbug":802563,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML.","releases":{"jessie":{"fixed_version":"10.0.22-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-3064":{"debianbug":904121,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).","releases":{"jessie":{"fixed_version":"10.0.36-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-3063":{"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.60 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","releases":{"jessie":{"fixed_version":"10.0.36-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-0420":{"scope":"remote","description":"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier, and 5.6.14 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Replication.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-1532":{"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Information Schema.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-1531":{"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Privileges.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-6520":{"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-5612":{"debianbug":841049,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML.","releases":{"jessie":{"fixed_version":"10.0.27-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-0600":{"debianbug":811428,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to InnoDB.","releases":{"jessie":{"fixed_version":"10.0.23-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-0606":{"debianbug":811428,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect integrity via unknown vectors related to encryption.","releases":{"jessie":{"fixed_version":"10.0.23-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2013-3839":{"scope":"remote","description":"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier, 5.5.32 and earlier, and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-3291":{"debianbug":851233,"scope":"local","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts).","releases":{"jessie":{"fixed_version":"10.0.29-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2015-4870":{"debianbug":802563,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.","releases":{"jessie":{"fixed_version":"10.0.22-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-0609":{"debianbug":811428,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to privileges.","releases":{"jessie":{"fixed_version":"10.0.23-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-0608":{"debianbug":811428,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF.","releases":{"jessie":{"fixed_version":"10.0.23-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-3156":{"debianbug":911221,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","releases":{"jessie":{"fixed_version":"10.0.37-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-2392":{"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-2391":{"scope":"local","description":"Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-0412":{"scope":"remote","description":"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-1861":{"debianbug":706715,"scope":"remote","description":"MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-0505":{"debianbug":782645,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.","releases":{"jessie":{"fixed_version":"10.0.20-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2015-0501":{"debianbug":782645,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.","releases":{"jessie":{"fixed_version":"10.0.20-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-1506":{"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-3808":{"scope":"remote","description":"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-3805":{"scope":"remote","description":"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-2622":{"debianbug":887477,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","releases":{"jessie":{"fixed_version":"10.0.35-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-1502":{"scope":"local","description":"Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 and earlier allows local users to affect availability via unknown vectors related to Server Partition.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-3804":{"scope":"remote","description":"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-3802":{"scope":"remote","description":"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-4895":{"debianbug":802563,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.","releases":{"jessie":{"fixed_version":"10.0.22-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2013-3809":{"scope":"remote","description":"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-3282":{"debianbug":911221,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","releases":{"jessie":{"fixed_version":"10.0.37-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-6505":{"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE ENGINE.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-6507":{"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.","releases":{"jessie":{"fixed_version":"10.0.15-1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-6500":{"debianbug":770229,"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6491.","releases":{"jessie":{"fixed_version":"10.0.15-1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-3636":{"debianbug":868788,"scope":"local","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).","releases":{"jessie":{"fixed_version":"10.0.32-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-4207":{"debianbug":754940,"scope":"remote","description":"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-0402":{"scope":"remote","description":"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-0401":{"scope":"remote","description":"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-1512":{"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-1511":{"scope":"remote","description":"Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-3812":{"scope":"remote","description":"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-2755":{"debianbug":895997,"scope":"local","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).","releases":{"jessie":{"fixed_version":"10.0.35-0+deb8u1","repositories":{"jessie":"10.0.32-0+deb8u1","jessie-security":"10.0.38-0+deb8u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-2761":{"debianbug":895997,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).","releases":{"stretch":{"fixed_version":"10.1.37-0+deb9u1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-2640":{"debianbug":887477,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","releases":{"stretch":{"fixed_version":"10.1.37-0+deb9u1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-2562":{"debianbug":898444,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).","releases":{"stretch":{"fixed_version":"10.1.37-0+deb9u1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-3058":{"debianbug":904121,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).","releases":{"stretch":{"fixed_version":"10.1.37-0+deb9u1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-3251":{"debianbug":911221,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","releases":{"stretch":{"fixed_version":"10.1.37-0+deb9u1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-3174":{"debianbug":911221,"scope":"local","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H).","releases":{"stretch":{"fixed_version":"10.1.37-0+deb9u1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-3600":{"debianbug":860544,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-2614":{"debianbug":927308,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).","releases":{"stretch":{"nodsa":"Minor issue","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"low**","nodsa_reason":"","status":"open"}}}}
{"CVE-2019-2537":{"debianbug":919817,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","releases":{"stretch":{"fixed_version":"10.1.38-0+deb9u1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-3244":{"debianbug":851233,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).","releases":{"stretch":{"fixed_version":"10.1.21-1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-3243":{"debianbug":851233,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).","releases":{"stretch":{"fixed_version":"10.1.21-1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-3641":{"debianbug":868788,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","releases":{"stretch":{"fixed_version":"10.1.26-0+deb9u1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-15365":{"debianbug":884065,"scope":"remote","description":"sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.","releases":{"stretch":{"fixed_version":"10.1.37-0+deb9u1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-2767":{"debianbug":904121,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).","releases":{"stretch":{"fixed_version":"10.1.37-0+deb9u1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-2766":{"debianbug":895997,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","releases":{"stretch":{"fixed_version":"10.1.37-0+deb9u1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-2771":{"debianbug":895997,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).","releases":{"stretch":{"fixed_version":"10.1.37-0+deb9u1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-3143":{"debianbug":911221,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","releases":{"stretch":{"fixed_version":"10.1.37-0+deb9u1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-3066":{"debianbug":904121,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N).","releases":{"stretch":{"fixed_version":"10.1.37-0+deb9u1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-3064":{"debianbug":904121,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).","releases":{"stretch":{"fixed_version":"10.1.37-0+deb9u1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-6664":{"debianbug":841049,"scope":"local","description":"mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.","releases":{"stretch":{"fixed_version":"10.1.21-1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-3456":{"debianbug":860544,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","releases":{"stretch":{"fixed_version":"10.1.23-1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-3258":{"debianbug":851233,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).","releases":{"stretch":{"fixed_version":"10.1.21-1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-3063":{"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.60 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","releases":{"stretch":{"fixed_version":"10.1.37-0+deb9u1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-2503":{"debianbug":919817,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H).","releases":{"stretch":{"fixed_version":"10.1.37-0+deb9u1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-10268":{"debianbug":878398,"scope":"local","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).","releases":{"stretch":{"fixed_version":"10.1.37-0+deb9u1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-3453":{"debianbug":860544,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","releases":{"stretch":{"fixed_version":"10.1.23-1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-2817":{"debianbug":895997,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","releases":{"stretch":{"fixed_version":"10.1.37-0+deb9u1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-3653":{"debianbug":868788,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).","releases":{"stretch":{"fixed_version":"10.1.26-0+deb9u1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-2819":{"debianbug":895997,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","releases":{"stretch":{"fixed_version":"10.1.37-0+deb9u1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-3257":{"debianbug":851234,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).","releases":{"stretch":{"fixed_version":"10.1.21-1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-2627":{"debianbug":927308,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","releases":{"stretch":{"nodsa":"Minor issue","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"medium**","nodsa_reason":"","status":"open"}}}}
{"CVE-2018-2813":{"debianbug":895997,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).","releases":{"stretch":{"fixed_version":"10.1.37-0+deb9u1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-3291":{"debianbug":851233,"scope":"local","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts).","releases":{"stretch":{"fixed_version":"10.1.21-1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-2612":{"debianbug":887477,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).","releases":{"stretch":{"fixed_version":"10.1.37-0+deb9u1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-2782":{"debianbug":895997,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","releases":{"stretch":{"fixed_version":"10.1.37-0+deb9u1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-3156":{"debianbug":911221,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","releases":{"stretch":{"fixed_version":"10.1.37-0+deb9u1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-2784":{"debianbug":895997,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","releases":{"stretch":{"fixed_version":"10.1.37-0+deb9u1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-2781":{"debianbug":895997,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","releases":{"stretch":{"fixed_version":"10.1.37-0+deb9u1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-3302":{"debianbug":854713,"scope":"remote","description":"Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3.","releases":{"stretch":{"fixed_version":"10.1.23-1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-3309":{"debianbug":860544,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).","releases":{"stretch":{"fixed_version":"10.1.23-1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-3308":{"debianbug":860544,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).","releases":{"stretch":{"fixed_version":"10.1.23-1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-10378":{"debianbug":878402,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","releases":{"stretch":{"fixed_version":"10.1.37-0+deb9u1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-3464":{"debianbug":860544,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).","releases":{"stretch":{"fixed_version":"10.1.23-1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-3265":{"debianbug":851233,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).","releases":{"stretch":{"fixed_version":"10.1.21-1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-2622":{"debianbug":887477,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","releases":{"stretch":{"fixed_version":"10.1.37-0+deb9u1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-2787":{"debianbug":895997,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).","releases":{"stretch":{"fixed_version":"10.1.37-0+deb9u1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-2665":{"debianbug":887477,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","releases":{"stretch":{"fixed_version":"10.1.37-0+deb9u1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-2668":{"debianbug":887477,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","releases":{"stretch":{"fixed_version":"10.1.37-0+deb9u1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-3282":{"debianbug":911221,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","releases":{"stretch":{"fixed_version":"10.1.37-0+deb9u1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-3313":{"debianbug":851233,"scope":"local","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).","releases":{"stretch":{"fixed_version":"10.1.23-1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-3238":{"debianbug":851233,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).","releases":{"stretch":{"fixed_version":"10.1.21-1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-3318":{"debianbug":851233,"scope":"local","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).","releases":{"stretch":{"fixed_version":"10.1.21-1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-3636":{"debianbug":868788,"scope":"local","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).","releases":{"stretch":{"fixed_version":"10.1.26-0+deb9u1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-3317":{"debianbug":851233,"scope":"local","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).","releases":{"stretch":{"fixed_version":"10.1.21-1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-3081":{"debianbug":904121,"scope":"remote","description":"Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.0 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).","releases":{"stretch":{"fixed_version":"10.1.37-0+deb9u1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-2529":{"debianbug":919817,"scope":"remote","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","releases":{"stretch":{"fixed_version":"10.1.38-0+deb9u1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-3312":{"debianbug":851233,"scope":"local","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality, Integrity and Availability impacts).","releases":{"stretch":{"fixed_version":"10.1.21-1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-2755":{"debianbug":895997,"scope":"local","description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).","releases":{"stretch":{"fixed_version":"10.1.37-0+deb9u1","repositories":{"stretch-security":"10.1.37-0+deb9u1","stretch":"10.1.38-0+deb9u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2010-0280":{"debianbug":575741,"scope":"remote","description":"Array index error in Jan Eric Kyprianidis lib3ds 1.x, as used in Google SketchUp 7.x before 7.1 M2, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted structures in a 3DS file, probably related to mesh.c.","releases":{"buster":{"fixed_version":"2.8.0-1","repositories":{"buster":"3.2.3+dfsg1-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.8.0-1","repositories":{"stretch":"3.2.3+dfsg1-2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.8.0-1","repositories":{"jessie":"3.2.1-6"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.8.0-1","repositories":{"sid":"3.2.3+dfsg1-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-2217":{"debianbug":714340,"scope":"local","description":"cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/.","releases":{"buster":{"fixed_version":"0.4.1-8","repositories":{"buster":"0.7~git20150727.94664dd-5"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.4.1-8","repositories":{"stretch":"0.7~git20150727.94664dd-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.4.1-8","repositories":{"jessie":"0.4.1-15"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.4.1-8","repositories":{"sid":"0.7~git20150727.94664dd-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-3994":{"debianbug":560080,"scope":"remote","description":"Stack-based buffer overflow in the GetUID function in src-IL/src/il_dicom.c in DevIL 1.7.8 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted DICOM file.","releases":{"buster":{"fixed_version":"1.7.8-6","repositories":{"buster":"1.7.8-10"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.7.8-6","repositories":{"stretch":"1.7.8-10"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.7.8-6","repositories":{"jessie":"1.7.8-9"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.7.8-6","repositories":{"sid":"1.7.8-10"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-5262":{"debianbug":511844,"scope":"remote","description":"Multiple stack-based buffer overflows in the iGetHdrHeader function in src-IL/src/il_hdr.c in DevIL 1.7.4 allow context-dependent attackers to execute arbitrary code via a crafted Radiance RGBE file.","releases":{"buster":{"fixed_version":"1.7.5-4","repositories":{"buster":"1.7.8-10"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.7.5-4","repositories":{"stretch":"1.7.8-10"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.7.5-4","repositories":{"jessie":"1.7.8-9"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.7.5-4","repositories":{"sid":"1.7.8-10"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-2958":{"debianbug":488140,"scope":"local","description":"Race condition in (1) checkinstall 1.6.1 and (2) installwatch allows local users to overwrite arbitrary files and have other impacts via symlink and possibly other attacks on temporary working directories.","releases":{"stretch":{"fixed_version":"1.6.1-7","repositories":{"stretch":"1.6.2-4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.6.1-7","repositories":{"jessie":"1.6.2-4"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.6.1-7","repositories":{"sid":"1.6.2-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-19105":{"debianbug":928477,"scope":"remote","description":"LibreCAD 2.1.3 allows remote attackers to cause a denial of service (0x89C04589 write access violation and application crash) or possibly have unspecified other impact via a crafted file.","releases":{"buster":{"repositories":{"buster":"2.1.3-1.1"},"urgency":"medium**","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.1.2-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"2.0.4-1+deb8u1","repositories":{"jessie":"2.0.4-1","jessie-security":"2.0.4-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.1.3-1.2","repositories":{"sid":"2.1.3-1.2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-5378":{"debianbug":508942,"scope":"local","description":"arb-kill in arb 0.0.20071207.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/arb_pids_*_* temporary file.","releases":{"buster":{"fixed_version":"0.0.20071207.1-6","repositories":{"buster":"6.0.6-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.0.20071207.1-6","repositories":{"stretch":"6.0.6-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.0.20071207.1-6","repositories":{"jessie":"6.0.2-1+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.0.20071207.1-6","repositories":{"sid":"6.0.6-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-4941":{"debianbug":496396,"scope":"local","description":"arb-common 0.0.20071207.1 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/arb_fdnaml_*, (b) /tmp/arb_pids_*, (c) /tmp/arbdsmz.html, and (d) /tmp/arbdsmz.htm temporary files, related to the (1) arb_fastdnaml and (2) dszmconnect.pl scripts.","releases":{"buster":{"fixed_version":"0.0.20071207.1-5","repositories":{"buster":"6.0.6-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.0.20071207.1-5","repositories":{"stretch":"6.0.6-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.0.20071207.1-5","repositories":{"jessie":"6.0.2-1+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.0.20071207.1-5","repositories":{"sid":"6.0.6-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-1884":{"debianbug":542777,"scope":"remote","description":"Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a related issue to CVE-2009-1391.","releases":{"buster":{"fixed_version":"2.018-1","repositories":{"buster":"2.084-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.018-1","repositories":{"stretch":"2.069-1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.018-1","repositories":{"jessie":"2.066-1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.018-1","repositories":{"sid":"2.084-1"},"urgency":"medium","status":"resolved"}}}}
{"TEMP-0774439-ECBE09":{"debianbug":774439,"releases":{"buster":{"nodsa":"Minor issue","repositories":{"buster":"5.21q-6"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"5.21q-4+deb9u1"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"5.21q-1"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"sid":{"repositories":{"sid":"5.21q-6"},"urgency":"low","status":"open"}}}}
{"CVE-2015-9275":{"debianbug":774527,"scope":"remote","description":"ARC 5.21q allows directory traversal via a full pathname in an archive file.","releases":{"buster":{"fixed_version":"5.21q-6","repositories":{"buster":"5.21q-6"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"5.21q-4+deb9u1","repositories":{"stretch":"5.21q-4+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"5.21q-1"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"5.21q-6","repositories":{"sid":"5.21q-6"},"urgency":"low","status":"resolved"}}}}
{"CVE-2005-2992":{"scope":"local","description":"arc 5.21j and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different type of vulnerability than CVE-2005-2945.","releases":{"buster":{"fixed_version":"5.21m-1","repositories":{"buster":"5.21q-6"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"5.21m-1","repositories":{"stretch":"5.21q-4+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"5.21m-1","repositories":{"jessie":"5.21q-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"5.21m-1","repositories":{"sid":"5.21q-6"},"urgency":"low","status":"resolved"}}}}
{"CVE-2005-2945":{"debianbug":329053,"scope":"local","description":"arc 5.21j and earlier create temporary files with world-readable permissions, which allows local users to read sensitive information from files created by (1) arc (arc.c) or (2) marc (marc.c).","releases":{"buster":{"fixed_version":"5.21m-1","repositories":{"buster":"5.21q-6"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"5.21m-1","repositories":{"stretch":"5.21q-4+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"5.21m-1","repositories":{"jessie":"5.21q-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"5.21m-1","repositories":{"sid":"5.21q-6"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-4206":{"debianbug":719070,"scope":"remote","description":"Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) and possibly trigger memory corruption or code execution via a crafted DSA signature, which is not properly handled when performing certain bit-shifting operations during modular multiplication.","releases":{"buster":{"fixed_version":"3.7.3-1","repositories":{"buster":"3.39.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.7.3-1","repositories":{"stretch":"3.24.0-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3.7.3-1","repositories":{"jessie":"3.9.0.5-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"3.7.3-1","repositories":{"sid":"3.39.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-4207":{"debianbug":719070,"scope":"remote","description":"Buffer overflow in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) via an invalid DSA signature that is not properly handled during computation of a modular inverse and triggers the overflow during a division by zero by the bignum functionality, a different vulnerability than CVE-2013-4206.","releases":{"buster":{"fixed_version":"3.7.3-1","repositories":{"buster":"3.39.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.7.3-1","repositories":{"stretch":"3.24.0-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3.7.3-1","repositories":{"jessie":"3.9.0.5-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"3.7.3-1","repositories":{"sid":"3.39.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2019-5429":{"debianbug":928282,"scope":"remote","description":"Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacker to gain privileges via a malicious 'fzsftp' binary in the user's home directory.","releases":{"buster":{"repositories":{"buster":"3.39.0-2"},"urgency":"low","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"3.24.0-1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.9.0.5-1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"3.39.0-2"},"urgency":"low","status":"open"}}}}
{"CVE-2007-0315":{"scope":"remote","description":"Multiple buffer overflows in FileZilla before 2.2.30a allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors related to (1) Options.cpp when storing settings in the registry, and (2) the transfer queue (QueueCtrl.cpp).  NOTE: some of these details are obtained from third party information.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.39.0-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"3.24.0-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.9.0.5-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.39.0-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-4852":{"debianbug":718779,"scope":"remote","description":"Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"3.7.3-1","repositories":{"buster":"3.39.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.7.3-1","repositories":{"stretch":"3.24.0-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3.7.3-1","repositories":{"jessie":"3.9.0.5-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"3.7.3-1","repositories":{"sid":"3.39.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-2318":{"debianbug":421776,"scope":"remote","description":"Multiple format string vulnerabilities in FileZilla before 2.2.32 allow remote attackers to execute arbitrary code via format string specifiers in (1) FTP server responses or (2) data sent by an FTP server.  NOTE: some of these details are obtained from third party information.","releases":{"buster":{"fixed_version":"3.0.0~beta2-3","repositories":{"buster":"3.39.0-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.0.0~beta2-3","repositories":{"stretch":"3.24.0-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.0.0~beta2-3","repositories":{"jessie":"3.9.0.5-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.0.0~beta2-3","repositories":{"sid":"3.39.0-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-0317":{"debianbug":407683,"scope":"remote","description":"Format string vulnerability in the LogMessage function in FileZilla before 3.0.0-beta5 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted arguments.  NOTE: some of these details are obtained from third party information.","releases":{"buster":{"fixed_version":"3.0.0~beta2-3","repositories":{"buster":"3.39.0-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"3.0.0~beta2-3","repositories":{"stretch":"3.24.0-1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"3.0.0~beta2-3","repositories":{"jessie":"3.9.0.5-1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"3.0.0~beta2-3","repositories":{"sid":"3.39.0-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2013-4208":{"debianbug":719070,"scope":"local","description":"The rsa_verify function in PuTTY before 0.63 (1) does not clear sensitive process memory after use and (2) does not free certain structures containing sensitive process memory, which might allow local users to discover private RSA and DSA keys.","releases":{"buster":{"fixed_version":"3.7.3-1","repositories":{"buster":"3.39.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.7.3-1","repositories":{"stretch":"3.24.0-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3.7.3-1","repositories":{"jessie":"3.9.0.5-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"3.7.3-1","repositories":{"sid":"3.39.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2006-2403":{"scope":"remote","description":"Buffer overflow in FileZilla before 2.2.23 allows remote attackers to execute arbitrary commands via unknown attack vectors.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.39.0-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"3.24.0-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.9.0.5-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.39.0-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-7231":{"scope":"local","description":"The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log.","releases":{"buster":{"fixed_version":"0.2.0-1","repositories":{"buster":"3.36.4-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"0.2.0-1","repositories":{"stretch":"3.16.0-2"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"0.2.0-1","repositories":{"jessie":"0.2.0-1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"0.2.0-1","repositories":{"sid":"3.36.4-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2007-1558":{"scope":"remote","description":"The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions.  NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.","releases":{"buster":{"fixed_version":"0.8.2-1","repositories":{"buster":"0.8.6-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0.8.2-1","repositories":{"stretch":"0.8.6-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0.8.2-1","repositories":{"jessie":"0.8.3-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0.8.2-1","repositories":{"sid":"0.8.6-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-2782":{"debianbug":774015,"scope":"remote","description":"Buffer overflow in Open-source ARJ archiver 3.10.22 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ARJ archive.","releases":{"buster":{"fixed_version":"3.10.22-13","repositories":{"buster":"3.10.22-18"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.10.22-13","repositories":{"stretch":"3.10.22-15"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.10.22-13","repositories":{"jessie":"3.10.22-13"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.10.22-13","repositories":{"sid":"3.10.22-20"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2004-1027":{"scope":"remote","description":"Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.10.22-18"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"3.10.22-15"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.10.22-13"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.10.22-20"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-0556":{"debianbug":774434,"scope":"remote","description":"Open-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive.","releases":{"buster":{"fixed_version":"3.10.22-13","repositories":{"buster":"3.10.22-18"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.10.22-13","repositories":{"stretch":"3.10.22-15"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3.10.22-13","repositories":{"jessie":"3.10.22-13"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"3.10.22-13","repositories":{"sid":"3.10.22-20"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-0557":{"debianbug":774435,"scope":"remote","description":"Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive.","releases":{"buster":{"fixed_version":"3.10.22-13","repositories":{"buster":"3.10.22-18"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.10.22-13","repositories":{"stretch":"3.10.22-15"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3.10.22-13","repositories":{"jessie":"3.10.22-13"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"3.10.22-13","repositories":{"sid":"3.10.22-20"},"urgency":"low","status":"resolved"}}}}
{"CVE-2004-0947":{"scope":"remote","description":"Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.10.22-18"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"3.10.22-15"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.10.22-13"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.10.22-20"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-10539":{"scope":"remote","description":"negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for \"Accept-Language\", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string.","releases":{"buster":{"fixed_version":"0.6.1-1","repositories":{"buster":"0.6.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"0.4.8-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"0.4.8-1"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"0.6.1-1","repositories":{"sid":"0.6.1-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-1000022":{"releases":{"buster":{"fixed_version":"0.6.1-1","repositories":{"buster":"0.6.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"0.4.8-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"0.4.8-1"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"0.6.1-1","repositories":{"sid":"0.6.1-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-6610":{"scope":"remote","description":"clientcommands in Nexuiz before 2.2.1 has unknown impact and remote attack vectors related to \"remote console command injection.\"","releases":{"buster":{"fixed_version":"2.2.1-1","repositories":{"buster":"2.5.2+dp-7"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.2.1-1","repositories":{"stretch":"2.5.2+dp-4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.2.1-1","repositories":{"jessie":"2.5.2+dp-3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.2.1-1","repositories":{"sid":"2.5.2+dp-7"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-0657":{"scope":"remote","description":"Unspecified vulnerability in Nexuiz 2.2.2 allows remote attackers to read and overwrite arbitrary files via the gamedir command.","releases":{"buster":{"fixed_version":"2.2.3-1","repositories":{"buster":"2.5.2+dp-7"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.2.3-1","repositories":{"stretch":"2.5.2+dp-4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.2.3-1","repositories":{"jessie":"2.5.2+dp-3"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.2.3-1","repositories":{"sid":"2.5.2+dp-7"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2006-6609":{"scope":"remote","description":"Nexuiz before 2.2.1 allows remote attackers to cause a denial of service (resource exhaustion or crash) via unspecified vectors related to \"fake players.\" NOTE: some of these details are obtained from third party information.","releases":{"buster":{"fixed_version":"2.2.1-1","repositories":{"buster":"2.5.2+dp-7"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.2.1-1","repositories":{"stretch":"2.5.2+dp-4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.2.1-1","repositories":{"jessie":"2.5.2+dp-3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.2.1-1","repositories":{"sid":"2.5.2+dp-7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-0926":{"scope":"remote","description":"Buffer overflow in Sylpheed before 1.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attachments with MIME-encoded file names.","releases":{"buster":{"fixed_version":"1.0.4-1","repositories":{"buster":"3.7.0-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.4-1","repositories":{"stretch":"3.5.1-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.4-1","repositories":{"jessie":"3.5.0~beta1~r3426-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.4-1","repositories":{"sid":"3.7.0-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-2958":{"debianbug":441854,"scope":"remote","description":"Format string vulnerability in the inc_put_error function in src/inc.c in Sylpheed 2.4.4, and Sylpheed-Claws (Claws Mail) 1.9.100 and 2.10.0, allows remote POP3 servers to execute arbitrary code via format string specifiers in crafted replies.","releases":{"buster":{"fixed_version":"2.4.5-1","repositories":{"buster":"3.7.0-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.4.5-1","repositories":{"stretch":"3.5.1-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.4.5-1","repositories":{"jessie":"3.5.0~beta1~r3426-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.4.5-1","repositories":{"sid":"3.7.0-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2005-3354":{"debianbug":338434,"scope":"remote","description":"Stack-based buffer overflow in the ldif_get_line function in ldif.c of Sylpheed before 2.1.6 allows user-assisted attackers to execute arbitrary code by having local users import LDIF files with long lines.","releases":{"buster":{"fixed_version":"2.0.4-1","repositories":{"buster":"3.7.0-4"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.0.4-1","repositories":{"stretch":"3.5.1-2"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.0.4-1","repositories":{"jessie":"3.5.0~beta1~r3426-1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.0.4-1","repositories":{"sid":"3.7.0-4"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2007-1267":{"scope":"remote","description":"Sylpheed 2.2.7 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Sylpheed from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.","releases":{"buster":{"repositories":{"buster":"3.7.0-4"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.5.1-2"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.5.0~beta1~r3426-1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.7.0-4"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2006-2920":{"debianbug":372889,"scope":"remote","description":"Sylpheed-Claws before 2.2.2 and Sylpheed before 2.2.6 allow remote attackers to bypass the URI check functionality and makes it easier to conduct phishing attacks via a URI that begins with a space character.","releases":{"buster":{"fixed_version":"2.2.6-1","repositories":{"buster":"3.7.0-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.2.6-1","repositories":{"stretch":"3.5.1-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.2.6-1","repositories":{"jessie":"3.5.0~beta1~r3426-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.2.6-1","repositories":{"sid":"3.7.0-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2005-0667":{"scope":"remote","description":"Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are not properly handled when the user replies to the message.","releases":{"buster":{"fixed_version":"1.0.3-1","repositories":{"buster":"3.7.0-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.3-1","repositories":{"stretch":"3.5.1-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.3-1","repositories":{"jessie":"3.5.0~beta1~r3426-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.3-1","repositories":{"sid":"3.7.0-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-17517":{"scope":"remote","description":"libsylph/utils.c in Sylpheed through 3.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.","releases":{"buster":{"repositories":{"buster":"3.7.0-4"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.5.1-2"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.5.0~beta1~r3426-1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.7.0-4"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-10537":{"scope":"remote","description":"backbone is a module that adds in structure to a JavaScript heavy application through key-value pairs and custom events connecting to your RESTful API through JSON There exists a potential Cross Site Scripting vulnerability in the `Model#Escape` function of backbone 0.3.3 and earlier, if a user is able to supply input. This is due to the regex that's replacing things to miss the conversion of things such as `<` to `<`.","releases":{"buster":{"fixed_version":"0.5.3-1","repositories":{"buster":"1.3.3~dfsg-5"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"0.5.3-1","repositories":{"stretch":"1.3.3~dfsg-1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"0.5.3-1","repositories":{"jessie":"0.9.10-3"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"0.5.3-1","repositories":{"sid":"1.3.3~dfsg-5"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-5330":{"debianbug":850874,"scope":"remote","description":"ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications.","releases":{"buster":{"fixed_version":"4:16.08.3-2","repositories":{"buster":"4:18.08.3-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4:16.08.3-2","repositories":{"stretch":"4:16.08.3-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4:4.14.2-2+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"4:16.08.3-2","repositories":{"sid":"4:18.08.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-4890":{"debianbug":628843,"releases":{"buster":{"fixed_version":"1.7.4p4","repositories":{"buster":"1.8.27-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.7.4p4","repositories":{"stretch":"1.8.19p1-2.1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.7.4p4","repositories":{"jessie":"1.8.10p3-1+deb8u5","jessie-security":"1.8.10p3-1+deb8u4"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.7.4p4","repositories":{"sid":"1.8.27-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2005-4158":{"debianbug":342948,"scope":"local","description":"Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script.","releases":{"buster":{"fixed_version":"1.6.8p12-1","repositories":{"buster":"1.8.27-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.6.8p12-1","repositories":{"stretch":"1.8.19p1-2.1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.6.8p12-1","repositories":{"jessie":"1.8.10p3-1+deb8u5","jessie-security":"1.8.10p3-1+deb8u4"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.6.8p12-1","repositories":{"sid":"1.8.27-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2011-0010":{"debianbug":609641,"scope":"local","description":"check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command.","releases":{"buster":{"fixed_version":"1.7.4p4-6","repositories":{"buster":"1.8.27-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.7.4p4-6","repositories":{"stretch":"1.8.19p1-2.1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.7.4p4-6","repositories":{"jessie":"1.8.10p3-1+deb8u5","jessie-security":"1.8.10p3-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.7.4p4-6","repositories":{"sid":"1.8.27-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-3067":{"scope":"local","description":"sudo in SUSE openSUSE 10.3 does not clear the stdin buffer when password entry times out, which might allow local users to obtain a password by reading stdin from the parent process after a sudo child process exits.","releases":{"buster":{"fixed_version":"1.6.9p12-1","repositories":{"buster":"1.8.27-1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.6.9p12-1","repositories":{"stretch":"1.8.19p1-2.1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.6.9p12-1","repositories":{"jessie":"1.8.10p3-1+deb8u5","jessie-security":"1.8.10p3-1+deb8u4"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.6.9p12-1","repositories":{"sid":"1.8.27-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2013-2777":{"debianbug":701839,"scope":"local","description":"sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to the standard input, output, and error file descriptors of another terminal.  NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.","releases":{"buster":{"fixed_version":"1.8.5p2-1+nmu1","repositories":{"buster":"1.8.27-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.8.5p2-1+nmu1","repositories":{"stretch":"1.8.19p1-2.1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.8.5p2-1+nmu1","repositories":{"jessie":"1.8.10p3-1+deb8u5","jessie-security":"1.8.10p3-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.8.5p2-1+nmu1","repositories":{"sid":"1.8.27-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-2776":{"debianbug":701839,"scope":"local","description":"sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal.  NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.","releases":{"buster":{"fixed_version":"1.8.5p2-1+nmu1","repositories":{"buster":"1.8.27-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.8.5p2-1+nmu1","repositories":{"stretch":"1.8.19p1-2.1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.8.5p2-1+nmu1","repositories":{"jessie":"1.8.10p3-1+deb8u5","jessie-security":"1.8.10p3-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.8.5p2-1+nmu1","repositories":{"sid":"1.8.27-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-2959":{"scope":"local","description":"Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are.","releases":{"buster":{"fixed_version":"1.6.8p9-3","repositories":{"buster":"1.8.27-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.6.8p9-3","repositories":{"stretch":"1.8.19p1-2.1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.6.8p9-3","repositories":{"jessie":"1.8.10p3-1+deb8u5","jessie-security":"1.8.10p3-1+deb8u4"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.6.8p9-3","repositories":{"sid":"1.8.27-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2010-1163":{"debianbug":578275,"scope":"local","description":"The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for \".\", which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426.","releases":{"buster":{"fixed_version":"1.7.2p6-1","repositories":{"buster":"1.8.27-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.7.2p6-1","repositories":{"stretch":"1.8.19p1-2.1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.7.2p6-1","repositories":{"jessie":"1.8.10p3-1+deb8u5","jessie-security":"1.8.10p3-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.7.2p6-1","repositories":{"sid":"1.8.27-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-1000367":{"debianbug":863731,"scope":"local","description":"Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.","releases":{"buster":{"fixed_version":"1.8.19p1-2","repositories":{"buster":"1.8.27-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.8.19p1-2","repositories":{"stretch":"1.8.19p1-2.1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.8.10p3-1+deb8u4","repositories":{"jessie":"1.8.10p3-1+deb8u5","jessie-security":"1.8.10p3-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.8.20p1-1","repositories":{"sid":"1.8.27-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-0151":{"scope":"local","description":"sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158.","releases":{"buster":{"fixed_version":"1.6.8p12-1","repositories":{"buster":"1.8.27-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.6.8p12-1","repositories":{"stretch":"1.8.19p1-2.1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.6.8p12-1","repositories":{"jessie":"1.8.10p3-1+deb8u5","jessie-security":"1.8.10p3-1+deb8u4"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.6.8p12-1","repositories":{"sid":"1.8.27-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2009-0034":{"scope":"local","description":"parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command.","releases":{"buster":{"fixed_version":"1.6.9p17-2","repositories":{"buster":"1.8.27-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.6.9p17-2","repositories":{"stretch":"1.8.19p1-2.1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.6.9p17-2","repositories":{"jessie":"1.8.10p3-1+deb8u5","jessie-security":"1.8.10p3-1+deb8u4"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.6.9p17-2","repositories":{"sid":"1.8.27-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2004-1051":{"scope":"local","description":"sudo before 1.6.8p2 allows local users to execute arbitrary commands by using \"()\" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.","releases":{"buster":{"fixed_version":"1.6.8p3-1","repositories":{"buster":"1.8.27-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.6.8p3-1","repositories":{"stretch":"1.8.19p1-2.1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.6.8p3-1","repositories":{"jessie":"1.8.10p3-1+deb8u5","jessie-security":"1.8.10p3-1+deb8u4"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.6.8p3-1","repositories":{"sid":"1.8.27-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-1646":{"debianbug":585394,"scope":"local","description":"The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable.","releases":{"buster":{"fixed_version":"1.7.2p7-1","repositories":{"buster":"1.8.27-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.7.2p7-1","repositories":{"stretch":"1.8.19p1-2.1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.7.2p7-1","repositories":{"jessie":"1.8.10p3-1+deb8u5","jessie-security":"1.8.10p3-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.7.2p7-1","repositories":{"sid":"1.8.27-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-1000368":{"debianbug":863897,"scope":"local","description":"Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.","releases":{"buster":{"fixed_version":"1.8.19p1-2.1","repositories":{"buster":"1.8.27-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.8.19p1-2.1","repositories":{"stretch":"1.8.19p1-2.1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.8.10p3-1+deb8u5","repositories":{"jessie":"1.8.10p3-1+deb8u5","jessie-security":"1.8.10p3-1+deb8u4"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.8.20p1-1.1","repositories":{"sid":"1.8.27-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-2956":{"debianbug":595935,"scope":"local","description":"Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a \"-u root\" sequence.","releases":{"buster":{"fixed_version":"1.7.4p4-1","repositories":{"buster":"1.8.27-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.7.4p4-1","repositories":{"stretch":"1.8.19p1-2.1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.7.4p4-1","repositories":{"jessie":"1.8.10p3-1+deb8u5","jessie-security":"1.8.10p3-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.7.4p4-1","repositories":{"sid":"1.8.27-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-9680":{"debianbug":772707,"scope":"local","description":"sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives.","releases":{"buster":{"fixed_version":"1.8.12-1","repositories":{"buster":"1.8.27-1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.8.12-1","repositories":{"stretch":"1.8.19p1-2.1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.8.10p3-1+deb8u2","repositories":{"jessie":"1.8.10p3-1+deb8u5","jessie-security":"1.8.10p3-1+deb8u4"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.8.12-1","repositories":{"sid":"1.8.27-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-7076":{"debianbug":842507,"scope":"local","description":"sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges.","releases":{"buster":{"fixed_version":"1.8.18p1-1","repositories":{"buster":"1.8.27-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.8.18p1-1","repositories":{"stretch":"1.8.19p1-2.1"},"urgency":"high**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.8.10p3-1+deb8u5","jessie-security":"1.8.10p3-1+deb8u4"},"urgency":"high**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.8.18p1-1","repositories":{"sid":"1.8.27-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-3440":{"scope":"local","description":"A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.8.27-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.8.19p1-2.1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.8.10p3-1+deb8u5","jessie-security":"1.8.10p3-1+deb8u4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.8.27-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-0106":{"scope":"local","description":"Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable.","releases":{"buster":{"fixed_version":"1.8.5p2-1","repositories":{"buster":"1.8.27-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.8.5p2-1","repositories":{"stretch":"1.8.19p1-2.1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.8.5p2-1","repositories":{"jessie":"1.8.10p3-1+deb8u5","jessie-security":"1.8.10p3-1+deb8u4"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.8.5p2-1","repositories":{"sid":"1.8.27-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-8239":{"debianbug":805563,"scope":"local","description":"The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed.","releases":{"buster":{"fixed_version":"1.8.17p1-1","repositories":{"buster":"1.8.27-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.8.17p1-1","repositories":{"stretch":"1.8.19p1-2.1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.8.10p3-1+deb8u5","jessie-security":"1.8.10p3-1+deb8u4"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.8.17p1-1","repositories":{"sid":"1.8.27-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-7032":{"scope":"local","description":"sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function.","releases":{"buster":{"fixed_version":"1.8.15-1","repositories":{"buster":"1.8.27-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.8.15-1","repositories":{"stretch":"1.8.19p1-2.1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.8.10p3-1+deb8u5","jessie-security":"1.8.10p3-1+deb8u4"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.8.15-1","repositories":{"sid":"1.8.27-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-5602":{"debianbug":804149,"scope":"local","description":"sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by \"/home/*/*/file.txt.\"","releases":{"buster":{"fixed_version":"1.8.15-1.1","repositories":{"buster":"1.8.27-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.8.15-1.1","repositories":{"stretch":"1.8.19p1-2.1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.8.10p3-1+deb8u3","repositories":{"jessie":"1.8.10p3-1+deb8u5","jessie-security":"1.8.10p3-1+deb8u4"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.8.15-1.1","repositories":{"sid":"1.8.27-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-3149":{"scope":"local","description":"sudo, when linked with MIT Kerberos 5 (krb5), does not properly check whether a user can currently authenticate to Kerberos, which allows local users to gain privileges, in a manner unintended by the sudo security model, via certain KRB5_ environment variable settings.  NOTE: another researcher disputes this vulnerability, stating that the attacker must be \"a user, who can already log into your system, and can already use sudo.\"","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.8.27-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.8.19p1-2.1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.8.10p3-1+deb8u5","jessie-security":"1.8.10p3-1+deb8u4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.8.27-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2004-1689":{"scope":"local","description":"sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root privileges, which allows local users to read arbitrary files via a symlink attack on the temporary file before quitting sudoedit.","releases":{"buster":{"fixed_version":"1.6.8p3-1","repositories":{"buster":"1.8.27-1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.6.8p3-1","repositories":{"stretch":"1.8.19p1-2.1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.6.8p3-1","repositories":{"jessie":"1.8.10p3-1+deb8u5","jessie-security":"1.8.10p3-1+deb8u4"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.6.8p3-1","repositories":{"sid":"1.8.27-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-7091":{"scope":"local","description":"sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.8.27-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.8.19p1-2.1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.8.10p3-1+deb8u5","jessie-security":"1.8.10p3-1+deb8u4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.8.27-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-0008":{"scope":"local","description":"A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command.  NOTE: this vulnerability exists because of a CVE-2009-0034 regression.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.8.27-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.8.19p1-2.1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.8.10p3-1+deb8u5","jessie-security":"1.8.10p3-1+deb8u4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.8.27-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-2337":{"debianbug":673766,"scope":"local","description":"sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address.","releases":{"buster":{"fixed_version":"1.8.3p2-1.1","repositories":{"buster":"1.8.27-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.8.3p2-1.1","repositories":{"stretch":"1.8.19p1-2.1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.8.3p2-1.1","repositories":{"jessie":"1.8.10p3-1+deb8u5","jessie-security":"1.8.10p3-1+deb8u4"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.8.3p2-1.1","repositories":{"sid":"1.8.27-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-0809":{"debianbug":657985,"scope":"local","description":"Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo.","releases":{"buster":{"fixed_version":"1.8.3p2-1","repositories":{"buster":"1.8.27-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.8.3p2-1","repositories":{"stretch":"1.8.19p1-2.1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.8.3p2-1","repositories":{"jessie":"1.8.10p3-1+deb8u5","jessie-security":"1.8.10p3-1+deb8u4"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.8.3p2-1","repositories":{"sid":"1.8.27-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-1776":{"debianbug":701839,"scope":"local","description":"sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal.  NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.","releases":{"buster":{"fixed_version":"1.8.5p2-1+nmu1","repositories":{"buster":"1.8.27-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.8.5p2-1+nmu1","repositories":{"stretch":"1.8.19p1-2.1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.8.5p2-1+nmu1","repositories":{"jessie":"1.8.10p3-1+deb8u5","jessie-security":"1.8.10p3-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.8.5p2-1+nmu1","repositories":{"sid":"1.8.27-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-1775":{"debianbug":701838,"scope":"local","description":"sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.","releases":{"buster":{"fixed_version":"1.8.5p2-1+nmu1","repositories":{"buster":"1.8.27-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.8.5p2-1+nmu1","repositories":{"stretch":"1.8.19p1-2.1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.8.5p2-1+nmu1","repositories":{"jessie":"1.8.10p3-1+deb8u5","jessie-security":"1.8.10p3-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.8.5p2-1+nmu1","repositories":{"sid":"1.8.27-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-0427":{"scope":"local","description":"sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.","releases":{"buster":{"fixed_version":"1.7.0-1","repositories":{"buster":"1.8.27-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.7.0-1","repositories":{"stretch":"1.8.19p1-2.1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.7.0-1","repositories":{"jessie":"1.8.10p3-1+deb8u5","jessie-security":"1.8.10p3-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.7.0-1","repositories":{"sid":"1.8.27-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-1993":{"debianbug":315115,"scope":"local","description":"Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack.","releases":{"buster":{"fixed_version":"1.6.8p9-1","repositories":{"buster":"1.8.27-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.6.8p9-1","repositories":{"stretch":"1.8.19p1-2.1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.6.8p9-1","repositories":{"jessie":"1.8.10p3-1+deb8u5","jessie-security":"1.8.10p3-1+deb8u4"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.6.8p9-1","repositories":{"sid":"1.8.27-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2010-0426":{"debianbug":570737,"scope":"local","description":"sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory.","releases":{"buster":{"fixed_version":"1.7.2p1-1.2","repositories":{"buster":"1.8.27-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.7.2p1-1.2","repositories":{"stretch":"1.8.19p1-2.1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.7.2p1-1.2","repositories":{"jessie":"1.8.10p3-1+deb8u5","jessie-security":"1.8.10p3-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.7.2p1-1.2","repositories":{"sid":"1.8.27-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-1831":{"scope":"local","description":"** DISPUTED **  Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions, allows local users to gain privileges by using sudo to call su, then entering a blank password and hitting CTRL-C. NOTE: SuSE and multiple third-party researchers have not been able to replicate this issue, stating \"Sudo catches SIGINT and returns an empty string for the password so I don't see how this could happen unless the user's actual password was empty.\"","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.8.27-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.8.19p1-2.1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.8.10p3-1+deb8u5","jessie-security":"1.8.10p3-1+deb8u4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.8.27-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2005-1119":{"debianbug":283161,"scope":"local","description":"Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary files via a symlink attack on temporary files.","releases":{"buster":{"repositories":{"buster":"1.8.27-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"1.8.19p1-2.1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1.8.10p3-1+deb8u5","jessie-security":"1.8.10p3-1+deb8u4"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"1.8.27-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2005-0869":{"debianbug":301118,"scope":"remote","description":"phpSysInfo 2.3 allows remote attackers to obtain sensitive information via a direct request to (1) class.OpenBSD.inc.php, (2) class.NetBSD.inc.php, (3) class.FreeBSD.inc.php, (4) class.Darwin.inc.php, (5) XPath.class.php, (6) system_header.php, or (7) system_footer.php, which reveal the path in a PHP error message.","releases":{"jessie":{"fixed_version":"2.3-3","repositories":{"jessie":"3.0.17-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.3-3","repositories":{"sid":"3.2.5-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-3360":{"scope":"remote","description":"Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) sequence and a trailing null (%00) byte in the lng parameter, which will display a different error message if the file exists.","releases":{"jessie":{"repositories":{"jessie":"3.0.17-1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.2.5-3"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2003-0536":{"scope":"local","description":"Directory traversal vulnerability in phpSysInfo 2.1 and earlier allows attackers with write access to a local directory to read arbitrary files as the PHP user or cause a denial of service via .. (dot dot) sequences in the (1) template or (2) lng parameters.","releases":{"jessie":{"fixed_version":"2.1-1","repositories":{"jessie":"3.0.17-1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2.1-1","repositories":{"sid":"3.2.5-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2005-0870":{"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[template], or (4) hide_picklist parameter to system_footer.php.","releases":{"jessie":{"fixed_version":"2.3-7","repositories":{"jessie":"3.0.17-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.3-7","repositories":{"sid":"3.2.5-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-3348":{"debianbug":339079,"scope":"remote","description":"HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egroupware before 1.0.0.009, allows remote attackers to spoof web content and poison web caches via CRLF sequences in the charset parameter.","releases":{"jessie":{"fixed_version":"2.3-7","repositories":{"jessie":"3.0.17-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.3-7","repositories":{"sid":"3.2.5-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-3347":{"debianbug":339079,"scope":"remote","description":"Multiple directory traversal vulnerabilities in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egrouwpware before 1.0.0.009, allow remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) sensor_program parameter or the (2) _SERVER[HTTP_ACCEPT_LANGUAGE] parameter, which overwrites an internal variable, a variant of CVE-2003-0536.  NOTE: due to a typo in an advisory, an issue in osh was inadvertently linked to this identifier; the proper identifier for the osh issue is CVE-2005-3346.","releases":{"jessie":{"fixed_version":"2.3-7","repositories":{"jessie":"3.0.17-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.3-7","repositories":{"sid":"3.2.5-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-4048":{"debianbug":435935,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo 2.5.4-dev and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.","releases":{"jessie":{"fixed_version":"2.5.1-6.1","repositories":{"jessie":"3.0.17-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.5.1-6.1","repositories":{"sid":"3.2.5-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-8123":{"debianbug":771768,"scope":"remote","description":"Buffer overflow in the bGetPPS function in wordole.c in Antiword 0.37 allows remote attackers to cause a denial of service (crash) via a crafted document.","releases":{"buster":{"fixed_version":"0.37-5","repositories":{"buster":"0.37-14"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.37-5","repositories":{"stretch":"0.37-11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.37-5","repositories":{"jessie":"0.37-10"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.37-5","repositories":{"sid":"0.37-14"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-3126":{"scope":"local","description":"The (1) kantiword (kantiword.sh) and (2) gantiword (gantiword.sh) scripts in antiword 0.35 and earlier allow local users to overwrite arbitrary files via a symlink attack on temporary (a) output and (b) error files.","releases":{"buster":{"fixed_version":"0.35-2","repositories":{"buster":"0.37-14"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.35-2","repositories":{"stretch":"0.37-11"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.35-2","repositories":{"jessie":"0.37-10"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.35-2","repositories":{"sid":"0.37-14"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-0583":{"debianbug":522416,"scope":"remote","description":"Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain \"native color space,\" related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.","releases":{"buster":{"fixed_version":"1.0.3-2","repositories":{"buster":"2.0.1+repack-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0.3-2","repositories":{"stretch":"1.9.2+repack-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.0.3-2","repositories":{"jessie":"1.6.3-4"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0.3-2","repositories":{"sid":"2.0.1+repack-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-0792":{"debianbug":523472,"scope":"remote","description":"Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain \"native color space,\" related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.  NOTE: this issue exists because of an incomplete fix for CVE-2009-0583.","releases":{"buster":{"fixed_version":"1.0.3-3","repositories":{"buster":"2.0.1+repack-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.0.3-3","repositories":{"stretch":"1.9.2+repack-1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.0.3-3","repositories":{"jessie":"1.6.3-4"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.0.3-3","repositories":{"sid":"2.0.1+repack-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2009-0584":{"debianbug":522416,"scope":"remote","description":"icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.","releases":{"buster":{"fixed_version":"1.0.3-2","repositories":{"buster":"2.0.1+repack-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0.3-2","repositories":{"stretch":"1.9.2+repack-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.0.3-2","repositories":{"jessie":"1.6.3-4"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0.3-2","repositories":{"sid":"2.0.1+repack-1"},"urgency":"high**","status":"resolved"}}}}
{"TEMP-0000000-425714":{"releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.0.1+repack-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.9.2+repack-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.6.3-4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.0.1+repack-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-4405":{"debianbug":687274,"scope":"remote","description":"Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow.  NOTE: this issue is also described as an array index error.","releases":{"buster":{"fixed_version":"1.4.0-7","repositories":{"buster":"2.0.1+repack-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.4.0-7","repositories":{"stretch":"1.9.2+repack-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.4.0-7","repositories":{"jessie":"1.6.3-4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.4.0-7","repositories":{"sid":"2.0.1+repack-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-1616":{"scope":"remote","description":"Use-after-free vulnerability in icclib before 2.13, as used by Argyll CMS before 1.4 and possibly other programs, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted ICC profile file.","releases":{"buster":{"fixed_version":"1.4.0-1","repositories":{"buster":"2.0.1+repack-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.4.0-1","repositories":{"stretch":"1.9.2+repack-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.4.0-1","repositories":{"jessie":"1.6.3-4"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.4.0-1","repositories":{"sid":"2.0.1+repack-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-3254":{"scope":"remote","description":"The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service (infinite recursion) via vectors involving the skip function.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"0.9.1-2.1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.9.1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-5397":{"debianbug":894577,"scope":"remote","description":"The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0.","releases":{"stretch":{"repositories":{"stretch":"0.9.1-2.1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"0.9.1-2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2018-10058":{"debianbug":900929,"scope":"remote","description":"The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the addpool, failover-only, poolquota, and save command handlers.","releases":{"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"4.7.0+dfsg-2"},"urgency":"medium**","nodsa_reason":"","status":"open"}}}}
{"CVE-2018-10057":{"debianbug":900929,"scope":"remote","description":"The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner configuration file to arbitrary locations on the server due to missing basedir restrictions (absolute directory traversal).","releases":{"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"4.7.0+dfsg-2"},"urgency":"medium**","nodsa_reason":"","status":"open"}}}}
{"CVE-2002-0740":{"scope":"local","description":"Buffer overflow in slrnpull for the SLRN package, when installed setuid or setgid, allows local users to gain privileges via a long -d (SPOOLDIR) argument.","releases":{"buster":{"fixed_version":"0.9.6.2-9","repositories":{"buster":"1.0.3+dfsg-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.9.6.2-9","repositories":{"stretch":"1.0.3+dfsg-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.9.6.2-9","repositories":{"jessie":"1.0.2-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.9.6.2-9","repositories":{"sid":"1.0.3+dfsg-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-6927":{"scope":"local","description":"vzctl before 4.9.4 determines the virtual environment (VE) layout based on the presence of root.hdd/DiskDescriptor.xml in the VE private directory, which allows local simfs container (CT) root users to change the root password for arbitrary ploop containers, as demonstrated by a symlink attack on the ploop container root.hdd file and then access a control panel.","releases":{"buster":{"fixed_version":"4.9.4-1","repositories":{"buster":"4.9.4-6"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.9.4-1","repositories":{"stretch":"4.9.4-3"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.8-1+deb8u2","repositories":{"jessie":"4.8-1+deb8u2","jessie-security":"4.8-1+deb8u2"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.9.4-1","repositories":{"sid":"4.9.4-6"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2004-0453":{"scope":"local","description":"Format string vulnerability in the monitor \"memory dump\" command in VICE 1.6 to 1.14 allows local users to cause a denial of service (emulator crash) and possibly execute arbitrary code via format string specifiers in an output string.","releases":{"buster":{"fixed_version":"1.14-2","repositories":{"buster":"3.3.0.dfsg-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.14-2","repositories":{"stretch":"3.0.0.dfsg-2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.14-2","repositories":{"jessie":"2.4.dfsg+2.4.9-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.14-2","repositories":{"sid":"3.3.0.dfsg-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-9862":{"scope":"local","description":"Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted patch file.","releases":{"buster":{"fixed_version":"4.3-17","repositories":{"buster":"4.3-21"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.3-17","repositories":{"stretch":"4.3-19"},"urgency":"high**","status":"resolved"},"jessie":{"nodsa":"Minor issue; can be fixed via point release","repositories":{"jessie":"4.3-15"},"urgency":"high**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"4.3-17","repositories":{"sid":"4.3-21"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2005-3146":{"debianbug":332434,"scope":"local","description":"StoreBackup before 1.19 allows local users to perform unauthorized operations on arbitrary files via a symlink attack on temporary files.","releases":{"buster":{"fixed_version":"1.19-2","repositories":{"buster":"3.2.1-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.19-2","repositories":{"stretch":"3.2.1-1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.19-2","repositories":{"jessie":"3.2.1-1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.19-2","repositories":{"sid":"3.2.1-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2005-3148":{"debianbug":332434,"scope":"local","description":"StoreBackup before 1.19 does not properly set the uid and guid for symbolic links (1) that are backed up by storeBackup.pl, or (2) recovered by storeBackupRecover.pl, which could cause files to be restored with incorrect ownership.","releases":{"buster":{"fixed_version":"1.19-1","repositories":{"buster":"3.2.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.19-1","repositories":{"stretch":"3.2.1-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.19-1","repositories":{"jessie":"3.2.1-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.19-1","repositories":{"sid":"3.2.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-3147":{"debianbug":332434,"scope":"local","description":"StoreBackup before 1.19 creates the backup root with world-readable permissions, which allows local users to obtain sensitive information.","releases":{"buster":{"fixed_version":"1.19-1","repositories":{"buster":"3.2.1-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.19-1","repositories":{"stretch":"3.2.1-1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.19-1","repositories":{"jessie":"3.2.1-1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.19-1","repositories":{"sid":"3.2.1-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2013-7402":{"scope":"remote","description":"Multiple unspecified vulnerabilities in request.c in c-icap 0.2.x allow remote attackers to cause a denial of service (crash) via a crafted ICAP request.","releases":{"buster":{"fixed_version":"1:0.3.1-1","repositories":{"buster":"1:0.5.3-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:0.3.1-1","repositories":{"stretch":"1:0.4.4-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:0.3.1-1","repositories":{"jessie":"1:0.3.4-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:0.3.1-1","repositories":{"sid":"1:0.5.3-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-7401":{"scope":"remote","description":"The parse_request function in request.c in c-icap 0.2.x allows remote attackers to cause a denial of service (crash) via a URI without a \" \" or \"?\" character in an ICAP request, as demonstrated by use of the OPTIONS method.","releases":{"buster":{"fixed_version":"1:0.3.1-1","repositories":{"buster":"1:0.5.3-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:0.3.1-1","repositories":{"stretch":"1:0.4.4-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:0.3.1-1","repositories":{"jessie":"1:0.3.4-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:0.3.1-1","repositories":{"sid":"1:0.5.3-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7557":{"debianbug":872854,"scope":"remote","description":"dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack.","releases":{"buster":{"fixed_version":"1.2.0-1","repositories":{"buster":"1.3.3-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.1.0-2+deb9u1","repositories":{"stretch":"1.1.0-2+deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.2.0-1","repositories":{"sid":"1.3.3-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-7069":{"debianbug":872854,"scope":"remote","description":"An issue has been found in dnsdist before 1.2.0 in the way EDNS0 OPT records are handled when parsing responses from a backend. When dnsdist is configured to add EDNS Client Subnet to a query, the response may contain an EDNS0 OPT record that has to be removed before forwarding the response to the initial client. On a 32-bit system, the pointer arithmetic used when parsing the received response to remove that record might trigger an undefined behavior leading to a crash.","releases":{"buster":{"fixed_version":"1.2.0-1","repositories":{"buster":"1.3.3-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.1.0-2+deb9u1","repositories":{"stretch":"1.1.0-2+deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.2.0-1","repositories":{"sid":"1.3.3-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-14663":{"debianbug":913231,"scope":"remote","description":"An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the addition of a record by dnsdist, for example an OPT record when adding EDNS Client Subnet, might result in the trailing data being smuggled to the backend as a valid record while not seen by dnsdist. This is an issue when dnsdist is deployed as a DNS Firewall and used to filter some records that should not be received by the backend. This issue occurs only when either the 'useClientSubnet' or the experimental 'addXPF' parameters are used when declaring a new backend.","releases":{"buster":{"fixed_version":"1.3.3-1","repositories":{"buster":"1.3.3-3"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.1.0-2+deb9u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.3.3-1","repositories":{"sid":"1.3.3-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2000-1219":{"scope":"remote","description":"The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not handle all types of integer overflows, which may leave applications vulnerable to vulnerabilities related to overflows.","releases":{"buster":{"fixed_version":"1:3.3.4-1","repositories":{"buster":"1:3.3.6ds1-30"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:3.3.4-1","repositories":{"stretch":"1:3.3.6ds1-28"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:3.3.4-1","repositories":{"jessie":"1:3.3.6ds1-27.2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:3.3.4-1","repositories":{"sid":"1:3.3.6ds1-30"},"urgency":"high**","status":"resolved"}}}}
{"TEMP-0000000-D75F8B":{"releases":{"buster":{"fixed_version":"0","repositories":{"buster":"8.4.3+dfsg1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"3.6.6-4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"8.4.4+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-11065":{"debianbug":926923,"scope":"remote","description":"Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site.","releases":{"buster":{"nodsa":"Minor issue","repositories":{"buster":"4.4.1-5"},"urgency":"medium**","nodsa_reason":"","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"3.2.1-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.5-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"4.4.1-5"},"urgency":"medium**","status":"open"}}}}
{"CVE-2016-6199":{"scope":"remote","description":"ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object.","releases":{"buster":{"fixed_version":"2.13-1","repositories":{"buster":"4.4.1-5"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.13-1","repositories":{"stretch":"3.2.1-1"},"urgency":"high**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.5-2"},"urgency":"high**","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"2.13-1","repositories":{"sid":"4.4.1-5"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-1000066":{"scope":"remote","description":"The entry details view function in KeePass version 1.32 inadvertently decrypts certain database entries into memory, which may result in the disclosure of sensitive information.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.41+dfsg-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.35+dfsg-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.28+dfsg-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.41+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-5196":{"scope":"local","description":"Untrusted search path vulnerability in KeePass Password Safe before 2.13 allows local users to gain privileges via a Trojan horse DwmApi.dll file in the current working directory, as demonstrated by a directory that contains a .kdbx file.  NOTE: some of these details are obtained from third party information.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.41+dfsg-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.35+dfsg-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.28+dfsg-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.41+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-5119":{"scope":"remote","description":"The automatic update feature in KeePass 2.33 and earlier allows man-in-the-middle attackers to execute arbitrary code by spoofing the version check response and supplying a crafted update.","releases":{"buster":{"fixed_version":"2.18+dfsg-1","repositories":{"buster":"2.41+dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.18+dfsg-1","repositories":{"stretch":"2.35+dfsg-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.18+dfsg-1","repositories":{"jessie":"2.28+dfsg-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.18+dfsg-1","repositories":{"sid":"2.41+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-4433":{"debianbug":692435,"scope":"remote","description":"Multiple integer overflows in operations/external/ppm-load.c in GEGL (Generic Graphics Library) 0.2.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a large (1) width or (2) height value in a Portable Pixel Map (ppm) image, which triggers a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"0.2.0-2+nmu1","repositories":{"buster":"0.4.12-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.2.0-2+nmu1","repositories":{"stretch":"0.3.8-4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.2.0-2+nmu1","repositories":{"jessie":"0.2.0-7"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.2.0-2+nmu1","repositories":{"sid":"0.4.14-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-10114":{"scope":"remote","description":"An issue was discovered in GEGL through 0.3.32. The gegl_buffer_iterate_read_simple function in buffer/gegl-buffer-access.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PPM file, related to improper restrictions on memory allocation in the ppm_load_read_header function in operations/external/ppm-load.c.","releases":{"buster":{"fixed_version":"0.3.34-1","repositories":{"buster":"0.4.12-2"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.3.8-4"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.2.0-7"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.3.34-1","repositories":{"sid":"0.4.14-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-10113":{"scope":"remote","description":"An issue was discovered in GEGL through 0.3.32. The process function in operations/external/ppm-load.c has unbounded memory allocation, leading to a denial of service (application crash) upon allocation failure.","releases":{"buster":{"fixed_version":"0.3.34-1","repositories":{"buster":"0.4.12-2"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.3.8-4"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.2.0-7"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.3.34-1","repositories":{"sid":"0.4.14-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-10112":{"scope":"remote","description":"An issue was discovered in GEGL through 0.3.32. The gegl_tile_backend_swap_constructed function in buffer/gegl-tile-backend-swap.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PNG file that is mishandled during a call to the babl_format_get_bytes_per_pixel function in babl-format.c in babl 0.1.46.","releases":{"buster":{"nodsa":"Minor issue, architectual limitation","repositories":{"buster":"0.4.12-2"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"stretch":{"nodsa":"Minor issue, architectual limitation","repositories":{"stretch":"0.3.8-4"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.2.0-7"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"0.4.14-1"},"urgency":"low","status":"open"}}}}
{"CVE-2018-10111":{"scope":"remote","description":"An issue was discovered in GEGL through 0.3.32. The render_rectangle function in process/gegl-processor.c has unbounded memory allocation, leading to a denial of service (application crash) upon allocation failure.","releases":{"buster":{"nodsa":"Minor issue, architectual limitation","repositories":{"buster":"0.4.12-2"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"stretch":{"nodsa":"Minor issue, architectual limitation","repositories":{"stretch":"0.3.8-4"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.2.0-7"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"0.4.14-1"},"urgency":"low","status":"open"}}}}
{"CVE-2007-2423":{"debianbug":422408,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in index.php in MoinMoin 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the do parameter in an AttachFile action, a different vulnerability than CVE-2007-0857.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.","releases":{"buster":{"fixed_version":"1.5.7-3","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.5.7-3","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.5.7-3","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.5.7-3","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2014-4037":{"debianbug":752873,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor before 2.6.11 and earlier allows remote attackers to inject arbitrary web script or HTML via an array key in the textinputs[] parameter, a different issue than CVE-2012-4000.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2004-0708":{"scope":"remote","description":"MoinMoin 1.2.1 and earlier allows remote attackers to gain privileges by creating a user with the same name as an existing group that has higher privileges.","releases":{"buster":{"fixed_version":"1.2.2","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.2.2","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.2.2","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.2.2","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-6081":{"debianbug":696948,"scope":"remote","description":"Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as exploited in the wild in July 2012.","releases":{"buster":{"fixed_version":"1.9.5-3","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.9.5-3","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.9.5-3","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.9.5-3","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-6082":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in the rsslink function in theme/__init__.py in MoinMoin 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the page name in a rss link.","releases":{"buster":{"fixed_version":"1.9.5-2","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.9.5-2","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.9.5-2","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.9.5-2","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0000000-B2D490":{"releases":{"buster":{"fixed_version":"1.8.4-1","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.8.4-1","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.8.4-1","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.8.4-1","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-6080":{"debianbug":696949,"scope":"remote","description":"Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a file name.","releases":{"buster":{"fixed_version":"1.9.5-4","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.9.5-4","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.9.5-4","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.9.5-4","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-0717":{"scope":"remote","description":"The default configuration of cfg.packagepages_actions_excluded in MoinMoin before 1.8.7 does not prevent unsafe package actions, which has unspecified impact and attack vectors.","releases":{"buster":{"fixed_version":"1.9.0~rc2-1","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.9.0~rc2-1","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.9.0~rc2-1","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.9.0~rc2-1","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-6548":{"scope":"remote","description":"The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not check the ACL of an included page, which allows attackers to read unauthorized include files via unknown vectors.","releases":{"buster":{"fixed_version":"1.6.2-1","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.6.2-1","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.6.2-1","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.6.2-1","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-1099":{"scope":"remote","description":"_macro_Getval in wikimacro.py in MoinMoin 1.5.8 and earlier does not properly enforce ACLs, which allows remote attackers to read protected pages.","releases":{"buster":{"fixed_version":"1.5.8-5.1","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.5.8-5.1","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.5.8-5.1","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.5.8-5.1","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-1098":{"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) certain input processed by formatter/text_gedit.py (aka the gui editor formatter); (2) a page name, which triggers an injection in PageEditor.py when the page is successfully deleted by a victim in a DeletePage action; or (3) the destination page name for a RenamePage action, which triggers an injection in PageEditor.py when a victim's rename attempt fails because of a duplicate name.  NOTE: the AttachFile XSS issue is already covered by CVE-2008-0781, and the login XSS issue is already covered by CVE-2008-0780.","releases":{"buster":{"fixed_version":"1.5.8-5.1","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.5.8-5.1","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.5.8-5.1","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.5.8-5.1","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-2324":{"debianbug":536051,"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to inject arbitrary web script or HTML via components in the samples (aka _samples) directory.","releases":{"buster":{"fixed_version":"1.8.2-2","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.8.2-2","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.8.2-2","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.8.2-2","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0533673-74CBB6":{"debianbug":533673,"releases":{"buster":{"fixed_version":"1.8.4-1","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.8.4-1","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1.8.4-1","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.8.4-1","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-6549":{"scope":"remote","description":"The password_checker function in config/multiconfig.py in MoinMoin 1.6.1 uses the cracklib and python-crack features even though they are not thread-safe, which allows remote attackers to cause a denial of service (segmentation fault and crash) via unknown vectors.","releases":{"buster":{"fixed_version":"1.6.2-1","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.6.2-1","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.6.2-1","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.6.2-1","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-5567":{"scope":"remote","description":"PHP remote file inclusion vulnerability in _lib/fckeditor/upload_config.php in Galmeta Post 0.11 allows remote attackers to execute arbitrary PHP code via a URL in the DDS parameter.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-0260":{"debianbug":513158,"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or (2) the drawing parameter (aka the basename variable).","releases":{"buster":{"fixed_version":"1.8.1-1.1","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.8.1-1.1","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.8.1-1.1","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.8.1-1.1","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-1937":{"scope":"remote","description":"The user form processing (userform.py) in MoinMoin before 1.6.3, when using ACLs or a non-empty superusers list, does not properly manage users, which allows remote attackers to gain privileges.","releases":{"buster":{"fixed_version":"1.6.3-1","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.6.3-1","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.6.3-1","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.6.3-1","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-6495":{"scope":"remote","description":"Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors.  NOTE: this can be leveraged with CVE-2012-6081 to execute arbitrary code.","releases":{"buster":{"fixed_version":"1.9.5-3","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.9.5-3","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.9.5-3","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.9.5-3","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-0828":{"debianbug":575995,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI.","releases":{"buster":{"fixed_version":"1.9.2-3","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.9.2-3","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.9.2-3","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.9.2-3","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-0901":{"debianbug":411084,"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in Info pages in MoinMoin 1.5.7 allow remote attackers to inject arbitrary web script or HTML via the (1) hitcounts and (2) general parameters, different vectors than CVE-2007-0857.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.","releases":{"buster":{"fixed_version":"1.5","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.5","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.5","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.5","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2012-4404":{"scope":"remote","description":"security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as \"All,\" \"Known,\" or \"Trusted,\" which allows remote authenticated users with virtual group membership to be treated as a member of the group.","releases":{"buster":{"fixed_version":"1.9.4-8","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.9.4-8","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.9.4-8","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.9.4-8","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-0902":{"scope":"remote","description":"Unspecified vulnerability in the \"Show debugging information\" feature in MoinMoin 1.5.7 allows remote attackers to obtain sensitive information.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.","releases":{"buster":{"repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-7148":{"debianbug":844341,"scope":"remote","description":"MoinMoin 1.9.8 allows remote attackers to conduct \"JavaScript injection\" attacks by using the \"page creation\" approach, related to a \"Cross Site Scripting (XSS)\" issue affecting the action=AttachFile (via page name) component.","releases":{"buster":{"fixed_version":"1.9.9-1","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.9.9-1","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.9.8-1+deb8u1","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.9.9-1","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-0658":{"scope":"remote","description":"Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt.","releases":{"buster":{"fixed_version":"1.5.8-4.1","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.5.8-4.1","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.5.8-4.1","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.5.8-4.1","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-7146":{"debianbug":844340,"scope":"remote","description":"MoinMoin 1.9.8 allows remote attackers to conduct \"JavaScript injection\" attacks by using the \"page creation or crafted URL\" approach, related to a \"Cross Site Scripting (XSS)\" issue affecting the action=fckdialog&dialog=attachment (via page name) component.","releases":{"buster":{"fixed_version":"1.9.9-1","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.9.9-1","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.9.8-1+deb8u1","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.9.9-1","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-3381":{"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in macro/AdvancedSearch.py in moin (and MoinMoin) 1.6.3 and 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.","releases":{"buster":{"fixed_version":"1.7.1-1","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.7.1-1","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.7.1-1","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.7.1-1","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"low","status":"resolved"}}}}
{"TEMP-0000000-8648E9":{"releases":{"buster":{"fixed_version":"1.5.3-1","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"1.5.3-1","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"1.5.3-1","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"1.5.3-1","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2010-2970":{"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/SlideShow.py, (2) action/anywikidraw.py, and (3) action/language_setup.py, a similar issue to CVE-2010-2487.","releases":{"buster":{"fixed_version":"1.9.3-1","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.9.3-1","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.9.3-1","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.9.3-1","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-1482":{"debianbug":526594,"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260.","releases":{"buster":{"fixed_version":"1.8.3-1","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.8.3-1","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.8.3-1","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.8.3-1","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-0312":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in the antispam feature (security/antispam.py) in MoinMoin 1.7 and 1.8.1 allows remote attackers to inject arbitrary web script or HTML via crafted, disallowed content.","releases":{"buster":{"fixed_version":"1.8.1-1.1","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.8.1-1.1","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.8.1-1.1","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.8.1-1.1","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"low","status":"resolved"}}}}
{"TEMP-0526594-48E4C2":{"debianbug":526594,"releases":{"buster":{"fixed_version":"1.8.3-1","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.8.3-1","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.8.3-1","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.8.3-1","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-5156":{"debianbug":444928,"scope":"remote","description":"Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains \".php.\" and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.","releases":{"buster":{"fixed_version":"1.5.8-4.1","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.5.8-4.1","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1.5.8-4.1","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.5.8-4.1","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2004-1463":{"scope":"remote","description":"Unknown vulnerability in the PageEditor in MoinMoin 1.2.2 and earlier, related to Access Control Lists (ACL), has unknown impact.","releases":{"buster":{"fixed_version":"1.2.3-1","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.2.3-1","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.2.3-1","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.2.3-1","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-0857":{"debianbug":410338,"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin before 1.5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the page info, or the page name in a (2) AttachFile, (3) RenamePage, or (4) LocalSiteMap action.","releases":{"buster":{"fixed_version":"1.5.3-1.2","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.5.3-1.2","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.5.3-1.2","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.5.3-1.2","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2008-6603":{"scope":"remote","description":"MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability than CVE-2008-1937.","releases":{"buster":{"fixed_version":"1.7.1-1","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.7.1-1","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.7.1-1","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.7.1-1","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-2637":{"scope":"remote","description":"MoinMoin before 20070507 does not properly enforce ACLs for calendars and includes, which allows remote attackers to read certain pages via unspecified vectors.","releases":{"buster":{"fixed_version":"1.5.7-2","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.5.7-2","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.5.7-2","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.5.7-2","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-9119":{"debianbug":844338,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","releases":{"buster":{"fixed_version":"1.9.9-1","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.9.9-1","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.9.8-1+deb8u1","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.9.9-1","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5934":{"debianbug":910776,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","releases":{"buster":{"fixed_version":"1.9.9-1+deb9u1","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.9.9-1+deb9u1","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.9.8-1+deb8u2","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.9.9-1+deb9u1","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-0781":{"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) message, (2) pagename, and (3) target filenames.","releases":{"buster":{"fixed_version":"1.5.8-5.1","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.5.8-5.1","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.5.8-5.1","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.5.8-5.1","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-0782":{"scope":"remote","description":"Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the MOIN_ID user ID in a cookie for a userform action.  NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter.","releases":{"buster":{"fixed_version":"1.5.8-5.1","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.5.8-5.1","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.5.8-5.1","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.5.8-5.1","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-0780":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in MoinMoin 1.5.x through 1.5.8 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the login action.","releases":{"buster":{"fixed_version":"1.5.8-5.1","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.5.8-5.1","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.5.8-5.1","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.5.8-5.1","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-1058":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser in parser/text_rst.py in MoinMoin before 1.9.3, when docutils is installed or when \"format rst\" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refuri attribute.  NOTE: some of these details are obtained from third party information.","releases":{"buster":{"fixed_version":"1.9.3-3","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.9.3-3","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.9.3-3","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.9.3-3","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2010-2487":{"debianbug":584809,"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) Page.py, (2) PageEditor.py, (3) PageGraphicalEditor.py, (4) action/CopyPage.py, (5) action/Load.py, (6) action/RenamePage.py, (7) action/backup.py, (8) action/login.py, (9) action/newaccount.py, and (10) action/recoverpass.py.","releases":{"buster":{"fixed_version":"1.9.3-1","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.9.3-1","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.9.3-1","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.9.3-1","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-2265":{"debianbug":536051,"scope":"remote","description":"Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.","releases":{"buster":{"fixed_version":"1.8.2-2","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.8.2-2","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.8.2-2","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.8.2-2","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-4762":{"debianbug":569975,"scope":"remote","description":"MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603.","releases":{"buster":{"fixed_version":"1.9.2-1","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.9.2-1","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.9.2-1","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.9.2-1","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2010-2969":{"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, and 1.9.x before 1.9.3, allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/LikePages.py, (2) action/chart.py, and (3) action/userprofile.py, a similar issue to CVE-2010-2487.","releases":{"buster":{"fixed_version":"1.9.3-1","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.9.3-1","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.9.3-1","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.9.3-1","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-0669":{"debianbug":569975,"scope":"remote","description":"MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly sanitize user profiles, which has unspecified impact and attack vectors.","releases":{"buster":{"fixed_version":"1.9.2-1","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.9.2-1","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.9.2-1","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.9.2-1","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-0667":{"scope":"remote","description":"MoinMoin 1.9 before 1.9.1 does not perform the expected clearing of the sys.argv array in situations where the GATEWAY_INTERFACE environment variable is set, which allows remote attackers to obtain sensitive information via unspecified vectors.","releases":{"buster":{"fixed_version":"1.9.1-1","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.9.1-1","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.9.1-1","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.9.1-1","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-3163":{"debianbug":429204,"scope":"remote","description":"Incomplete blacklist vulnerability in the filemanager in Frederico Caldeira Knabben FCKeditor 2.4.2 allows remote attackers to upload arbitrary .php files via an alternate data stream syntax, as demonstrated by .php::$DATA filenames, a related issue to CVE-2006-0658.","releases":{"buster":{"fixed_version":"1.5.8-4.1","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.5.8-4.1","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1.5.8-4.1","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.5.8-4.1","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-0668":{"debianbug":569975,"scope":"remote","description":"Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x before 1.8.7, and 1.9.x before 1.9.2 has unknown impact and attack vectors, related to configurations that have a non-empty superuser list, the xmlrpc action enabled, the SyncPages action enabled, or OpenID configured.","releases":{"buster":{"fixed_version":"1.9.2-1","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.9.2-1","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.9.2-1","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.9.2-1","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2004-1462":{"scope":"remote","description":"Unknown vulnerability in MoinMoin 1.2.2 and earlier allows remote attackers to gain unauthorized access to administrator functions such as (1) revert and (2) delete.","releases":{"buster":{"fixed_version":"1.2.3-1","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.2.3-1","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.2.3-1","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.2.3-1","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-2630":{"scope":"remote","description":"Incomplete blacklist vulnerability in filemanager/browser/default/connectors/php/config.php in the FCKeditor module, as used in ActiveCampaign 1-2-All (aka 12All) 4.50 through 4.53.13, and possibly other products, allows remote authenticated administrators to upload and possibly execute .php4 and .php5 files via unspecified vectors.  NOTE: this issue is reachable through filemanager/browser/default/browser.html.","releases":{"buster":{"fixed_version":"1.5.8-4.1","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.5.8-4.1","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1.5.8-4.1","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.5.8-4.1","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-1238":{"debianbug":575995,"scope":"remote","description":"MoinMoin 1.7.1 allows remote attackers to bypass the textcha protection mechanism by modifying the textcha-question and textcha-answer fields to have empty values.","releases":{"buster":{"fixed_version":"1.9.2-3","repositories":{"buster":"1.9.9-1+deb9u1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.9.2-3","repositories":{"stretch-security":"1.9.9-1+deb9u1","stretch":"1.9.9-1+deb9u1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.9.2-3","repositories":{"jessie":"1.9.8-1+deb8u1","jessie-security":"1.9.8-1+deb8u2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.9.2-3","repositories":{"sid":"1.9.9-1+deb9u1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2007-4135":{"debianbug":442935,"scope":"local","description":"The NFSv4 ID mapper (nfsidmap) before 0.17 does not properly handle return values from the getpwnam_r function when performing a username lookup, which can cause it to report a file as being owned by \"root\" instead of \"nobody\" if the file exists on the server but not on the client.","releases":{"buster":{"fixed_version":"0.18-0","repositories":{"buster":"0.25-5.1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.18-0","repositories":{"stretch":"0.25-5.1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.18-0","repositories":{"jessie":"0.25-5"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.18-0","repositories":{"sid":"0.25-5.1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-17516":{"scope":"remote","description":"scripts/inspect_webbrowser.py in Reddit Terminal Viewer (RTV) 1.19.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.","releases":{"buster":{"repositories":{"buster":"1.25.1+dfsg-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"1.14.1+dfsg-1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"1.25.1+dfsg-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2010-5109":{"debianbug":705468,"scope":"remote","description":"Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's TNEF Stream Reader allows remote attackers to cause a denial of service (crash) via a crafted TNEF file, which triggers a buffer overflow.","releases":{"buster":{"fixed_version":"3.11.1-2","repositories":{"buster":"3.17.3-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.11.1-2","repositories":{"stretch":"3.14.1-3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.11.1-2","repositories":{"jessie":"3.11.1-3+deb8u1","jessie-security":"3.11.1-3+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.11.1-2","repositories":{"sid":"3.17.3-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8614":{"scope":"remote","description":"Multiple stack-based buffer overflows in the (1) conv_jistoeuc, (2) conv_euctojis, and (3) conv_sjistoeuc functions in codeconv.c in Claws Mail before 3.13.1 allow remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion.","releases":{"buster":{"fixed_version":"3.13.1-1","repositories":{"buster":"3.17.3-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.13.1-1","repositories":{"stretch":"3.14.1-3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.11.1-3+deb8u1","repositories":{"jessie":"3.11.1-3+deb8u1","jessie-security":"3.11.1-3+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.13.1-1","repositories":{"sid":"3.17.3-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-6208":{"debianbug":454089,"scope":"local","description":"sylprint.pl in claws mail tools (claws-mail-tools) allows local users to overwrite arbitrary files via a symlink attack on the sylprint.[USER].[PID] temporary file.","releases":{"buster":{"fixed_version":"3.1.0-2","repositories":{"buster":"3.17.3-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.1.0-2","repositories":{"stretch":"3.14.1-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3.1.0-2","repositories":{"jessie":"3.11.1-3+deb8u1","jessie-security":"3.11.1-3+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"3.1.0-2","repositories":{"sid":"3.17.3-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-8708":{"debianbug":811048,"scope":"remote","description":"Stack-based buffer overflow in the conv_euctojis function in codeconv.c in Claws Mail 3.13.1 allows remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8614.","releases":{"buster":{"fixed_version":"3.13.1-1.1","repositories":{"buster":"3.17.3-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.13.1-1.1","repositories":{"stretch":"3.14.1-3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.11.1-3+deb8u1","jessie-security":"3.11.1-3+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"3.13.1-1.1","repositories":{"sid":"3.17.3-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-1558":{"scope":"remote","description":"The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions.  NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.","releases":{"buster":{"fixed_version":"2.9.1-1","repositories":{"buster":"3.17.3-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.9.1-1","repositories":{"stretch":"3.14.1-3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.9.1-1","repositories":{"jessie":"3.11.1-3+deb8u1","jessie-security":"3.11.1-3+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.9.1-1","repositories":{"sid":"3.17.3-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-2576":{"debianbug":742695,"scope":"remote","description":"plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks.","releases":{"buster":{"fixed_version":"3.10.1-1","repositories":{"buster":"3.17.3-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.10.1-1","repositories":{"stretch":"3.14.1-3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.10.1-1","repositories":{"jessie":"3.11.1-3+deb8u1","jessie-security":"3.11.1-3+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.10.1-1","repositories":{"sid":"3.17.3-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-4507":{"debianbug":690151,"scope":"remote","description":"The strchr function in procmime.c in Claws Mail (aka claws-mail) 3.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted email.","releases":{"buster":{"fixed_version":"3.8.1-2","repositories":{"buster":"3.17.3-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.8.1-2","repositories":{"stretch":"3.14.1-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3.8.1-2","repositories":{"jessie":"3.11.1-3+deb8u1","jessie-security":"3.11.1-3+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"3.8.1-2","repositories":{"sid":"3.17.3-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2019-10735":{"debianbug":926705,"scope":"remote","description":"In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.","releases":{"buster":{"nodsa":"Revisit when fixed upstream","repositories":{"buster":"3.17.3-2"},"urgency":"low","nodsa_reason":"postponed","status":"open"},"stretch":{"nodsa":"Revisit when fixed upstream","repositories":{"stretch":"3.14.1-3"},"urgency":"low","nodsa_reason":"postponed","status":"open"},"jessie":{"repositories":{"jessie":"3.11.1-3+deb8u1","jessie-security":"3.11.1-3+deb8u1"},"urgency":"low","status":"open"},"sid":{"repositories":{"sid":"3.17.3-2"},"urgency":"low","status":"open"}}}}
{"CVE-2010-4661":{"releases":{"jessie":{"fixed_version":"1.0.3-1","repositories":{"jessie":"1.0.5-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2010-0746":{"scope":"local","description":"Directory traversal vulnerability in DeviceKit-disks in DeviceKit, as used in Fedora 11 and 12 and possibly other operating systems, allows local users to gain privileges via .. (dot dot) sequences in the label for a pluggable storage device.","releases":{"jessie":{"fixed_version":"1.0.0~git20100212.aae17d9-1","repositories":{"jessie":"1.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-0004":{"scope":"local","description":"Stack-based buffer overflow in udisks before 1.0.5 and 2.x before 2.1.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long mount point.","releases":{"jessie":{"fixed_version":"1.0.5-1","repositories":{"jessie":"1.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-1149":{"debianbug":576687,"scope":"local","description":"probers/udisks-dm-export.c in udisks before 1.0.1 exports UDISKS_DM_TARGETS_PARAMS information to udev even for a crypt UDISKS_DM_TARGETS_TYPE, which allows local users to discover encryption keys by (1) running a certain udevadm command or (2) reading a certain file under /dev/.udev/db/.","releases":{"jessie":{"fixed_version":"1.0.1-1","repositories":{"jessie":"1.0.5-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2007-6306":{"debianbug":456148,"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart area.","releases":{"buster":{"fixed_version":"1.0.9-1","repositories":{"buster":"1.0.19-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.0.9-1","repositories":{"stretch":"1.0.19-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.0.9-1","repositories":{"jessie":"1.0.13-7"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.0.9-1","repositories":{"sid":"1.0.19-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-17515":{"scope":"remote","description":"** DISPUTED ** etc/ObjectList in Metview 4.7.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has indicated that the code to access this environment variable is not enabled in the shipped product.","releases":{"buster":{"repositories":{"buster":"5.3.0-2"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"4.8.0-4"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"4.4.8+dfsg.1-8"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"5.3.0-2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-8714":{"debianbug":857466,"scope":"remote","description":"An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3.3.0. A specially crafted R script can cause a buffer overflow resulting in a memory corruption. An attacker can send a malicious R script to trigger this vulnerability.","releases":{"buster":{"fixed_version":"3.3.3-1","repositories":{"buster":"3.5.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.3.3-1","repositories":{"stretch":"3.3.3-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.1.1-1+deb8u1","repositories":{"jessie":"3.1.1-1+deb8u1","jessie-security":"3.1.1-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.3.3-1","repositories":{"sid":"3.6.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-3931":{"debianbug":496363,"scope":"local","description":"javareconf in R 2.7.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files.","releases":{"buster":{"fixed_version":"2.7.2-1","repositories":{"buster":"3.5.2-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.7.2-1","repositories":{"stretch":"3.3.3-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.7.2-1","repositories":{"jessie":"3.1.1-1+deb8u1","jessie-security":"3.1.1-1+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.7.2-1","repositories":{"sid":"3.6.0-2"},"urgency":"low","status":"resolved"}}}}
{"TEMP-0605160-28DAD2":{"debianbug":605150,"releases":{"buster":{"fixed_version":"0.8.5-1","repositories":{"buster":"1.7.5+dfsg-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.8.5-1","repositories":{"stretch":"1.6.11+dfsg-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.8.5-1","repositories":{"jessie":"1.4.12+dfsg-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.8.5-1","repositories":{"sid":"1.7.5+dfsg-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-20164":{"debianbug":922717,"scope":"remote","description":"An issue was discovered in regex.yaml (aka regexes.yaml) in UA-Parser UAP-Core before 0.6.0. A Regular Expression Denial of Service (ReDoS) issue allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to a value containing a long digit string. (The UAP-Core project contains the vulnerability, propagating to all implementations.)","releases":{"buster":{"fixed_version":"20190213-1","repositories":{"buster":"20190213-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"20190213-1","repositories":{"sid":"20190213-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-1161":{"debianbug":577817,"scope":"local","description":"Race condition in GNU nano before 2.2.4, when run by root to edit a file that is not owned by root, allows local user-assisted attackers to change the ownership of arbitrary files via vectors related to the creation of backup files.","releases":{"buster":{"fixed_version":"2.2.4-1","repositories":{"buster":"3.2-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.2.4-1","repositories":{"stretch":"2.7.4-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.2.4-1","repositories":{"jessie":"2.2.6-3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.2.4-1","repositories":{"sid":"3.2-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-1160":{"debianbug":577817,"scope":"local","description":"GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim.","releases":{"buster":{"fixed_version":"2.2.4-1","repositories":{"buster":"3.2-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.2.4-1","repositories":{"stretch":"2.7.4-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.2.4-1","repositories":{"jessie":"2.2.6-3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.2.4-1","repositories":{"sid":"3.2-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-8792":{"scope":"remote","description":"The KaxInternalBlock::ReadData function in libMatroska before 1.4.4 allows context-dependent attackers to obtain sensitive information from process heap memory via crafted EBML lacing, which triggers an invalid memory access.","releases":{"buster":{"fixed_version":"1.4.4-1","repositories":{"buster":"1.4.9-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.4.4-1","repositories":{"stretch":"1.4.5-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.4.1-2+deb8u1","repositories":{"jessie":"1.4.1-2+deb8u1","jessie-security":"1.4.1-2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.4.4-1","repositories":{"sid":"1.4.9-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-6271":{"debianbug":859277,"scope":"remote","description":"The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows man-in-the-middle attackers to conduct spoofing attacks by leveraging a missing HVI check on DHPart2 packet reception.","releases":{"buster":{"fixed_version":"1.0.2-1.2","repositories":{"buster":"1.0.6-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.2-1.2","repositories":{"stretch":"1.0.2-1.2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.2-1.2","repositories":{"sid":"1.0.6-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-3414":{"debianbug":681323,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the \"ExternalInterface.call\" function.","releases":{"stretch":{"fixed_version":"2.2.0.1+ds1-2","repositories":{"stretch":"2.2.0.1+ds2-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.2.0.1+ds1-2","repositories":{"jessie":"2.2.0.1+ds1-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2004-1179":{"scope":"local","description":"The debstd script in debmake 3.6.x before 3.6.10 and 3.7.x before 3.7.7 allows local users to overwrite arbitrary files via a symlink attack on temporary directories.","releases":{"buster":{"fixed_version":"3.7.7","repositories":{"buster":"4.3.1-1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"3.7.7","repositories":{"stretch":"4.2.9-1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"3.7.7","repositories":{"sid":"4.3.1-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-3760":{"debianbug":901913,"scope":"remote","description":"There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately.","releases":{"buster":{"fixed_version":"3.7.0-1.1","repositories":{"buster":"3.7.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.7.0-1+deb9u1","repositories":{"stretch-security":"3.7.0-1+deb9u1","stretch":"3.7.0-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.12.3-1+deb8u1","repositories":{"jessie":"2.12.3-1","jessie-security":"2.12.3-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.7.0-1.1","repositories":{"sid":"3.7.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-7819":{"scope":"remote","description":"Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3, 2.12.x before 2.12.3, and 3.x before 3.0.0.beta.3, as distributed with Ruby on Rails 3.x and 4.x, allow remote attackers to determine the existence of files outside the application root via a ../ (dot dot slash) sequence with (1) double slashes or (2) URL encoding.","releases":{"buster":{"fixed_version":"2.12.3-1","repositories":{"buster":"3.7.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.12.3-1","repositories":{"stretch-security":"3.7.0-1+deb9u1","stretch":"3.7.0-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.12.3-1","repositories":{"jessie":"2.12.3-1","jessie-security":"2.12.3-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.12.3-1","repositories":{"sid":"3.7.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-1994":{"scope":"remote","description":"Multiple integer overflows in X.org libchromeXvMC and libchromeXvMCPro in openChrome 0.3.2 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) uniDRIOpenConnection and (2) uniDRIGetClientDriverName functions.","releases":{"buster":{"fixed_version":"1:0.2.906-2+deb7u1","repositories":{"buster":"1:0.6.0-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:0.2.906-2+deb7u1","repositories":{"stretch":"1:0.5.0-3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:0.2.906-2+deb7u1","repositories":{"jessie":"1:0.3.3-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:0.2.906-2+deb7u1","repositories":{"sid":"1:0.6.0-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2002-1307":{"scope":"remote","description":"Cross-site scripting vulnerability (XSS) in MHonArc 2.5.12 and earlier allows remote attackers to insert script or HTML via an email message with the script in a MIME header name.","releases":{"buster":{"fixed_version":"2.5.13-1","repositories":{"buster":"2.6.19-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.5.13-1","repositories":{"stretch":"2.6.19-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.5.13-1","repositories":{"jessie":"2.6.19-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.5.13-1","repositories":{"sid":"2.6.19-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2002-0738":{"scope":"remote","description":"MHonArc 2.5.2 and earlier does not properly filter Javascript from archived e-mail messages, which could allow remote attackers to execute script in web clients by (1) splitting the SCRIPT tag into smaller pieces, (2) including the script in a SRC argument to an IMG tag, or (3) using \"&={script}\" syntax.","releases":{"buster":{"fixed_version":"2.5.11-1","repositories":{"buster":"2.6.19-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.5.11-1","repositories":{"stretch":"2.6.19-2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.5.11-1","repositories":{"jessie":"2.6.19-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.5.11-1","repositories":{"sid":"2.6.19-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-1677":{"scope":"remote","description":"MHonArc 2.6.16 allows remote attackers to cause a denial of service (CPU consumption) via start tags that are placed within other start tags, as demonstrated by a <bo<bo<bo<bo<body>dy>dy>dy>dy> sequence, a different vulnerability than CVE-2010-4524.","releases":{"buster":{"fixed_version":"2.6.18-1","repositories":{"buster":"2.6.19-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.6.18-1","repositories":{"stretch":"2.6.19-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.6.18-1","repositories":{"jessie":"2.6.19-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.6.18-1","repositories":{"sid":"2.6.19-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2002-1388":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in MHonArc before 2.5.14 allows remote attackers to inject arbitrary HTML into web archive pages via HTML mail messages.","releases":{"buster":{"fixed_version":"2.5.14-1","repositories":{"buster":"2.6.19-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.5.14-1","repositories":{"stretch":"2.6.19-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.5.14-1","repositories":{"jessie":"2.6.19-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.5.14-1","repositories":{"sid":"2.6.19-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-4524":{"debianbug":607693,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in lib/mhtxthtml.pl in MHonArc 2.6.16 allows remote attackers to inject arbitrary web script or HTML via a malformed start tag and end tag for a SCRIPT element, as demonstrated by <scr<body>ipt> and <\/scr<body>ipt> sequences.","releases":{"buster":{"fixed_version":"2.6.18-1","repositories":{"buster":"2.6.19-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.6.18-1","repositories":{"stretch":"2.6.19-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.6.18-1","repositories":{"jessie":"2.6.19-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.6.18-1","repositories":{"sid":"2.6.19-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-4223":{"debianbug":684619,"scope":"remote","description":"The Gentoo Nullmailer package before 1.11-r2 uses world-readable permissions for /etc/nullmailer/remotes, which allows local users to obtain SMTP authentication credentials by reading the file.","releases":{"buster":{"fixed_version":"1:1.11-2","repositories":{"buster":"1:2.2-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:1.11-2","repositories":{"stretch":"1:1.13-1.2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:1.11-2","repositories":{"jessie":"1:1.13-1+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:1.11-2","repositories":{"sid":"1:2.2-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2002-1313":{"scope":"local","description":"nullmailer 1.00RC5 and earlier allows local users to cause a denial of service via an email to a local user that does not exist, which generates an error that causes nullmailer to stop sending mail to all users.","releases":{"buster":{"fixed_version":"1.00RC5-17","repositories":{"buster":"1:2.2-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.00RC5-17","repositories":{"stretch":"1:1.13-1.2"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.00RC5-17","repositories":{"jessie":"1:1.13-1+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.00RC5-17","repositories":{"sid":"1:2.2-3"},"urgency":"low**","status":"resolved"}}}}
{"TEMP-0500611-22A0F0":{"debianbug":500611,"releases":{"buster":{"fixed_version":"1.50+dfsg1-1","repositories":{"buster":"1.60-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.50+dfsg1-1","repositories":{"stretch":"1.51+dfsg1-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.50+dfsg1-1","repositories":{"jessie":"1.51+dfsg1-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.50+dfsg1-1","repositories":{"sid":"1.60-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-13791":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.18.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.18.1-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.18.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7048":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.16.6-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.6-0+deb9u1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.6-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2392":{"scope":"remote","description":"An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the \"WebKit\" component. It allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app.","releases":{"buster":{"fixed_version":"2.14.6-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.6-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.6-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-13788":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.18.3-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.18.3-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.18.3-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7046":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.16.6-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.6-0+deb9u1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.6-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-13785":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.18.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.18.1-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.18.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2394":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.14.6-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.6-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.6-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2395":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.16.3-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.3-2","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.3-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2396":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.16.3-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.3-2","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.3-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-13783":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.18.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.18.1-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.18.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-13784":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.18.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.18.1-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.18.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7049":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.16.3-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.3-2","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.3-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7161":{"scope":"remote","description":"An issue was discovered in certain Apple products. Safari before 11.0.2 is affected. The issue involves the \"WebKit Web Inspector\" component. It allows remote attackers to execute arbitrary code via special characters that trigger command injection.","releases":{"buster":{"fixed_version":"2.18.6-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.18.6-1~deb9u1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.18.6-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7040":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.16.3-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.3-2","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.3-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7160":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.18.6-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.18.6-1~deb9u1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.18.6-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7165":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.18.6-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.18.6-1~deb9u1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.18.6-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7043":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.16.3-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.3-2","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.3-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7042":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.16.3-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.3-2","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.3-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7041":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.16.3-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.3-2","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.3-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4199":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.20.3-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.3-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4197":{"scope":"remote","description":"A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.","releases":{"buster":{"fixed_version":"2.22.0-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.22.0-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4191":{"scope":"remote","description":"A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.","releases":{"buster":{"fixed_version":"2.22.0-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.22.0-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4192":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a race condition.","releases":{"buster":{"fixed_version":"2.20.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4190":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch.","releases":{"buster":{"fixed_version":"2.20.3-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.3-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7059":{"scope":"remote","description":"A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit\" component.","releases":{"buster":{"fixed_version":"2.16.3-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.3-2","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.3-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7056":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.16.6-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.6-0+deb9u1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.6-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-8607":{"releases":{"buster":{"repositories":{"buster":"2.24.1-2"},"urgency":"not yet assigned","status":"open"},"stretch":{"nodsa":"Not covered by security support in stretch","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"not yet assigned","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Not covered by security support in jessie","repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"not yet assigned","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"2.24.2-1","repositories":{"sid":"2.24.2-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2017-7055":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.16.6-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.6-0+deb9u1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.6-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7052":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.16.4-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.6-0+deb9u1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.4-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4165":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.20.0-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.0-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4162":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.20.0-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.0-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4284":{"scope":"remote","description":"A type confusion issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.","releases":{"buster":{"fixed_version":"2.20.4-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.4-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4163":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.20.0-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.0-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4161":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.20.0-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.0-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-8615":{"releases":{"buster":{"repositories":{"buster":"2.24.1-2"},"urgency":"not yet assigned","status":"open"},"stretch":{"nodsa":"Not covered by security support in stretch","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"not yet assigned","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Not covered by security support in jessie","repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"not yet assigned","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"2.24.2-1","repositories":{"sid":"2.24.2-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2017-13884":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.18.6-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.18.6-1~deb9u1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.18.6-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-13885":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.18.6-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.18.6-1~deb9u1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.18.6-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7061":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.16.6-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.6-0+deb9u1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.6-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7064":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. The issue involves the \"WebKit\" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.","releases":{"buster":{"fixed_version":"2.16.6-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.6-0+deb9u1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.6-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2508":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with container nodes.","releases":{"buster":{"fixed_version":"2.16.3-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.3-2","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.3-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4299":{"scope":"remote","description":"Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.","releases":{"buster":{"fixed_version":"2.22.0-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.22.0-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-7656":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.14.3-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.3-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.3-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-8503":{"releases":{"buster":{"fixed_version":"2.24.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"nodsa":"Not covered by security support in stretch","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"not yet assigned","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Not covered by security support in jessie","repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"not yet assigned","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"2.24.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-8506":{"releases":{"buster":{"fixed_version":"2.24.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"nodsa":"Not covered by security support in stretch","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"not yet assigned","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Not covered by security support in jessie","repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"not yet assigned","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"2.24.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2016-7654":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.14.3-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.3-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.3-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2504":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with WebKit Editor commands.","releases":{"buster":{"fixed_version":"2.16.3-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.3-2","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.3-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-6201":{"releases":{"buster":{"fixed_version":"2.24.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"nodsa":"Not covered by security support in stretch","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"not yet assigned","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Not covered by security support in jessie","repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"not yet assigned","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"2.24.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2016-7652":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.14.3-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.3-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.3-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2505":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.16.3-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.3-2","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.3-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2506":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.16.3-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.3-2","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.3-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-13870":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.18.4-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.18.4-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.18.4-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2356":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.14.4-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.4-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.4-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-6215":{"scope":"remote","description":"A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.","releases":{"buster":{"fixed_version":"2.22.6-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.22.6-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-8515":{"releases":{"buster":{"fixed_version":"2.24.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"nodsa":"Not covered by security support in stretch","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"not yet assigned","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Not covered by security support in jessie","repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"not yet assigned","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"2.24.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2016-7645":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.14.3-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.3-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.3-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-6216":{"scope":"remote","description":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.","releases":{"buster":{"fixed_version":"2.22.5-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.22.5-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-7642":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.14.3-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.3-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.3-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-6217":{"scope":"remote","description":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.","releases":{"buster":{"fixed_version":"2.22.5-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.22.5-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-7640":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.14.3-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.3-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.3-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-7641":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.14.3-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.3-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.3-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-6212":{"scope":"remote","description":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.","releases":{"buster":{"fixed_version":"2.22.6-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.22.6-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2470":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.14.6-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.6-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.6-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2471":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. watchOS before 3.2 is affected. The issue involves the \"WebKit\" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code via a crafted web site.","releases":{"buster":{"fixed_version":"2.14.6-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.6-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.6-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2350":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.","releases":{"buster":{"fixed_version":"2.14.4-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.4-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.4-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-7648":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.14.3-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.3-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.3-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-8518":{"releases":{"buster":{"fixed_version":"2.24.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"nodsa":"Not covered by security support in stretch","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"not yet assigned","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Not covered by security support in jessie","repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"not yet assigned","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"2.24.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2016-7649":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.14.3-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.3-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.3-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2475":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via crafted use of frames on a web site.","releases":{"buster":{"fixed_version":"2.14.6-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.6-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.6-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7006":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to conduct a timing side-channel attack to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that uses SVG filters.","releases":{"buster":{"fixed_version":"2.16.3-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.3-2","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.3-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2354":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.14.4-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.4-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.4-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-7646":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.14.3-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.3-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.3-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2476":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.14.6-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.6-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.6-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2355":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.14.4-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.4-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.4-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4309":{"scope":"remote","description":"A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.","releases":{"buster":{"fixed_version":"2.22.0-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.22.0-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-17821":{"scope":"remote","description":"WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari Technology Preview Release 46, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact because it calls the FastBitVectorWordOwner::resizeSlow function (in WTF/wtf/FastBitVector.cpp) for a purpose other than initializing a bitvector size, and resizeSlow mishandles cases where the old array length is greater than the new array length.","releases":{"buster":{"repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2018-4306":{"scope":"remote","description":"A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.","releases":{"buster":{"fixed_version":"2.22.0-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.22.0-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7120":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.18.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.18.1-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.18.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4314":{"scope":"remote","description":"A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.","releases":{"buster":{"fixed_version":"2.22.0-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.22.0-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4311":{"scope":"remote","description":"The issue was addressed by removing origin information. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.","releases":{"buster":{"fixed_version":"2.22.0-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.22.0-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4312":{"scope":"remote","description":"A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.","releases":{"buster":{"fixed_version":"2.22.0-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.22.0-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-6226":{"scope":"remote","description":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.","releases":{"buster":{"fixed_version":"2.22.0-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.22.0-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-6227":{"scope":"remote","description":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.","releases":{"buster":{"fixed_version":"2.22.5-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.22.5-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2369":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.14.4-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.4-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.4-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-6229":{"scope":"remote","description":"A logic issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to universal cross site scripting.","releases":{"buster":{"fixed_version":"2.22.5-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.22.5-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-7632":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.14.3-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.3-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.3-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-8524":{"releases":{"buster":{"fixed_version":"2.24.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"nodsa":"Not covered by security support in stretch","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"not yet assigned","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Not covered by security support in jessie","repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"not yet assigned","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"2.24.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-8523":{"releases":{"buster":{"fixed_version":"2.24.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"nodsa":"Not covered by security support in stretch","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"not yet assigned","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Not covered by security support in jessie","repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"not yet assigned","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"2.24.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2017-2481":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.14.6-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.6-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.6-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-7639":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.14.3-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.3-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.3-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7012":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. The issue involves the \"WebKit Web Inspector\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.16.3-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.3-2","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.3-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2362":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.14.4-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.4-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.4-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7019":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit Page Loading\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.16.3-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.3-2","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.3-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2363":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.","releases":{"buster":{"fixed_version":"2.14.4-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.4-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.4-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2364":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.","releases":{"buster":{"fixed_version":"2.14.6-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.6-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.6-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7018":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.16.6-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.6-0+deb9u1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.6-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2365":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.","releases":{"buster":{"fixed_version":"2.14.4-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.4-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.4-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-7635":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.14.3-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.3-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.3-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-12911":{"scope":"remote","description":"WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write, in the get_simple_globs functions in ThirdParty/xdgmime/src/xdgmimecache.c and ThirdParty/xdgmime/src/xdgmimeglob.c.","releases":{"buster":{"fixed_version":"2.20.4-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.4-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2366":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.14.4-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.4-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.4-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4319":{"scope":"remote","description":"A cross-origin issue existed with \"iframe\" elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.","releases":{"buster":{"fixed_version":"2.22.0-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.22.0-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4438":{"scope":"remote","description":"A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.","releases":{"buster":{"fixed_version":"2.22.3-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.22.3-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4317":{"scope":"remote","description":"A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.","releases":{"buster":{"fixed_version":"2.22.0-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.22.0-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7011":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to spoof the address bar via a crafted web site that uses FRAME elements.","releases":{"buster":{"fixed_version":"2.16.3-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.3-2","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.3-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4318":{"scope":"remote","description":"A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.","releases":{"buster":{"fixed_version":"2.22.0-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.22.0-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4315":{"scope":"remote","description":"A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.","releases":{"buster":{"fixed_version":"2.22.0-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.22.0-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4316":{"scope":"remote","description":"A memory corruption issue was addressed with improved state management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.","releases":{"buster":{"fixed_version":"2.22.0-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.22.0-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4437":{"scope":"remote","description":"Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.","releases":{"buster":{"fixed_version":"2.22.5-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.22.5-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-4590":{"scope":"remote","description":"WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.","releases":{"buster":{"fixed_version":"2.12.4-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.12.4-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.12.4-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4089":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. tvOS before 11.2.5 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.18.6-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.18.6-1~deb9u1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.18.6-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4088":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on Windows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.18.6-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.18.6-1~deb9u1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.18.6-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-8536":{"releases":{"buster":{"fixed_version":"2.24.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"nodsa":"Not covered by security support in stretch","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"not yet assigned","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Not covered by security support in jessie","repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"not yet assigned","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"2.24.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2016-7623":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to obtain sensitive information via a blob URL on a web site.","releases":{"buster":{"fixed_version":"2.14.3-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.3-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.3-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-6233":{"scope":"remote","description":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.","releases":{"buster":{"fixed_version":"2.22.4-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.22.4-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-4591":{"scope":"remote","description":"WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.","releases":{"buster":{"fixed_version":"2.12.4-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.12.4-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.12.4-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-6234":{"scope":"remote","description":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.","releases":{"buster":{"fixed_version":"2.22.4-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.22.4-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-8535":{"releases":{"buster":{"fixed_version":"2.24.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"nodsa":"Not covered by security support in stretch","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"not yet assigned","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Not covered by security support in jessie","repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"not yet assigned","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"2.24.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2017-2371":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the \"WebKit\" component, which allows remote attackers to launch popups via a crafted web site.","releases":{"buster":{"fixed_version":"2.14.4-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.4-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.4-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2373":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.14.4-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.4-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.4-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2496":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.16.3-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.3-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.3-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2376":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the \"Safari\" component. It allows remote attackers to spoof the address bar by leveraging text input during the loading of a page.","releases":{"buster":{"fixed_version":"2.16.3-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.3-2","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.3-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2377":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the \"WebKit Web Inspector\" component. It allows attackers to cause a denial of service (memory corruption and application crash) by leveraging a window-close action during a debugger-pause state.","releases":{"buster":{"fixed_version":"2.14.6-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.6-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.6-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-7096":{"scope":"remote","description":"WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.","releases":{"buster":{"fixed_version":"2.10.5-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.10.5-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.10.5-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-7098":{"scope":"remote","description":"WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.","releases":{"buster":{"fixed_version":"2.10.5-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.10.5-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.10.5-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7142":{"scope":"remote","description":"An issue was discovered in certain Apple products. Safari before 11 is affected. The issue involves the \"WebKit Storage\" component. It allows attackers to bypass the Safari Private Browsing protection mechanism, and consequently obtain sensitive information about visited web sites.","releases":{"buster":{"fixed_version":"2.18.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.18.1-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.18.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7020":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.16.3-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.3-2","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.3-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-7611":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.14.3-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.3-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.3-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4096":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on Windows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.18.6-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.18.6-1~deb9u1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.18.6-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-7610":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.14.3-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.3-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.3-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-8544":{"releases":{"buster":{"fixed_version":"2.24.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"nodsa":"Not covered by security support in stretch","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"not yet assigned","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Not covered by security support in jessie","repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"not yet assigned","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"2.24.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2017-7037":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.16.6-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.6-0+deb9u1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.6-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-13798":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.18.3-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.18.3-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.18.3-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7157":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.18.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.18.1-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.18.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7156":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.18.4-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.18.4-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.18.4-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-13796":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.18.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.18.1-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.18.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-6980":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.16.3-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.3-2","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.3-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7034":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.16.6-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.6-0+deb9u1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.6-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-13794":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.18.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.18.1-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.18.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2386":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.","releases":{"buster":{"fixed_version":"2.16.3-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.3-2","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.3-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-13795":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.18.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.18.1-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.18.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-13792":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.18.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.18.1-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.18.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7039":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.16.6-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.6-0+deb9u1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.6-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-6984":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. iTunes before 12.6.1 on Windows is affected. tvOS before 10.2.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.16.3-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.3-2","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.3-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-13793":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.18.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.18.1-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.18.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7038":{"scope":"remote","description":"A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit\" component.","releases":{"buster":{"fixed_version":"2.16.3-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.6-0+deb9u1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.3-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4416":{"scope":"remote","description":"Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.","releases":{"buster":{"fixed_version":"2.22.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.22.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7153":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to spoof user-interface information (about whether the entire content is derived from a valid TLS session) via a crafted web site that sends a 401 Unauthorized redirect.","releases":{"buster":{"fixed_version":"2.18.6-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.18.6-1~deb9u1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.18.6-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7030":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.16.6-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.6-0+deb9u1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.6-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-6251":{"scope":"remote","description":"WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge.","releases":{"buster":{"fixed_version":"2.24.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Not covered by security support in stretch","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Not covered by security support in jessie","repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"2.24.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-8551":{"releases":{"buster":{"fixed_version":"2.24.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"nodsa":"Not covered by security support in stretch","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"not yet assigned","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Not covered by security support in jessie","repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"not yet assigned","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"2.24.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-4345":{"scope":"remote","description":"A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.","releases":{"buster":{"fixed_version":"2.22.3-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.22.3-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4464":{"scope":"remote","description":"Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.","releases":{"buster":{"fixed_version":"2.22.0-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.22.0-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4222":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a getWasmBufferFromValue out-of-bounds read during WebAssembly compilation.","releases":{"buster":{"fixed_version":"2.20.3-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.3-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4101":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.20.0-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.0-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-8559":{"releases":{"buster":{"fixed_version":"2.24.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"nodsa":"Not covered by security support in stretch","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"not yet assigned","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Not covered by security support in jessie","repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"not yet assigned","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"2.24.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2017-2433":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.16.3-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.3-2","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.3-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-8558":{"releases":{"buster":{"fixed_version":"2.24.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"nodsa":"Not covered by security support in stretch","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"not yet assigned","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Not covered by security support in jessie","repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"not yet assigned","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"2.24.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2016-4692":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.14.3-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.3-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.3-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-1000121":{"scope":"remote","description":"The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate message size metadata, allowing a compromised secondary process to trigger an integer overflow and subsequent buffer overflow in the UI process. This vulnerability does not affect Apple products.","releases":{"buster":{"fixed_version":"2.16.3-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.3-2","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.3-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-1000122":{"scope":"remote","description":"The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate certain message metadata, allowing a compromised secondary process to cause a denial of service (release assertion) of the UI process. This vulnerability does not affect Apple products.","releases":{"buster":{"fixed_version":"2.16.3-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.3-2","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.3-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4358":{"scope":"remote","description":"Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.","releases":{"buster":{"fixed_version":"2.22.0-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.22.0-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4113":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves a JavaScriptCore function in the \"WebKit\" component. It allows attackers to trigger an assertion failure by leveraging improper array indexing.","releases":{"buster":{"fixed_version":"2.20.0-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.0-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4114":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.20.0-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.0-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-8563":{"releases":{"buster":{"fixed_version":"2.24.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"nodsa":"Not covered by security support in stretch","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"not yet assigned","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Not covered by security support in jessie","repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"not yet assigned","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"2.24.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-4232":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to overwrite cookies via a crafted web site.","releases":{"buster":{"fixed_version":"2.20.3-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.3-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4233":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.20.3-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.3-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2445":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via crafted frame objects.","releases":{"buster":{"fixed_version":"2.16.3-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.3-2","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.3-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2446":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages the mishandling of strict mode functions.","releases":{"buster":{"fixed_version":"2.14.6-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.6-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.6-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2447":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted web site.","releases":{"buster":{"fixed_version":"2.16.3-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.3-2","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.3-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2442":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the \"WebKit JavaScript Bindings\" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.","releases":{"buster":{"fixed_version":"2.14.6-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.6-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.6-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4119":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.20.0-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.0-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4117":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the \"WebKit\" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.","releases":{"buster":{"fixed_version":"2.20.0-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.0-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4359":{"scope":"remote","description":"Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.","releases":{"buster":{"fixed_version":"2.22.0-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.22.0-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4118":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.20.0-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.0-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4204":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.4 is affected. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.20.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4443":{"scope":"remote","description":"A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.","releases":{"buster":{"fixed_version":"2.22.3-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.22.3-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4201":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.20.1-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.1-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4323":{"scope":"remote","description":"Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.","releases":{"buster":{"fixed_version":"2.22.0-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.22.0-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4441":{"scope":"remote","description":"A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.","releases":{"buster":{"fixed_version":"2.22.3-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.22.3-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4442":{"scope":"remote","description":"A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.","releases":{"buster":{"fixed_version":"2.22.3-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.22.3-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4200":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers a WebCore::jsElementScrollHeightGetter use-after-free.","releases":{"buster":{"fixed_version":"2.20.2-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.2-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2455":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.16.3-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.3-2","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.3-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2457":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.16.3-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.3-2","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.3-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7109":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the \"WebKit\" component. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via crafted web content that incorrectly interacts with the Application Cache policy.","releases":{"buster":{"fixed_version":"2.18.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.18.1-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.18.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2459":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.14.6-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.6-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.6-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-11713":{"scope":"remote","description":"WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection.","releases":{"buster":{"fixed_version":"2.20.0-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.0-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7102":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.18.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.18.1-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.18.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7100":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.18.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.18.1-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.18.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7107":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.18.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.18.1-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.18.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-11712":{"scope":"remote","description":"WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ versions 2.20.0 and 2.20.1, failed to perform TLS certificate verification for WebSocket connections.","releases":{"buster":{"fixed_version":"2.20.2-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.2-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2454":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.14.6-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.6-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.6-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7104":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.18.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.18.1-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.18.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4209":{"scope":"remote","description":"In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.","releases":{"buster":{"fixed_version":"2.22.0-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.22.0-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4328":{"scope":"remote","description":"Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.","releases":{"buster":{"fixed_version":"2.22.0-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.22.0-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-13802":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.18.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.18.1-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.18.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4207":{"scope":"remote","description":"In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.","releases":{"buster":{"fixed_version":"2.22.0-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.22.0-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-13803":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.18.3-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.18.3-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.18.3-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4208":{"scope":"remote","description":"In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.","releases":{"buster":{"fixed_version":"2.22.0-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.22.0-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4214":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to cause a denial of service (memory corruption and Safari crash) or possibly have unspecified other impact via a crafted web site.","releases":{"buster":{"fixed_version":"2.20.0-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.0-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4212":{"scope":"remote","description":"In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.","releases":{"buster":{"fixed_version":"2.22.0-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.22.0-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4213":{"scope":"remote","description":"In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.","releases":{"buster":{"fixed_version":"2.22.0-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.22.0-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4210":{"scope":"remote","description":"In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks.","releases":{"buster":{"fixed_version":"2.22.0-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.22.0-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2466":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.14.6-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.6-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.6-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2468":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.14.6-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.6-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.6-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2469":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.16.3-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.3-2","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.3-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2460":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.14.6-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.6-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.6-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7111":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.18.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.18.1-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.18.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7117":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.18.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.18.1-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.18.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2464":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.16.3-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.3-2","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.3-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2465":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.14.6-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.6-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.6-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4218":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers an @generatorState use-after-free.","releases":{"buster":{"fixed_version":"2.20.3-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.3-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-8595":{"releases":{"buster":{"repositories":{"buster":"2.24.1-2"},"urgency":"not yet assigned","status":"open"},"stretch":{"nodsa":"Not covered by security support in stretch","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"not yet assigned","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Not covered by security support in jessie","repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"not yet assigned","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"2.24.2-1","repositories":{"sid":"2.24.2-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-4146":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the \"WebKit\" component. It allows attackers to cause a denial of service (memory corruption) via a crafted web site.","releases":{"buster":{"fixed_version":"2.20.0-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.0-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4267":{"scope":"remote","description":"Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.","releases":{"buster":{"fixed_version":"2.20.4-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.4-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4386":{"scope":"remote","description":"Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.","releases":{"buster":{"fixed_version":"2.22.3-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.22.3-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7091":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.18.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.18.1-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.18.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4265":{"scope":"remote","description":"Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.","releases":{"buster":{"fixed_version":"2.20.4-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.4-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4266":{"scope":"remote","description":"A race condition was addressed with additional validation. This issue affected versions prior toiVersions prior to: OS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.","releases":{"buster":{"fixed_version":"2.20.4-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.4-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7090":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive cookie information via a custom URL scheme.","releases":{"buster":{"fixed_version":"2.18.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.18.1-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.18.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4263":{"scope":"remote","description":"Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.","releases":{"buster":{"fixed_version":"2.20.4-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.4-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4264":{"scope":"remote","description":"Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.","releases":{"buster":{"fixed_version":"2.20.4-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.4-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4382":{"scope":"remote","description":"Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.","releases":{"buster":{"fixed_version":"2.22.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.22.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2510":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with pageshow events.","releases":{"buster":{"fixed_version":"2.16.3-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.3-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.3-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4261":{"scope":"remote","description":"Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.","releases":{"buster":{"fixed_version":"2.20.4-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.4-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4262":{"scope":"remote","description":"In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, multiple memory corruption issues were addressed with improved memory handling.","releases":{"buster":{"fixed_version":"2.20.4-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.4-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2514":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.16.3-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.3-2","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.3-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2515":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.16.3-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.3-2","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.3-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7089":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the \"WebKit\" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that is mishandled during parent-tab processing.","releases":{"buster":{"fixed_version":"2.18.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.18.1-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.18.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7081":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.18.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.18.1-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.18.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7087":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.18.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.18.1-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.18.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-13866":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.18.4-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.18.4-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.18.4-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-7592":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component, which allows remote attackers to obtain sensitive information via crafted JavaScript prompts on a web site.","releases":{"buster":{"fixed_version":"2.14.3-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.3-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.3-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4278":{"scope":"remote","description":"In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking.","releases":{"buster":{"fixed_version":"2.20.4-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.4-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4272":{"scope":"remote","description":"Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.","releases":{"buster":{"fixed_version":"2.20.4-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.4-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2521":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.16.3-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.3-2","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.3-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4273":{"scope":"remote","description":"Multiple memory corruption issues were addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.","releases":{"buster":{"fixed_version":"2.20.4-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.4-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-7598":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to obtain sensitive information from process memory via a crafted web site.","releases":{"buster":{"fixed_version":"2.14.3-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.3-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.3-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4270":{"scope":"remote","description":"A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.","releases":{"buster":{"fixed_version":"2.20.4-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.4-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-7599":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that uses HTTP redirects.","releases":{"buster":{"fixed_version":"2.14.3-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.3-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.3-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4271":{"scope":"remote","description":"Multiple memory corruption issues were addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.","releases":{"buster":{"fixed_version":"2.20.2-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.2-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4392":{"scope":"remote","description":"Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.","releases":{"buster":{"fixed_version":"2.22.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.22.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2525":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.16.3-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.3-2","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.3-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2526":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.16.3-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.3-2","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.3-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2405":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the \"WebKit Web Inspector\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.16.3-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.3-2","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.3-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2528":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with cached frames.","releases":{"buster":{"fixed_version":"2.16.3-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.3-2","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.3-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7095":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.18.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.18.1-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.18.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7094":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.18.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.18.1-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.18.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7093":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.18.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.18.1-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.18.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7092":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.18.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.18.1-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.18.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7099":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.18.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.18.1-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.18.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7098":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.18.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.18.1-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.18.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-13856":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.18.4-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.18.4-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.18.4-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7096":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.18.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.18.1-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.18.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-7285":{"releases":{"buster":{"fixed_version":"2.24.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"nodsa":"Not covered by security support in stretch","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"not yet assigned","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Not covered by security support in jessie","repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"not yet assigned","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"2.24.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2017-2419":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to bypass a Content Security Policy protection mechanism via unspecified vectors.","releases":{"buster":{"fixed_version":"2.14.6-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.6-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.6-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-8375":{"scope":"remote","description":"The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or possibly have unspecified other impact, related to UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp, and UIProcess/API/gtk/WebKitWebViewGtk.cpp, as demonstrated by GNOME Web (aka Epiphany).","releases":{"buster":{"repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2018-4127":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.20.0-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.0-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-12293":{"scope":"remote","description":"The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to version 2.20.1, is vulnerable to a heap-based buffer overflow triggered by an integer overflow, which could be abused by crafted HTML content.","releases":{"buster":{"fixed_version":"2.20.3-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.3-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4125":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.20.0-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.0-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4246":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages type confusion.","releases":{"buster":{"fixed_version":"2.20.4-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.4-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-12294":{"scope":"remote","description":"WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.2, is vulnerable to a use after free for a WebCore::TextureMapperLayer object.","releases":{"buster":{"fixed_version":"2.20.2-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.2-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4122":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.20.0-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.0-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4120":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.20.0-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.0-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4121":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.20.0-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.0-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-7589":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. watchOS before 3.1.3 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.14.3-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.3-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.3-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4361":{"scope":"remote","description":"A memory consumption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.","releases":{"buster":{"fixed_version":"2.22.0-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.22.0-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-7587":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.14.3-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.3-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.3-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2536":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.16.3-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.3-2","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.3-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2415":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code by leveraging an unspecified \"type confusion.\"","releases":{"buster":{"fixed_version":"2.14.6-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.6-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.6-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-7586":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to obtain sensitive information via a crafted web site.","releases":{"buster":{"fixed_version":"2.14.3-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.3-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.3-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2538":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.16.4-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.6-0+deb9u1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.4-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2539":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.16.3-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.3-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.3-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2530":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. iCloud before 6.2.1 on Windows is affected. tvOS before 10.2.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.16.3-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.3-2","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.3-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2531":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.16.3-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.3-2","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.3-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4128":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.20.0-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.0-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4129":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.20.0-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.0-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4378":{"scope":"remote","description":"A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.","releases":{"buster":{"fixed_version":"2.22.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.22.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4133":{"scope":"remote","description":"An issue was discovered in certain Apple products. Safari before 11.1 is affected. The issue involves the \"WebKit\" component. A Safari cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted URL.","releases":{"buster":{"fixed_version":"2.20.0-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.0-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4375":{"scope":"remote","description":"Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.","releases":{"buster":{"fixed_version":"2.22.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.22.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-7292":{"releases":{"buster":{"fixed_version":"2.24.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"nodsa":"Not covered by security support in stretch","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"not yet assigned","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Not covered by security support in jessie","repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"not yet assigned","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"2.24.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-4376":{"scope":"remote","description":"Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.","releases":{"buster":{"fixed_version":"2.22.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.22.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4373":{"scope":"remote","description":"Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.","releases":{"buster":{"fixed_version":"2.22.0-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.22.0-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-4372":{"scope":"remote","description":"Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.","releases":{"buster":{"fixed_version":"2.22.4-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.22.4-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2544":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.16.3-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.3-2","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.3-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2424":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves mishandling of OpenGL shaders in the \"WebKit\" component. It allows remote attackers to obtain sensitive information from process memory via a crafted web site.","releases":{"buster":{"fixed_version":"2.16.3-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.3-2","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.3-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2547":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.16.3-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.3-2","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.3-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2549":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with frame loading.","releases":{"buster":{"fixed_version":"2.16.3-2","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.16.3-2","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.16.3-2","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-4743":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption and application crash) via a crafted web site.","releases":{"buster":{"fixed_version":"2.14.3-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.3-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14.3-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-4622":{"scope":"remote","description":"WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4623, and CVE-2016-4624.","releases":{"buster":{"fixed_version":"2.12.4-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.12.4-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.12.4-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-4624":{"scope":"remote","description":"WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4622, and CVE-2016-4623.","releases":{"buster":{"fixed_version":"2.12.4-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.12.4-1","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.12.4-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-11646":{"scope":"remote","description":"webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unset pageURL, leading to an application crash.","releases":{"buster":{"fixed_version":"2.20.3-1","repositories":{"buster":"2.24.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.20.3-1","repositories":{"sid":"2.24.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-11070":{"scope":"remote","description":"WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded.","releases":{"buster":{"fixed_version":"2.24.1-1","repositories":{"buster":"2.24.1-2"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Not covered by security support in stretch","repositories":{"stretch":"2.18.6-1~deb9u1"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Not covered by security support in jessie","repositories":{"jessie":"2.6.2+dfsg1-4"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"2.24.1-1","repositories":{"sid":"2.24.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-0283":{"debianbug":781346,"scope":"remote","description":"The slapi-nis plug-in before 0.54.2 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request for a (1) group with a large number of members or (2) user that belongs to a large number of groups.","releases":{"buster":{"fixed_version":"0.54.2-1","repositories":{"buster":"0.56.2-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.54.2-1","repositories":{"stretch":"0.56.1-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.54.2-1","repositories":{"jessie":"0.54.2-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.54.2-1","repositories":{"sid":"0.56.2-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-1000052":{"debianbug":890033,"scope":"remote","description":"fmtlib version prior to version 4.1.0 (before commit 0555cea5fc0bf890afe0071a558e44625a34ba85) contains a Memory corruption (SIGSEGV), CWE-134 vulnerability in fmt::print() library function that can result in Denial of Service. This attack appear to be exploitable via Specifying an invalid format specifier in the fmt::print() function results in a SIGSEGV (memory corruption, invalid write). This vulnerability appears to have been fixed in after commit 8cf30aa2be256eba07bb1cefb998c52326e846e7.","releases":{"buster":{"fixed_version":"5.2.1+ds-1","repositories":{"buster":"5.2.1+ds-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"5.2.1+ds-1","repositories":{"sid":"5.2.1+ds-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-0288":{"debianbug":690319,"scope":"remote","description":"nss-pam-ldapd before 0.7.18 and 0.8.x before 0.8.11 allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code by performing a name lookup on an application with a large number of open file descriptors, which triggers a stack-based buffer overflow related to incorrect use of the FD_SET macro.","releases":{"buster":{"fixed_version":"0.8.10-3","repositories":{"buster":"0.9.10-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.8.10-3","repositories":{"stretch":"0.9.7-2+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.8.10-3","repositories":{"jessie":"0.9.4-3+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.8.10-3","repositories":{"sid":"0.9.10-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-0438":{"scope":"remote","description":"nslcd/pam.c in the nss-pam-ldapd 0.8.0 PAM module returns a success code when a user is not found in LDAP, which allows remote attackers to bypass authentication.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.9.10-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"0.9.7-2+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.9.4-3+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.9.10-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-9525":{"debianbug":864466,"scope":"local","description":"In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs.","releases":{"buster":{"fixed_version":"3.0pl1-129","repositories":{"buster":"3.0pl1-133"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"3.0pl1-128+deb9u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"3.0pl1-127+deb8u2","repositories":{"jessie":"3.0pl1-127+deb8u1","jessie-security":"3.0pl1-127+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.0pl1-129","repositories":{"sid":"3.0pl1-133"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-2607":{"debianbug":85609,"scope":"local","description":"do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in /etc/security/limits.conf.","releases":{"buster":{"fixed_version":"3.0pl1-64","repositories":{"buster":"3.0pl1-133"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"3.0pl1-64","repositories":{"stretch":"3.0pl1-128+deb9u1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"3.0pl1-64","repositories":{"jessie":"3.0pl1-127+deb8u1","jessie-security":"3.0pl1-127+deb8u2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"3.0pl1-64","repositories":{"sid":"3.0pl1-133"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2011-1073":{"scope":"local","description":"crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users to (1) determine the existence of arbitrary files via a symlink attack on a /tmp/crontab.XXXXXXXXXX temporary file and (2) perform MD5 checksum comparisons on arbitrary pairs of files via two symlink attacks on /tmp/crontab.XXXXXXXXXX temporary files.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.0pl1-133"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"3.0pl1-128+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.0pl1-127+deb8u1","jessie-security":"3.0pl1-127+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.0pl1-133"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-9706":{"debianbug":809167,"scope":"local","description":"Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (use-after-free and daemon crash) because of a force_rescan_user error.","releases":{"buster":{"fixed_version":"3.0pl1-133","repositories":{"buster":"3.0pl1-133"},"urgency":"low**","status":"resolved"},"stretch":{"nodsa":"Minor issue, will be fixed via point update","repositories":{"stretch":"3.0pl1-128+deb9u1"},"urgency":"low**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"3.0pl1-127+deb8u2","repositories":{"jessie":"3.0pl1-127+deb8u1","jessie-security":"3.0pl1-127+deb8u2"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"3.0pl1-133","repositories":{"sid":"3.0pl1-133"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2007-1856":{"scope":"local","description":"Vixie Cron before 4.1-r10 on Gentoo Linux is installed with insecure permissions, which allows local users to cause a denial of service (cron failure) by creating hard links, which results in a failed st_nlink check in database.c.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.0pl1-133"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"3.0pl1-128+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.0pl1-127+deb8u1","jessie-security":"3.0pl1-127+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.0pl1-133"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-9705":{"scope":"local","description":"Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (memory consumption) via a large crontab file because an unlimited number of lines is accepted.","releases":{"buster":{"fixed_version":"3.0pl1-133","repositories":{"buster":"3.0pl1-133"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue, will be fixed via point update","repositories":{"stretch":"3.0pl1-128+deb9u1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"3.0pl1-127+deb8u2","repositories":{"jessie":"3.0pl1-127+deb8u1","jessie-security":"3.0pl1-127+deb8u2"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"3.0pl1-133","repositories":{"sid":"3.0pl1-133"},"urgency":"low","status":"resolved"}}}}
{"CVE-2019-9704":{"scope":"local","description":"Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (daemon crash) via a large crontab file because the calloc return value is not checked.","releases":{"buster":{"fixed_version":"3.0pl1-133","repositories":{"buster":"3.0pl1-133"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue, will be fixed via point update","repositories":{"stretch":"3.0pl1-128+deb9u1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"3.0pl1-127+deb8u2","repositories":{"jessie":"3.0pl1-127+deb8u1","jessie-security":"3.0pl1-127+deb8u2"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"3.0pl1-133","repositories":{"sid":"3.0pl1-133"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-1074":{"scope":"local","description":"crontab.c in crontab in FreeBSD allows local users to determine the existence of arbitrary directories via a command-line argument composed of a directory name concatenated with a directory traversal sequence that leads to the /etc/crontab pathname.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.0pl1-133"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"3.0pl1-128+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.0pl1-127+deb8u1","jessie-security":"3.0pl1-127+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.0pl1-133"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-0424":{"scope":"local","description":"The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) Vixie cron (vixie-cron) allows local users to change the modification times of arbitrary files, and consequently cause a denial of service, via a symlink attack on a temporary file in the /tmp directory.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.0pl1-133"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"3.0pl1-128+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.0pl1-127+deb8u1","jessie-security":"3.0pl1-127+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.0pl1-133"},"urgency":"unimportant","status":"resolved"}}}}
{"TEMP-0528434-FDFF92":{"debianbug":528434,"releases":{"buster":{"fixed_version":"3.0pl1-106","repositories":{"buster":"3.0pl1-133"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.0pl1-106","repositories":{"stretch":"3.0pl1-128+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3.0pl1-106","repositories":{"jessie":"3.0pl1-127+deb8u1","jessie-security":"3.0pl1-127+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"3.0pl1-106","repositories":{"sid":"3.0pl1-133"},"urgency":"low","status":"resolved"}}}}
{"CVE-2004-1295":{"scope":"local","description":"The slip_down function in slip.c for the uml_net program in uml-utilities 20030903, when uml_net is installed setuid root, does not verify whether the calling user has sufficient permission to disable an interface, which allows local users to cause a denial of service (network service disabled).","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"20070815.2-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"20070815.1-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"20070815-1.4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"20070815.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-1000637":{"debianbug":902936,"scope":"remote","description":"zutils version prior to version 1.8-pre2 contains a Buffer Overflow vulnerability in zcat that can result in Potential denial of service or arbitrary code execution. This attack appear to be exploitable via the victim openning a crafted compressed file. This vulnerability appears to have been fixed in 1.8-pre2.","releases":{"buster":{"fixed_version":"1.7-3","repositories":{"buster":"1.8-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.5-5+deb9u1","repositories":{"stretch":"1.5-5+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.3-4+deb8u1","repositories":{"jessie":"1.3-4","jessie-security":"1.3-4+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.7-3","repositories":{"sid":"1.8-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-0686":{"debianbug":298621,"scope":"remote","description":"Integer overflow in mlterm 2.5.0 through 2.9.1, with gdk-pixbuf support enabled, allows remote attackers to execute arbitrary code via a large image file that is used as a background.","releases":{"buster":{"fixed_version":"2.9.2","repositories":{"buster":"3.8.6-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.9.2","repositories":{"stretch":"3.5.0-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.9.2","repositories":{"jessie":"3.3.8-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.9.2","repositories":{"sid":"3.8.6-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-1888":{"debianbug":441233,"scope":"remote","description":"Buffer overflow in the sqlite_decode_binary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter.  NOTE: some PHP installations use a bundled version of sqlite without this vulnerability.  The SQLite developer has argued that this issue could be due to a misuse of the sqlite_decode_binary() API.","releases":{"buster":{"fixed_version":"2.8.17-2.1","repositories":{"buster":"2.8.17-15"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.8.17-2.1","repositories":{"stretch":"2.8.17-14"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.8.17-2.1","repositories":{"jessie":"2.8.17-12"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.8.17-2.1","repositories":{"sid":"2.8.17-15"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-2575":{"debianbug":482853,"scope":"remote","description":"cbrPager before 0.9.17 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a (1) ZIP (aka .cbz) or (2) RAR (aka .cbr) archive filename.","releases":{"stretch":{"fixed_version":"0.9.17-1","repositories":{"stretch":"0.9.22-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.9.17-1","repositories":{"jessie":"0.9.22-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-6802":{"scope":"remote","description":"An issue was discovered in ytnef before 1.9.2. There is a potential heap-based buffer over-read on incoming Compressed RTF Streams, related to DecompressRTF() in libytnef.","releases":{"buster":{"fixed_version":"1.9.2-1","repositories":{"buster":"1.9.3-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.9.2-1","repositories":{"stretch":"1.9.2-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.5-6+deb8u1","repositories":{"jessie":"1.5-6+deb8u1","jessie-security":"1.5-6+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.9.2-1","repositories":{"sid":"1.9.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-12141":{"debianbug":870815,"scope":"remote","description":"In ytnef 1.9.2, a heap-based buffer overflow vulnerability was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file.","releases":{"buster":{"fixed_version":"1.9.3-1","repositories":{"buster":"1.9.3-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.9.2-2"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.5-6+deb8u1","jessie-security":"1.5-6+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.9.3-1","repositories":{"sid":"1.9.3-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-6800":{"scope":"remote","description":"An issue was discovered in ytnef before 1.9.2. An invalid memory access (heap-based buffer over-read) can occur during handling of LONG data types, related to MAPIPrint() in libytnef.","releases":{"buster":{"fixed_version":"1.9.2-1","repositories":{"buster":"1.9.3-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.9.2-1","repositories":{"stretch":"1.9.2-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.5-6+deb8u1","repositories":{"jessie":"1.5-6+deb8u1","jessie-security":"1.5-6+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.9.2-1","repositories":{"sid":"1.9.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6305":{"scope":"remote","description":"An issue was discovered in ytnef before 1.9.1. This is related to a patch described as \"8 of 9. Out of Bounds read and write.\"","releases":{"buster":{"fixed_version":"1.9.1-1","repositories":{"buster":"1.9.3-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.9.1-1","repositories":{"stretch":"1.9.2-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.5-6+deb8u1","repositories":{"jessie":"1.5-6+deb8u1","jessie-security":"1.5-6+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.9.1-1","repositories":{"sid":"1.9.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6801":{"scope":"remote","description":"An issue was discovered in ytnef before 1.9.2. There is a potential out-of-bounds access with fields of Size 0 in TNEFParse() in libytnef.","releases":{"buster":{"fixed_version":"1.9.2-1","repositories":{"buster":"1.9.3-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.9.2-1","repositories":{"stretch":"1.9.2-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.5-6+deb8u1","repositories":{"jessie":"1.5-6+deb8u1","jessie-security":"1.5-6+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.9.2-1","repositories":{"sid":"1.9.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6306":{"scope":"remote","description":"An issue was discovered in ytnef before 1.9.1. This is related to a patch described as \"9 of 9. Directory Traversal using the filename; SanitizeFilename function in settings.c.\"","releases":{"buster":{"fixed_version":"1.9.1-1","repositories":{"buster":"1.9.3-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.9.1-1","repositories":{"stretch":"1.9.2-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.5-6+deb8u1","repositories":{"jessie":"1.5-6+deb8u1","jessie-security":"1.5-6+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.9.1-1","repositories":{"sid":"1.9.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6299":{"scope":"remote","description":"An issue was discovered in ytnef before 1.9.1. This is related to a patch described as \"2 of 9. Infinite Loop / DoS in the TNEFFillMapi function in lib/ytnef.c.\"","releases":{"buster":{"fixed_version":"1.9.1-1","repositories":{"buster":"1.9.3-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.9.1-1","repositories":{"stretch":"1.9.2-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.5-6+deb8u1","repositories":{"jessie":"1.5-6+deb8u1","jessie-security":"1.5-6+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.9.1-1","repositories":{"sid":"1.9.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6300":{"scope":"remote","description":"An issue was discovered in ytnef before 1.9.1. This is related to a patch described as \"3 of 9. Buffer Overflow in version field in lib/tnef-types.h.\"","releases":{"buster":{"fixed_version":"1.9.1-1","repositories":{"buster":"1.9.3-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.9.1-1","repositories":{"stretch":"1.9.2-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.5-6+deb8u1","repositories":{"jessie":"1.5-6+deb8u1","jessie-security":"1.5-6+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.9.1-1","repositories":{"sid":"1.9.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-5109":{"debianbug":705468,"scope":"remote","description":"Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's TNEF Stream Reader allows remote attackers to cause a denial of service (crash) via a crafted TNEF file, which triggers a buffer overflow.","releases":{"buster":{"fixed_version":"1.5-5","repositories":{"buster":"1.9.3-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.5-5","repositories":{"stretch":"1.9.2-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.5-5","repositories":{"jessie":"1.5-6+deb8u1","jessie-security":"1.5-6+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.5-5","repositories":{"sid":"1.9.3-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-6298":{"scope":"remote","description":"An issue was discovered in ytnef before 1.9.1. This is related to a patch described as \"1 of 9. Null Pointer Deref / calloc return value not checked.\"","releases":{"buster":{"fixed_version":"1.9.1-1","repositories":{"buster":"1.9.3-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.9.1-1","repositories":{"stretch":"1.9.2-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.5-6+deb8u1","repositories":{"jessie":"1.5-6+deb8u1","jessie-security":"1.5-6+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.9.1-1","repositories":{"sid":"1.9.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6303":{"scope":"remote","description":"An issue was discovered in ytnef before 1.9.1. This is related to a patch described as \"6 of 9. Invalid Write and Integer Overflow.\"","releases":{"buster":{"fixed_version":"1.9.1-1","repositories":{"buster":"1.9.3-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.9.1-1","repositories":{"stretch":"1.9.2-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.5-6+deb8u1","repositories":{"jessie":"1.5-6+deb8u1","jessie-security":"1.5-6+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.9.1-1","repositories":{"sid":"1.9.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-12144":{"debianbug":870817,"scope":"remote","description":"In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file.","releases":{"buster":{"fixed_version":"1.9.3-1","repositories":{"buster":"1.9.3-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.9.2-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.5-6+deb8u1","jessie-security":"1.5-6+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.9.3-1","repositories":{"sid":"1.9.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-9058":{"debianbug":862556,"scope":"remote","description":"In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due to incorrect boundary checking in the SIZECHECK macro in lib/ytnef.c.","releases":{"buster":{"fixed_version":"1.9.2-2","repositories":{"buster":"1.9.3-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.9.2-2","repositories":{"stretch":"1.9.2-2"},"urgency":"low","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.5-6+deb8u1","jessie-security":"1.5-6+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.9.2-2","repositories":{"sid":"1.9.3-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-9146":{"debianbug":862707,"scope":"remote","description":"The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted tnef file.","releases":{"buster":{"fixed_version":"1.9.3-1","repositories":{"buster":"1.9.3-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue, can be fixed via a point update","repositories":{"stretch":"1.9.2-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue, can be fixed via a point update","repositories":{"jessie":"1.5-6+deb8u1","jessie-security":"1.5-6+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.9.3-1","repositories":{"sid":"1.9.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6304":{"scope":"remote","description":"An issue was discovered in ytnef before 1.9.1. This is related to a patch described as \"7 of 9. Out of Bounds read.\"","releases":{"buster":{"fixed_version":"1.9.1-1","repositories":{"buster":"1.9.3-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.9.1-1","repositories":{"stretch":"1.9.2-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.5-6+deb8u1","repositories":{"jessie":"1.5-6+deb8u1","jessie-security":"1.5-6+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.9.1-1","repositories":{"sid":"1.9.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6301":{"scope":"remote","description":"An issue was discovered in ytnef before 1.9.1. This is related to a patch described as \"4 of 9. Out of Bounds Reads.\"","releases":{"buster":{"fixed_version":"1.9.1-1","repositories":{"buster":"1.9.3-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.9.1-1","repositories":{"stretch":"1.9.2-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.5-6+deb8u1","repositories":{"jessie":"1.5-6+deb8u1","jessie-security":"1.5-6+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.9.1-1","repositories":{"sid":"1.9.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-12142":{"debianbug":870816,"scope":"remote","description":"In ytnef 1.9.2, an invalid memory read vulnerability was found in the function SwapDWord in ytnef.c, which allows attackers to cause a denial of service via a crafted file.","releases":{"buster":{"fixed_version":"1.9.3-1","repositories":{"buster":"1.9.3-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.9.2-2"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.5-6+deb8u1","jessie-security":"1.5-6+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.9.3-1","repositories":{"sid":"1.9.3-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-6302":{"scope":"remote","description":"An issue was discovered in ytnef before 1.9.1. This is related to a patch described as \"5 of 9. Integer Overflow.\"","releases":{"buster":{"fixed_version":"1.9.1-1","repositories":{"buster":"1.9.3-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.9.1-1","repositories":{"stretch":"1.9.2-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.5-6+deb8u1","repositories":{"jessie":"1.5-6+deb8u1","jessie-security":"1.5-6+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.9.1-1","repositories":{"sid":"1.9.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-9472":{"debianbug":870193,"scope":"remote","description":"In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.","releases":{"buster":{"fixed_version":"1.9.3-1","repositories":{"buster":"1.9.3-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.9.2-2"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.5-6+deb8u1","jessie-security":"1.5-6+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.9.3-1","repositories":{"sid":"1.9.3-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-9473":{"debianbug":870197,"scope":"remote","description":"In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service (memory consumption) via a crafted file.","releases":{"buster":{"fixed_version":"1.9.3-1","repositories":{"buster":"1.9.3-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.9.2-2"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.5-6+deb8u1","jessie-security":"1.5-6+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.9.3-1","repositories":{"sid":"1.9.3-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-9474":{"debianbug":870192,"scope":"remote","description":"In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.","releases":{"buster":{"fixed_version":"1.9.3-1","repositories":{"buster":"1.9.3-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.9.2-2"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.5-6+deb8u1","jessie-security":"1.5-6+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.9.3-1","repositories":{"sid":"1.9.3-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-9470":{"debianbug":870196,"scope":"remote","description":"In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.","releases":{"buster":{"fixed_version":"1.9.3-1","repositories":{"buster":"1.9.3-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.9.2-2"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.5-6+deb8u1","jessie-security":"1.5-6+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.9.3-1","repositories":{"sid":"1.9.3-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-9471":{"debianbug":870194,"scope":"remote","description":"In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.","releases":{"buster":{"fixed_version":"1.9.3-1","repositories":{"buster":"1.9.3-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.9.2-2"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.5-6+deb8u1","jessie-security":"1.5-6+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.9.3-1","repositories":{"sid":"1.9.3-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-0859":{"scope":"remote","description":"The Debian build procedure for the smokeping package in wheezy before 2.6.8-2+deb7u1 and jessie before 2.6.9-1+deb8u1 does not properly configure the way Apache httpd passes arguments to smokeping_cgi, which allows remote attackers to execute arbitrary code via crafted CGI arguments.","releases":{"buster":{"fixed_version":"2.6.11-2","repositories":{"buster":"2.7.3-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.6.11-2","repositories":{"stretch":"2.6.11-3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.6.9-1+deb8u1","repositories":{"jessie":"2.6.9-1+deb8u1","jessie-security":"2.6.9-1+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.6.11-2","repositories":{"sid":"2.7.3-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-4158":{"releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.7.3-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.6.11-3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.6.9-1+deb8u1","jessie-security":"2.6.9-1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.7.3-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-4168":{"releases":{"buster":{"fixed_version":"2.6.8-2","repositories":{"buster":"2.7.3-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.6.8-2","repositories":{"stretch":"2.6.11-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.6.8-2","repositories":{"jessie":"2.6.9-1+deb8u1","jessie-security":"2.6.9-1+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.6.8-2","repositories":{"sid":"2.7.3-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-0790":{"debianbug":659899,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in smokeping_cgi in Smokeping 2.4.2, 2.6.6, and other versions before 2.6.7 allows remote attackers to inject arbitrary web script or HTML via the displaymode parameter.","releases":{"buster":{"fixed_version":"2.6.8-2","repositories":{"buster":"2.7.3-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.6.8-2","repositories":{"stretch":"2.6.11-3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.6.8-2","repositories":{"jessie":"2.6.9-1+deb8u1","jessie-security":"2.6.9-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.6.8-2","repositories":{"sid":"2.7.3-2"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0302454-1EA4A5":{"debianbug":302454,"releases":{"buster":{"fixed_version":"1.1.1-1","repositories":{"buster":"1.3.1-1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.1.1-1","repositories":{"sid":"1.3.1-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2017-5617":{"debianbug":853134,"scope":"remote","description":"The SVG Salamander (aka svgSalamander) library, when used in a web application, allows remote attackers to conduct server-side request forgery (SSRF) attacks via an xlink:href attribute in an SVG file.","releases":{"buster":{"fixed_version":"1.1.1+dfsg-2","repositories":{"buster":"1.1.1+dfsg-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.1.1+dfsg-2","repositories":{"stretch":"1.1.1+dfsg-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0~svn95-1+deb8u1","repositories":{"jessie":"0~svn95-1+deb8u1","jessie-security":"0~svn95-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.1.1+dfsg-2","repositories":{"sid":"1.1.1+dfsg-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-0253":{"debianbug":701991,"scope":"remote","description":"The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.","releases":{"stretch":{"fixed_version":"2.2-3+nmu1","repositories":{"stretch":"2.10-6"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.2-3+nmu1","repositories":{"jessie":"2.7-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-0856":{"debianbug":803336,"scope":"local","description":"daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated by the plasma-workspace breeze theme.","releases":{"buster":{"fixed_version":"0.12.0-5","repositories":{"buster":"0.18.0-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.12.0-5","repositories":{"stretch":"0.14.0-4+deb9u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.12.0-5","repositories":{"sid":"0.18.0-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-14345":{"scope":"remote","description":"An issue was discovered in SDDM through 0.17.0. If configured with ReuseSession=true, the password is not checked for users with an already existing session. Any user with access to the system D-Bus can therefore unlock any graphical session. This is related to daemon/Display.cpp and helper/backend/PamBackend.cpp.","releases":{"buster":{"fixed_version":"0.18.0-1","repositories":{"buster":"0.18.0-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"0.14.0-4+deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0.18.0-1","repositories":{"sid":"0.18.0-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-7271":{"scope":"local","description":"Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to log in as user \"sddm\" without authentication.","releases":{"buster":{"fixed_version":"0.11.0-2","repositories":{"buster":"0.18.0-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.11.0-2","repositories":{"stretch":"0.14.0-4+deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.11.0-2","repositories":{"sid":"0.18.0-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-7272":{"scope":"local","description":"Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to gain root privileges because code running as root performs write operations within a user home directory, and this user may have created links in advance (exploitation requires the user to win a race condition in the ~/.Xauthority chown case, but not other cases).","releases":{"buster":{"fixed_version":"0.11.0-2","repositories":{"buster":"0.18.0-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.11.0-2","repositories":{"stretch":"0.14.0-4+deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.11.0-2","repositories":{"sid":"0.18.0-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2004-1397":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in UseModWiki 1.0 allows remote attackers to inject arbitrary web script or HTML via an argument to wiki.pl.","releases":{"buster":{"fixed_version":"1.0-6","repositories":{"buster":"1.2.1-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0-6","repositories":{"stretch":"1.0.6-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0-6","repositories":{"jessie":"1.0.5-3+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0-6","repositories":{"sid":"1.2.1-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-8341":{"scope":"remote","description":"An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the \"source\" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI.","releases":{"buster":{"repositories":{"buster":"2.10-2"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"2.8-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.7.3-1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2.10-2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-10745":{"scope":"remote","description":"In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.","releases":{"buster":{"fixed_version":"2.9.4-1","repositories":{"buster":"2.10-2"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.8-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.7.3-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.9.4-1","repositories":{"sid":"2.10-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-10906":{"debianbug":926602,"scope":"remote","description":"In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.","releases":{"buster":{"fixed_version":"2.10-2","repositories":{"buster":"2.10-2"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.8-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.7.3-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.10-2","repositories":{"sid":"2.10-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-0012":{"debianbug":734956,"scope":"local","description":"FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1402.","releases":{"buster":{"fixed_version":"2.7.2-2","repositories":{"buster":"2.10-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.7.2-2","repositories":{"stretch":"2.8-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.7.2-2","repositories":{"jessie":"2.7.3-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.7.2-2","repositories":{"sid":"2.10-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-1402":{"debianbug":734747,"scope":"local","description":"The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with __jinja2_ in /tmp.","releases":{"buster":{"fixed_version":"2.7.2-1","repositories":{"buster":"2.10-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.7.2-1","repositories":{"stretch":"2.8-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.7.2-1","repositories":{"jessie":"2.7.3-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.7.2-1","repositories":{"sid":"2.10-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-2120":{"debianbug":668779,"scope":"local","description":"latex2man in texlive-extra-utils 2011.20120322, and possibly other versions or packages, when used with the H or T option, allows local users to overwrite arbitrary files via a symlink attack on a temporary file.","releases":{"buster":{"fixed_version":"2012.20130315-1","repositories":{"buster":"2018.20190227-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2012.20130315-1","repositories":{"stretch":"2016.20170123-5"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2012.20130315-1","repositories":{"jessie":"2014.20141024-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2012.20130315-1","repositories":{"sid":"2018.20190227-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-6129":{"debianbug":837042,"scope":"remote","description":"The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a Bleichenbacher signature forgery attack.","releases":{"buster":{"fixed_version":"1.17-8","repositories":{"buster":"1.18.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.17-8","repositories":{"stretch":"1.17-9"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.17-6"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.17-8","repositories":{"sid":"1.18.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-12437":{"debianbug":901626,"scope":"local","description":"LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.","releases":{"buster":{"fixed_version":"1.18.2-1","repositories":{"buster":"1.18.2-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.17-9"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.17-6"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.18.2-1","repositories":{"sid":"1.18.2-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-0739":{"scope":"remote","description":"Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).","releases":{"buster":{"fixed_version":"1.18.2-1","repositories":{"buster":"1.18.2-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.17-9"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.17-6"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.18.2-1","repositories":{"sid":"1.18.2-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-1000211":{"debianbug":903980,"scope":"remote","description":"Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry.","releases":{"buster":{"fixed_version":"4.4.2-1","repositories":{"buster":"4.4.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"4.2.0-3"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"4.4.2-1","repositories":{"sid":"4.4.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-1000088":{"debianbug":891069,"scope":"remote","description":"Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting (XSS) vulnerability in web view's OAuth app form, user authorization prompt web view that can result in Stored XSS on the OAuth Client's name will cause users interacting with it will execute payload. This attack appear to be exploitable via The victim must be tricked to click an opaque link to the web view that runs the XSS payload. A malicious version virtually indistinguishable from a normal link.. This vulnerability appears to have been fixed in 4.2.6, 4.3.0.","releases":{"buster":{"fixed_version":"4.3.1-1","repositories":{"buster":"4.4.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"4.2.0-3"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"4.3.1-1","repositories":{"sid":"4.4.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-6582":{"debianbug":834843,"scope":"remote","description":"The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification.","releases":{"buster":{"fixed_version":"4.2.0-3","repositories":{"buster":"4.4.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.2.0-3","repositories":{"stretch":"4.2.0-3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.2.0-3","repositories":{"sid":"4.4.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-7572":{"debianbug":924609,"scope":"remote","description":"SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.","releases":{"buster":{"repositories":{"buster":"2.0.9+dfsg1-1"},"urgency":"medium**","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.0.5+dfsg1-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"1.2.15-10+deb8u1","repositories":{"jessie":"2.0.2+dfsg1-6","jessie-security":"2.0.2+dfsg1-6+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"repositories":{"sid":"2.0.9+dfsg1-1"},"urgency":"medium**","status":"open"}}}}
{"CVE-2019-7573":{"debianbug":924609,"scope":"remote","description":"SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).","releases":{"buster":{"repositories":{"buster":"2.0.9+dfsg1-1"},"urgency":"medium**","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.0.5+dfsg1-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"1.2.15-10+deb8u1","repositories":{"jessie":"2.0.2+dfsg1-6","jessie-security":"2.0.2+dfsg1-6+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"repositories":{"sid":"2.0.9+dfsg1-1"},"urgency":"medium**","status":"open"}}}}
{"CVE-2019-7574":{"debianbug":924609,"scope":"remote","description":"SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.","releases":{"buster":{"repositories":{"buster":"2.0.9+dfsg1-1"},"urgency":"medium**","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.0.5+dfsg1-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"1.2.15-10+deb8u1","repositories":{"jessie":"2.0.2+dfsg1-6","jessie-security":"2.0.2+dfsg1-6+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"repositories":{"sid":"2.0.9+dfsg1-1"},"urgency":"medium**","status":"open"}}}}
{"CVE-2019-7638":{"debianbug":924609,"scope":"remote","description":"SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.","releases":{"buster":{"repositories":{"buster":"2.0.9+dfsg1-1"},"urgency":"medium**","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.0.5+dfsg1-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"1.2.15-10+deb8u1","repositories":{"jessie":"2.0.2+dfsg1-6","jessie-security":"2.0.2+dfsg1-6+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"repositories":{"sid":"2.0.9+dfsg1-1"},"urgency":"medium**","status":"open"}}}}
{"CVE-2019-7635":{"debianbug":924609,"scope":"remote","description":"SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.","releases":{"buster":{"repositories":{"buster":"2.0.9+dfsg1-1"},"urgency":"medium**","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.0.5+dfsg1-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"1.2.15-10+deb8u1","repositories":{"jessie":"2.0.2+dfsg1-6","jessie-security":"2.0.2+dfsg1-6+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"repositories":{"sid":"2.0.9+dfsg1-1"},"urgency":"medium**","status":"open"}}}}
{"CVE-2019-7636":{"debianbug":924609,"scope":"remote","description":"SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.","releases":{"buster":{"repositories":{"buster":"2.0.9+dfsg1-1"},"urgency":"medium**","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.0.5+dfsg1-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"1.2.15-10+deb8u1","repositories":{"jessie":"2.0.2+dfsg1-6","jessie-security":"2.0.2+dfsg1-6+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"repositories":{"sid":"2.0.9+dfsg1-1"},"urgency":"medium**","status":"open"}}}}
{"CVE-2019-7637":{"debianbug":924609,"scope":"remote","description":"SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.","releases":{"buster":{"repositories":{"buster":"2.0.9+dfsg1-1"},"urgency":"medium**","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.0.5+dfsg1-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"1.2.15-10+deb8u1","repositories":{"jessie":"2.0.2+dfsg1-6","jessie-security":"2.0.2+dfsg1-6+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"repositories":{"sid":"2.0.9+dfsg1-1"},"urgency":"medium**","status":"open"}}}}
{"CVE-2019-7575":{"debianbug":924609,"scope":"remote","description":"SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.","releases":{"buster":{"repositories":{"buster":"2.0.9+dfsg1-1"},"urgency":"medium**","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.0.5+dfsg1-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"1.2.15-10+deb8u1","repositories":{"jessie":"2.0.2+dfsg1-6","jessie-security":"2.0.2+dfsg1-6+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"repositories":{"sid":"2.0.9+dfsg1-1"},"urgency":"medium**","status":"open"}}}}
{"CVE-2019-7576":{"debianbug":924609,"scope":"remote","description":"SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).","releases":{"buster":{"repositories":{"buster":"2.0.9+dfsg1-1"},"urgency":"medium**","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.0.5+dfsg1-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"1.2.15-10+deb8u1","repositories":{"jessie":"2.0.2+dfsg1-6","jessie-security":"2.0.2+dfsg1-6+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"repositories":{"sid":"2.0.9+dfsg1-1"},"urgency":"medium**","status":"open"}}}}
{"CVE-2017-2888":{"debianbug":878264,"scope":"remote","description":"An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.","releases":{"buster":{"fixed_version":"2.0.6+dfsg1-4","repositories":{"buster":"2.0.9+dfsg1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.0.5+dfsg1-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.0.2+dfsg1-6","jessie-security":"2.0.2+dfsg1-6+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.0.6+dfsg1-4","repositories":{"sid":"2.0.9+dfsg1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-7577":{"debianbug":924609,"scope":"remote","description":"SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.","releases":{"buster":{"repositories":{"buster":"2.0.9+dfsg1-1"},"urgency":"medium**","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.0.5+dfsg1-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"1.2.15-10+deb8u1","repositories":{"jessie":"2.0.2+dfsg1-6","jessie-security":"2.0.2+dfsg1-6+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"repositories":{"sid":"2.0.9+dfsg1-1"},"urgency":"medium**","status":"open"}}}}
{"CVE-2019-7578":{"debianbug":924609,"scope":"remote","description":"SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.","releases":{"buster":{"repositories":{"buster":"2.0.9+dfsg1-1"},"urgency":"medium**","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.0.5+dfsg1-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"1.2.15-10+deb8u1","repositories":{"jessie":"2.0.2+dfsg1-6","jessie-security":"2.0.2+dfsg1-6+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"repositories":{"sid":"2.0.9+dfsg1-1"},"urgency":"medium**","status":"open"}}}}
{"TEMP-0358139-D2A6EE":{"debianbug":358139,"releases":{"buster":{"fixed_version":"0.8.7-1","repositories":{"buster":"0.9.6-10"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.8.7-1","repositories":{"stretch":"0.9.5-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.8.7-1","repositories":{"jessie":"0.9.4-3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.8.7-1","repositories":{"sid":"0.9.6-10"},"urgency":"low","status":"resolved"}}}}
{"CVE-2005-4443":{"scope":"local","description":"Untrusted search path vulnerability in Gauche before 0.8.6-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.9.6-10"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"0.9.5-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.9.4-3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.9.6-10"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-1716":{"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Xymon before 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.","releases":{"buster":{"fixed_version":"4.3.7-1","repositories":{"buster":"4.3.28-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.3.7-1","repositories":{"stretch":"4.3.28-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.3.7-1","repositories":{"jessie":"4.3.17-6+deb8u1","jessie-security":"4.3.17-6+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.3.7-1","repositories":{"sid":"4.3.28-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2058":{"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow (1) remote Xymon clients to inject arbitrary web script or HTML via a status-message, which is not properly handled in the \"detailed status\" page, or (2) remote authenticated users to inject arbitrary web script or HTML via an acknowledgement message, which is not properly handled in the \"status\" page.","releases":{"buster":{"fixed_version":"4.3.25-1","repositories":{"buster":"4.3.28-5"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.3.25-1","repositories":{"stretch":"4.3.28-2"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.3.17-6+deb8u1","repositories":{"jessie":"4.3.17-6+deb8u1","jessie-security":"4.3.17-6+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.3.25-1","repositories":{"sid":"4.3.28-5"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-2054":{"scope":"remote","description":"Multiple buffer overflows in xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a long filename, involving handling a \"config\" command.","releases":{"buster":{"fixed_version":"4.3.25-1","repositories":{"buster":"4.3.28-5"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.3.25-1","repositories":{"stretch":"4.3.28-2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.3.17-6+deb8u1","repositories":{"jessie":"4.3.17-6+deb8u1","jessie-security":"4.3.17-6+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.3.25-1","repositories":{"sid":"4.3.28-5"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-2055":{"scope":"remote","description":"xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a \"config\" command.","releases":{"buster":{"fixed_version":"4.3.25-1","repositories":{"buster":"4.3.28-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.3.25-1","repositories":{"stretch":"4.3.28-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.3.17-6+deb8u1","repositories":{"jessie":"4.3.17-6+deb8u1","jessie-security":"4.3.17-6+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.3.25-1","repositories":{"sid":"4.3.28-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2056":{"scope":"remote","description":"xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the adduser_name argument in (1) web/useradm.c or (2) web/chpasswd.c.","releases":{"buster":{"fixed_version":"4.3.25-1","repositories":{"buster":"4.3.28-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.3.25-1","repositories":{"stretch":"4.3.28-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.3.17-6+deb8u1","repositories":{"jessie":"4.3.17-6+deb8u1","jessie-security":"4.3.17-6+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.3.25-1","repositories":{"sid":"4.3.28-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2057":{"scope":"local","description":"lib/xymond_ipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use weak permissions (666) for an unspecified IPC message queue, which allows local users to inject arbitrary messages by writing to that queue.","releases":{"buster":{"fixed_version":"4.3.25-1","repositories":{"buster":"4.3.28-5"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.3.25-1","repositories":{"stretch":"4.3.28-2"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.3.17-6+deb8u1","repositories":{"jessie":"4.3.17-6+deb8u1","jessie-security":"4.3.17-6+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.3.25-1","repositories":{"sid":"4.3.28-5"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2013-4173":{"debianbug":717895,"scope":"remote","description":"Directory traversal vulnerability in the trend-data daemon (xymond_rrd) in Xymon 4.x before 4.3.12 allows remote attackers to delete arbitrary files via a .. (dot dot) in the host name in a \"drophost\" command.","releases":{"buster":{"fixed_version":"4.3.17-2","repositories":{"buster":"4.3.28-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.3.17-2","repositories":{"stretch":"4.3.28-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.3.17-2","repositories":{"jessie":"4.3.17-6+deb8u1","jessie-security":"4.3.17-6+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.3.17-2","repositories":{"sid":"4.3.28-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-1430":{"debianbug":776007,"scope":"remote","description":"Buffer overflow in xymon 4.3.17-1.","releases":{"buster":{"fixed_version":"4.3.17-5","repositories":{"buster":"4.3.28-5"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"4.3.17-5","repositories":{"stretch":"4.3.28-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"4.3.17-5","repositories":{"jessie":"4.3.17-6+deb8u1","jessie-security":"4.3.17-6+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"4.3.17-5","repositories":{"sid":"4.3.28-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-20536":{"debianbug":924614,"scope":"remote","description":"There is a heap-based buffer over-read at liblas::SpatialReference::GetGTIF() (spatialreference.cpp) in libLAS 1.8.1 that will cause a denial of service.","releases":{"buster":{"nodsa":"Minor issue","repositories":{"buster":"1.8.1-10"},"urgency":"low","nodsa_reason":"","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.8.1-3"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.8.0-1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"1.8.1-10"},"urgency":"low","status":"open"}}}}
{"CVE-2018-20537":{"debianbug":924614,"scope":"remote","description":"There is a NULL pointer dereference at liblas::SpatialReference::GetGTIF() (spatialreference.cpp) in libLAS 1.8.1 that will cause a denial of service.","releases":{"buster":{"nodsa":"Minor issue","repositories":{"buster":"1.8.1-10"},"urgency":"low","nodsa_reason":"","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.8.1-3"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.8.0-1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"1.8.1-10"},"urgency":"low","status":"open"}}}}
{"CVE-2018-20539":{"debianbug":924614,"scope":"remote","description":"There is a Segmentation fault triggered by illegal address access at liblas::SpatialReference::GetGTIF() (spatialreference.cpp) in libLAS 1.8.1 that will cause a denial of service.","releases":{"buster":{"nodsa":"Minor issue","repositories":{"buster":"1.8.1-10"},"urgency":"low","nodsa_reason":"","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.8.1-3"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.8.0-1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"1.8.1-10"},"urgency":"low","status":"open"}}}}
{"CVE-2018-20540":{"debianbug":922459,"scope":"remote","description":"There is memory leak at liblas::Open (liblas/liblas.hpp) in libLAS 1.8.1.","releases":{"buster":{"fixed_version":"1.8.1-10","repositories":{"buster":"1.8.1-10"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.8.1-3"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.8.0-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.8.1-10","repositories":{"sid":"1.8.1-10"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2004-0172":{"scope":"local","description":"Heap-based buffer overflow in the search_for_command function of ltrace 0.3.10, if it is installed setuid, could allow local users to execute arbitrary code via a long filename.  NOTE: It is unclear whether there are any packages that install ltrace as a setuid program, so this candidate might be REJECTed.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.7.3-6.1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"0.7.3-6"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.7.3-4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.7.3-6.1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-6706":{"debianbug":920321,"scope":"remote","description":"Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.0.3-8"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"5.0.3-8"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"5.0.3-7"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.0.3-8"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-8397":{"scope":"remote","description":"An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_close_real in H5T.c.","releases":{"buster":{"repositories":{"buster":"1.10.4+repack-10"},"urgency":"medium**","status":"open"},"stretch":{"repositories":{"stretch":"1.10.0-patch1+docs-3+deb9u1"},"urgency":"medium**","status":"open"},"jessie":{"repositories":{"jessie":"1.8.13+docs-15+deb8u1","jessie-security":"1.8.13+docs-15+deb8u1"},"urgency":"medium**","status":"open"},"sid":{"repositories":{"sid":"1.10.4+repack-10"},"urgency":"medium**","status":"open"}}}}
{"CVE-2019-8396":{"scope":"remote","description":"A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka \"Invalid write of size 2.\"","releases":{"buster":{"repositories":{"buster":"1.10.4+repack-10"},"urgency":"medium**","status":"undetermined"},"stretch":{"repositories":{"stretch":"1.10.0-patch1+docs-3+deb9u1"},"urgency":"medium**","status":"undetermined"},"jessie":{"repositories":{"jessie":"1.8.13+docs-15+deb8u1","jessie-security":"1.8.13+docs-15+deb8u1"},"urgency":"medium**","status":"undetermined"},"sid":{"repositories":{"sid":"1.10.4+repack-10"},"urgency":"medium**","status":"undetermined"}}}}
{"CVE-2019-8398":{"scope":"remote","description":"An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_get_size in H5T.c.","releases":{"buster":{"repositories":{"buster":"1.10.4+repack-10"},"urgency":"medium**","status":"undetermined"},"stretch":{"repositories":{"stretch":"1.10.0-patch1+docs-3+deb9u1"},"urgency":"medium**","status":"undetermined"},"jessie":{"repositories":{"jessie":"1.8.13+docs-15+deb8u1","jessie-security":"1.8.13+docs-15+deb8u1"},"urgency":"medium**","status":"undetermined"},"sid":{"repositories":{"sid":"1.10.4+repack-10"},"urgency":"medium**","status":"undetermined"}}}}
{"CVE-2016-4331":{"debianbug":845301,"scope":"local","description":"When decoding data out of a dataset encoded with the H5Z_NBIT decoding, the HDF5 1.8.16 library will fail to ensure that the precision is within the bounds of the size leading to arbitrary code execution.","releases":{"buster":{"fixed_version":"1.10.0-patch1+docs-1","repositories":{"buster":"1.10.4+repack-10"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.10.0-patch1+docs-1","repositories":{"stretch":"1.10.0-patch1+docs-3+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.8.13+docs-15+deb8u1","repositories":{"jessie":"1.8.13+docs-15+deb8u1","jessie-security":"1.8.13+docs-15+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.10.0-patch1+docs-1","repositories":{"sid":"1.10.4+repack-10"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-4332":{"debianbug":845301,"scope":"local","description":"The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't supported by the message type and the library will write outside the bounds of the heap buffer. This can lead to code execution under the context of the library.","releases":{"buster":{"fixed_version":"1.10.0-patch1+docs-1","repositories":{"buster":"1.10.4+repack-10"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.10.0-patch1+docs-1","repositories":{"stretch":"1.10.0-patch1+docs-3+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.8.13+docs-15+deb8u1","repositories":{"jessie":"1.8.13+docs-15+deb8u1","jessie-security":"1.8.13+docs-15+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.10.0-patch1+docs-1","repositories":{"sid":"1.10.4+repack-10"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-4333":{"debianbug":845301,"scope":"local","description":"The HDF5 1.8.16 library allocating space for the array using a value from the file has an impact within the loop for initializing said array allowing a value within the file to modify the loop's terminator. Due to this, an aggressor can cause the loop's index to point outside the bounds of the array when initializing it.","releases":{"buster":{"fixed_version":"1.10.0-patch1+docs-1","repositories":{"buster":"1.10.4+repack-10"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.10.0-patch1+docs-1","repositories":{"stretch":"1.10.0-patch1+docs-3+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.8.13+docs-15+deb8u1","repositories":{"jessie":"1.8.13+docs-15+deb8u1","jessie-security":"1.8.13+docs-15+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.10.0-patch1+docs-1","repositories":{"sid":"1.10.4+repack-10"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-4330":{"debianbug":845301,"scope":"local","description":"In the HDF5 1.8.16 library's failure to check if the number of dimensions for an array read from the file is within the bounds of the space allocated for it, a heap-based buffer overflow will occur, potentially leading to arbitrary code execution.","releases":{"buster":{"fixed_version":"1.10.0-patch1+docs-1","repositories":{"buster":"1.10.4+repack-10"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.10.0-patch1+docs-1","repositories":{"stretch":"1.10.0-patch1+docs-3+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.8.13+docs-15+deb8u1","repositories":{"jessie":"1.8.13+docs-15+deb8u1","jessie-security":"1.8.13+docs-15+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.10.0-patch1+docs-1","repositories":{"sid":"1.10.4+repack-10"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-17507":{"debianbug":915807,"scope":"remote","description":"In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5T_conv_struct_opt in H5Tconv.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.","releases":{"buster":{"nodsa":"Minor issue, requires ABI change","repositories":{"buster":"1.10.4+repack-10"},"urgency":"low","nodsa_reason":"","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.10.0-patch1+docs-3+deb9u1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.8.13+docs-15+deb8u1","jessie-security":"1.8.13+docs-15+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"1.10.4+repack-10"},"urgency":"low","status":"open"}}}}
{"CVE-2017-17508":{"debianbug":884365,"scope":"remote","description":"In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function H5T_set_loc in the H5T.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.","releases":{"buster":{"fixed_version":"1.10.4+repack-1","repositories":{"buster":"1.10.4+repack-10"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.10.0-patch1+docs-3+deb9u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.8.13+docs-15+deb8u1","jessie-security":"1.8.13+docs-15+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.10.4+repack-1","repositories":{"sid":"1.10.4+repack-10"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-17509":{"debianbug":884365,"scope":"remote","description":"In HDF5 1.10.1, there is an out of bounds write vulnerability in the function H5G__ent_decode_vec in H5Gcache.c in libhdf5.a. For example, h5dump would crash or possibly have unspecified other impact someone opens a crafted hdf5 file.","releases":{"buster":{"fixed_version":"1.10.4+repack-1","repositories":{"buster":"1.10.4+repack-10"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.10.0-patch1+docs-3+deb9u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.8.13+docs-15+deb8u1","jessie-security":"1.8.13+docs-15+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.10.4+repack-1","repositories":{"sid":"1.10.4+repack-10"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-13876":{"scope":"remote","description":"An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer overflow in the function H5FD_sec2_read in H5FDsec2.c, related to HDread.","releases":{"buster":{"repositories":{"buster":"1.10.4+repack-10"},"urgency":"high**","status":"undetermined"},"stretch":{"repositories":{"stretch":"1.10.0-patch1+docs-3+deb9u1"},"urgency":"high**","status":"undetermined"},"jessie":{"repositories":{"jessie":"1.8.13+docs-15+deb8u1","jessie-security":"1.8.13+docs-15+deb8u1"},"urgency":"high**","status":"undetermined"},"sid":{"repositories":{"sid":"1.10.4+repack-10"},"urgency":"high**","status":"undetermined"}}}}
{"CVE-2018-17438":{"scope":"remote","description":"A SIGFPE signal is raised in the function H5D__select_io() of H5Dselect.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.","releases":{"buster":{"repositories":{"buster":"1.10.4+repack-10"},"urgency":"low","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.10.0-patch1+docs-3+deb9u1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"repositories":{"jessie":"1.8.13+docs-15+deb8u1","jessie-security":"1.8.13+docs-15+deb8u1"},"urgency":"low","status":"open"},"sid":{"repositories":{"sid":"1.10.4+repack-10"},"urgency":"low","status":"open"}}}}
{"CVE-2018-13873":{"scope":"remote","description":"An issue was discovered in the HDF HDF5 1.8.20 library. There is a buffer over-read in H5O_chunk_deserialize in H5Ocache.c.","releases":{"buster":{"repositories":{"buster":"1.10.4+repack-10"},"urgency":"high**","status":"undetermined"},"stretch":{"repositories":{"stretch":"1.10.0-patch1+docs-3+deb9u1"},"urgency":"high**","status":"undetermined"},"jessie":{"repositories":{"jessie":"1.8.13+docs-15+deb8u1","jessie-security":"1.8.13+docs-15+deb8u1"},"urgency":"high**","status":"undetermined"},"sid":{"repositories":{"sid":"1.10.4+repack-10"},"urgency":"high**","status":"undetermined"}}}}
{"CVE-2018-17439":{"scope":"remote","description":"An issue was discovered in the HDF HDF5 1.10.3 library. There is a stack-based buffer overflow in the function H5S_extent_get_dims() in H5S.c. Specifically, this issue occurs while converting an HDF5 file to a GIF file.","releases":{"buster":{"repositories":{"buster":"1.10.4+repack-10"},"urgency":"medium**","status":"undetermined"},"stretch":{"repositories":{"stretch":"1.10.0-patch1+docs-3+deb9u1"},"urgency":"medium**","status":"undetermined"},"jessie":{"repositories":{"jessie":"1.8.13+docs-15+deb8u1","jessie-security":"1.8.13+docs-15+deb8u1"},"urgency":"medium**","status":"undetermined"},"sid":{"repositories":{"sid":"1.10.4+repack-10"},"urgency":"medium**","status":"undetermined"}}}}
{"CVE-2018-13872":{"scope":"remote","description":"An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer overflow in the function H5G_ent_decode in H5Gent.c.","releases":{"buster":{"repositories":{"buster":"1.10.4+repack-10"},"urgency":"high**","status":"undetermined"},"stretch":{"repositories":{"stretch":"1.10.0-patch1+docs-3+deb9u1"},"urgency":"high**","status":"undetermined"},"jessie":{"repositories":{"jessie":"1.8.13+docs-15+deb8u1","jessie-security":"1.8.13+docs-15+deb8u1"},"urgency":"high**","status":"undetermined"},"sid":{"repositories":{"sid":"1.10.4+repack-10"},"urgency":"high**","status":"undetermined"}}}}
{"CVE-2018-17436":{"scope":"remote","description":"ReadCode() in decompress.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (invalid write access) via a crafted HDF5 file. This issue was triggered while converting a GIF file to an HDF file.","releases":{"buster":{"repositories":{"buster":"1.10.4+repack-10"},"urgency":"medium**","status":"undetermined"},"stretch":{"repositories":{"stretch":"1.10.0-patch1+docs-3+deb9u1"},"urgency":"medium**","status":"undetermined"},"jessie":{"repositories":{"jessie":"1.8.13+docs-15+deb8u1","jessie-security":"1.8.13+docs-15+deb8u1"},"urgency":"medium**","status":"undetermined"},"sid":{"repositories":{"sid":"1.10.4+repack-10"},"urgency":"medium**","status":"undetermined"}}}}
{"CVE-2018-13875":{"scope":"remote","description":"An issue was discovered in the HDF HDF5 1.8.20 library. There is an out-of-bounds read in the function H5VM_memcpyvv in H5VM.c.","releases":{"buster":{"repositories":{"buster":"1.10.4+repack-10"},"urgency":"medium**","status":"undetermined"},"stretch":{"repositories":{"stretch":"1.10.0-patch1+docs-3+deb9u1"},"urgency":"medium**","status":"undetermined"},"jessie":{"repositories":{"jessie":"1.8.13+docs-15+deb8u1","jessie-security":"1.8.13+docs-15+deb8u1"},"urgency":"medium**","status":"undetermined"},"sid":{"repositories":{"sid":"1.10.4+repack-10"},"urgency":"medium**","status":"undetermined"}}}}
{"CVE-2018-13874":{"scope":"remote","description":"An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer overflow in the function H5FD_sec2_read in H5FDsec2.c, related to HDmemset.","releases":{"buster":{"repositories":{"buster":"1.10.4+repack-10"},"urgency":"high**","status":"undetermined"},"stretch":{"repositories":{"stretch":"1.10.0-patch1+docs-3+deb9u1"},"urgency":"high**","status":"undetermined"},"jessie":{"repositories":{"jessie":"1.8.13+docs-15+deb8u1","jessie-security":"1.8.13+docs-15+deb8u1"},"urgency":"high**","status":"undetermined"},"sid":{"repositories":{"sid":"1.10.4+repack-10"},"urgency":"high**","status":"undetermined"}}}}
{"CVE-2018-17437":{"scope":"remote","description":"Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.","releases":{"buster":{"repositories":{"buster":"1.10.4+repack-10"},"urgency":"low","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.10.0-patch1+docs-3+deb9u1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"repositories":{"jessie":"1.8.13+docs-15+deb8u1","jessie-security":"1.8.13+docs-15+deb8u1"},"urgency":"low","status":"open"},"sid":{"repositories":{"sid":"1.10.4+repack-10"},"urgency":"low","status":"open"}}}}
{"CVE-2018-17434":{"scope":"remote","description":"A SIGFPE signal is raised in the function apply_filters() of h5repack_filters.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.","releases":{"buster":{"repositories":{"buster":"1.10.4+repack-10"},"urgency":"low","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.10.0-patch1+docs-3+deb9u1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"repositories":{"jessie":"1.8.13+docs-15+deb8u1","jessie-security":"1.8.13+docs-15+deb8u1"},"urgency":"low","status":"open"},"sid":{"repositories":{"sid":"1.10.4+repack-10"},"urgency":"low","status":"open"}}}}
{"CVE-2018-17435":{"scope":"remote","description":"A heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while converting an HDF file to GIF file.","releases":{"buster":{"repositories":{"buster":"1.10.4+repack-10"},"urgency":"medium**","status":"undetermined"},"stretch":{"repositories":{"stretch":"1.10.0-patch1+docs-3+deb9u1"},"urgency":"medium**","status":"undetermined"},"jessie":{"repositories":{"jessie":"1.8.13+docs-15+deb8u1","jessie-security":"1.8.13+docs-15+deb8u1"},"urgency":"medium**","status":"undetermined"},"sid":{"repositories":{"sid":"1.10.4+repack-10"},"urgency":"medium**","status":"undetermined"}}}}
{"CVE-2018-17237":{"scope":"remote","description":"A SIGFPE signal is raised in the function H5D__chunk_set_info_real() of H5Dchunk.c in the HDF HDF5 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. This issue is different from CVE-2018-11207.","releases":{"buster":{"repositories":{"buster":"1.10.4+repack-10"},"urgency":"low","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.10.0-patch1+docs-3+deb9u1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"repositories":{"jessie":"1.8.13+docs-15+deb8u1","jessie-security":"1.8.13+docs-15+deb8u1"},"urgency":"low","status":"open"},"sid":{"repositories":{"sid":"1.10.4+repack-10"},"urgency":"low","status":"open"}}}}
{"CVE-2018-17432":{"scope":"remote","description":"A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file.","releases":{"buster":{"repositories":{"buster":"1.10.4+repack-10"},"urgency":"medium**","status":"undetermined"},"stretch":{"repositories":{"stretch":"1.10.0-patch1+docs-3+deb9u1"},"urgency":"medium**","status":"undetermined"},"jessie":{"repositories":{"jessie":"1.8.13+docs-15+deb8u1","jessie-security":"1.8.13+docs-15+deb8u1"},"urgency":"medium**","status":"undetermined"},"sid":{"repositories":{"sid":"1.10.4+repack-10"},"urgency":"medium**","status":"undetermined"}}}}
{"CVE-2018-13871":{"scope":"remote","description":"An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer overflow in the function H5FL_blk_malloc in H5FL.c.","releases":{"buster":{"repositories":{"buster":"1.10.4+repack-10"},"urgency":"high**","status":"undetermined"},"stretch":{"repositories":{"stretch":"1.10.0-patch1+docs-3+deb9u1"},"urgency":"high**","status":"undetermined"},"jessie":{"repositories":{"jessie":"1.8.13+docs-15+deb8u1","jessie-security":"1.8.13+docs-15+deb8u1"},"urgency":"high**","status":"undetermined"},"sid":{"repositories":{"sid":"1.10.4+repack-10"},"urgency":"high**","status":"undetermined"}}}}
{"CVE-2017-17505":{"debianbug":884365,"scope":"remote","description":"In HDF5 1.10.1, there is a NULL pointer dereference in the function H5O_pline_decode in the H5Opline.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.","releases":{"buster":{"fixed_version":"1.10.4+repack-1","repositories":{"buster":"1.10.4+repack-10"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.10.0-patch1+docs-3+deb9u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.8.13+docs-15+deb8u1","jessie-security":"1.8.13+docs-15+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.10.4+repack-1","repositories":{"sid":"1.10.4+repack-10"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-17234":{"scope":"remote","description":"Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.","releases":{"buster":{"repositories":{"buster":"1.10.4+repack-10"},"urgency":"low","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.10.0-patch1+docs-3+deb9u1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"repositories":{"jessie":"1.8.13+docs-15+deb8u1","jessie-security":"1.8.13+docs-15+deb8u1"},"urgency":"low","status":"open"},"sid":{"repositories":{"sid":"1.10.4+repack-10"},"urgency":"low","status":"open"}}}}
{"CVE-2018-17433":{"scope":"remote","description":"A heap-based buffer overflow in ReadGifImageDesc() in gifread.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while converting a GIF file to an HDF file.","releases":{"buster":{"repositories":{"buster":"1.10.4+repack-10"},"urgency":"medium**","status":"undetermined"},"stretch":{"repositories":{"stretch":"1.10.0-patch1+docs-3+deb9u1"},"urgency":"medium**","status":"undetermined"},"jessie":{"repositories":{"jessie":"1.8.13+docs-15+deb8u1","jessie-security":"1.8.13+docs-15+deb8u1"},"urgency":"medium**","status":"undetermined"},"sid":{"repositories":{"sid":"1.10.4+repack-10"},"urgency":"medium**","status":"undetermined"}}}}
{"CVE-2018-13870":{"scope":"remote","description":"An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_link_decode in H5Olink.c.","releases":{"buster":{"repositories":{"buster":"1.10.4+repack-10"},"urgency":"high**","status":"undetermined"},"stretch":{"repositories":{"stretch":"1.10.0-patch1+docs-3+deb9u1"},"urgency":"high**","status":"undetermined"},"jessie":{"repositories":{"jessie":"1.8.13+docs-15+deb8u1","jessie-security":"1.8.13+docs-15+deb8u1"},"urgency":"high**","status":"undetermined"},"sid":{"repositories":{"sid":"1.10.4+repack-10"},"urgency":"high**","status":"undetermined"}}}}
{"CVE-2017-17506":{"debianbug":884365,"scope":"remote","description":"In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5Opline_pline_decode in H5Opline.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.","releases":{"buster":{"fixed_version":"1.10.4+repack-1","repositories":{"buster":"1.10.4+repack-10"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.10.0-patch1+docs-3+deb9u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.8.13+docs-15+deb8u1","jessie-security":"1.8.13+docs-15+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.10.4+repack-1","repositories":{"sid":"1.10.4+repack-10"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-15671":{"scope":"remote","description":"An issue was discovered in the HDF HDF5 1.10.2 library. Excessive stack consumption has been detected in the function H5P__get_cb() in H5Pint.c during an attempted parse of a crafted HDF file. This results in denial of service.","releases":{"buster":{"repositories":{"buster":"1.10.4+repack-10"},"urgency":"medium**","status":"undetermined"},"stretch":{"repositories":{"stretch":"1.10.0-patch1+docs-3+deb9u1"},"urgency":"medium**","status":"undetermined"},"jessie":{"repositories":{"jessie":"1.8.13+docs-15+deb8u1","jessie-security":"1.8.13+docs-15+deb8u1"},"urgency":"medium**","status":"undetermined"},"sid":{"repositories":{"sid":"1.10.4+repack-10"},"urgency":"medium**","status":"undetermined"}}}}
{"CVE-2018-14460":{"scope":"remote","description":"An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_sdspace_decode in H5Osdspace.c.","releases":{"buster":{"repositories":{"buster":"1.10.4+repack-10"},"urgency":"medium**","status":"undetermined"},"stretch":{"repositories":{"stretch":"1.10.0-patch1+docs-3+deb9u1"},"urgency":"medium**","status":"undetermined"},"jessie":{"repositories":{"jessie":"1.8.13+docs-15+deb8u1","jessie-security":"1.8.13+docs-15+deb8u1"},"urgency":"medium**","status":"undetermined"},"sid":{"repositories":{"sid":"1.10.4+repack-10"},"urgency":"medium**","status":"undetermined"}}}}
{"CVE-2018-16438":{"scope":"remote","description":"An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in H5L_extern_query at H5Lexternal.c.","releases":{"buster":{"repositories":{"buster":"1.10.4+repack-10"},"urgency":"medium**","status":"undetermined"},"stretch":{"repositories":{"stretch":"1.10.0-patch1+docs-3+deb9u1"},"urgency":"medium**","status":"undetermined"},"jessie":{"repositories":{"jessie":"1.8.13+docs-15+deb8u1","jessie-security":"1.8.13+docs-15+deb8u1"},"urgency":"medium**","status":"undetermined"},"sid":{"repositories":{"sid":"1.10.4+repack-10"},"urgency":"medium**","status":"undetermined"}}}}
{"CVE-2018-14031":{"scope":"remote","description":"An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5T_copy in H5T.c.","releases":{"buster":{"repositories":{"buster":"1.10.4+repack-10"},"urgency":"medium**","status":"undetermined"},"stretch":{"repositories":{"stretch":"1.10.0-patch1+docs-3+deb9u1"},"urgency":"medium**","status":"undetermined"},"jessie":{"repositories":{"jessie":"1.8.13+docs-15+deb8u1","jessie-security":"1.8.13+docs-15+deb8u1"},"urgency":"medium**","status":"undetermined"},"sid":{"repositories":{"sid":"1.10.4+repack-10"},"urgency":"medium**","status":"undetermined"}}}}
{"CVE-2018-17233":{"scope":"remote","description":"A SIGFPE signal is raised in the function H5D__create_chunk_file_map_hyper() of H5Dchunk.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.","releases":{"buster":{"repositories":{"buster":"1.10.4+repack-10"},"urgency":"low","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.10.0-patch1+docs-3+deb9u1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"repositories":{"jessie":"1.8.13+docs-15+deb8u1","jessie-security":"1.8.13+docs-15+deb8u1"},"urgency":"low","status":"open"},"sid":{"repositories":{"sid":"1.10.4+repack-10"},"urgency":"low","status":"open"}}}}
{"CVE-2019-9152":{"scope":"remote","description":"An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5MM_xstrdup in H5MM.c when called from H5O_dtype_decode_helper in H5Odtype.c.","releases":{"buster":{"repositories":{"buster":"1.10.4+repack-10"},"urgency":"medium**","status":"open"},"stretch":{"repositories":{"stretch":"1.10.0-patch1+docs-3+deb9u1"},"urgency":"medium**","status":"open"},"jessie":{"repositories":{"jessie":"1.8.13+docs-15+deb8u1","jessie-security":"1.8.13+docs-15+deb8u1"},"urgency":"medium**","status":"open"},"sid":{"repositories":{"sid":"1.10.4+repack-10"},"urgency":"medium**","status":"open"}}}}
{"CVE-2019-9151":{"scope":"remote","description":"An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5VM_memcpyvv in H5VM.c when called from H5D__compact_readvv in H5Dcompact.c.","releases":{"buster":{"repositories":{"buster":"1.10.4+repack-10"},"urgency":"medium**","status":"open"},"stretch":{"repositories":{"stretch":"1.10.0-patch1+docs-3+deb9u1"},"urgency":"medium**","status":"open"},"jessie":{"repositories":{"jessie":"1.8.13+docs-15+deb8u1","jessie-security":"1.8.13+docs-15+deb8u1"},"urgency":"medium**","status":"open"},"sid":{"repositories":{"sid":"1.10.4+repack-10"},"urgency":"medium**","status":"open"}}}}
{"CVE-2018-11207":{"scope":"remote","description":"A division by zero was discovered in H5D__chunk_init in H5Dchunk.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.","releases":{"buster":{"fixed_version":"1.10.4+repack-1","repositories":{"buster":"1.10.4+repack-10"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.10.0-patch1+docs-3+deb9u1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.8.13+docs-15+deb8u1","jessie-security":"1.8.13+docs-15+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.10.4+repack-1","repositories":{"sid":"1.10.4+repack-10"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-13869":{"scope":"remote","description":"An issue was discovered in the HDF HDF5 1.8.20 library. There is a memcpy parameter overlap in the function H5O_link_decode in H5Olink.c.","releases":{"buster":{"repositories":{"buster":"1.10.4+repack-10"},"urgency":"high**","status":"undetermined"},"stretch":{"repositories":{"stretch":"1.10.0-patch1+docs-3+deb9u1"},"urgency":"high**","status":"undetermined"},"jessie":{"repositories":{"jessie":"1.8.13+docs-15+deb8u1","jessie-security":"1.8.13+docs-15+deb8u1"},"urgency":"high**","status":"undetermined"},"sid":{"repositories":{"sid":"1.10.4+repack-10"},"urgency":"high**","status":"undetermined"}}}}
{"CVE-2018-11203":{"scope":"remote","description":"A division by zero was discovered in H5D__btree_decode_key in H5Dbtree.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.","releases":{"buster":{"fixed_version":"1.10.4+repack-1","repositories":{"buster":"1.10.4+repack-10"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.10.0-patch1+docs-3+deb9u1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.8.13+docs-15+deb8u1","jessie-security":"1.8.13+docs-15+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.10.4+repack-1","repositories":{"sid":"1.10.4+repack-10"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-13866":{"scope":"remote","description":"An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer over-read in the function H5F_addr_decode_len in H5Fint.c.","releases":{"buster":{"repositories":{"buster":"1.10.4+repack-10"},"urgency":"high**","status":"undetermined"},"stretch":{"repositories":{"stretch":"1.10.0-patch1+docs-3+deb9u1"},"urgency":"high**","status":"undetermined"},"jessie":{"repositories":{"jessie":"1.8.13+docs-15+deb8u1","jessie-security":"1.8.13+docs-15+deb8u1"},"urgency":"high**","status":"undetermined"},"sid":{"repositories":{"sid":"1.10.4+repack-10"},"urgency":"high**","status":"undetermined"}}}}
{"CVE-2018-11204":{"scope":"remote","description":"A NULL pointer dereference was discovered in H5O__chunk_deserialize in H5Ocache.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.","releases":{"buster":{"fixed_version":"1.10.4+repack-1","repositories":{"buster":"1.10.4+repack-10"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.10.0-patch1+docs-3+deb9u1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.8.13+docs-15+deb8u1","jessie-security":"1.8.13+docs-15+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.10.4+repack-1","repositories":{"sid":"1.10.4+repack-10"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-11205":{"scope":"remote","description":"A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.","releases":{"buster":{"repositories":{"buster":"1.10.4+repack-10"},"urgency":"medium**","status":"undetermined"},"stretch":{"repositories":{"stretch":"1.10.0-patch1+docs-3+deb9u1"},"urgency":"medium**","status":"undetermined"},"jessie":{"repositories":{"jessie":"1.8.13+docs-15+deb8u1","jessie-security":"1.8.13+docs-15+deb8u1"},"urgency":"medium**","status":"undetermined"},"sid":{"repositories":{"sid":"1.10.4+repack-10"},"urgency":"medium**","status":"undetermined"}}}}
{"CVE-2018-13868":{"scope":"remote","description":"An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_fill_old_decode in H5Ofill.c.","releases":{"buster":{"repositories":{"buster":"1.10.4+repack-10"},"urgency":"high**","status":"undetermined"},"stretch":{"repositories":{"stretch":"1.10.0-patch1+docs-3+deb9u1"},"urgency":"high**","status":"undetermined"},"jessie":{"repositories":{"jessie":"1.8.13+docs-15+deb8u1","jessie-security":"1.8.13+docs-15+deb8u1"},"urgency":"high**","status":"undetermined"},"sid":{"repositories":{"sid":"1.10.4+repack-10"},"urgency":"high**","status":"undetermined"}}}}
{"CVE-2018-11206":{"scope":"remote","description":"An out of bounds read was discovered in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.","releases":{"buster":{"fixed_version":"1.10.4+repack-1","repositories":{"buster":"1.10.4+repack-10"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.10.0-patch1+docs-3+deb9u1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.8.13+docs-15+deb8u1","jessie-security":"1.8.13+docs-15+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.10.4+repack-1","repositories":{"sid":"1.10.4+repack-10"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-13867":{"scope":"remote","description":"An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5F__accum_read in H5Faccum.c.","releases":{"buster":{"repositories":{"buster":"1.10.4+repack-10"},"urgency":"high**","status":"undetermined"},"stretch":{"repositories":{"stretch":"1.10.0-patch1+docs-3+deb9u1"},"urgency":"high**","status":"undetermined"},"jessie":{"repositories":{"jessie":"1.8.13+docs-15+deb8u1","jessie-security":"1.8.13+docs-15+deb8u1"},"urgency":"high**","status":"undetermined"},"sid":{"repositories":{"sid":"1.10.4+repack-10"},"urgency":"high**","status":"undetermined"}}}}
{"CVE-2018-11202":{"scope":"remote","description":"A NULL pointer dereference was discovered in H5S_hyper_make_spans in H5Shyper.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.","releases":{"buster":{"fixed_version":"1.10.4+repack-1","repositories":{"buster":"1.10.4+repack-10"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.10.0-patch1+docs-3+deb9u1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.8.13+docs-15+deb8u1","jessie-security":"1.8.13+docs-15+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.10.4+repack-1","repositories":{"sid":"1.10.4+repack-10"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-14034":{"scope":"remote","description":"An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5O_pline_reset in H5Opline.c.","releases":{"buster":{"repositories":{"buster":"1.10.4+repack-10"},"urgency":"medium**","status":"undetermined"},"stretch":{"repositories":{"stretch":"1.10.0-patch1+docs-3+deb9u1"},"urgency":"medium**","status":"undetermined"},"jessie":{"repositories":{"jessie":"1.8.13+docs-15+deb8u1","jessie-security":"1.8.13+docs-15+deb8u1"},"urgency":"medium**","status":"undetermined"},"sid":{"repositories":{"sid":"1.10.4+repack-10"},"urgency":"medium**","status":"undetermined"}}}}
{"CVE-2018-14033":{"scope":"remote","description":"An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_layout_decode in H5Olayout.c, related to HDmemcpy.","releases":{"buster":{"repositories":{"buster":"1.10.4+repack-10"},"urgency":"medium**","status":"undetermined"},"stretch":{"repositories":{"stretch":"1.10.0-patch1+docs-3+deb9u1"},"urgency":"medium**","status":"undetermined"},"jessie":{"repositories":{"jessie":"1.8.13+docs-15+deb8u1","jessie-security":"1.8.13+docs-15+deb8u1"},"urgency":"medium**","status":"undetermined"},"sid":{"repositories":{"sid":"1.10.4+repack-10"},"urgency":"medium**","status":"undetermined"}}}}
{"CVE-2018-14035":{"scope":"remote","description":"An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5VM_memcpyvv in H5VM.c.","releases":{"buster":{"repositories":{"buster":"1.10.4+repack-10"},"urgency":"medium**","status":"undetermined"},"stretch":{"repositories":{"stretch":"1.10.0-patch1+docs-3+deb9u1"},"urgency":"medium**","status":"undetermined"},"jessie":{"repositories":{"jessie":"1.8.13+docs-15+deb8u1","jessie-security":"1.8.13+docs-15+deb8u1"},"urgency":"medium**","status":"undetermined"},"sid":{"repositories":{"sid":"1.10.4+repack-10"},"urgency":"medium**","status":"undetermined"}}}}
{"CVE-2013-1802":{"debianbug":697895,"scope":"remote","description":"The extlib gem 0.9.15 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156.","releases":{"buster":{"fixed_version":"0.9.15-3","repositories":{"buster":"0.9.16-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.9.15-3","repositories":{"stretch":"0.9.16-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.9.15-3","repositories":{"jessie":"0.9.15-3"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.9.15-3","repositories":{"sid":"0.9.16-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-10672":{"debianbug":866676,"scope":"remote","description":"Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call.","releases":{"buster":{"fixed_version":"2.0128+dfsg-5","repositories":{"buster":"2.0134+dfsg-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.0128+dfsg-1+deb9u1","repositories":{"stretch-security":"2.0128+dfsg-1+deb9u1","stretch":"2.0128+dfsg-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.0116+dfsg-1+deb8u2","repositories":{"jessie":"2.0116+dfsg-1+deb8u2","jessie-security":"2.0116+dfsg-1+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.0128+dfsg-5","repositories":{"sid":"2.0134+dfsg-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-3451":{"debianbug":783443,"scope":"remote","description":"The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.","releases":{"buster":{"fixed_version":"2.0116+dfsg-2","repositories":{"buster":"2.0134+dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.0116+dfsg-2","repositories":{"stretch-security":"2.0128+dfsg-1+deb9u1","stretch":"2.0128+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.0116+dfsg-1+deb8u1","repositories":{"jessie":"2.0116+dfsg-1+deb8u2","jessie-security":"2.0116+dfsg-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.0116+dfsg-2","repositories":{"sid":"2.0134+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8697":{"debianbug":808730,"scope":"local","description":"stalin 0.11-5 allows local users to write to arbitrary files.","releases":{"buster":{"repositories":{"buster":"0.11-6"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"0.11-6"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"0.11-5"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"0.11-6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2013-2104":{"scope":"remote","description":"python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after it has expired, or (2) use a revoked token once it expires.","releases":{"buster":{"fixed_version":"1:0.2.5-1","repositories":{"buster":"1:3.17.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:0.2.5-1","repositories":{"stretch":"1:3.2.0-4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:0.2.5-1","repositories":{"jessie":"1:0.10.1-2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:0.2.5-1","repositories":{"sid":"1:3.17.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-2166":{"debianbug":713819,"releases":{"buster":{"fixed_version":"1:0.2.5-2","repositories":{"buster":"1:3.17.0-2"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"1:0.2.5-2","repositories":{"stretch":"1:3.2.0-4"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"1:0.2.5-2","repositories":{"jessie":"1:0.10.1-2+deb8u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"1:0.2.5-2","repositories":{"sid":"1:3.17.0-2"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2013-2167":{"debianbug":713819,"releases":{"buster":{"fixed_version":"1:0.2.5-2","repositories":{"buster":"1:3.17.0-2"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"1:0.2.5-2","repositories":{"stretch":"1:3.2.0-4"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"1:0.2.5-2","repositories":{"jessie":"1:0.10.1-2+deb8u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"1:0.2.5-2","repositories":{"sid":"1:3.17.0-2"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2014-7144":{"debianbug":762748,"scope":"remote","description":"OpenStack keystonemiddleware (formerly python-keystoneclient) 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the \"insecure\" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate.","releases":{"buster":{"fixed_version":"1:0.10.1-2","repositories":{"buster":"1:3.17.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:0.10.1-2","repositories":{"stretch":"1:3.2.0-4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:0.10.1-2","repositories":{"jessie":"1:0.10.1-2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:0.10.1-2","repositories":{"sid":"1:3.17.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-2013":{"debianbug":709535,"scope":"local","description":"The user-password-update command in python-keystoneclient before 0.2.4 accepts the new password in the --password argument, which allows local users to obtain sensitive information by listing the process.","releases":{"buster":{"fixed_version":"1:0.2.5-1","repositories":{"buster":"1:3.17.0-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1:0.2.5-1","repositories":{"stretch":"1:3.2.0-4"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1:0.2.5-1","repositories":{"jessie":"1:0.10.1-2+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1:0.2.5-1","repositories":{"sid":"1:3.17.0-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2015-1852":{"debianbug":783164,"scope":"remote","description":"The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the \"insecure\" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate, a different vulnerability than CVE-2014-7144.","releases":{"buster":{"fixed_version":"1:1.3.0-2","repositories":{"buster":"1:3.17.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.3.0-2","repositories":{"stretch":"1:3.2.0-4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:0.10.1-2+deb8u1","repositories":{"jessie":"1:0.10.1-2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.3.0-2","repositories":{"sid":"1:3.17.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-0105":{"debianbug":742898,"scope":"remote","description":"The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large number of requests, related to an \"interaction between eventlet and python-memcached.\"","releases":{"buster":{"fixed_version":"1:0.6.0-4","repositories":{"buster":"1:3.17.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:0.6.0-4","repositories":{"stretch":"1:3.2.0-4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:0.6.0-4","repositories":{"jessie":"1:0.10.1-2+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:0.6.0-4","repositories":{"sid":"1:3.17.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-0233":{"scope":"local","description":"Multiple insecure Temporary File vulnerabilities in 389 Administration Server before 1.1.38.","releases":{"stretch":{"fixed_version":"1.1.38-1","repositories":{"stretch":"1.1.43-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"1.1.35-2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2009-4422":{"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in the GetURLArguments function in jpgraph.php in Aditus Consulting JpGraph 3.0.6 allow remote attackers to inject arbitrary web script or HTML via a key to csim_in_html_ex1.php, and other unspecified vectors.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.5.2-13"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.5.2-13"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.5.2-12.1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.5.2-13"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-1067":{"debianbug":900323,"scope":"remote","description":"In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value.","releases":{"sid":{"fixed_version":"1.4.25-1","repositories":{"sid":"1.4.25-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-2670":{"debianbug":864405,"scope":"remote","description":"It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS.","releases":{"sid":{"fixed_version":"1.4.18-1","repositories":{"sid":"1.4.25-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-12165":{"debianbug":885338,"scope":"remote","description":"It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.","releases":{"sid":{"repositories":{"sid":"1.4.25-2"},"urgency":"medium**","status":"open"}}}}
{"CVE-2018-14642":{"debianbug":911796,"scope":"remote","description":"An information leak vulnerability was found in Undertow. If all headers are not written out in the first write() call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain data from previous requests.","releases":{"sid":{"repositories":{"sid":"1.4.25-2"},"urgency":"medium**","status":"open"}}}}
{"CVE-2017-12196":{"scope":"remote","description":"undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the attacker to cause a MITM attack and access the desired content on the server.","releases":{"sid":{"fixed_version":"1.4.25-1","repositories":{"sid":"1.4.25-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-2666":{"debianbug":864405,"scope":"remote","description":"It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.","releases":{"sid":{"fixed_version":"1.4.18-1","repositories":{"sid":"1.4.25-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-4993":{"scope":"remote","description":"CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.","releases":{"sid":{"fixed_version":"1.4.3-1","repositories":{"sid":"1.4.25-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7559":{"debianbug":885576,"scope":"remote","description":"In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.","releases":{"sid":{"fixed_version":"1.4.23-1","repositories":{"sid":"1.4.25-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-7816":{"scope":"remote","description":"Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. (dot dot) in a resource URI.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"1.4.25-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-7046":{"debianbug":838600,"scope":"remote","description":"Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service (CPU and disk consumption) via a long URL.","releases":{"sid":{"fixed_version":"1.4.3-1","repositories":{"sid":"1.4.25-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-1048":{"debianbug":891928,"scope":"remote","description":"It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOW_ENCODED_SLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files.","releases":{"sid":{"fixed_version":"1.4.22-1","repositories":{"sid":"1.4.25-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-1114":{"debianbug":897247,"scope":"remote","description":"It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.","releases":{"sid":{"fixed_version":"1.4.25-1","repositories":{"sid":"1.4.25-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8373":{"scope":"remote","description":"The kea-dhcp4 and kea-dhcp6 servers 0.9.2 and 1.0.0-beta in ISC Kea, when certain debugging settings are used, allow remote attackers to cause a denial of service (daemon crash) via a malformed packet.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"1.1.0-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.5.0-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-5739":{"scope":"remote","description":"An extension to hooks capabilities which debuted in Kea 1.4.0 introduced a memory leak for operators who are using certain hooks library facilities. In order to support multiple requests simultaneously, Kea 1.4 added a callout handle store but unfortunately the initial implementation of this store does not properly free memory in every case. Hooks which make use of query4 or query6 parameters in their callouts can leak memory, resulting in the eventual exhaustion of available memory and subsequent failure of the server process. Affects Kea DHCP 1.4.0.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"1.1.0-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.5.0-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-1187":{"releases":{"buster":{"fixed_version":"3.0.4+bzr855-1","repositories":{"buster":"3.5.1-1.3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.0.4+bzr855-1","repositories":{"stretch":"3.5.1-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3.0.4+bzr855-1","repositories":{"jessie":"3.2.2-2+deb8u1","jessie-security":"3.2.2-2+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"3.0.4+bzr855-1","repositories":{"sid":"3.6-1.1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-3920":{"scope":"remote","description":"Unspecified vulnerability in BitlBee before 1.2.2 allows remote attackers to \"recreate\" and \"hijack\" existing accounts via unspecified vectors.","releases":{"buster":{"fixed_version":"1.2.2-1","repositories":{"buster":"3.5.1-1.3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.2.2-1","repositories":{"stretch":"3.5.1-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.2.2-1","repositories":{"jessie":"3.2.2-2+deb8u1","jessie-security":"3.2.2-2+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.2.2-1","repositories":{"sid":"3.6-1.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-5668":{"debianbug":853282,"scope":"remote","description":"bitlbee-libpurple before 3.5.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-10189.","releases":{"buster":{"fixed_version":"3.5.1-1","repositories":{"buster":"3.5.1-1.3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.5.1-1","repositories":{"stretch":"3.5.1-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.2.2-2+deb8u1","jessie-security":"3.2.2-2+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"3.5.1-1","repositories":{"sid":"3.6-1.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-10189":{"scope":"remote","description":"BitlBee before 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list.","releases":{"buster":{"fixed_version":"3.5-1","repositories":{"buster":"3.5.1-1.3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.5-1","repositories":{"stretch":"3.5.1-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.2.2-2+deb8u1","repositories":{"jessie":"3.2.2-2+deb8u1","jessie-security":"3.2.2-2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.5-1","repositories":{"sid":"3.6-1.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-10188":{"scope":"remote","description":"Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code by causing a file transfer connection to expire.","releases":{"buster":{"fixed_version":"3.5-1","repositories":{"buster":"3.5.1-1.3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.5-1","repositories":{"stretch":"3.5.1-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.2.2-2+deb8u1","repositories":{"jessie":"3.2.2-2+deb8u1","jessie-security":"3.2.2-2+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.5-1","repositories":{"sid":"3.6-1.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-3969":{"debianbug":498159,"scope":"remote","description":"Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow remote attackers to \"overwrite\" and \"hijack\" existing accounts via unknown vectors related to \"inconsistent handling of the USTATUS_IDENTIFIED state.\" NOTE: this issue exists because of an incomplete fix for CVE-2008-3920.","releases":{"buster":{"fixed_version":"1.2.3-1","repositories":{"buster":"3.5.1-1.3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.2.3-1","repositories":{"stretch":"3.5.1-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.2.3-1","repositories":{"jessie":"3.2.2-2+deb8u1","jessie-security":"3.2.2-2+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.2.3-1","repositories":{"sid":"3.6-1.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-0849":{"debianbug":790365,"releases":{"buster":{"fixed_version":"1:1.0-1","repositories":{"buster":"1:1.02+git20181006-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1:1.0-1","repositories":{"stretch":"1:1.02-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"20120614+git+b041dd2-7"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"1:1.0-1","repositories":{"sid":"1:1.02+git20181006-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-9640":{"scope":"remote","description":"An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn.","releases":{"buster":{"fixed_version":"7.3.3-1","repositories":{"buster":"7.3.4-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7.3.3-1","repositories":{"sid":"7.3.4-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-9024":{"scope":"remote","description":"An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c.","releases":{"buster":{"fixed_version":"7.3.1-1","repositories":{"buster":"7.3.4-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7.3.1-1","repositories":{"sid":"7.3.4-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-9023":{"scope":"remote","description":"An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regexec.c, ext/mbstring/oniguruma/regparse.c, ext/mbstring/oniguruma/enc/unicode.c, and ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences.","releases":{"buster":{"fixed_version":"7.3.1-1","repositories":{"buster":"7.3.4-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7.3.1-1","repositories":{"sid":"7.3.4-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2019-9675":{"scope":"remote","description":"** DISPUTED ** An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot happen: \"This issue allows theoretical compromise of security, but a practical attack is usually impossible.\"","releases":{"buster":{"fixed_version":"7.3.3-1","repositories":{"buster":"7.3.4-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"7.3.3-1","repositories":{"sid":"7.3.4-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-9641":{"scope":"remote","description":"An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.","releases":{"buster":{"fixed_version":"7.3.3-1","repositories":{"buster":"7.3.4-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7.3.3-1","repositories":{"sid":"7.3.4-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2019-9025":{"scope":"remote","description":"An issue was discovered in PHP 7.3.x before 7.3.1. An invalid multibyte string supplied as an argument to the mb_split() function in ext/mbstring/php_mbregex.c can cause PHP to execute memcpy() with a negative argument, which could read and write past buffers allocated for the data.","releases":{"buster":{"fixed_version":"7.3.1-1","repositories":{"buster":"7.3.4-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7.3.1-1","repositories":{"sid":"7.3.4-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-19396":{"scope":"remote","description":"ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service (application crash) via an unserialize call for the com, dotnet, or variant class.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"7.3.4-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"7.3.4-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-11035":{"scope":"remote","description":"When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash.","releases":{"buster":{"fixed_version":"7.3.4-1","repositories":{"buster":"7.3.4-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7.3.4-1","repositories":{"sid":"7.3.4-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-9020":{"scope":"remote","description":"An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c.","releases":{"buster":{"fixed_version":"7.3.1-1","repositories":{"buster":"7.3.4-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7.3.1-1","repositories":{"sid":"7.3.4-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2019-11036":{"debianbug":928421,"scope":"remote","description":"When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.","releases":{"buster":{"repositories":{"buster":"7.3.4-2"},"urgency":"medium**","status":"open"},"sid":{"repositories":{"sid":"7.3.4-2"},"urgency":"medium**","status":"open"}}}}
{"CVE-2018-19395":{"scope":"remote","description":"ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereference and application crash) because com and com_safearray_proxy return NULL in com_properties_get in ext/com_dotnet/com_handlers.c, as demonstrated by a serialize call on COM(\"WScript.Shell\").","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"7.3.4-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"7.3.4-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-9022":{"scope":"remote","description":"An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parserr in ext/standard/dns.c for DNS_CAA and DNS_ANY queries.","releases":{"buster":{"fixed_version":"7.3.2-1","repositories":{"buster":"7.3.4-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7.3.2-1","repositories":{"sid":"7.3.4-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-9021":{"scope":"remote","description":"An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c.","releases":{"buster":{"fixed_version":"7.3.1-1","repositories":{"buster":"7.3.4-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7.3.1-1","repositories":{"sid":"7.3.4-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2019-11034":{"scope":"remote","description":"When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.","releases":{"buster":{"fixed_version":"7.3.4-1","repositories":{"buster":"7.3.4-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7.3.4-1","repositories":{"sid":"7.3.4-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-9637":{"scope":"remote","description":"An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data.","releases":{"buster":{"fixed_version":"7.3.3-1","repositories":{"buster":"7.3.4-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7.3.3-1","repositories":{"sid":"7.3.4-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-17082":{"scope":"remote","description":"The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a \"Transfer-Encoding: chunked\" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c.","releases":{"buster":{"fixed_version":"7.3.0~rc2-1","repositories":{"buster":"7.3.4-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7.3.0~rc2-1","repositories":{"sid":"7.3.4-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-9639":{"scope":"remote","description":"An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.","releases":{"buster":{"fixed_version":"7.3.3-1","repositories":{"buster":"7.3.4-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"7.3.3-1","repositories":{"sid":"7.3.4-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-9638":{"scope":"remote","description":"An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len.","releases":{"buster":{"fixed_version":"7.3.3-1","repositories":{"buster":"7.3.4-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7.3.3-1","repositories":{"sid":"7.3.4-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-6977":{"debianbug":920645,"scope":"remote","description":"gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.","releases":{"buster":{"fixed_version":"7.3.1-1","repositories":{"buster":"7.3.4-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"7.3.1-1","repositories":{"sid":"7.3.4-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-20783":{"scope":"remote","description":"In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to phar_parse_pharfile in ext/phar/phar.c.","releases":{"buster":{"fixed_version":"7.3.0-1","repositories":{"buster":"7.3.4-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7.3.0-1","repositories":{"sid":"7.3.4-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-9253":{"scope":"remote","description":"An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, or system) with a non-blocking STDIN stream, causing this master process to consume 100% of the CPU, and consume disk space with a large volume of error logs, as demonstrated by an attack by a customer of a shared-hosting facility.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"7.3.4-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"7.3.4-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-19518":{"debianbug":913775,"scope":"remote","description":"University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a \"-oProxyCommand\" argument.","releases":{"buster":{"fixed_version":"7.3.0-1","repositories":{"buster":"7.3.4-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"7.3.0-1","repositories":{"sid":"7.3.4-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-19935":{"scope":"remote","description":"ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function.","releases":{"buster":{"fixed_version":"7.3.0-1","repositories":{"buster":"7.3.4-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"7.3.0-1","repositories":{"sid":"7.3.4-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2003-0537":{"scope":"local","description":"The liece Emacs IRC client 2.0+0.20030527 and earlier creates temporary files insecurely, which could allow local users to overwrite arbitrary files as other users.","releases":{"buster":{"fixed_version":"2.0+0.20030527cvs-1","repositories":{"buster":"2.0+0.20030527cvs-12"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.0+0.20030527cvs-1","repositories":{"stretch":"2.0+0.20030527cvs-11.2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.0+0.20030527cvs-1","repositories":{"jessie":"2.0+0.20030527cvs-11.2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.0+0.20030527cvs-1","repositories":{"sid":"2.0+0.20030527cvs-12"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-12268":{"debianbug":901572,"scope":"remote","description":"acccheck.pl in acccheck 0.2.1 allows Command Injection via shell metacharacters in a username or password file, as demonstrated by injection into an smbclient command line.","releases":{"stretch":{"nodsa":"Non-free not supported","repositories":{"stretch":"0.2.1-3"},"urgency":"high**","nodsa_reason":"","status":"open"}}}}
{"CVE-2017-1000047":{"debianbug":869702,"scope":"remote","description":"rbenv (all current versions) is vulnerable to Directory Traversal in the specification of Ruby version resulting in arbitrary code execution","releases":{"buster":{"nodsa":"Minor issue","repositories":{"buster":"1.1.1-1"},"urgency":"high**","nodsa_reason":"","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.0.0-1"},"urgency":"high**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.4.0+debian1-3"},"urgency":"high**","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"1.1.1-1"},"urgency":"high**","status":"open"}}}}
{"CVE-2018-20348":{"scope":"local","description":"libpff_item_tree_create_node in libpff_item_tree.c in libpff before experimental-20180714 allows attackers to cause a denial of service (infinite recursion) via a crafted file, related to libfdata_tree_get_node_value in libfdata_tree.c.","releases":{"buster":{"fixed_version":"20180714-1","repositories":{"buster":"20180714-1"},"urgency":"low**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"20120802-5"},"urgency":"low**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"20120802-2"},"urgency":"low**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"20180714-1","repositories":{"sid":"20180714-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-11723":{"debianbug":901967,"scope":"local","description":"** DISPUTED ** The libpff_name_to_id_map_entry_read function in libpff_name_to_id_map.c in libyal libpff through 2018-04-28 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted pff file. NOTE: the vendor has disputed this as described in libyal/libpff issue 66 on GitHub.","releases":{"buster":{"fixed_version":"20180714-1","repositories":{"buster":"20180714-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"20120802-5"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"20120802-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"20180714-1","repositories":{"sid":"20180714-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-5934":{"scope":"remote","description":"The LOB functionality in PEAR MDB2 before 2.5.0a1 interprets a request to store a URL string as a request to retrieve and store the contents of the URL, which might allow remote attackers to use MDB2 as an indirect proxy or obtain sensitive information via a URL into a form field in an MDB2 application, as demonstrated by a file:// URL or a URL for an intranet web site.","releases":{"buster":{"fixed_version":"2.5.0b2-1","repositories":{"buster":"2.5.0b5-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.5.0b2-1","repositories":{"stretch":"2.5.0b5-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.5.0b2-1","repositories":{"jessie":"2.5.0b5-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.5.0b2-1","repositories":{"sid":"2.5.0b5-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-5711":{"debianbug":887485,"scope":"remote","description":"gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx.","releases":{"stretch":{"fixed_version":"7.0.27-0+deb9u1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-9640":{"scope":"remote","description":"An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn.","releases":{"stretch":{"fixed_version":"7.0.33-0+deb9u3","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-9641":{"scope":"remote","description":"An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.","releases":{"stretch":{"fixed_version":"7.0.33-0+deb9u3","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2019-11035":{"scope":"remote","description":"When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash.","releases":{"stretch":{"nodsa":"Fix along in future update","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","nodsa_reason":"postponed","status":"open"}}}}
{"CVE-2019-11036":{"debianbug":928421,"scope":"remote","description":"When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.","releases":{"stretch":{"nodsa":"Fix along in future update","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","nodsa_reason":"postponed","status":"open"}}}}
{"CVE-2019-11034":{"scope":"remote","description":"When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.","releases":{"stretch":{"nodsa":"Fix along in future update","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","nodsa_reason":"postponed","status":"open"}}}}
{"CVE-2016-7568":{"debianbug":839659,"scope":"remote","description":"Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls.","releases":{"stretch":{"fixed_version":"7.0.12-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-5385":{"scope":"remote","description":"PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an \"httpoxy\" issue.","releases":{"stretch":{"fixed_version":"7.0.9-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-11362":{"scope":"remote","description":"In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ext/intl/msgformat/msgformat_parse.c does not restrict the locale length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact within International Components for Unicode (ICU) for C/C++ via a long first argument to the msgfmt_parse_message function.","releases":{"stretch":{"fixed_version":"7.0.22-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-2554":{"scope":"remote","description":"Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive.","releases":{"stretch":{"fixed_version":"7.0.3-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-1904":{"scope":"remote","description":"Multiple integer overflows in ext/standard/exec.c in PHP 7.x before 7.0.2 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a long string to the (1) php_escape_shell_cmd or (2) php_escape_shell_arg function, leading to a heap-based buffer overflow.","releases":{"stretch":{"fixed_version":"7.0.2-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-1903":{"debianbug":835032,"scope":"remote","description":"The gdImageRotateInterpolated function in ext/gd/libgd/gd_interpolation.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a large bgd_color argument to the imagerotate function.","releases":{"stretch":{"fixed_version":"7.0.2-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8880":{"scope":"remote","description":"Double free vulnerability in the format printer in PHP 7.x before 7.0.1 allows remote attackers to have an unspecified impact by triggering an error.","releases":{"stretch":{"fixed_version":"7.0.1-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-5712":{"scope":"remote","description":"An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.","releases":{"stretch":{"fixed_version":"7.0.27-0+deb9u1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8879":{"scope":"remote","description":"The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table.","releases":{"stretch":{"fixed_version":"7.0.0-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5093":{"scope":"remote","description":"The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensure the presence of a '\\0' character, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted locale_get_primary_language call.","releases":{"stretch":{"fixed_version":"7.0.7-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-8877":{"scope":"remote","description":"The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function.","releases":{"stretch":{"fixed_version":"7.0.0-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-5773":{"scope":"remote","description":"php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data containing a ZipArchive object.","releases":{"stretch":{"fixed_version":"7.0.8-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-5772":{"scope":"remote","description":"Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call.","releases":{"stretch":{"fixed_version":"7.0.8-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-3078":{"scope":"remote","description":"Multiple integer overflows in php_zip.c in the zip extension in PHP before 7.0.6 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted call to (1) getFromIndex or (2) getFromName in the ZipArchive class.","releases":{"stretch":{"fixed_version":"7.0.6-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-3074":{"debianbug":822242,"scope":"remote","description":"Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow.","releases":{"stretch":{"fixed_version":"7.0.6-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-5771":{"scope":"remote","description":"spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-5770":{"scope":"remote","description":"Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer argument, a related issue to CVE-2016-5096.","releases":{"stretch":{"fixed_version":"7.0.8-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-9118":{"scope":"remote","description":"PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.","releases":{"stretch":{"repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-9119":{"scope":"remote","description":"The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations on array data structures.","releases":{"stretch":{"repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2018-7584":{"scope":"remote","description":"In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in copying a large string.","releases":{"stretch":{"fixed_version":"7.0.30-0+deb9u1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-14851":{"scope":"remote","description":"exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.","releases":{"stretch":{"fixed_version":"7.0.33-0+deb9u1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-16642":{"scope":"remote","description":"In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145.","releases":{"stretch":{"fixed_version":"7.0.27-0+deb9u1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8876":{"scope":"remote","description":"Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not validate certain Exception objects, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger unintended method execution via crafted serialized data.","releases":{"stretch":{"fixed_version":"7.0.0-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-8994":{"scope":"remote","description":"An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/mod_php or php-fpm with OpCache enabled. With 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a non-default configuration with the opcache.validate_permission=1 setting. The vulnerability details are as follows. In PHP SAPIs where PHP interpreters share a common parent process, Zend OpCache creates a shared memory object owned by the common parent during initialization. Child PHP processes inherit the SHM descriptor, using it to cache and retrieve compiled script bytecode (\"opcode\" in PHP jargon). Cache keys vary depending on configuration, but filename is a central key component, and compiled opcode can generally be run if a script's filename is known or can be guessed. Many common shared-hosting configurations change EUID in child processes to enforce privilege separation among hosted users (for example using mod_ruid2 for the Apache HTTP Server, or php-fpm user settings). In these scenarios, the default Zend OpCache behavior defeats script file permissions by sharing a single SHM cache among all child PHP processes. PHP scripts often contain sensitive information: Think of CMS configurations where reading or running another user's script usually means gaining privileges to the CMS database.","releases":{"stretch":{"fixed_version":"7.0.14-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8874":{"debianbug":824627,"scope":"remote","description":"Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call.","releases":{"stretch":{"fixed_version":"7.0.0-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-9024":{"scope":"remote","description":"An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c.","releases":{"stretch":{"fixed_version":"7.0.33-0+deb9u2","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-9023":{"scope":"remote","description":"An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regexec.c, ext/mbstring/oniguruma/regparse.c, ext/mbstring/oniguruma/enc/unicode.c, and ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences.","releases":{"stretch":{"fixed_version":"7.0.33-0+deb9u2","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-6292":{"scope":"remote","description":"The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image.","releases":{"stretch":{"fixed_version":"7.0.9-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-6295":{"scope":"remote","description":"ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via crafted serialized data, a related issue to CVE-2016-5773.","releases":{"stretch":{"fixed_version":"7.0.9-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-6294":{"scope":"remote","description":"The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument.","releases":{"stretch":{"fixed_version":"7.0.9-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2019-9020":{"scope":"remote","description":"An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c.","releases":{"stretch":{"fixed_version":"7.0.33-0+deb9u2","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-6291":{"scope":"remote","description":"The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive information from process memory, or possibly have unspecified other impact via a crafted JPEG image.","releases":{"stretch":{"fixed_version":"7.0.9-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2019-9022":{"scope":"remote","description":"An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parserr in ext/standard/dns.c for DNS_CAA and DNS_ANY queries.","releases":{"stretch":{"fixed_version":"7.0.33-0+deb9u2","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-9021":{"scope":"remote","description":"An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c.","releases":{"stretch":{"fixed_version":"7.0.33-0+deb9u2","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-6290":{"scope":"remote","description":"ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to session deserialization.","releases":{"stretch":{"fixed_version":"7.0.9-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-6297":{"scope":"remote","description":"Integer overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted zip:// URL.","releases":{"stretch":{"fixed_version":"7.0.9-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-6296":{"debianbug":832959,"scope":"remote","description":"Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a long first argument to the PHP xmlrpc_encode_request function.","releases":{"stretch":{"fixed_version":"7.0.9-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-3185":{"scope":"remote","description":"The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (type confusion and application crash) via crafted serialized _cookies data, related to the SoapClient::__call method in ext/soap/soap.c.","releases":{"stretch":{"fixed_version":"7.0.4-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5769":{"scope":"remote","description":"Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted length value, related to the (1) mcrypt_generic and (2) mdecrypt_generic functions.","releases":{"stretch":{"fixed_version":"7.0.8-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-5766":{"debianbug":829014,"scope":"remote","description":"Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.","releases":{"stretch":{"fixed_version":"7.0.8-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"unimportant","status":"resolved"}}}}
{"TEMP-0000000-A9D025":{"releases":{"stretch":{"fixed_version":"7.0.3-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2016-5768":{"scope":"remote","description":"Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by leveraging a callback exception.","releases":{"stretch":{"fixed_version":"7.0.8-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-5767":{"scope":"remote","description":"Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted image dimensions.","releases":{"stretch":{"fixed_version":"7.0.8-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-9120":{"scope":"remote","description":"PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string.","releases":{"stretch":{"repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2018-12882":{"scope":"remote","description":"exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-11628":{"scope":"remote","description":"In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input (instead of the system's php.ini file) for the parse_ini_string or parse_ini_file function, e.g., a web application for syntax validation of php.ini directives.","releases":{"stretch":{"fixed_version":"7.0.27-0+deb9u1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-7130":{"scope":"remote","description":"The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid base64 binary value, as demonstrated by a wddx_deserialize call that mishandles a binary element in a wddxPacket XML document.","releases":{"stretch":{"fixed_version":"7.0.10-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-7131":{"scope":"remote","description":"ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via a malformed wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a tag that lacks a < (less than) character.","releases":{"stretch":{"fixed_version":"7.0.10-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-15132":{"scope":"remote","description":"An issue was discovered in ext/standard/link_win32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. The linkinfo function on Windows doesn't implement the open_basedir check. This could be abused to find files on paths outside of the allowed directories.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-9675":{"scope":"remote","description":"** DISPUTED ** An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot happen: \"This issue allows theoretical compromise of security, but a practical attack is usually impossible.\"","releases":{"stretch":{"fixed_version":"7.0.33-0+deb9u3","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0000000-F26C42":{"releases":{"stretch":{"fixed_version":"7.0.3-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2016-7413":{"scope":"remote","description":"Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset field element, leading to mishandling in a wddx_deserialize call.","releases":{"stretch":{"fixed_version":"7.0.11-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-4541":{"scope":"remote","description":"The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset.","releases":{"stretch":{"fixed_version":"7.0.6-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-7414":{"scope":"remote","description":"The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c.","releases":{"stretch":{"fixed_version":"7.0.11-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-4540":{"scope":"remote","description":"The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset.","releases":{"stretch":{"fixed_version":"7.0.6-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-6289":{"scope":"remote","description":"Integer overflow in the virtual_file_ex function in TSRM/tsrm_virtual_cwd.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted extract operation on a ZIP archive.","releases":{"stretch":{"fixed_version":"7.0.9-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-7411":{"scope":"remote","description":"ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-4543":{"scope":"remote","description":"The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.","releases":{"stretch":{"fixed_version":"7.0.6-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-7412":{"scope":"remote","description":"ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.","releases":{"stretch":{"fixed_version":"7.0.11-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-4542":{"scope":"remote","description":"The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.","releases":{"stretch":{"fixed_version":"7.0.6-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-7134":{"scope":"remote","description":"ext/curl/interface.c in PHP 7.x before 7.0.10 does not work around a libcurl integer overflow, which allows remote attackers to cause a denial of service (allocation error and heap-based buffer overflow) or possibly have unspecified other impact via a long string that is mishandled in a curl_escape call.","releases":{"stretch":{"fixed_version":"7.0.10-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-20783":{"scope":"remote","description":"In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to phar_parse_pharfile in ext/phar/phar.c.","releases":{"stretch":{"fixed_version":"7.0.33-0+deb9u1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-7132":{"scope":"remote","description":"ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a stray element inside a boolean element, leading to incorrect pop processing.","releases":{"stretch":{"fixed_version":"7.0.10-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-7133":{"scope":"remote","description":"Zend/zend_alloc.c in PHP 7.x before 7.0.10, when open_basedir is enabled, mishandles huge realloc operations, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a long pathname.","releases":{"stretch":{"fixed_version":"7.0.10-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-7417":{"scope":"remote","description":"ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data.","releases":{"stretch":{"fixed_version":"7.0.11-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-7418":{"scope":"remote","description":"The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call.","releases":{"stretch":{"fixed_version":"7.0.11-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-4544":{"scope":"remote","description":"The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.","releases":{"stretch":{"fixed_version":"7.0.6-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-7416":{"scope":"remote","description":"ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument.","releases":{"stretch":{"fixed_version":"7.0.11-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-6207":{"scope":"remote","description":"Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors.","releases":{"stretch":{"fixed_version":"7.0.9-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-7480":{"scope":"remote","description":"The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.","releases":{"stretch":{"fixed_version":"7.0.12-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-7127":{"scope":"remote","description":"The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by providing different signs for the second and third arguments.","releases":{"stretch":{"fixed_version":"7.0.10-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-17082":{"scope":"remote","description":"The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a \"Transfer-Encoding: chunked\" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c.","releases":{"stretch":{"fixed_version":"7.0.33-0+deb9u1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-7128":{"scope":"remote","description":"The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.","releases":{"stretch":{"fixed_version":"7.0.10-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-7125":{"scope":"remote","description":"ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection.","releases":{"stretch":{"fixed_version":"7.0.10-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-6977":{"debianbug":920645,"scope":"remote","description":"gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.","releases":{"stretch":{"repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-7126":{"scope":"remote","description":"The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of service (select_colors allocation error and out-of-bounds write) or possibly have unspecified other impact via a large value in the third argument.","releases":{"stretch":{"fixed_version":"7.0.10-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-7124":{"scope":"remote","description":"ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call.","releases":{"stretch":{"fixed_version":"7.0.10-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-4538":{"scope":"remote","description":"The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without considering whether they are copies of the _zero_, _one_, or _two_ global variable, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call.","releases":{"stretch":{"fixed_version":"7.0.6-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-4537":{"scope":"remote","description":"The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer for the scale argument, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call.","releases":{"stretch":{"fixed_version":"7.0.6-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-5340":{"debianbug":850158,"scope":"remote","description":"Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data.","releases":{"stretch":{"fixed_version":"7.0.15-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-4539":{"debianbug":835032,"scope":"remote","description":"The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in the second argument, leading to a parser level of zero.","releases":{"stretch":{"fixed_version":"7.0.6-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-9253":{"scope":"remote","description":"An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, or system) with a non-blocking STDIN stream, causing this master process to consume 100% of the CPU, and consume disk space with a large volume of error logs, as demonstrated by an attack by a customer of a shared-hosting facility.","releases":{"stretch":{"repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-7129":{"scope":"remote","description":"The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddx_deserialize call that mishandles a dateTime element in a wddxPacket XML document.","releases":{"stretch":{"fixed_version":"7.0.10-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-14884":{"scope":"remote","description":"An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because http_header_value in ext/standard/http_fopen_wrapper.c can be a NULL value that is mishandled in an atoi call.","releases":{"stretch":{"fixed_version":"7.0.27-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-19935":{"scope":"remote","description":"ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function.","releases":{"stretch":{"fixed_version":"7.0.33-0+deb9u1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-12933":{"scope":"remote","description":"The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP.","releases":{"stretch":{"fixed_version":"7.0.27-0+deb9u1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-12934":{"scope":"remote","description":"ext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a heap use after free while unserializing untrusted data, related to the zval_get_type function in Zend/zend_types.h. Exploitation of this issue can have an unspecified impact on the integrity of PHP.","releases":{"stretch":{"fixed_version":"7.0.27-0+deb9u1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-14883":{"scope":"remote","description":"An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c.","releases":{"stretch":{"fixed_version":"7.0.33-0+deb9u1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-12932":{"scope":"remote","description":"ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. Exploitation of this issue can have an unspecified impact on the integrity of PHP.","releases":{"stretch":{"fixed_version":"7.0.27-0+deb9u1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-19396":{"scope":"remote","description":"ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service (application crash) via an unserialize call for the com, dotnet, or variant class.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-10712":{"scope":"remote","description":"In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For example, a \"$uri = stream_get_meta_data(fopen($file, \"r\"))['uri']\" call mishandles the case where $file is data:text/plain;uri=eviluri, -- in other words, metadata can be set by an attacker.","releases":{"stretch":{"fixed_version":"7.0.3-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-19395":{"scope":"remote","description":"ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereference and application crash) because com and com_safearray_proxy return NULL in com_properties_get in ext/com_dotnet/com_handlers.c, as demonstrated by a serialize call on COM(\"WScript.Shell\").","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-7479":{"scope":"remote","description":"In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution.","releases":{"stretch":{"fixed_version":"7.0.15-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-9933":{"debianbug":849038,"scope":"remote","description":"Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.","releases":{"stretch":{"fixed_version":"7.0.13-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-10159":{"scope":"remote","description":"Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive.","releases":{"stretch":{"fixed_version":"7.0.15-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-10158":{"scope":"remote","description":"The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1.","releases":{"stretch":{"fixed_version":"7.0.15-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9138":{"scope":"remote","description":"PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::__toString with DateInterval::__wakeup.","releases":{"stretch":{"fixed_version":"7.0.12-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-7478":{"scope":"remote","description":"Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876.","releases":{"stretch":{"fixed_version":"7.0.13-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9137":{"scope":"remote","description":"Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing.","releases":{"stretch":{"fixed_version":"7.0.12-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-10397":{"scope":"remote","description":"In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:80#@good.example.com/ and evil.example.com:80?@good.example.com/ inputs to the parse_url function (implemented in the php_url_parse_ex function in ext/standard/url.c).","releases":{"stretch":{"fixed_version":"7.0.13-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0000000-EA5272":{"releases":{"stretch":{"fixed_version":"7.0.3-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2016-10162":{"scope":"remote","description":"The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an inapplicable class name in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call.","releases":{"stretch":{"fixed_version":"7.0.15-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-10161":{"scope":"remote","description":"The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call.","releases":{"stretch":{"fixed_version":"7.0.15-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-10160":{"scope":"remote","description":"Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch.","releases":{"stretch":{"fixed_version":"7.0.15-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-9936":{"scope":"remote","description":"The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted serialized data.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6834.","releases":{"stretch":{"fixed_version":"7.0.14-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-9935":{"scope":"remote","description":"The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document.","releases":{"stretch":{"fixed_version":"7.0.14-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-9934":{"scope":"remote","description":"ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.","releases":{"stretch":{"fixed_version":"7.0.13-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7890":{"debianbug":869263,"scope":"remote","description":"The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.","releases":{"stretch":{"fixed_version":"7.0.22-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-4070":{"debianbug":835032,"scope":"remote","description":"** DISPUTED ** Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says \"Not sure if this qualifies as security issue (probably not).\"","releases":{"stretch":{"fixed_version":"7.0.5-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-4071":{"scope":"remote","description":"Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via format string specifiers in an SNMP::get call.","releases":{"stretch":{"fixed_version":"7.0.5-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-4072":{"scope":"remote","description":"The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \\0 characters by the phar_analyze_path function in ext/phar/phar.c.","releases":{"stretch":{"fixed_version":"7.0.5-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-4073":{"scope":"remote","description":"Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call.","releases":{"stretch":{"fixed_version":"7.0.5-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-8867":{"scope":"remote","description":"The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.","releases":{"stretch":{"fixed_version":"7.0.0-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-10168":{"scope":"remote","description":"Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.","releases":{"stretch":{"fixed_version":"7.0.15-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-10167":{"scope":"remote","description":"The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.","releases":{"stretch":{"fixed_version":"7.0.15-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-10546":{"scope":"remote","description":"An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences.","releases":{"stretch":{"fixed_version":"7.0.30-0+deb9u1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-10545":{"scope":"local","description":"An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environment) to obtain sensitive information from the process memory of a second user's PHP applications by running gcore on the PID of the PHP-FPM worker process.","releases":{"stretch":{"fixed_version":"7.0.30-0+deb9u1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-11145":{"scope":"remote","description":"In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an error in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: the correct fix is in the e8b7698f5ee757ce2c8bd10a192a491a498f891c commit, not the bd77ac90d3bdf31ce2a5251ad92e9e75 gist.","releases":{"stretch":{"fixed_version":"7.0.27-0+deb9u1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-11147":{"scope":"remote","description":"In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c.","releases":{"stretch":{"fixed_version":"7.0.15-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-11142":{"scope":"remote","description":"In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/php_variables.c.","releases":{"stretch":{"fixed_version":"7.0.17-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-10549":{"scope":"remote","description":"An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a MakerNote that lacks a final '\\0' character.","releases":{"stretch":{"fixed_version":"7.0.30-0+deb9u1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-10548":{"scope":"remote","description":"An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value.","releases":{"stretch":{"fixed_version":"7.0.30-0+deb9u1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-11144":{"scope":"remote","description":"In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission.","releases":{"stretch":{"fixed_version":"7.0.27-0+deb9u1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-10547":{"scope":"remote","description":"An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712.","releases":{"stretch":{"fixed_version":"7.0.30-0+deb9u1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-11143":{"scope":"remote","description":"In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-19518":{"debianbug":913775,"scope":"remote","description":"University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a \"-oProxyCommand\" argument.","releases":{"stretch":{"fixed_version":"7.0.33-0+deb9u1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"TEMP-0000000-B391CA":{"releases":{"stretch":{"fixed_version":"7.0.3-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2015-8865":{"debianbug":827377,"scope":"remote","description":"The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.","releases":{"stretch":{"fixed_version":"7.0.5-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-8616":{"scope":"remote","description":"Use-after-free vulnerability in the Collator::sortWithSortKeys function in ext/intl/collator/collator_sort.c in PHP 7.x before 7.0.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging the relationships between a key buffer and a destroyed array.","releases":{"stretch":{"fixed_version":"7.0.1-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-8617":{"scope":"remote","description":"Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling.","releases":{"stretch":{"fixed_version":"7.0.1-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2019-9637":{"scope":"remote","description":"An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data.","releases":{"stretch":{"fixed_version":"7.0.33-0+deb9u3","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5399":{"scope":"remote","description":"The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.","releases":{"stretch":{"fixed_version":"7.0.9-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-3132":{"scope":"remote","description":"Double free vulnerability in the SplDoublyLinkedList::offsetSet function in ext/spl/spl_dllist.c in PHP 7.x before 7.0.6 allows remote attackers to execute arbitrary code via a crafted index.","releases":{"stretch":{"fixed_version":"7.0.6-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-4342":{"scope":"remote","description":"ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive.","releases":{"stretch":{"fixed_version":"7.0.3-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-4343":{"scope":"remote","description":"The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive.","releases":{"stretch":{"fixed_version":"7.0.3-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-9639":{"scope":"remote","description":"An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.","releases":{"stretch":{"fixed_version":"7.0.33-0+deb9u3","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-4344":{"scope":"remote","description":"Integer overflow in the xml_utf8_encode function in ext/xml/xml.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long argument to the utf8_encode function, leading to a heap-based buffer overflow.","releases":{"stretch":{"fixed_version":"7.0.4-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-8923":{"debianbug":881538,"scope":"remote","description":"The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string.","releases":{"stretch":{"nodsa":"Minor issue","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","nodsa_reason":"ignored","status":"open"}}}}
{"CVE-2019-9638":{"scope":"remote","description":"An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len.","releases":{"stretch":{"fixed_version":"7.0.33-0+deb9u3","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-4345":{"scope":"remote","description":"Integer overflow in the php_filter_encode_url function in ext/filter/sanitizing_filters.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow.","releases":{"stretch":{"fixed_version":"7.0.4-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"TEMP-0000000-D591DC":{"releases":{"stretch":{"fixed_version":"7.0.3-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2016-4346":{"scope":"remote","description":"Integer overflow in the str_pad function in ext/standard/string.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow.","releases":{"stretch":{"fixed_version":"7.0.4-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-6128":{"debianbug":829062,"scope":"remote","description":"The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.","releases":{"stretch":{"fixed_version":"7.0.9-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-7456":{"scope":"remote","description":"gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1, as used in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted image that is mishandled by the imagescale function.","releases":{"stretch":{"fixed_version":"7.0.7-1","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7272":{"scope":"remote","description":"PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function.","releases":{"stretch":{"nodsa":"Upstream patch breaks existing applications, revisit if a new approach has been identified","repositories":{"stretch-security":"7.0.33-0+deb9u3","stretch":"7.0.33-0+deb9u3"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"}}}}
{"CVE-2011-2903":{"debianbug":551092,"scope":"remote","description":"Heap-based buffer overflow in tcptrack before 1.4.2 might allow attackers to execute arbitrary code via a long command line argument. NOTE: this is only a vulnerability in limited scenarios in which tcptrack is \"configured as a handler for other applications.\" This issue might not qualify for inclusion in CVE.","releases":{"buster":{"fixed_version":"1.4.2-1","repositories":{"buster":"1.4.2-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.4.2-1","repositories":{"stretch":"1.4.2-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1.4.2-1","repositories":{"jessie":"1.4.2-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.4.2-1","repositories":{"sid":"1.4.2-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-2320":{"debianbug":780751,"scope":"remote","description":"The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback.","releases":{"buster":{"fixed_version":"3.2.8+dfsg-10","repositories":{"buster":"5.18.0.240+dfsg-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.2.8+dfsg-10","repositories":{"stretch":"4.6.2.7+dfsg-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.2.8+dfsg-10","repositories":{"jessie":"3.2.8+dfsg-10","jessie-security":"3.2.8+dfsg-10+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.2.8+dfsg-10","repositories":{"sid":"5.18.0.240+dfsg-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-3422":{"debianbug":494406,"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren).","releases":{"buster":{"fixed_version":"1.9.1+dfsg-4","repositories":{"buster":"5.18.0.240+dfsg-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.9.1+dfsg-4","repositories":{"stretch":"4.6.2.7+dfsg-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.9.1+dfsg-4","repositories":{"jessie":"3.2.8+dfsg-10","jessie-security":"3.2.8+dfsg-10+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.9.1+dfsg-4","repositories":{"sid":"5.18.0.240+dfsg-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-3543":{"debianbug":686562,"releases":{"buster":{"fixed_version":"2.10.8.1-7","repositories":{"buster":"5.18.0.240+dfsg-3"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"2.10.8.1-7","repositories":{"stretch":"4.6.2.7+dfsg-1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"2.10.8.1-7","repositories":{"jessie":"3.2.8+dfsg-10","jessie-security":"3.2.8+dfsg-10+deb8u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"2.10.8.1-7","repositories":{"sid":"5.18.0.240+dfsg-3"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2011-0989":{"scope":"remote","description":"The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file, as demonstrated by modifying a C# struct.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.18.0.240+dfsg-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.6.2.7+dfsg-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.2.8+dfsg-10","jessie-security":"3.2.8+dfsg-10+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.18.0.240+dfsg-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-0217":{"debianbug":542210,"scope":"remote","description":"The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.","releases":{"buster":{"fixed_version":"2.4.2.3+dfsg-1","repositories":{"buster":"5.18.0.240+dfsg-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.2.3+dfsg-1","repositories":{"stretch":"4.6.2.7+dfsg-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.2.3+dfsg-1","repositories":{"jessie":"3.2.8+dfsg-10","jessie-security":"3.2.8+dfsg-10+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.2.3+dfsg-1","repositories":{"sid":"5.18.0.240+dfsg-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-0689":{"debianbug":559265,"scope":"remote","description":"Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.","releases":{"buster":{"fixed_version":"4.2.1.102+dfsg2-4","repositories":{"buster":"5.18.0.240+dfsg-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.2.1.102+dfsg2-4","repositories":{"stretch":"4.6.2.7+dfsg-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.2.8+dfsg-10+deb8u1","repositories":{"jessie":"3.2.8+dfsg-10","jessie-security":"3.2.8+dfsg-10+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.2.1.102+dfsg2-4","repositories":{"sid":"5.18.0.240+dfsg-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-0992":{"scope":"remote","description":"Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive information via vectors related to member data in a resurrected MonoThread instance.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.18.0.240+dfsg-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.6.2.7+dfsg-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.2.8+dfsg-10","jessie-security":"3.2.8+dfsg-10+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.18.0.240+dfsg-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-0991":{"scope":"remote","description":"Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to finalizing and then resurrecting a DynamicMethod instance.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.18.0.240+dfsg-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.6.2.7+dfsg-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.2.8+dfsg-10","jessie-security":"3.2.8+dfsg-10+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.18.0.240+dfsg-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-0990":{"scope":"remote","description":"Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.18.0.240+dfsg-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.6.2.7+dfsg-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.2.8+dfsg-10","jessie-security":"3.2.8+dfsg-10+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.18.0.240+dfsg-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-3906":{"debianbug":498894,"scope":"remote","description":"CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string.","releases":{"buster":{"fixed_version":"1.9.1+dfsg-4","repositories":{"buster":"5.18.0.240+dfsg-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.9.1+dfsg-4","repositories":{"stretch":"4.6.2.7+dfsg-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.9.1+dfsg-4","repositories":{"jessie":"3.2.8+dfsg-10","jessie-security":"3.2.8+dfsg-10+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.9.1+dfsg-4","repositories":{"sid":"5.18.0.240+dfsg-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-4159":{"debianbug":605097,"scope":"local","description":"Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory.","releases":{"buster":{"fixed_version":"2.6.7-4","repositories":{"buster":"5.18.0.240+dfsg-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.6.7-4","repositories":{"stretch":"4.6.2.7+dfsg-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.6.7-4","repositories":{"jessie":"3.2.8+dfsg-10","jessie-security":"3.2.8+dfsg-10+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.6.7-4","repositories":{"sid":"5.18.0.240+dfsg-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-4225":{"debianbug":608288,"scope":"remote","description":"Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x before 2.8.2 allows remote attackers to obtain the source code for .aspx (ASP.NET) applications via unknown vectors related to an \"unloading bug.\"","releases":{"buster":{"fixed_version":"2.6.7-5","repositories":{"buster":"5.18.0.240+dfsg-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.6.7-5","repositories":{"stretch":"4.6.2.7+dfsg-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.6.7-5","repositories":{"jessie":"3.2.8+dfsg-10","jessie-security":"3.2.8+dfsg-10+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.6.7-5","repositories":{"sid":"5.18.0.240+dfsg-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-6104":{"scope":"remote","description":"The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to (1) read source code by appending a space (%20) to a URI, and (2) read credentials via a request for Web.Config%20.","releases":{"buster":{"fixed_version":"1.2.2.1-1","repositories":{"buster":"5.18.0.240+dfsg-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.2.2.1-1","repositories":{"stretch":"4.6.2.7+dfsg-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.2.2.1-1","repositories":{"jessie":"3.2.8+dfsg-10","jessie-security":"3.2.8+dfsg-10+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.2.2.1-1","repositories":{"sid":"5.18.0.240+dfsg-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-5197":{"scope":"remote","description":"Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and earlier allows context-dependent attackers to execute arbitrary code via unspecified vectors related to Reduce in Montgomery-based Pow methods.","releases":{"buster":{"fixed_version":"1.2.5.1-2","repositories":{"buster":"5.18.0.240+dfsg-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.2.5.1-2","repositories":{"stretch":"4.6.2.7+dfsg-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.2.5.1-2","repositories":{"jessie":"3.2.8+dfsg-10","jessie-security":"3.2.8+dfsg-10+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.2.5.1-2","repositories":{"sid":"5.18.0.240+dfsg-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2005-0509":{"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 implementation of ASP.NET (.Net) allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including \">\" and \"<\".","releases":{"buster":{"fixed_version":"1.1.6-4","repositories":{"buster":"5.18.0.240+dfsg-3"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.1.6-4","repositories":{"stretch":"4.6.2.7+dfsg-1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.1.6-4","repositories":{"jessie":"3.2.8+dfsg-10","jessie-security":"3.2.8+dfsg-10+deb8u1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.1.6-4","repositories":{"sid":"5.18.0.240+dfsg-3"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2015-2319":{"debianbug":780751,"scope":"remote","description":"The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the \"FREAK\" issue, a different vulnerability than CVE-2015-0204.","releases":{"buster":{"fixed_version":"3.2.8+dfsg-10","repositories":{"buster":"5.18.0.240+dfsg-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.2.8+dfsg-10","repositories":{"stretch":"4.6.2.7+dfsg-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.2.8+dfsg-10","repositories":{"jessie":"3.2.8+dfsg-10","jessie-security":"3.2.8+dfsg-10+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.2.8+dfsg-10","repositories":{"sid":"5.18.0.240+dfsg-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-2318":{"debianbug":780751,"scope":"remote","description":"The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a \"SMACK SKIP-TLS\" issue.","releases":{"buster":{"fixed_version":"3.2.8+dfsg-10","repositories":{"buster":"5.18.0.240+dfsg-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.2.8+dfsg-10","repositories":{"stretch":"4.6.2.7+dfsg-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.2.8+dfsg-10","repositories":{"jessie":"3.2.8+dfsg-10","jessie-security":"3.2.8+dfsg-10+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.2.8+dfsg-10","repositories":{"sid":"5.18.0.240+dfsg-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-1459":{"debianbug":585440,"scope":"remote","description":"The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project.","releases":{"buster":{"fixed_version":"2.4.4~svn151842-3","repositories":{"buster":"5.18.0.240+dfsg-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.4~svn151842-3","repositories":{"stretch":"4.6.2.7+dfsg-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.4~svn151842-3","repositories":{"jessie":"3.2.8+dfsg-10","jessie-security":"3.2.8+dfsg-10+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.4~svn151842-3","repositories":{"sid":"5.18.0.240+dfsg-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-5072":{"scope":"local","description":"The System.CodeDom.Compiler classes in Novell Mono create temporary files with insecure permissions, which allows local users to overwrite arbitrary files or execute arbitrary code via a symlink attack.","releases":{"buster":{"fixed_version":"1.1.17.1-5","repositories":{"buster":"5.18.0.240+dfsg-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.1.17.1-5","repositories":{"stretch":"4.6.2.7+dfsg-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.1.17.1-5","repositories":{"jessie":"3.2.8+dfsg-10","jessie-security":"3.2.8+dfsg-10+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.1.17.1-5","repositories":{"sid":"5.18.0.240+dfsg-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-1002208":{"scope":"remote","description":"sharplibzip before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.","releases":{"buster":{"fixed_version":"5.18.0.240+dfsg-1","repositories":{"buster":"5.18.0.240+dfsg-3"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"4.6.2.7+dfsg-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.2.8+dfsg-10","jessie-security":"3.2.8+dfsg-10+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"5.18.0.240+dfsg-1","repositories":{"sid":"5.18.0.240+dfsg-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-5473":{"scope":"remote","description":"StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.18.0.240+dfsg-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.6.2.7+dfsg-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.2.8+dfsg-10","jessie-security":"3.2.8+dfsg-10+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.18.0.240+dfsg-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-3382":{"debianbug":681095,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message.","releases":{"buster":{"fixed_version":"2.10.8.1-5","repositories":{"buster":"5.18.0.240+dfsg-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.10.8.1-5","repositories":{"stretch":"4.6.2.7+dfsg-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.10.8.1-5","repositories":{"jessie":"3.2.8+dfsg-10","jessie-security":"3.2.8+dfsg-10+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.10.8.1-5","repositories":{"sid":"5.18.0.240+dfsg-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-5028":{"scope":"remote","description":"Stack-based buffer overflow in Namazu before 2.0.20 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted request containing an empty uri field.","releases":{"buster":{"fixed_version":"2.0.20-1.0","repositories":{"buster":"2.0.21-22"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.0.20-1.0","repositories":{"stretch":"2.0.21-20"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.0.20-1.0","repositories":{"jessie":"2.0.21-10"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.0.20-1.0","repositories":{"sid":"2.0.21-22"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-1468":{"debianbug":472644,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in namazu.cgi in Namazu before 2.0.18 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input, related to failure to set the charset, a different vector than CVE-2004-1318 and CVE-2001-1350. NOTE: some of these details are obtained from third party information.","releases":{"buster":{"fixed_version":"2.0.18-0.1","repositories":{"buster":"2.0.21-22"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.0.18-0.1","repositories":{"stretch":"2.0.21-20"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.0.18-0.1","repositories":{"jessie":"2.0.21-10"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.0.18-0.1","repositories":{"sid":"2.0.21-22"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-4345":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in Namazu before 2.0.21, when Internet Explorer 6 or 7 is used, allows remote attackers to inject arbitrary web script or HTML via a cookie.","releases":{"buster":{"fixed_version":"2.0.21-1","repositories":{"buster":"2.0.21-22"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.0.21-1","repositories":{"stretch":"2.0.21-20"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.0.21-1","repositories":{"jessie":"2.0.21-10"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.0.21-1","repositories":{"sid":"2.0.21-22"},"urgency":"low","status":"resolved"}}}}
{"CVE-2004-1318":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in namazu.cgi for Namazu 2.0.13 and earlier allows remote attackers to inject arbitrary HTML and web script via a query that starts with a tab (\"%09\") character, which prevents the rest of the query from being properly sanitized.","releases":{"buster":{"fixed_version":"2.0.14-1","repositories":{"buster":"2.0.21-22"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.0.14-1","repositories":{"stretch":"2.0.21-20"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.0.14-1","repositories":{"jessie":"2.0.21-10"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.0.14-1","repositories":{"sid":"2.0.21-22"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-4711":{"scope":"remote","description":"Multiple directory traversal vulnerabilities in namazu.cgi in Namazu before 2.0.16 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) lang or (2) result parameter.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.0.21-22"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.0.21-20"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.0.21-10"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.0.21-22"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-4957":{"debianbug":496391,"scope":"local","description":"find_flags in Kitware GCC-XML (gccxml) 0.9.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.cxx temporary file.","releases":{"jessie":{"fixed_version":"0.9.0+cvs20100501-1","repositories":{"jessie":"0.9.0+git20140716-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-10326":{"debianbug":860287,"scope":"remote","description":"In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_body_to_str() function defined in osipparser2/osip_body.c, resulting in a remote DoS.","releases":{"buster":{"fixed_version":"4.1.0-2.1","repositories":{"buster":"4.1.0-2.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.1.0-2.1","repositories":{"stretch":"4.1.0-2.1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.1.0-2+deb8u1","repositories":{"jessie":"4.1.0-2+deb8u1","jessie-security":"4.1.0-2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.1.0-2.1","repositories":{"sid":"4.1.0-2.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7853":{"debianbug":860287,"scope":"remote","description":"In libosip2 in GNU oSIP 4.1.0 and 5.0.0, a malformed SIP message can lead to a heap buffer overflow in the msg_osip_body_parse() function defined in osipparser2/osip_message_parse.c, resulting in a remote DoS.","releases":{"buster":{"fixed_version":"4.1.0-2.1","repositories":{"buster":"4.1.0-2.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.1.0-2.1","repositories":{"stretch":"4.1.0-2.1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.1.0-2+deb8u1","repositories":{"jessie":"4.1.0-2+deb8u1","jessie-security":"4.1.0-2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.1.0-2.1","repositories":{"sid":"4.1.0-2.1"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0308737-BABD6A":{"debianbug":308737,"releases":{"buster":{"fixed_version":"2.0.9-1","repositories":{"buster":"4.1.0-2.1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"2.0.9-1","repositories":{"stretch":"4.1.0-2.1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"2.0.9-1","repositories":{"jessie":"4.1.0-2+deb8u1","jessie-security":"4.1.0-2+deb8u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"2.0.9-1","repositories":{"sid":"4.1.0-2.1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2016-10325":{"debianbug":860287,"scope":"remote","description":"In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the _osip_message_to_str() function defined in osipparser2/osip_message_to_str.c, resulting in a remote DoS.","releases":{"buster":{"fixed_version":"4.1.0-2.1","repositories":{"buster":"4.1.0-2.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.1.0-2.1","repositories":{"stretch":"4.1.0-2.1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.1.0-2+deb8u1","repositories":{"jessie":"4.1.0-2+deb8u1","jessie-security":"4.1.0-2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.1.0-2.1","repositories":{"sid":"4.1.0-2.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-10324":{"debianbug":860287,"scope":"remote","description":"In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osip_clrncpy() function defined in osipparser2/osip_port.c.","releases":{"buster":{"fixed_version":"4.1.0-2.1","repositories":{"buster":"4.1.0-2.1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.1.0-2.1","repositories":{"stretch":"4.1.0-2.1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.1.0-2+deb8u1","repositories":{"jessie":"4.1.0-2+deb8u1","jessie-security":"4.1.0-2+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.1.0-2.1","repositories":{"sid":"4.1.0-2.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-0240":{"debianbug":779033,"scope":"remote","description":"The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.","releases":{"buster":{"fixed_version":"2:4.1.17+dfsg-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2:4.1.17+dfsg-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2:4.1.17+dfsg-1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2:4.1.17+dfsg-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-0239":{"debianbug":749845,"scope":"remote","description":"The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field in the header section of an incoming DNS message before sending a response, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged response packet that triggers a communication loop, a related issue to CVE-1999-0103.","releases":{"buster":{"fixed_version":"2:4.1.8+dfsg-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:4.1.8+dfsg-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:4.1.8+dfsg-1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:4.1.8+dfsg-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-0728":{"debianbug":573223,"scope":"remote","description":"smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is enabled, runs with the CAP_DAC_OVERRIDE capability, which allows remote authenticated users to bypass intended file permissions via standard filesystem operations with any client.","releases":{"buster":{"fixed_version":"2:3.4.7~dfsg-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"high","status":"resolved"},"stretch":{"fixed_version":"2:3.4.7~dfsg-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"high","status":"resolved"},"jessie":{"fixed_version":"2:3.4.7~dfsg-1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"high","status":"resolved"},"sid":{"fixed_version":"2:3.4.7~dfsg-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"high","status":"resolved"}}}}
{"CVE-2004-0829":{"scope":"remote","description":"smbd in Samba before 2.2.11 allows remote attackers to cause a denial of service (daemon crash) by sending a FindNextPrintChangeNotify request without a previous FindFirstPrintChangeNotify, as demonstrated by the SMB client in Windows XP SP2.","releases":{"buster":{"fixed_version":"2.2.11","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.2.11","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.2.11","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.2.11","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-3824":{"scope":"remote","description":"A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. An authenticated user, having read permissions on the LDAP server, could use this flaw to cause denial of service.","releases":{"buster":{"fixed_version":"2:4.9.5+dfsg-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2:4.9.5+dfsg-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-0771":{"scope":"remote","description":"The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4, when an AD DC is configured, allows remote authenticated users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory by uploading a crafted DNS TXT record.","releases":{"buster":{"fixed_version":"2:4.3.6+dfsg-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:4.3.6+dfsg-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:4.1.17+dfsg-2+deb8u2","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:4.3.6+dfsg-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-5370":{"scope":"remote","description":"Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service (application crash or CPU consumption), or possibly execute arbitrary code on a client system via unspecified vectors.","releases":{"buster":{"fixed_version":"2:4.3.7+dfsg-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:4.3.7+dfsg-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:4.2.10+dfsg-0+deb8u1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:4.3.7+dfsg-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-9461":{"debianbug":864291,"scope":"remote","description":"smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks.","releases":{"buster":{"fixed_version":"2:4.5.6+dfsg-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:4.5.6+dfsg-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:4.2.14+dfsg-0+deb8u12","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:4.5.6+dfsg-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-5252":{"scope":"remote","description":"vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share.","releases":{"buster":{"fixed_version":"2:4.1.22+dfsg-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:4.1.22+dfsg-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:4.1.17+dfsg-2+deb8u1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:4.1.22+dfsg-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-16860":{"debianbug":928966,"releases":{"buster":{"fixed_version":"2:4.9.5+dfsg-4","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"2:4.5.16+dfsg-1+deb9u2","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"2:4.2.14+dfsg-0+deb8u13","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"2:4.9.5+dfsg-4","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2011-1678":{"scope":"local","description":"smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to append to the /etc/mtab file and (2) umount.cifs to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.","releases":{"buster":{"fixed_version":"2:3.4.7~dfsg-2","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2:3.4.7~dfsg-2","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2:3.4.7~dfsg-2","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2:3.4.7~dfsg-2","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-2522":{"scope":"remote","description":"Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program.","releases":{"buster":{"fixed_version":"2:3.5.10~dfsg-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2:3.5.10~dfsg-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2:3.5.10~dfsg-1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2:3.5.10~dfsg-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-2063":{"scope":"remote","description":"Buffer overflow in the SMB1 packet chaining implementation in the chain_reply function in process.c in smbd in Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted field in a packet.","releases":{"buster":{"fixed_version":"2:3.4.0~pre1-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"high","status":"resolved"},"stretch":{"fixed_version":"2:3.4.0~pre1-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"high","status":"resolved"},"jessie":{"fixed_version":"2:3.4.0~pre1-1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"high","status":"resolved"},"sid":{"fixed_version":"2:3.4.0~pre1-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"high","status":"resolved"}}}}
{"CVE-2012-0870":{"scope":"remote","description":"Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used in the file-sharing service on the BlackBerry PlayBook tablet before 2.0.0.7971 and other products, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a Batched (aka AndX) request that triggers infinite recursion.","releases":{"buster":{"fixed_version":"2:3.4.0~pre1-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2:3.4.0~pre1-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2:3.4.0~pre1-1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2:3.4.0~pre1-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-7540":{"scope":"remote","description":"The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful ASN.1 memory allocation, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) via crafted packets.","releases":{"buster":{"fixed_version":"2:4.1.22+dfsg-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:4.1.22+dfsg-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:4.1.17+dfsg-2+deb8u1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:4.1.22+dfsg-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-3223":{"scope":"remote","description":"The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service (infinite loop) via crafted packets.","releases":{"buster":{"fixed_version":"2:4.1.22+dfsg-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:4.1.22+dfsg-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:4.1.17+dfsg-2+deb8u1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:4.1.22+dfsg-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-6015":{"scope":"remote","description":"Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the \"domain logons\" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request.","releases":{"buster":{"fixed_version":"3.0.28-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"high","status":"resolved"},"stretch":{"fixed_version":"3.0.28-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"high","status":"resolved"},"jessie":{"fixed_version":"3.0.28-1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"high","status":"resolved"},"sid":{"fixed_version":"3.0.28-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"high","status":"resolved"}}}}
{"CVE-2017-14746":{"scope":"remote","description":"Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request.","releases":{"buster":{"fixed_version":"2:4.7.1+dfsg-2","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2:4.5.12+dfsg-2+deb9u1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2:4.2.14+dfsg-0+deb8u9","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2:4.7.1+dfsg-2","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-2619":{"scope":"remote","description":"Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.","releases":{"buster":{"fixed_version":"2:4.5.6+dfsg-2","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:4.5.6+dfsg-2","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:4.2.14+dfsg-0+deb8u4","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:4.5.6+dfsg-2","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-1057":{"scope":"remote","description":"On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers).","releases":{"buster":{"fixed_version":"2:4.7.4+dfsg-2","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:4.5.12+dfsg-2+deb9u2","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:4.2.14+dfsg-0+deb8u12","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:4.7.4+dfsg-2","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-2407":{"scope":"remote","description":"The Samba server on Apple Mac OS X 10.3.9 and 10.4.10, when Windows file sharing is enabled, does not enforce disk quotas after dropping privileges, which allows remote authenticated users to use disk space in excess of quota.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2004-0600":{"debianbug":260838,"scope":"remote","description":"Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3.0.2 to 3.0.4 allows remote attackers to execute arbitrary code via an invalid base-64 character during HTTP basic authentication.","releases":{"buster":{"fixed_version":"3.0.5","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.0.5","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.0.5","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.0.5","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2004-0686":{"debianbug":260838,"scope":"remote","description":"Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the \"mangling method = hash\" option is enabled in smb.conf, has unknown impact and attack vectors.","releases":{"buster":{"fixed_version":"3.0.5","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.0.5","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.0.5","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.0.5","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-2694":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page).","releases":{"buster":{"fixed_version":"2:3.5.10~dfsg-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2:3.5.10~dfsg-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2:3.5.10~dfsg-1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2:3.5.10~dfsg-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-4496":{"scope":"remote","description":"Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obtain access via brute-force ChangePasswordUser2 (1) SAMR or (2) RAP attempts.","releases":{"buster":{"fixed_version":"2:4.1.6+dfsg-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2:4.1.6+dfsg-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2:4.1.6+dfsg-1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2:4.1.6+dfsg-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-12163":{"scope":"remote","description":"An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.","releases":{"buster":{"fixed_version":"2:4.6.7+dfsg-2","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:4.5.8+dfsg-2+deb9u2","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:4.2.14+dfsg-0+deb8u8","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:4.6.7+dfsg-2","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-15275":{"scope":"remote","description":"Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.","releases":{"buster":{"fixed_version":"2:4.7.1+dfsg-2","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:4.5.12+dfsg-2+deb9u1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:4.2.14+dfsg-0+deb8u9","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:4.7.1+dfsg-2","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-0172":{"debianbug":699188,"scope":"remote","description":"Samba 4.0.x before 4.0.1, in certain Active Directory domain-controller configurations, does not properly interpret Access Control Entries that are based on an objectClass, which allows remote authenticated users to bypass intended restrictions on modifying LDAP directory objects by leveraging (1) objectClass access by a user, (2) objectClass access by a group, or (3) write access to an attribute.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-1050":{"scope":"remote","description":"All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.","releases":{"buster":{"fixed_version":"2:4.7.4+dfsg-2","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2:4.5.12+dfsg-2+deb9u2","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"2:4.2.14+dfsg-0+deb8u12","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2:4.7.4+dfsg-2","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2014-0178":{"scope":"remote","description":"Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request.","releases":{"buster":{"fixed_version":"2:4.1.8+dfsg-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2:4.1.8+dfsg-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2:4.1.8+dfsg-1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2:4.1.8+dfsg-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2006-3403":{"debianbug":378070,"scope":"remote","description":"The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of share connection requests.","releases":{"buster":{"fixed_version":"3.0.23a-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.0.23a-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.0.23a-1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.0.23a-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-2813":{"debianbug":550422,"scope":"remote","description":"Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories.","releases":{"buster":{"fixed_version":"2:3.4.2-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:3.4.2-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:3.4.2-1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:3.4.2-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0514151-B17364":{"debianbug":514151,"releases":{"buster":{"fixed_version":"2:3.2.6","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"2:3.2.6","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"2:3.2.6","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"2:3.2.6","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2013-0454":{"scope":"remote","description":"The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS share attributes, which allows remote authenticated users to (1) write to a read-only share; (2) trigger data-integrity problems related to the oplock, locking, coherency, or leases attribute; or (3) have an unspecified impact by leveraging incorrect handling of the browseable or \"hide unreadable\" parameter.","releases":{"buster":{"fixed_version":"2:3.6.6-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:3.6.6-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:3.6.6-1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:3.6.6-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2003-0196":{"scope":"remote","description":"Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201.","releases":{"buster":{"fixed_version":"3.0","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.0","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.0","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.0","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-0213":{"scope":"remote","description":"The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME element.","releases":{"buster":{"fixed_version":"2:3.6.6-5","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:3.6.6-5","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:3.6.6-5","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:3.6.6-5","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-3069":{"debianbug":596891,"scope":"remote","description":"Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file share.","releases":{"buster":{"fixed_version":"2:3.5.5~dfsg-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2:3.5.5~dfsg-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2:3.5.5~dfsg-1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2:3.5.5~dfsg-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-0214":{"scope":"remote","description":"Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions.","releases":{"buster":{"fixed_version":"2:3.6.6-5","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:3.6.6-5","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:3.6.6-5","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:3.6.6-5","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-11103":{"debianbug":868208,"scope":"remote","description":"Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated.","releases":{"buster":{"fixed_version":"2:4.6.5+dfsg-4","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:4.5.8+dfsg-2+deb9u1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:4.2.14+dfsg-0+deb8u7","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:4.6.5+dfsg-4","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-3560":{"debianbug":756759,"scope":"remote","description":"NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h.","releases":{"buster":{"fixed_version":"2:4.1.11+dfsg-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2:4.1.11+dfsg-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2:4.1.11+dfsg-1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2:4.1.11+dfsg-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-3789":{"debianbug":496073,"scope":"local","description":"Samba 3.2.0 uses weak permissions (0666) for the (1) group_mapping.tdb and (2) group_mapping.ldb files, which allows local users to modify the membership of Unix groups.","releases":{"buster":{"fixed_version":"2:3.2.3-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2:3.2.3-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2:3.2.3-1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2:3.2.3-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2018-16841":{"scope":"remote","description":"Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ. This is only possible after authentication with a trusted certificate. talloc is robust against further corruption from a double-free with talloc_free() and directly calls abort(), terminating the KDC process.","releases":{"buster":{"fixed_version":"2:4.9.2+dfsg-2","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:4.5.12+dfsg-2+deb9u4","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2:4.9.2+dfsg-2","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-0454":{"scope":"remote","description":"Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping.","releases":{"buster":{"fixed_version":"3.0.23d-5","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"3.0.23d-5","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"3.0.23d-5","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"3.0.23d-5","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2017-12151":{"scope":"remote","description":"A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.","releases":{"buster":{"fixed_version":"2:4.6.7+dfsg-2","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:4.5.8+dfsg-2+deb9u2","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:4.2.14+dfsg-0+deb8u8","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:4.6.7+dfsg-2","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-6442":{"scope":"remote","description":"The owner_set function in smbcacls.c in smbcacls in Samba 4.0.x before 4.0.16 and 4.1.x before 4.1.6 removes an ACL during use of a --chown or --chgrp option, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended administrative change.","releases":{"buster":{"fixed_version":"2:4.1.6+dfsg-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2:4.1.6+dfsg-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2:4.1.6+dfsg-1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2:4.1.6+dfsg-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-2948":{"debianbug":550423,"scope":"local","description":"mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option.","releases":{"buster":{"fixed_version":"2:3.4.2-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2:3.4.2-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2:3.4.2-1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2:3.4.2-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2016-2123":{"scope":"remote","description":"A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute over LDAP can trigger this memory corruption. By default, all authenticated LDAP users can write to the dnsRecord attribute on new DNS objects. This makes the defect a remote privilege escalation.","releases":{"buster":{"fixed_version":"2:4.5.2+dfsg-2","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:4.5.2+dfsg-2","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:4.2.14+dfsg-0+deb8u2","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:4.5.2+dfsg-2","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-12150":{"scope":"remote","description":"It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce \"SMB signing\" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.","releases":{"buster":{"fixed_version":"2:4.6.7+dfsg-2","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:4.5.8+dfsg-2+deb9u2","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:4.2.14+dfsg-0+deb8u8","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:4.6.7+dfsg-2","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-1059":{"scope":"local","description":"The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine trust account password in cleartext in log files, which allows local users to obtain the password and spoof the server in the domain.","releases":{"buster":{"fixed_version":"3.0.22-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"3.0.22-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"3.0.22-1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"3.0.22-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2003-1332":{"scope":"remote","description":"Stack-based buffer overflow in the reply_nttrans function in Samba 2.2.7a and earlier allows remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2003-0201.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-10919":{"scope":"remote","description":"The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.","releases":{"buster":{"fixed_version":"2:4.8.4+dfsg-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:4.5.12+dfsg-2+deb9u3","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:4.2.14+dfsg-0+deb8u10","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:4.8.4+dfsg-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-10918":{"scope":"remote","description":"A null pointer dereference flaw was found in the way samba checked database outputs from the LDB database layer. An authenticated attacker could use this flaw to crash a samba server in an Active Directory Domain Controller configuration. Samba versions before 4.7.9 and 4.8.4 are vulnerable.","releases":{"buster":{"fixed_version":"2:4.8.4+dfsg-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2:4.8.4+dfsg-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2003-0085":{"scope":"remote","description":"Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code.","releases":{"buster":{"fixed_version":"2.2.8","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.2.8","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.2.8","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.2.8","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2003-0086":{"scope":"local","description":"The code for writing reg files in Samba before 2.2.8 allows local users to overwrite arbitrary files via a race condition involving chown.","releases":{"buster":{"fixed_version":"2.2.8","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2.2.8","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"2.2.8","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2.2.8","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-2125":{"scope":"remote","description":"It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.","releases":{"buster":{"fixed_version":"2:4.5.2+dfsg-2","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2:4.5.2+dfsg-2","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"2:4.2.14+dfsg-0+deb8u2","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2:4.5.2+dfsg-2","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-2126":{"scope":"remote","description":"Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions.","releases":{"buster":{"fixed_version":"2:4.5.2+dfsg-2","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:4.5.2+dfsg-2","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:4.2.14+dfsg-0+deb8u2","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:4.5.2+dfsg-2","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-16857":{"scope":"remote","description":"Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all. The primary risk from this issue is with regards to domains that have been upgraded from Samba 4.8 and earlier. In these cases the manual testing done to confirm an organisation's password policies apply as expected may not have been re-done after the upgrade.","releases":{"buster":{"fixed_version":"2:4.9.2+dfsg-2","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2:4.9.2+dfsg-2","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-0719":{"scope":"remote","description":"Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 does not perform range checks for file descriptors before use of the FD_SET macro, which allows remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening a large number of files, related to (1) Winbind or (2) smbd.","releases":{"buster":{"fixed_version":"2:3.5.7~dfsg-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:3.5.7~dfsg-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:3.5.7~dfsg-1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:3.5.7~dfsg-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-7560":{"scope":"remote","description":"The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content.","releases":{"buster":{"fixed_version":"2:4.3.6+dfsg-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:4.3.6+dfsg-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:4.1.17+dfsg-2+deb8u2","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:4.3.6+dfsg-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-16853":{"scope":"remote","description":"Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the non-default MIT Kerberos configuration. With this advisory the Samba Team clarify that the MIT Kerberos build of the Samba AD DC is considered experimental. Therefore the Samba Team will not issue security patches for this configuration. Additionally, Samba 4.7.12, 4.8.7 and 4.9.3 have been issued as security releases to prevent building of the AD DC with MIT Kerberos unless --with-experimental-mit-ad-dc is specified to the configure command.","releases":{"buster":{"fixed_version":"2:4.9.2+dfsg-2","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2:4.9.2+dfsg-2","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-4138":{"scope":"local","description":"The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in Samba 3.0.25 through 3.0.25c, when the \"winbind nss info\" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the (1) RFC2307 or (2) Services for UNIX (SFU) primary group attribute is not defined.","releases":{"buster":{"fixed_version":"3.0.26-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.0.26-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.0.26-1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.0.26-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-16851":{"scope":"remote","description":"Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service. During the processing of an LDAP search before Samba's AD DC returns the LDAP entries to the client, the entries are cached in a single memory object with a maximum size of 256MB. When this size is reached, the Samba process providing the LDAP service will follow the NULL pointer, terminating the process. There is no further vulnerability associated with this issue, merely a denial of service.","releases":{"buster":{"fixed_version":"2:4.9.2+dfsg-2","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:4.5.12+dfsg-2+deb9u4","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:4.2.14+dfsg-0+deb8u11","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:4.9.2+dfsg-2","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-1182":{"debianbug":668309,"scope":"remote","description":"The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.","releases":{"buster":{"fixed_version":"2:3.6.4-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2:3.6.4-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2:3.6.4-1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2:3.6.4-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-16852":{"scope":"remote","description":"Samba from version 4.9.0 and before version 4.9.3 is vulnerable to a NULL pointer de-reference. During the processing of an DNS zone in the DNS management DCE/RPC server, the internal DNS server or the Samba DLZ plugin for BIND9, if the DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS property is set, the server will follow a NULL pointer and terminate. There is no further vulnerability associated with this issue, merely a denial of service.","releases":{"buster":{"fixed_version":"2:4.9.2+dfsg-2","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2:4.9.2+dfsg-2","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2007-0453":{"scope":"local","description":"Buffer overflow in the nss_winbind.so.1 library in Samba 3.0.21 through 3.0.23d, as used in the winbindd daemon on Solaris, allows attackers to execute arbitrary code via the (1) gethostbyname and (2) getipnodebyname functions.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-0452":{"scope":"remote","description":"smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users to cause a denial of service (memory and CPU exhaustion) by renaming a file in a way that prevents a request from being removed from the deferred open queue, which triggers an infinite loop.","releases":{"buster":{"fixed_version":"3.0.23d-5","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.0.23d-5","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3.0.23d-5","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"3.0.23d-5","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-0926":{"debianbug":568493,"scope":"remote","description":"The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create a symlink containing .. (dot dot) sequences, related to the combination of the unix extensions and wide links options.","releases":{"buster":{"fixed_version":"2:3.4.6~dfsg-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2:3.4.6~dfsg-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2:3.4.6~dfsg-1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2:3.4.6~dfsg-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2002-2196":{"scope":"remote","description":"Samba before 2.2.5 does not properly terminate the enum_csc_policy data structure, which may allow remote attackers to execute arbitrary code via a buffer overflow attack.","releases":{"buster":{"fixed_version":"2.2.5","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"high","status":"resolved"},"stretch":{"fixed_version":"2.2.5","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"high","status":"resolved"},"jessie":{"fixed_version":"2.2.5","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"high","status":"resolved"},"sid":{"fixed_version":"2.2.5","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"high","status":"resolved"}}}}
{"CVE-2016-2110":{"scope":"remote","description":"The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as demonstrated by clearing the NTLMSSP_NEGOTIATE_SEAL or NTLMSSP_NEGOTIATE_SIGN option to disrupt LDAP security.","releases":{"buster":{"fixed_version":"2:4.3.7+dfsg-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:4.3.7+dfsg-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:4.2.10+dfsg-0+deb8u1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:4.3.7+dfsg-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2111":{"scope":"remote","description":"The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, a related issue to CVE-2015-0005.","releases":{"buster":{"fixed_version":"2:4.3.7+dfsg-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:4.3.7+dfsg-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:4.2.10+dfsg-0+deb8u1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:4.3.7+dfsg-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2112":{"scope":"remote","description":"The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the \"client ldap sasl wrapping\" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.","releases":{"buster":{"fixed_version":"2:4.3.7+dfsg-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:4.3.7+dfsg-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:4.2.10+dfsg-0+deb8u1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:4.3.7+dfsg-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-0817":{"scope":"remote","description":"Memory leak in smbd in Samba 3.6.x before 3.6.3 allows remote attackers to cause a denial of service (memory and CPU consumption) by making many connection requests.","releases":{"buster":{"fixed_version":"2:3.6.3-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2:3.6.3-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2:3.6.3-1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2:3.6.3-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-2118":{"scope":"remote","description":"The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka \"BADLOCK.\"","releases":{"buster":{"fixed_version":"2:4.3.7+dfsg-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:4.3.7+dfsg-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:4.2.10+dfsg-0+deb8u1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:4.3.7+dfsg-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2119":{"debianbug":830195,"scope":"remote","description":"libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the (1) SMB2_SESSION_FLAG_IS_GUEST or (2) SMB2_SESSION_FLAG_IS_NULL flag.","releases":{"buster":{"fixed_version":"2:4.4.5+dfsg-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:4.4.5+dfsg-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:4.2.14+dfsg-0+deb8u2","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:4.4.5+dfsg-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2113":{"scope":"remote","description":"Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and obtain sensitive information via a crafted certificate.","releases":{"buster":{"fixed_version":"2:4.3.7+dfsg-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:4.3.7+dfsg-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:4.2.10+dfsg-0+deb8u1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:4.3.7+dfsg-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2114":{"scope":"remote","description":"The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the \"server signing = mandatory\" setting, which allows man-in-the-middle attackers to spoof SMB servers by modifying the client-server data stream.","releases":{"buster":{"fixed_version":"2:4.3.7+dfsg-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:4.3.7+dfsg-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:4.2.10+dfsg-0+deb8u1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:4.3.7+dfsg-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-4475":{"scope":"remote","description":"Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated alternate data stream (ADS).","releases":{"buster":{"fixed_version":"2:4.0.11+dfsg-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2:4.0.11+dfsg-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2:4.0.11+dfsg-1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2:4.0.11+dfsg-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-1105":{"debianbug":483410,"scope":"remote","description":"Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response.","releases":{"buster":{"fixed_version":"1:3.0.30-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1:3.0.30-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1:3.0.30-1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1:3.0.30-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2016-2115":{"scope":"remote","description":"Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream.","releases":{"buster":{"fixed_version":"2:4.3.7+dfsg-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:4.3.7+dfsg-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:4.2.10+dfsg-0+deb8u1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:4.3.7+dfsg-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-4476":{"scope":"local","description":"Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by reading the key file, as demonstrated by access to the local filesystem on an AD domain controller.","releases":{"buster":{"fixed_version":"2:4.0.11+dfsg-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2:4.0.11+dfsg-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2:4.0.11+dfsg-1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2:4.0.11+dfsg-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-5296":{"scope":"remote","description":"Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c.","releases":{"buster":{"fixed_version":"2:4.1.22+dfsg-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:4.1.22+dfsg-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:4.1.17+dfsg-2+deb8u1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:4.1.22+dfsg-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-5330":{"scope":"remote","description":"ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending crafted packets and then reading (1) an error message or (2) a database value.","releases":{"buster":{"fixed_version":"2:4.1.22+dfsg-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:4.1.22+dfsg-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:4.1.17+dfsg-2+deb8u1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:4.1.22+dfsg-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2004-1154":{"scope":"remote","description":"Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"3.0.10-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.0.10-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.0.10-1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.0.10-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2004-0186":{"scope":"local","description":"smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted.","releases":{"buster":{"fixed_version":"3.0.2-2","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.0.2-2","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.0.2-2","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.0.2-2","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-5299":{"scope":"remote","description":"The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory.","releases":{"buster":{"fixed_version":"2:4.1.22+dfsg-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:4.1.22+dfsg-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:4.1.17+dfsg-2+deb8u1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:4.1.22+dfsg-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-2724":{"scope":"local","description":"The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0547.","releases":{"buster":{"fixed_version":"2:3.4.7~dfsg-2","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2:3.4.7~dfsg-2","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2:3.4.7~dfsg-2","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2:3.4.7~dfsg-2","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2019-3870":{"scope":"local","description":"A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update.","releases":{"buster":{"fixed_version":"2:4.9.5+dfsg-3","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2:4.9.5+dfsg-3","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-15087":{"scope":"remote","description":"It was discovered that the fix for CVE-2017-12163 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-15086":{"scope":"remote","description":"It was discovered that the fix for CVE-2017-12151 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-15085":{"scope":"remote","description":"It was discovered that the fix for CVE-2017-12150 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-0022":{"scope":"remote","description":"Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name.","releases":{"buster":{"fixed_version":"2:3.2.5-3","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:3.2.5-3","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:3.2.5-3","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:3.2.5-3","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-8143":{"debianbug":776993,"scope":"remote","description":"Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain privileges, by leveraging delegation of authority for user-account or computer-account creation.","releases":{"buster":{"fixed_version":"2:4.1.17+dfsg-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2:4.1.17+dfsg-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2:4.1.17+dfsg-1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2:4.1.17+dfsg-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-10858":{"scope":"remote","description":"A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.","releases":{"buster":{"fixed_version":"2:4.8.4+dfsg-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:4.5.12+dfsg-2+deb9u3","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:4.2.14+dfsg-0+deb8u10","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:4.8.4+dfsg-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-3493":{"scope":"remote","description":"The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname without specifying use of Unicode, leading to a character-set conversion failure that triggers an invalid pointer dereference.","releases":{"buster":{"fixed_version":"2:4.1.9+dfsg-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2:4.1.9+dfsg-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"2:4.1.9+dfsg-1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2:4.1.9+dfsg-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2013-4124":{"scope":"remote","description":"Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.","releases":{"buster":{"fixed_version":"2:3.6.17-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2:3.6.17-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2:3.6.17-1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2:3.6.17-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-4408":{"scope":"remote","description":"Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet.","releases":{"buster":{"fixed_version":"2:4.0.13+dfsg-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2:4.0.13+dfsg-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2:4.0.13+dfsg-1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2:4.0.13+dfsg-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7494":{"scope":"remote","description":"Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.","releases":{"buster":{"fixed_version":"2:4.5.8+dfsg-2","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2:4.5.8+dfsg-2","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2:4.2.14+dfsg-0+deb8u6","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2:4.5.8+dfsg-2","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-2447":{"scope":"remote","description":"The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the \"username map script\" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.","releases":{"buster":{"fixed_version":"3.0.25-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"high","status":"resolved"},"stretch":{"fixed_version":"3.0.25-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"high","status":"resolved"},"jessie":{"fixed_version":"3.0.25-1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"high","status":"resolved"},"sid":{"fixed_version":"3.0.25-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"high","status":"resolved"}}}}
{"CVE-2004-0882":{"scope":"remote","description":"Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2_QFILEPATHINFO request with a small \"maximum data bytes\" value.","releases":{"buster":{"fixed_version":"3.0.7","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.0.7","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.0.7","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.0.7","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2004-2546":{"scope":"remote","description":"Multiple memory leaks in Samba before 3.0.6 allow attackers to cause a denial of service (memory consumption).","releases":{"buster":{"fixed_version":"3.0.6-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.0.6-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.0.6-1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.0.6-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-2446":{"scope":"remote","description":"Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names).","releases":{"buster":{"fixed_version":"3.0.25-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"high","status":"resolved"},"stretch":{"fixed_version":"3.0.25-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"high","status":"resolved"},"jessie":{"fixed_version":"3.0.25-1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"high","status":"resolved"},"sid":{"fixed_version":"3.0.25-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"high","status":"resolved"}}}}
{"CVE-2008-4314":{"scope":"remote","description":"smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to read arbitrary memory and cause a denial of service via crafted (1) trans, (2) trans2, and (3) nttrans requests, related to a \"cut&paste error\" that causes an improper bounds check to be performed.","releases":{"buster":{"fixed_version":"2:3.2.5-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2:3.2.5-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2:3.2.5-1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2:3.2.5-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2019-3880":{"scope":"remote","description":"A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable.","releases":{"buster":{"fixed_version":"2:4.9.5+dfsg-3","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:4.5.16+dfsg-1+deb9u1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:4.2.14+dfsg-0+deb8u12","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:4.9.5+dfsg-3","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2004-0807":{"scope":"remote","description":"Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed requests that cause new processes to be spawned and enter an infinite loop.","releases":{"buster":{"fixed_version":"3.0.7","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.0.7","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.0.7","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.0.7","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-1886":{"scope":"remote","description":"Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename.","releases":{"buster":{"fixed_version":"2:3.3.6-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2:3.3.6-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2:3.3.6-1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2:3.3.6-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-1888":{"scope":"remote","description":"The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory.","releases":{"buster":{"fixed_version":"2:3.3.6-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2:3.3.6-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2:3.3.6-1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2:3.3.6-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-3585":{"releases":{"buster":{"fixed_version":"2:3.4.7~dfsg-2","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2:3.4.7~dfsg-2","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2:3.4.7~dfsg-2","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2:3.4.7~dfsg-2","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-14629":{"scope":"remote","description":"A denial of service vulnerability was discovered in Samba's LDAP server before versions 4.7.12, 4.8.7, and 4.9.3. A CNAME loop could lead to infinite recursion in the server. An unprivileged local attacker could create such an entry, leading to denial of service.","releases":{"buster":{"fixed_version":"2:4.9.2+dfsg-2","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:4.5.12+dfsg-2+deb9u4","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:4.2.14+dfsg-0+deb8u11","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:4.9.2+dfsg-2","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2004-0082":{"scope":"remote","description":"The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable password.","releases":{"buster":{"fixed_version":"3.0.7","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.0.7","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.0.7","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.0.7","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-8467":{"scope":"remote","description":"The samldb_check_user_account_control_acl function in dsdb/samdb/ldb_modules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative privileges during creation of machine accounts, which allows remote authenticated users to bypass intended access restrictions by leveraging the existence of a domain with both a Samba DC and a Windows DC, a similar issue to CVE-2015-2535.","releases":{"buster":{"fixed_version":"2:4.1.22+dfsg-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:4.1.22+dfsg-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:4.1.17+dfsg-2+deb8u1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:4.1.22+dfsg-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-2444":{"scope":"local","description":"Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user.","releases":{"buster":{"fixed_version":"3.0.25-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.0.25-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.0.25-1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.0.25-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-1642":{"scope":"remote","description":"The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service (process crash), via a \\xff\\xff security blob length in a Session Setup AndX request.","releases":{"buster":{"fixed_version":"2:3.5.4~dfsg-2","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2:3.5.4~dfsg-2","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2:3.5.4~dfsg-2","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2:3.5.4~dfsg-2","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-1139":{"scope":"remote","description":"A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client.","releases":{"buster":{"fixed_version":"2:4.8.4+dfsg-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2:4.8.4+dfsg-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-5398":{"scope":"remote","description":"Stack-based buffer overflow in the reply_netbios_packet function in nmbd/nmbd_packets.c in nmbd in Samba 3.0.0 through 3.0.26a, when operating as a WINS server, allows remote attackers to execute arbitrary code via crafted WINS Name Registration requests followed by a WINS Name Query request.","releases":{"buster":{"fixed_version":"3.0.27-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"high","status":"resolved"},"stretch":{"fixed_version":"3.0.27-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"high","status":"resolved"},"jessie":{"fixed_version":"3.0.27-1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"high","status":"resolved"},"sid":{"fixed_version":"3.0.27-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"high","status":"resolved"}}}}
{"CVE-2012-2111":{"scope":"remote","description":"The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges database, which allows remote authenticated users to obtain the \"take ownership\" privilege via an LSA connection.","releases":{"buster":{"fixed_version":"2:3.6.5-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:3.6.5-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:3.6.5-1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:3.6.5-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-2906":{"debianbug":550423,"scope":"remote","description":"smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet.","releases":{"buster":{"fixed_version":"2:3.4.2-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2:3.4.2-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2:3.4.2-1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2:3.4.2-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-1140":{"scope":"remote","description":"A missing input sanitization flaw was found in the implementation of LDP database used for the LDAP server. An attacker could use this flaw to cause a denial of service against a samba server, used as a Active Directory Domain Controller. All versions of Samba from 4.8.0 onwards are vulnerable","releases":{"buster":{"fixed_version":"2:4.8.4+dfsg-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2:4.8.4+dfsg-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2004-0930":{"scope":"remote","description":"The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters.","releases":{"buster":{"fixed_version":"3.0.8-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.0.8-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.0.8-1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.0.8-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2003-0201":{"scope":"remote","description":"Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.","releases":{"buster":{"fixed_version":"3.0","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.0","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.0","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.0","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-0244":{"scope":"remote","description":"The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed UDP packet.","releases":{"buster":{"fixed_version":"2:4.1.9+dfsg-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2:4.1.9+dfsg-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"2:4.1.9+dfsg-1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2:4.1.9+dfsg-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2004-0815":{"debianbug":274342,"scope":"remote","description":"The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x before 3.0.2a, trims certain directory names down to absolute paths, which could allow remote attackers to bypass the specified share restrictions and read, write, or list arbitrary files via \"/.////\" style sequences in pathnames.","releases":{"buster":{"fixed_version":"3.0.6-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.0.6-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.0.6-1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.0.6-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2002-1318":{"scope":"remote","description":"Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode string.","releases":{"buster":{"fixed_version":"2.2.7","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.2.7","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.2.7","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.2.7","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2004-0808":{"scope":"remote","description":"The process_logon_packet function in the nmbd server for Samba 3.0.6 and earlier, when domain logons are enabled, allows remote attackers to cause a denial of service via a SAM_UAS_CHANGE request with a length value that is larger than the number of structures that are provided.","releases":{"buster":{"fixed_version":"3.0.7","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.0.7","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.0.7","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.0.7","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-4572":{"debianbug":451385,"scope":"remote","description":"Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon server requests.","releases":{"buster":{"fixed_version":"3.0.27-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"high","status":"resolved"},"stretch":{"fixed_version":"3.0.27-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"high","status":"resolved"},"jessie":{"fixed_version":"3.0.27-1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"high","status":"resolved"},"sid":{"fixed_version":"3.0.27-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"high","status":"resolved"}}}}
{"CVE-2010-1635":{"scope":"remote","description":"The chain_reply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) via a Negotiate Protocol request with a certain 0x0003 field value followed by a Session Setup AndX request with a certain 0x8003 field value.","releases":{"buster":{"fixed_version":"2:3.6.1-2","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2:3.6.1-2","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2:3.6.1-2","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2:3.6.1-2","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-6150":{"scope":"remote","description":"The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator's pam_winbind configuration-file mistake.","releases":{"buster":{"fixed_version":"2:4.0.13+dfsg-1","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2:4.0.13+dfsg-1","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2:4.0.13+dfsg-1","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2:4.0.13+dfsg-1","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-0547":{"debianbug":568942,"scope":"local","description":"client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier does not verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string.","releases":{"buster":{"fixed_version":"2:3.4.5~dfsg-2","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2:3.4.5~dfsg-2","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2:3.4.5~dfsg-2","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2:3.4.5~dfsg-2","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2010-0787":{"debianbug":567554,"scope":"local","description":"client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a, 3.2.3, 3.3.2, 3.4.0, and 3.4.5 allows local users to mount a CIFS share on an arbitrary mountpoint, and gain privileges, via a symlink attack on the mountpoint directory file.","releases":{"buster":{"fixed_version":"2:3.4.5~dfsg-2","repositories":{"buster":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:3.4.5~dfsg-2","repositories":{"stretch-security":"2:4.5.16+dfsg-1+deb9u2","stretch":"2:4.5.16+dfsg-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:3.4.5~dfsg-2","repositories":{"jessie":"2:4.2.14+dfsg-0+deb8u9","jessie-security":"2:4.2.14+dfsg-0+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:3.4.5~dfsg-2","repositories":{"sid":"2:4.9.5+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-0252":{"debianbug":461069,"scope":"remote","description":"Directory traversal vulnerability in the _get_file_path function in (1) lib/sessions.py in CherryPy 3.0.x up to 3.0.2, (2) filter/sessionfilter.py in CherryPy 2.1, and (3) filter/sessionfilter.py in CherryPy 2.x allows remote attackers to create or delete arbitrary files, and possibly read and write portions of arbitrary files, via a crafted session id in a cookie.","releases":{"buster":{"fixed_version":"3.0.2-2","repositories":{"buster":"8.9.1-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.0.2-2","repositories":{"stretch":"3.5.0-2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.0.2-2","repositories":{"jessie":"3.5.0-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.0.2-2","repositories":{"sid":"8.9.1-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-9273":{"scope":"local","description":"lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write.","releases":{"buster":{"fixed_version":"1.3.11-1","repositories":{"buster":"1.3.18-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.3.11-1","repositories":{"stretch":"1.3.13-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.3.10-2+deb8u1","repositories":{"jessie":"1.3.10-2+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.3.11-1","repositories":{"sid":"1.3.18-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-15857":{"debianbug":907302,"scope":"local","description":"An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file.","releases":{"buster":{"fixed_version":"0.8.2-1","repositories":{"buster":"0.8.2-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.7.1-2~deb9u1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.4.3-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.8.2-1","repositories":{"sid":"0.8.2-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-15856":{"debianbug":907302,"scope":"local","description":"An infinite loop when reaching EOL unexpectedly in compose/parser.c (aka the keymap parser) in xkbcommon before 0.8.1 could be used by local attackers to cause a denial of service during parsing of crafted keymap files.","releases":{"buster":{"fixed_version":"0.8.2-1","repositories":{"buster":"0.8.2-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.7.1-2~deb9u1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.4.3-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.8.2-1","repositories":{"sid":"0.8.2-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-15859":{"debianbug":907302,"scope":"local","description":"Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled.","releases":{"buster":{"fixed_version":"0.8.2-1","repositories":{"buster":"0.8.2-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.7.1-2~deb9u1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.4.3-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.8.2-1","repositories":{"sid":"0.8.2-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-15858":{"debianbug":907302,"scope":"local","description":"Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap in xkbcomp/keycodes.c in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file.","releases":{"buster":{"fixed_version":"0.8.2-1","repositories":{"buster":"0.8.2-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.7.1-2~deb9u1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.4.3-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.8.2-1","repositories":{"sid":"0.8.2-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-15864":{"debianbug":907302,"scope":"local","description":"Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created.","releases":{"buster":{"fixed_version":"0.8.2-1","repositories":{"buster":"0.8.2-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.7.1-2~deb9u1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.4.3-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.8.2-1","repositories":{"sid":"0.8.2-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-15853":{"debianbug":907302,"scope":"local","description":"Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation.","releases":{"buster":{"fixed_version":"0.8.2-1","repositories":{"buster":"0.8.2-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.7.1-2~deb9u1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.4.3-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.8.2-1","repositories":{"sid":"0.8.2-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-15863":{"debianbug":907302,"scope":"local","description":"Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression.","releases":{"buster":{"fixed_version":"0.8.2-1","repositories":{"buster":"0.8.2-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.7.1-2~deb9u1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.4.3-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.8.2-1","repositories":{"sid":"0.8.2-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-15855":{"debianbug":907302,"scope":"local","description":"Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because the XkbFile for an xkb_geometry section was mishandled.","releases":{"buster":{"fixed_version":"0.8.2-1","repositories":{"buster":"0.8.2-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.7.1-2~deb9u1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.4.3-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.8.2-1","repositories":{"sid":"0.8.2-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-15854":{"debianbug":907302,"scope":"local","description":"Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly.","releases":{"buster":{"fixed_version":"0.8.2-1","repositories":{"buster":"0.8.2-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.7.1-2~deb9u1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.4.3-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.8.2-1","repositories":{"sid":"0.8.2-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-15862":{"debianbug":907302,"scope":"local","description":"Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers.","releases":{"buster":{"fixed_version":"0.8.2-1","repositories":{"buster":"0.8.2-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.7.1-2~deb9u1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.4.3-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.8.2-1","repositories":{"sid":"0.8.2-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-15861":{"debianbug":907302,"scope":"local","description":"Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure.","releases":{"buster":{"fixed_version":"0.8.2-1","repositories":{"buster":"0.8.2-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.7.1-2~deb9u1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.4.3-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.8.2-1","repositories":{"sid":"0.8.2-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-5667":{"debianbug":701897,"scope":"local","description":"Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"2.11-1","repositories":{"buster":"3.3-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.11-1","repositories":{"stretch":"2.27-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.11-1","repositories":{"jessie":"2.20-4.1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.11-1","repositories":{"sid":"3.3-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-1345":{"debianbug":776039,"scope":"local","description":"The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option.","releases":{"buster":{"fixed_version":"2.20-4.1","repositories":{"buster":"3.3-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.20-4.1","repositories":{"stretch":"2.27-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.20-4.1","repositories":{"jessie":"2.20-4.1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.20-4.1","repositories":{"sid":"3.3-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-2905":{"debianbug":548198,"scope":"local","description":"Heap-based buffer overflow in textbox.c in newt 0.51.5, 0.51.6, and 0.52.2 allows local users to cause a denial of service (application crash) or possibly execute arbitrary code via a request to display a crafted text dialog box.","releases":{"buster":{"fixed_version":"0.52.10-4.1","repositories":{"buster":"0.52.20-8"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"0.52.10-4.1","repositories":{"stretch":"0.52.19-1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"0.52.10-4.1","repositories":{"jessie":"0.52.17-1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"0.52.10-4.1","repositories":{"sid":"0.52.20-8"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2013-0345":{"scope":"local","description":"varnish 3.0.3 uses world-readable permissions for the /var/log/varnish/ directory and the log files in the directory, which allows local users to obtain sensitive information by reading the files.  NOTE: some of these details are obtained from third party information.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"6.1.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"5.0.0-7+deb9u2","stretch":"5.0.0-7+deb9u2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.0.2-1+deb8u1","jessie-security":"4.0.2-1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"6.1.1-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-4488":{"scope":"remote","description":"** DISPUTED ** Varnish 2.0.6 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.  NOTE: the vendor disputes the significance of this report, stating that \"This is not a security problem in Varnish or any other piece of software which writes a logfile. The real problem is the mistaken belief that you can cat(1) a random logfile to your terminal safely.\"","releases":{"buster":{"repositories":{"buster":"6.1.1-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"5.0.0-7+deb9u2","stretch":"5.0.0-7+deb9u2"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"4.0.2-1+deb8u1","jessie-security":"4.0.2-1+deb8u1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"6.1.1-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2013-4484":{"debianbug":728989,"scope":"remote","description":"Varnish before 3.0.5 allows remote attackers to cause a denial of service (child-process crash and temporary caching outage) via a GET request with trailing whitespace characters and no URI.","releases":{"buster":{"fixed_version":"3.0.5-1","repositories":{"buster":"6.1.1-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"3.0.5-1","repositories":{"stretch-security":"5.0.0-7+deb9u2","stretch":"5.0.0-7+deb9u2"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"3.0.5-1","repositories":{"jessie":"4.0.2-1+deb8u1","jessie-security":"4.0.2-1+deb8u1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"3.0.5-1","repositories":{"sid":"6.1.1-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2009-2936":{"scope":"remote","description":"** DISPUTED ** The Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to (1) execute arbitrary code via a vcl.inline directive that provides a VCL configuration file containing inline C code; (2) change the ownership of the master process via param.set, stop, and start directives; (3) read the initial line of an arbitrary file via a vcl.load directive; or (4) conduct cross-site request forgery (CSRF) attacks that leverage a victim's location on a trusted network and improper input validation of directives.  NOTE: the vendor disputes this report, saying that it is \"fundamentally misguided and pointless.\"","releases":{"buster":{"fixed_version":"2.1.0-2","repositories":{"buster":"6.1.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.1.0-2","repositories":{"stretch-security":"5.0.0-7+deb9u2","stretch":"5.0.0-7+deb9u2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.1.0-2","repositories":{"jessie":"4.0.2-1+deb8u1","jessie-security":"4.0.2-1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.1.0-2","repositories":{"sid":"6.1.1-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-12425":{"debianbug":870467,"scope":"remote","description":"An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert, related to an Integer Overflow. This causes the varnishd worker process to abort and restart, losing the cached contents in the process. An attacker can therefore crash the varnishd worker process on demand and effectively keep it from serving content - a Denial-of-Service attack. The specific source-code filename containing the incorrect statement varies across releases.","releases":{"buster":{"fixed_version":"5.0.0-7.1","repositories":{"buster":"6.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"5.0.0-7+deb9u1","repositories":{"stretch-security":"5.0.0-7+deb9u2","stretch":"5.0.0-7+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.0.2-1+deb8u1","repositories":{"jessie":"4.0.2-1+deb8u1","jessie-security":"4.0.2-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"5.0.0-7.1","repositories":{"sid":"6.1.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-8807":{"debianbug":881808,"scope":"remote","description":"vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFP_GetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore transient objects.","releases":{"buster":{"fixed_version":"5.2.1-1","repositories":{"buster":"6.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"5.0.0-7+deb9u2","repositories":{"stretch-security":"5.0.0-7+deb9u2","stretch":"5.0.0-7+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.0.2-1+deb8u1","jessie-security":"4.0.2-1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"5.2.1-1","repositories":{"sid":"6.1.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8852":{"debianbug":783510,"scope":"remote","description":"Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \\r (carriage return) character in conjunction with multiple Content-Length headers in an HTTP request.","releases":{"buster":{"fixed_version":"4.0.0-1","repositories":{"buster":"6.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.0.0-1","repositories":{"stretch-security":"5.0.0-7+deb9u2","stretch":"5.0.0-7+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.0.0-1","repositories":{"jessie":"4.0.2-1+deb8u1","jessie-security":"4.0.2-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.0.0-1","repositories":{"sid":"6.1.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-4116":{"debianbug":715325,"scope":"local","description":"lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives.","releases":{"buster":{"fixed_version":"1.3.10~dfsg-1","repositories":{"buster":"5.8.0+ds6-4"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.3.10~dfsg-1","repositories":{"jessie":"1.4.21+ds-2"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.3.10~dfsg-1","repositories":{"sid":"5.8.0+ds6-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-3956":{"debianbug":850322,"scope":"remote","description":"The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers.","releases":{"buster":{"fixed_version":"5.8.0+ds-2","repositories":{"buster":"5.8.0+ds6-4"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.4.21+ds-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"5.8.0+ds-2","repositories":{"sid":"5.8.0+ds6-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-7408":{"scope":"local","description":"An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked as \"next: 5.7.0\" and therefore automatically installed by an \"npm upgrade -g npm\" command, and also announced in the vendor's blog without mention of pre-release status). It might allow local users to bypass intended filesystem access restrictions because ownerships of /etc and /usr directories are being changed unexpectedly, related to a \"correctMkdir\" issue.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.8.0+ds6-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.4.21+ds-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.8.0+ds6-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-6673":{"debianbug":798032,"scope":"remote","description":"Use-after-free vulnerability in Decoder.cpp in libpgf before 6.15.32.","releases":{"buster":{"fixed_version":"6.14.12-3.2","repositories":{"buster":"6.14.12-3.2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"6.14.12-3.2","repositories":{"stretch":"6.14.12-3.2"},"urgency":"high**","status":"resolved"},"jessie":{"nodsa":"Minor issue, can be fixed via a point release","repositories":{"jessie":"6.14.12-3"},"urgency":"high**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"6.14.12-3.2","repositories":{"sid":"6.14.12-3.2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2003-0948":{"scope":"local","description":"Buffer overflow in iwconfig allows local users to execute arbitrary code via a long HOME environment variable.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"30~pre9-13"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"30~pre9-12"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"30~pre9-8"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"30~pre9-13"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2003-0947":{"scope":"local","description":"Buffer overflow in iwconfig, when installed setuid, allows local users to execute arbitrary code via a long OUT environment variable.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"30~pre9-13"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"30~pre9-12"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"30~pre9-8"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"30~pre9-13"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-2528":{"debianbug":741659,"scope":"remote","description":"kcleanup.cpp in KDirStat 2.7.3 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a ' (single quote) character in the directory name, a different vulnerability than CVE-2014-2527.","releases":{"buster":{"fixed_version":"2.7.5-1","repositories":{"buster":"3.1.3-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.7.5-1","repositories":{"stretch":"3.1.2-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.7.5-1","repositories":{"jessie":"2.7.8-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.7.5-1","repositories":{"sid":"3.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-2527":{"scope":"remote","description":"kcleanup.cpp in KDirStat 2.7.0 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a \" (double quote) character in the directory name, a different vulnerability than CVE-2014-2528.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.1.3-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"3.1.2-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.7.8-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.1.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-11797":{"debianbug":910390,"scope":"remote","description":"In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree.","releases":{"buster":{"fixed_version":"1:1.8.16-1","repositories":{"buster":"1:1.8.16-2"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1:1.8.12-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"1:1.8.7+dfsg-1+deb8u2","repositories":{"jessie":"1:1.8.7+dfsg-1+deb8u1","jessie-security":"1:1.8.7+dfsg-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.8.16-1","repositories":{"sid":"1:1.8.16-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-0228":{"scope":"remote","description":"Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:1.8.16-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1:1.8.12-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:1.8.7+dfsg-1+deb8u1","jessie-security":"1:1.8.7+dfsg-1+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:1.8.16-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-8036":{"debianbug":902776,"scope":"remote","description":"In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.","releases":{"buster":{"fixed_version":"1:1.8.15-1","repositories":{"buster":"1:1.8.16-2"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1:1.8.12-1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1:1.8.7+dfsg-1+deb8u1","jessie-security":"1:1.8.7+dfsg-1+deb8u2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1:1.8.15-1","repositories":{"sid":"1:1.8.16-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-2175":{"scope":"remote","description":"Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF.","releases":{"buster":{"fixed_version":"1:1.8.12-1","repositories":{"buster":"1:1.8.16-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:1.8.12-1","repositories":{"stretch":"1:1.8.12-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:1.8.7+dfsg-1+deb8u1","repositories":{"jessie":"1:1.8.7+dfsg-1+deb8u1","jessie-security":"1:1.8.7+dfsg-1+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:1.8.12-1","repositories":{"sid":"1:1.8.16-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-4077":{"scope":"remote","description":"The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length.","releases":{"buster":{"repositories":{"buster":"3.2.6-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.0.8-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.0.6-2"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.2.6-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2007-1436":{"debianbug":409703,"scope":"remote","description":"Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and LedgerSMB before 1.1.9 allows remote attackers to bypass authentication via unknown vectors that prevents a password check from occurring.","releases":{"buster":{"fixed_version":"2.8.14-1","repositories":{"buster":"3.2.6-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.8.14-1","repositories":{"stretch":"3.0.8-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.8.14-1","repositories":{"jessie":"3.0.6-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.8.14-1","repositories":{"sid":"3.2.6-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-4078":{"scope":"remote","description":"SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.","releases":{"buster":{"repositories":{"buster":"3.2.6-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.0.8-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.0.6-2"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.2.6-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2007-1923":{"debianbug":409703,"scope":"remote","description":"(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests.","releases":{"buster":{"repositories":{"buster":"3.2.6-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.0.8-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.0.6-2"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.2.6-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2007-1329":{"debianbug":409703,"scope":"remote","description":"Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . (dot) characters adjacent to (1) users and (2) users/members strings, which are removed by blacklisting functions that filter these strings and collapse into .. (dot dot) sequences.","releases":{"buster":{"repositories":{"buster":"3.2.6-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.0.8-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.0.6-2"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.2.6-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2007-0667":{"debianbug":409703,"scope":"remote","description":"The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and (2) SQL-Ledger allows remote authenticated users to execute arbitrary code via redirects, related to callbacks, a different issue than CVE-2006-5872.","releases":{"buster":{"repositories":{"buster":"3.2.6-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.0.8-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.0.6-2"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.2.6-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2007-1437":{"debianbug":409703,"scope":"remote","description":"Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and possibly bypass authentication, and remote authenticated users to execute unauthorized code, by calling a custom error function that returns from execution.","releases":{"buster":{"fixed_version":"2.8.14-1","repositories":{"buster":"3.2.6-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.8.14-1","repositories":{"stretch":"3.0.8-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.8.14-1","repositories":{"jessie":"3.0.6-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.8.14-1","repositories":{"sid":"3.2.6-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-4798":{"scope":"remote","description":"SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history.","releases":{"buster":{"fixed_version":"2.4.5-1","repositories":{"buster":"3.2.6-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.5-1","repositories":{"stretch":"3.0.8-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.5-1","repositories":{"jessie":"3.0.6-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.5-1","repositories":{"sid":"3.2.6-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-4402":{"debianbug":562639,"scope":"remote","description":"The default configuration of SQL-Ledger 2.8.24 allows remote attackers to perform unspecified administrative operations by providing an arbitrary password to the admin interface.","releases":{"buster":{"repositories":{"buster":"3.2.6-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.0.8-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.0.6-2"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.2.6-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2006-4731":{"scope":"remote","description":"Multiple directory traversal vulnerabilities in (1) login.pl and (2) admin.pl in (a) SQL-Ledger before 2.6.19 and (b) LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ (dot dot slash).","releases":{"buster":{"fixed_version":"2.6.19-1","repositories":{"buster":"3.2.6-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.6.19-1","repositories":{"stretch":"3.0.8-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.6.19-1","repositories":{"jessie":"3.0.6-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.6.19-1","repositories":{"sid":"3.2.6-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-5372":{"debianbug":446366,"scope":"remote","description":"Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field.","releases":{"buster":{"repositories":{"buster":"3.2.6-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.0.8-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.0.6-2"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.2.6-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2006-4244":{"debianbug":386519,"scope":"remote","description":"SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value.","releases":{"buster":{"fixed_version":"2.6.18-1","repositories":{"buster":"3.2.6-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.6.18-1","repositories":{"stretch":"3.0.8-1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.6.18-1","repositories":{"jessie":"3.0.6-2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.6.18-1","repositories":{"sid":"3.2.6-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2006-5872":{"scope":"remote","description":"login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the \"-e\" flag in the script parameter, which is used as an argument to the perl program.","releases":{"buster":{"fixed_version":"2.6.21-1","repositories":{"buster":"3.2.6-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.6.21-1","repositories":{"stretch":"3.0.8-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.6.21-1","repositories":{"jessie":"3.0.6-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.6.21-1","repositories":{"sid":"3.2.6-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-3583":{"debianbug":562639,"scope":"remote","description":"Directory traversal vulnerability in the Preferences menu item in SQL-Ledger 2.8.24 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the countrycode field.","releases":{"buster":{"repositories":{"buster":"3.2.6-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.0.8-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.0.6-2"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.2.6-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2009-3584":{"debianbug":562639,"scope":"remote","description":"SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.","releases":{"buster":{"repositories":{"buster":"3.2.6-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.0.8-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.0.6-2"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.2.6-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2009-3580":{"debianbug":562639,"scope":"remote","description":"Cross-site request forgery (CSRF) vulnerability in am.pl in SQL-Ledger 2.8.24 allows remote attackers to hijack the authentication of arbitrary users for requests that change a password via the login, new_password, and confirm_password parameters in a preferences action.","releases":{"buster":{"repositories":{"buster":"3.2.6-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.0.8-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.0.6-2"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.2.6-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2009-3581":{"debianbug":562639,"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in SQL-Ledger 2.8.24 allow remote authenticated users to inject arbitrary web script or HTML via (1) the DCN Description field in the Accounts Receivables menu item for Add Transaction, (2) the Description field in the Accounts Payable menu item for Add Transaction, or the name field in (3) the Customers menu item for Add Customer or (4) the Vendor menu item for Add Vendor.","releases":{"buster":{"repositories":{"buster":"3.2.6-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.0.8-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.0.6-2"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.2.6-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2009-3582":{"debianbug":562639,"scope":"remote","description":"Multiple SQL injection vulnerabilities in the delete subroutine in SQL-Ledger 2.8.24 allow remote authenticated users to execute arbitrary SQL commands via the (1) id and possibly (2) db parameters in a Delete action to the output of a Vendors>Reports>Search search operation.","releases":{"buster":{"repositories":{"buster":"3.2.6-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.0.8-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.0.6-2"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.2.6-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2007-1541":{"debianbug":409703,"scope":"remote","description":"Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 only checks for the presence of a NULL (%00) character to protect against directory traversal attacks, which allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence in the login parameter.","releases":{"buster":{"fixed_version":"2.8.14-1","repositories":{"buster":"3.2.6-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.8.14-1","repositories":{"stretch":"3.0.8-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.8.14-1","repositories":{"jessie":"3.0.6-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.8.14-1","repositories":{"sid":"3.2.6-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-1540":{"debianbug":409703,"scope":"remote","description":"Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 and earlier, and (2) LedgerSMB before 1.2.0, allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence and trailing NULL (%00) in the login parameter.  NOTE: this issue was reportedly addressed in SQL-Ledger 2.6.27, however third-party researchers claim that the file is still executed even though an error is generated.","releases":{"buster":{"fixed_version":"2.8.14-1","repositories":{"buster":"3.2.6-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.8.14-1","repositories":{"stretch":"3.0.8-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.8.14-1","repositories":{"jessie":"3.0.6-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.8.14-1","repositories":{"sid":"3.2.6-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-2575":{"debianbug":370146,"scope":"remote","description":"The setFrame function in Lib/2D/Surface.hpp for NetPanzer 0.8 and earlier allows remote attackers to cause a denial of service (crash) via a client flag (frameNum) that is greater than 41, which triggers an assert error.","releases":{"buster":{"fixed_version":"0.8+svn20060319-2","repositories":{"buster":"0.8.7+ds-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.8+svn20060319-2","repositories":{"stretch":"0.8.7+ds-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.8+svn20060319-2","repositories":{"jessie":"0.8.4.debian.1-1.1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.8+svn20060319-2","repositories":{"sid":"0.8.7+ds-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2005-2295":{"debianbug":318329,"scope":"remote","description":"NetPanzer 0.8 and earlier allows remote attackers to cause a denial of service (infinite loop) via a packet with a zero datablock size.","releases":{"buster":{"fixed_version":"0.8+svn20060319-1","repositories":{"buster":"0.8.7+ds-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.8+svn20060319-1","repositories":{"stretch":"0.8.7+ds-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.8+svn20060319-1","repositories":{"jessie":"0.8.4.debian.1-1.1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.8+svn20060319-1","repositories":{"sid":"0.8.7+ds-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2005-0070":{"scope":"local","description":"Synaesthesia 2.1 and earlier, and possibly other versions, when installed setuid root, does not drop privileges before processing configuration and mixer files, which allows local users to read arbitrary files.","releases":{"stretch":{"fixed_version":"2.1-3","repositories":{"stretch":"2.4-5.1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.1-3","repositories":{"jessie":"2.4-5"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2004-0160":{"scope":"local","description":"Synaesthesia 2.2 and earlier allows local users to execute arbitrary code via a symlink attack on the configuration file.","releases":{"stretch":{"fixed_version":"2.1-3","repositories":{"stretch":"2.4-5.1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.1-3","repositories":{"jessie":"2.4-5"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-1759":{"debianbug":530255,"scope":"remote","description":"Stack-based buffer overflow in the btFiles::BuildFromMI function (trunk/btfiles.cpp) in Enhanced CTorrent (aka dTorrent) 3.3.2 and probably earlier, and CTorrent 1.3.4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Torrent file containing a long path.","releases":{"buster":{"fixed_version":"1.3.4-dnh3.2-1.1","repositories":{"buster":"1.3.4.dnh3.3.2-5"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.3.4-dnh3.2-1.1","repositories":{"stretch":"1.3.4.dnh3.3.2-5"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.3.4-dnh3.2-1.1","repositories":{"jessie":"1.3.4.dnh3.3.2-4"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.3.4-dnh3.2-1.1","repositories":{"sid":"1.3.4.dnh3.3.2-5"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2012-5825":{"debianbug":692444,"scope":"remote","description":"Tweepy does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the Python httplib library.","releases":{"buster":{"fixed_version":"3.1.0-2","repositories":{"buster":"3.6.0-1.1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.1.0-2","repositories":{"stretch":"3.5.0-1"},"urgency":"low","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.3-1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3.1.0-2","repositories":{"sid":"3.6.0-1.1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-17042":{"scope":"remote","description":"lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files.","releases":{"buster":{"fixed_version":"0.9.12-1","repositories":{"buster":"0.9.16-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.9.7-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.8.7.4-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.9.12-1","repositories":{"sid":"0.9.16-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8861":{"scope":"remote","description":"The handlebars package before 4.0.0 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted.","releases":{"buster":{"repositories":{"buster":"2.3.2-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"2.3.0-2"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"0.4.2-2"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2.3.2-1"},"urgency":"unimportant","status":"open"}}}}
{"TEMP-0000000-137F0A":{"releases":{"buster":{"repositories":{"buster":"2.3.2-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"2.3.0-2"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"0.4.2-2"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2.3.2-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2015-8862":{"scope":"remote","description":"mustache package before 2.2.1 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted.","releases":{"buster":{"repositories":{"buster":"2.3.2-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"2.3.0-2"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"0.4.2-2"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2.3.2-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2018-3750":{"debianbug":926616,"scope":"remote","description":"The utilities function in all versions <= 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.","releases":{"buster":{"fixed_version":"0.4.1-2","repositories":{"buster":"0.4.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"0.4.1-1"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"0.4.1-2","repositories":{"sid":"0.4.1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-3121":{"scope":"remote","description":"The peel_netstring function in cl_netstring.c in the heartbeat subsystem in High-Availability Linux before 1.2.5, and 2.0 before 2.0.7, allows remote attackers to cause a denial of service (crash) via the length parameter in a heartbeat message.","releases":{"buster":{"fixed_version":"1.2.4-14","repositories":{"buster":"1:3.0.6-9"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.2.4-14","repositories":{"stretch":"1:3.0.6-5"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.2.4-14","repositories":{"jessie":"1:3.0.5+hg12629-1.2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.2.4-14","repositories":{"sid":"1:3.0.6-9"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-2231":{"debianbug":318287,"scope":"local","description":"High Availability Linux Project Heartbeat 1.2.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files.","releases":{"buster":{"fixed_version":"1.2.3-12","repositories":{"buster":"1:3.0.6-9"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.2.3-12","repositories":{"stretch":"1:3.0.6-5"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.2.3-12","repositories":{"jessie":"1:3.0.5+hg12629-1.2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.2.3-12","repositories":{"sid":"1:3.0.6-9"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2006-3815":{"debianbug":379904,"scope":"local","description":"heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a shmget call for shared memory, which allows local users to cause an unspecified denial of service via unknown vectors, possibly during a short time window on startup.","releases":{"buster":{"fixed_version":"1.2.4-13","repositories":{"buster":"1:3.0.6-9"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.2.4-13","repositories":{"stretch":"1:3.0.6-5"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.2.4-13","repositories":{"jessie":"1:3.0.5+hg12629-1.2"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.2.4-13","repositories":{"sid":"1:3.0.6-9"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2002-1215":{"scope":"remote","description":"Multiple format string vulnerabilities in heartbeat 0.4.9 and earlier (claimed as buffer overflows in some sources) allow remote attackers to execute arbitrary code via certain packets to UDP port 694 (incorrectly claimed as TCP in some sources).","releases":{"buster":{"fixed_version":"0.4.9.2-1","repositories":{"buster":"1:3.0.6-9"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.4.9.2-1","repositories":{"stretch":"1:3.0.6-5"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.4.9.2-1","repositories":{"jessie":"1:3.0.5+hg12629-1.2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.4.9.2-1","repositories":{"sid":"1:3.0.6-9"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-3736":{"debianbug":559797,"scope":"local","description":"ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.","releases":{"buster":{"fixed_version":"2.1.4-7","repositories":{"buster":"1:3.0.6-9"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.1.4-7","repositories":{"stretch":"1:3.0.6-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.1.4-7","repositories":{"jessie":"1:3.0.5+hg12629-1.2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.1.4-7","repositories":{"sid":"1:3.0.6-9"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-7069":{"debianbug":731848,"scope":"remote","description":"ack 2.00 through 2.11_02 allows remote attackers to execute arbitrary code via a (1) --pager, (2) --regex, or (3) --output option in a .ackrc file in a directory to be searched.","releases":{"jessie":{"fixed_version":"2.12-1","repositories":{"jessie":"2.14-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-3582":{"debianbug":378279,"scope":"remote","description":"Multiple heap-based buffer overflows in Audacious AdPlug 2.0 and earlier allow remote user-assisted attackers to execute arbitrary code via the size specified in the package header of (1) CFF, (2) MTK, (3) DMO, and (4) U6M files.","releases":{"buster":{"fixed_version":"2.0.1-1","repositories":{"buster":"2.2.1+dfsg3-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.0.1-1","repositories":{"stretch":"2.2.1+dfsg3-0.4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.0.1-1","repositories":{"jessie":"2.2.1+dfsg3-0.1","jessie-security":"2.2.1+dfsg3-0.1+deb8u1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.0.1-1","repositories":{"sid":"2.2.1+dfsg3-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2018-17825":{"debianbug":910534,"scope":"remote","description":"An issue was discovered in AdPlug 2.3.1. There are several double-free vulnerabilities in the CEmuopl class in emuopl.cpp because of a destructor's two OPLDestroy calls, each of which frees TL_TABLE, SIN_TABLE, AMS_TABLE, and VIB_TABLE.","releases":{"buster":{"fixed_version":"2.2.1+dfsg3-1","repositories":{"buster":"2.2.1+dfsg3-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.2.1+dfsg3-0.4"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"jessie":{"fixed_version":"2.2.1+dfsg3-0.1+deb8u1","repositories":{"jessie":"2.2.1+dfsg3-0.1","jessie-security":"2.2.1+dfsg3-0.1+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.2.1+dfsg3-1","repositories":{"sid":"2.2.1+dfsg3-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2006-3581":{"debianbug":378279,"scope":"remote","description":"Multiple stack-based buffer overflows in Audacious AdPlug 2.0 and earlier allow remote user-assisted attackers to execute arbitrary code via large (1) DTM and (2) S3M files.","releases":{"buster":{"fixed_version":"2.0.1-1","repositories":{"buster":"2.2.1+dfsg3-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.0.1-1","repositories":{"stretch":"2.2.1+dfsg3-0.4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.0.1-1","repositories":{"jessie":"2.2.1+dfsg3-0.1","jessie-security":"2.2.1+dfsg3-0.1+deb8u1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.0.1-1","repositories":{"sid":"2.2.1+dfsg3-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2011-0469":{"scope":"remote","description":"Code injection in openSUSE when running some source services used in the open build service 2.1 before March 11 2011.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"2.7.1-10"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.9.4-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-0594":{"scope":"remote","description":"In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface, allowing for requests without the user's consent.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"2.7.1-10"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.9.4-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-3178":{"scope":"remote","description":"In the web ui of the openbuildservice before 2.3.0 a code injection of the project rebuildtimes statistics could be used by authorized attackers to execute shellcode.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"2.7.1-10"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.9.4-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-4183":{"scope":"remote","description":"A vulnerability in open build service allows remote attackers to upload arbitrary RPM files. Affected releases are SUSE open build service prior to 2.1.16.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"2.7.1-10"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.9.4-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-5188":{"debianbug":900133,"scope":"remote","description":"The bs_worker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during build, allowing leakage of private information.","releases":{"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.7.1-10"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.7.4-3","repositories":{"sid":"2.9.4-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-12479":{"debianbug":911797,"scope":"remote","description":"A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs. Affected releases are openSUSE Open Build Service: versions prior to 01b015ca2a320afc4fae823465d1e72da8bd60df.","releases":{"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.7.1-10"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.9.4-1","repositories":{"sid":"2.9.4-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-9268":{"scope":"remote","description":"In the open build service before 201707022 the wipetrigger and rebuild actions checked the wrong project for permissions, allowing authenticated users to cause operations on projects where they did not have permissions leading to denial of service (resource consumption).","releases":{"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.7.1-10"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"2.9.4-2"},"urgency":"low","status":"open"}}}}
{"CVE-2011-4181":{"scope":"remote","description":"A vulnerability in open build service allows remote attackers to gain access to source files even though source access is disabled. Affected releases are SUSE open build service up to and including version 2.1.15 (for 2.1) and before version 2.3.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"2.7.1-10"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.9.4-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-0796":{"scope":"local","description":"In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before 2.4.8 the source service patch application could generate non-standard files like symlinks or device nodes, which could allow buildservice users to break of confinement or cause denial of service attacks on the source service.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"2.7.1-10"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.9.4-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-12466":{"debianbug":911797,"scope":"remote","description":"openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links.","releases":{"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.7.1-10"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"2.9.4-2"},"urgency":"medium**","status":"open"}}}}
{"CVE-2018-12467":{"debianbug":911797,"scope":"remote","description":"Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage attribute, a similar issue to CVE-2018-7689.","releases":{"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.7.1-10"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.9.4-1","repositories":{"sid":"2.9.4-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-7688":{"debianbug":903796,"scope":"remote","description":"A missing permission check in the review handling of openSUSE Open Build Service before 2.9.3 allowed all authenticated users to modify sources in projects where they do not have write permissions.","releases":{"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.7.1-10"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.9.4-1","repositories":{"sid":"2.9.4-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-7689":{"debianbug":903797,"scope":"remote","description":"Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages where they do not have write permissions.","releases":{"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.7.1-10"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.9.4-1","repositories":{"sid":"2.9.4-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2003-0864":{"scope":"remote","description":"Buffer overflow in m_join in channel.c for IRCnet IRCD 2.10.x to 2.10.3p3 allows remote attackers to cause a denial of service.","releases":{"buster":{"fixed_version":"2.10.3p5-1","repositories":{"buster":"2.11.2p3~dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.10.3p5-1","repositories":{"stretch":"2.11.2p3~dfsg-4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.10.3p5-1","repositories":{"jessie":"2.11.2p3~dfsg-4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.10.3p5-1","repositories":{"sid":"2.11.2p3~dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2004-0783":{"scope":"remote","description":"Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string.  NOTE: this identifier is ONLY for gtk+.  It was incorrectly referenced in an advisory for a different issue (CVE-2004-0688).","releases":{"buster":{"fixed_version":"2.4.9-2","repositories":{"buster":"2.24.32-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.4.9-2","repositories":{"stretch":"2.24.31-2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.4.9-2","repositories":{"jessie":"2.24.25-3+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.4.9-2","repositories":{"sid":"2.24.32-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2004-0782":{"scope":"remote","description":"Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain n_col and cpp values that enable a heap-based buffer overflow.  NOTE: this identifier is ONLY for gtk+.  It was incorrectly referenced in an advisory for a different issue (CVE-2004-0687).","releases":{"buster":{"fixed_version":"2.4.9-2","repositories":{"buster":"2.24.32-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.4.9-2","repositories":{"stretch":"2.24.31-2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.4.9-2","repositories":{"jessie":"2.24.25-3+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.4.9-2","repositories":{"sid":"2.24.32-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2005-3186":{"debianbug":339431,"scope":"remote","description":"Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"2.6.10-2","repositories":{"buster":"2.24.32-3"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.6.10-2","repositories":{"stretch":"2.24.31-2"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.6.10-2","repositories":{"jessie":"2.24.25-3+deb8u2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.6.10-2","repositories":{"sid":"2.24.32-3"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2014-1949":{"debianbug":738828,"scope":"local","description":"GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, allows physically proximate attackers to bypass the lock screen by pressing the menu button.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.24.32-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.24.31-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.24.25-3+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.24.32-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2004-0788":{"scope":"remote","description":"Integer overflow in the ICO image decoder for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted ICO file.","releases":{"buster":{"fixed_version":"2.4.9-2","repositories":{"buster":"2.24.32-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.9-2","repositories":{"stretch":"2.24.31-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.9-2","repositories":{"jessie":"2.24.25-3+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.9-2","repositories":{"sid":"2.24.32-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-0891":{"scope":"remote","description":"Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image.","releases":{"buster":{"fixed_version":"2.6.4-1","repositories":{"buster":"2.24.32-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.6.4-1","repositories":{"stretch":"2.24.31-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.6.4-1","repositories":{"jessie":"2.24.25-3+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.6.4-1","repositories":{"sid":"2.24.32-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-0848":{"scope":"local","description":"Untrusted search path vulnerability in GTK2 in OpenSUSE 11.0 and 11.1 allows local users to execute arbitrary code via a Trojan horse GTK module in an unspecified \"relative search path.\"","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.24.32-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.24.31-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.24.25-3+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.24.32-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-4831":{"scope":"local","description":"Untrusted search path vulnerability in gdk/win32/gdkinput-win32.c in GTK+ before 2.21.8 allows local users to gain privileges via a Trojan horse Wintab32.dll file in the current working directory.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.24.32-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.24.31-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.24.25-3+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.24.32-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-7447":{"debianbug":799275,"scope":"remote","description":"Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service (crash) via a large image file, which triggers a large memory allocation.","releases":{"buster":{"fixed_version":"2.24.30-1.1","repositories":{"buster":"2.24.32-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.24.30-1.1","repositories":{"stretch":"2.24.31-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.24.25-3+deb8u1","repositories":{"jessie":"2.24.25-3+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.24.30-1.1","repositories":{"sid":"2.24.32-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-4491":{"scope":"remote","description":"Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.","releases":{"buster":{"fixed_version":"2.21.5-1","repositories":{"buster":"2.24.32-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.21.5-1","repositories":{"stretch":"2.24.31-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.21.5-1","repositories":{"jessie":"2.24.25-3+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.21.5-1","repositories":{"sid":"2.24.32-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-7673":{"scope":"remote","description":"io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file.","releases":{"buster":{"fixed_version":"2.21.5-1","repositories":{"buster":"2.24.32-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.21.5-1","repositories":{"stretch":"2.24.31-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.21.5-1","repositories":{"jessie":"2.24.25-3+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.21.5-1","repositories":{"sid":"2.24.32-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-2976":{"debianbug":339431,"scope":"remote","description":"Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186.","releases":{"buster":{"fixed_version":"2.6.10-2","repositories":{"buster":"2.24.32-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.6.10-2","repositories":{"stretch":"2.24.31-2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.6.10-2","repositories":{"jessie":"2.24.25-3+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.6.10-2","repositories":{"sid":"2.24.32-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-0732":{"scope":"local","description":"gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times.","releases":{"buster":{"fixed_version":"2.18.5-1","repositories":{"buster":"2.24.32-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.18.5-1","repositories":{"stretch":"2.24.31-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.18.5-1","repositories":{"jessie":"2.24.25-3+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.18.5-1","repositories":{"sid":"2.24.32-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-7674":{"scope":"remote","description":"Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"2.21.5-1","repositories":{"buster":"2.24.32-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.21.5-1","repositories":{"stretch":"2.24.31-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.21.5-1","repositories":{"jessie":"2.24.25-3+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.21.5-1","repositories":{"sid":"2.24.32-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-2975":{"debianbug":339431,"scope":"remote","description":"io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before 2.8.7 allows attackers to cause a denial of service (infinite loop) via a crafted XPM image with a large number of colors.","releases":{"buster":{"fixed_version":"2.6.10-2","repositories":{"buster":"2.24.32-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.6.10-2","repositories":{"stretch":"2.24.31-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.6.10-2","repositories":{"jessie":"2.24.25-3+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.6.10-2","repositories":{"sid":"2.24.32-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-0010":{"scope":"local","description":"The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file.","releases":{"buster":{"fixed_version":"2.8.20-5","repositories":{"buster":"2.24.32-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2.8.20-5","repositories":{"stretch":"2.24.31-2"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"2.8.20-5","repositories":{"jessie":"2.24.25-3+deb8u2"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2.8.20-5","repositories":{"sid":"2.24.32-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2010-4833":{"scope":"remote","description":"Untrusted search path vulnerability in modules/engines/ms-windows/xp_theme.c in GTK+ before 2.24.0 allows local users to gain privileges via a Trojan horse uxtheme.dll file in the current working directory, a different vulnerability than CVE-2010-4831.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.24.32-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.24.31-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.24.25-3+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.24.32-3"},"urgency":"unimportant","status":"resolved"}}}}
{"TEMP-0000000-DAA254":{"releases":{"buster":{"fixed_version":"2.8.2","repositories":{"buster":"5.8.4"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"2.8.2","repositories":{"stretch":"5.3.6"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"2.8.2","repositories":{"jessie":"4.3.1+deb8u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"2.8.2","repositories":{"sid":"5.8.4"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2006-6614":{"debianbug":402644,"scope":"local","description":"The save_log_local function in Fully Automatic Installation (FAI) 2.10.1, and possibly 3.1.2, when verbose mode is enabled, stores the root password hash in /var/log/fai/current/fai.log, whose file permissions allow it to be copied to other hosts when fai-savelog is called and allows attackers to obtain the hash.","releases":{"buster":{"fixed_version":"3.1.3","repositories":{"buster":"5.8.4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.1.3","repositories":{"stretch":"5.3.6"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3.1.3","repositories":{"jessie":"4.3.1+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"3.1.3","repositories":{"sid":"5.8.4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-5923":{"debianbug":859821,"scope":"remote","description":"libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted rule that is mishandled in the yara_yyparse function.","releases":{"buster":{"fixed_version":"3.5.0+dfsg-9","repositories":{"buster":"3.9.0-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.5.0+dfsg-9","repositories":{"stretch":"3.5.0+dfsg-9"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.1.0-2+deb8u1","repositories":{"jessie":"3.1.0-2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.5.0+dfsg-9","repositories":{"sid":"3.10.0-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-10211":{"debianbug":859821,"scope":"remote","description":"libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_parser_lookup_loop_variable function.","releases":{"buster":{"fixed_version":"3.5.0+dfsg-9","repositories":{"buster":"3.9.0-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.5.0+dfsg-9","repositories":{"stretch":"3.5.0+dfsg-9"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.1.0-2+deb8u1","repositories":{"jessie":"3.1.0-2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.5.0+dfsg-9","repositories":{"sid":"3.10.0-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-10210":{"debianbug":859821,"scope":"remote","description":"libyara/lexer.l in YARA 3.5.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted rule that is mishandled in the yy_get_next_buffer function.","releases":{"buster":{"fixed_version":"3.5.0+dfsg-9","repositories":{"buster":"3.9.0-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.5.0+dfsg-9","repositories":{"stretch":"3.5.0+dfsg-9"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.1.0-2+deb8u1","repositories":{"jessie":"3.1.0-2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.5.0+dfsg-9","repositories":{"sid":"3.10.0-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-8929":{"scope":"remote","description":"The sized_string_cmp function in libyara/sizedstr.c in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule.","releases":{"buster":{"fixed_version":"3.6.0+dfsg-1","repositories":{"buster":"3.9.0-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue, too intrusive to backport","repositories":{"stretch":"3.5.0+dfsg-9"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Minor issue, too intrusive to backport","repositories":{"jessie":"3.1.0-2+deb8u1"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"3.6.0+dfsg-1","repositories":{"sid":"3.10.0-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5924":{"debianbug":859821,"scope":"remote","description":"libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_compiler_destroy function.","releases":{"buster":{"fixed_version":"3.5.0+dfsg-9","repositories":{"buster":"3.9.0-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.5.0+dfsg-9","repositories":{"stretch":"3.5.0+dfsg-9"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.1.0-2+deb8u1","repositories":{"jessie":"3.1.0-2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.5.0+dfsg-9","repositories":{"sid":"3.10.0-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-9304":{"debianbug":863842,"scope":"remote","description":"libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule that is mishandled in the _yr_re_emit function.","releases":{"buster":{"fixed_version":"3.6.1+dfsg-1","repositories":{"buster":"3.9.0-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue, too intrusive to backport","repositories":{"stretch":"3.5.0+dfsg-9"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Minor issue, too intrusive to backport","repositories":{"jessie":"3.1.0-2+deb8u1"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"3.6.1+dfsg-1","repositories":{"sid":"3.10.0-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-9438":{"debianbug":864518,"scope":"remote","description":"libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule (involving hex strings) that is mishandled in the _yr_re_emit function, a different vulnerability than CVE-2017-9304.","releases":{"buster":{"fixed_version":"3.6.1+dfsg-1","repositories":{"buster":"3.9.0-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue, too intrusive to backport","repositories":{"stretch":"3.5.0+dfsg-9"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Minor issue, too intrusive to backport","repositories":{"jessie":"3.1.0-2+deb8u1"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"3.6.1+dfsg-1","repositories":{"sid":"3.10.0-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-9465":{"debianbug":864517,"scope":"remote","description":"The yr_arena_write_data function in YARA 3.6.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain sensitive information from process memory via a crafted file that is mishandled in the yr_re_fast_exec function in libyara/re.c and the _yr_scan_match_callback function in libyara/scan.c.","releases":{"buster":{"fixed_version":"3.6.2+dfsg-1","repositories":{"buster":"3.9.0-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue, too intrusive to backport","repositories":{"stretch":"3.5.0+dfsg-9"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Minor issue, too intrusive to backport","repositories":{"jessie":"3.1.0-2+deb8u1"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"3.6.2+dfsg-1","repositories":{"sid":"3.10.0-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-8294":{"debianbug":861590,"scope":"remote","description":"libyara/re.c in the regex component in YARA 3.5.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted rule that is mishandled in the yr_re_exec function.","releases":{"buster":{"fixed_version":"3.6.0+dfsg-1","repositories":{"buster":"3.9.0-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue, too intrusive to backport","repositories":{"stretch":"3.5.0+dfsg-9"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Minor issue, too intrusive to backport","repositories":{"jessie":"3.1.0-2+deb8u1"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"3.6.0+dfsg-1","repositories":{"sid":"3.10.0-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-12035":{"scope":"remote","description":"In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds write vulnerability in yr_execute_code in libyara/exec.c.","releases":{"buster":{"fixed_version":"3.7.1-3","repositories":{"buster":"3.9.0-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"3.5.0+dfsg-9"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.1.0-2+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3.7.1-3","repositories":{"sid":"3.10.0-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-19976":{"debianbug":916932,"scope":"remote","description":"In YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec.c. This is a consequence of the design of the YARA virtual machine.","releases":{"buster":{"fixed_version":"3.8.1-2","repositories":{"buster":"3.9.0-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"3.5.0+dfsg-9"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.1.0-2+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3.8.1-2","repositories":{"sid":"3.10.0-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-19975":{"debianbug":916932,"scope":"remote","description":"In YARA 3.8.1, bytecode in a specially crafted compiled rule can read data from any arbitrary address in memory, in libyara/exec.c. Specifically, OP_COUNT can read a DWORD.","releases":{"buster":{"fixed_version":"3.8.1-2","repositories":{"buster":"3.9.0-1"},"urgency":"high**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"3.5.0+dfsg-9"},"urgency":"high**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.1.0-2+deb8u1"},"urgency":"high**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3.8.1-2","repositories":{"sid":"3.10.0-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-11328":{"scope":"remote","description":"Heap buffer overflow in the yr_object_array_set_item() function in object.c in YARA 3.x allows a denial-of-service attack by scanning a crafted .NET file.","releases":{"buster":{"fixed_version":"3.6.3+dfsg-1","repositories":{"buster":"3.9.0-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue, too intrusive to backport","repositories":{"stretch":"3.5.0+dfsg-9"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Minor issue, too intrusive to backport","repositories":{"jessie":"3.1.0-2+deb8u1"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"3.6.3+dfsg-1","repositories":{"sid":"3.10.0-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-19974":{"debianbug":916932,"scope":"remote","description":"In YARA 3.8.1, bytecode in a specially crafted compiled rule can read uninitialized data from VM scratch memory in libyara/exec.c. This can allow attackers to discover addresses in the real stack (not the YARA virtual stack).","releases":{"buster":{"fixed_version":"3.8.1-2","repositories":{"buster":"3.9.0-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"3.5.0+dfsg-9"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.1.0-2+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3.8.1-2","repositories":{"sid":"3.10.0-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-12034":{"scope":"remote","description":"In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds read vulnerability in yr_execute_code in libyara/exec.c.","releases":{"buster":{"fixed_version":"3.7.1-3","repositories":{"buster":"3.9.0-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"3.5.0+dfsg-9"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.1.0-2+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3.7.1-3","repositories":{"sid":"3.10.0-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-6508":{"scope":"remote","description":"Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this vulnerability.","releases":{"buster":{"repositories":{"buster":"6.1.1-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"2.3.0-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1.4.2-1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"6.1.1-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2004-2771":{"debianbug":278748,"scope":"remote","description":"The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address.","releases":{"jessie":{"fixed_version":"12.5-3.1","repositories":{"jessie":"12.5-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-7844":{"debianbug":773417,"releases":{"jessie":{"fixed_version":"12.5-3.1","repositories":{"jessie":"12.5-4"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2005-2672":{"debianbug":324193,"scope":"local","description":"pwmconfig in LM_sensors before 2.9.1 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the fancontrol temporary file.","releases":{"buster":{"fixed_version":"1:2.9.1-7","repositories":{"buster":"1:3.5.0-3"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1:2.9.1-7","repositories":{"stretch":"1:3.4.0-4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1:2.9.1-7","repositories":{"jessie":"1:3.3.5-2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1:2.9.1-7","repositories":{"sid":"1:3.5.0-3"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2002-0875":{"scope":"local","description":"Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows unprivileged users to obtain the names of files whose access is restricted to the root group.","releases":{"buster":{"fixed_version":"2.6.8-1","repositories":{"buster":"2.7.0-17.3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2.6.8-1","repositories":{"stretch":"2.7.0-17.2"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"2.6.8-1","repositories":{"jessie":"2.7.0-17.1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2.6.8-1","repositories":{"sid":"2.7.0-17.3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2013-4488":{"scope":"remote","description":"libgadu before 1.12.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers.","releases":{"buster":{"repositories":{"buster":"1:1.12.2-3"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"1:1.12.1-4"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1:1.12.0-5"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"1:1.12.2-3"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2008-4776":{"debianbug":503916,"scope":"remote","description":"libgadu before 1.8.2 allows remote servers to cause a denial of service (crash) via a contact description with a large length, which triggers a buffer over-read.","releases":{"buster":{"fixed_version":"1:1.8.0+r592-3","repositories":{"buster":"1:1.12.2-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:1.8.0+r592-3","repositories":{"stretch":"1:1.12.1-4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:1.8.0+r592-3","repositories":{"jessie":"1:1.12.0-5"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:1.8.0+r592-3","repositories":{"sid":"1:1.12.2-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-6487":{"scope":"remote","description":"Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu (gg) parser in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a large Content-Length value, which triggers a buffer overflow.","releases":{"buster":{"fixed_version":"1:1.11.3-1","repositories":{"buster":"1:1.12.2-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:1.11.3-1","repositories":{"stretch":"1:1.12.1-4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:1.11.3-1","repositories":{"jessie":"1:1.12.0-5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:1.11.3-1","repositories":{"sid":"1:1.12.2-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-3775":{"scope":"remote","description":"libgadu before 1.11.4 and 1.12.0 before 1.12.0-rc3, as used in Pidgin and other products, allows remote Gadu-Gadu file relay servers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted message.","releases":{"buster":{"fixed_version":"1:1.12.0~rc3-1","repositories":{"buster":"1:1.12.2-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:1.12.0~rc3-1","repositories":{"stretch":"1:1.12.1-4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:1.12.0~rc3-1","repositories":{"jessie":"1:1.12.0-5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:1.12.0~rc3-1","repositories":{"sid":"1:1.12.2-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2002-1277":{"scope":"remote","description":"Buffer overflow in Window Maker (wmaker) 0.80.0 and earlier may allow remote attackers to execute arbitrary code via a certain image file that is not properly handled when Window Maker uses width and height information to allocate a buffer.","releases":{"buster":{"fixed_version":"0.80.1-4","repositories":{"buster":"0.95.8-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.80.1-4","repositories":{"stretch":"0.95.7-8"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.80.1-4","repositories":{"jessie":"0.95.5-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.80.1-4","repositories":{"sid":"0.95.8-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2004-2714":{"scope":"remote","description":"Unspecified vulnerability in Window Maker 0.80.2 and earlier allows attackers to perform unknown actions via format string specifiers in a font specification in WMGLOBAL, probably a format string vulnerability.","releases":{"buster":{"fixed_version":"0.90-1","repositories":{"buster":"0.95.8-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.90-1","repositories":{"stretch":"0.95.7-8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.90-1","repositories":{"jessie":"0.95.5-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.90-1","repositories":{"sid":"0.95.8-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-1000140":{"scope":"remote","description":"rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate.","releases":{"buster":{"fixed_version":"1.2.15-1","repositories":{"buster":"1.3.0-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.2.12-1+deb9u1","repositories":{"stretch-security":"1.2.12-1+deb9u1","stretch":"1.2.12-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.2.7-2+deb8u1","repositories":{"jessie":"1.2.7-2+deb8u1","jessie-security":"1.2.7-2+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.2.15-1","repositories":{"sid":"1.3.0-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-17540":{"scope":"remote","description":"The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate.","releases":{"buster":{"fixed_version":"5.7.1-1","repositories":{"buster":"5.7.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"5.5.1-4+deb9u4","repositories":{"stretch-security":"5.5.1-4+deb9u4","stretch":"5.5.1-4+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"5.2.1-6+deb8u8","repositories":{"jessie":"5.2.1-6+deb8u6","jessie-security":"5.2.1-6+deb8u8"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"5.7.1-1","repositories":{"sid":"5.7.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-3991":{"scope":"remote","description":"strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code.","releases":{"buster":{"fixed_version":"5.3.0-2","repositories":{"buster":"5.7.2-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"5.3.0-2","repositories":{"stretch-security":"5.5.1-4+deb9u4","stretch":"5.5.1-4+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"5.2.1-6+deb8u6","jessie-security":"5.2.1-6+deb8u8"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"5.3.0-2","repositories":{"sid":"5.7.2-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-4551":{"debianbug":502676,"scope":"remote","description":"strongSwan 4.2.6 and earlier allows remote attackers to cause a denial of service (daemon crash) via an IKE_SA_INIT message with a large number of NULL values in a Key Exchange payload, which triggers a NULL pointer dereference for the return value of the mpz_export function in the GNU Multiprecision Library (GMP).","releases":{"buster":{"fixed_version":"4.2.4-5","repositories":{"buster":"5.7.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.2.4-5","repositories":{"stretch-security":"5.5.1-4+deb9u4","stretch":"5.5.1-4+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.2.4-5","repositories":{"jessie":"5.2.1-6+deb8u6","jessie-security":"5.2.1-6+deb8u8"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.2.4-5","repositories":{"sid":"5.7.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-16152":{"scope":"remote","description":"In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. This is a variant of CVE-2006-4790 and CVE-2014-1568.","releases":{"buster":{"fixed_version":"5.7.0-1","repositories":{"buster":"5.7.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"5.5.1-4+deb9u3","repositories":{"stretch-security":"5.5.1-4+deb9u4","stretch":"5.5.1-4+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"5.2.1-6+deb8u7","repositories":{"jessie":"5.2.1-6+deb8u6","jessie-security":"5.2.1-6+deb8u8"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"5.7.0-1","repositories":{"sid":"5.7.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-2388":{"scope":"remote","description":"The GMP Plugin in strongSwan 4.2.0 through 4.6.3 allows remote attackers to bypass authentication via a (1) empty or (2) zeroed RSA signature, aka \"RSA signature verification vulnerability.\"","releases":{"buster":{"fixed_version":"4.5.2-1.4","repositories":{"buster":"5.7.2-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.5.2-1.4","repositories":{"stretch-security":"5.5.1-4+deb9u4","stretch":"5.5.1-4+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.5.2-1.4","repositories":{"jessie":"5.2.1-6+deb8u6","jessie-security":"5.2.1-6+deb8u8"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.5.2-1.4","repositories":{"sid":"5.7.2-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-16151":{"scope":"remote","description":"In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. Similar to the flaw in the same version of strongSwan regarding digestAlgorithm.parameters, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication.","releases":{"buster":{"fixed_version":"5.7.0-1","repositories":{"buster":"5.7.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"5.5.1-4+deb9u3","repositories":{"stretch-security":"5.5.1-4+deb9u4","stretch":"5.5.1-4+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"5.2.1-6+deb8u7","repositories":{"jessie":"5.2.1-6+deb8u6","jessie-security":"5.2.1-6+deb8u8"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"5.7.0-1","repositories":{"sid":"5.7.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-2054":{"scope":"remote","description":"Buffer overflow in the atodn function in strongSwan 2.0.0 through 4.3.4, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE daemon crash) and possibly execute arbitrary code via crafted DNS TXT records.  NOTE: this might be the same vulnerability as CVE-2013-2053 and CVE-2013-2054.","releases":{"buster":{"fixed_version":"4.3.4-1","repositories":{"buster":"5.7.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.3.4-1","repositories":{"stretch-security":"5.5.1-4+deb9u4","stretch":"5.5.1-4+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.3.4-1","repositories":{"jessie":"5.2.1-6+deb8u6","jessie-security":"5.2.1-6+deb8u8"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.3.4-1","repositories":{"sid":"5.7.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-6076":{"scope":"remote","description":"strongSwan 5.0.2 through 5.1.0 allows remote attackers to cause a denial of service (NULL pointer dereference and charon daemon crash) via a crafted IKEv1 fragmentation packet.","releases":{"buster":{"fixed_version":"5.1.0-3","repositories":{"buster":"5.7.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"5.1.0-3","repositories":{"stretch-security":"5.5.1-4+deb9u4","stretch":"5.5.1-4+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"5.1.0-3","repositories":{"jessie":"5.2.1-6+deb8u6","jessie-security":"5.2.1-6+deb8u8"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"5.1.0-3","repositories":{"sid":"5.7.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-6075":{"scope":"remote","description":"The compare_dn function in utils/identification.c in strongSwan 4.3.3 through 5.1.1 allows (1) remote attackers to cause a denial of service (out-of-bounds read, NULL pointer dereference, and daemon crash) or (2) remote authenticated users to impersonate arbitrary users and bypass access restrictions via a crafted ID_DER_ASN1_DN ID, related to an \"insufficient length check\" during identity comparison.","releases":{"buster":{"fixed_version":"5.1.0-3","repositories":{"buster":"5.7.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"5.1.0-3","repositories":{"stretch-security":"5.5.1-4+deb9u4","stretch":"5.5.1-4+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"5.1.0-3","repositories":{"jessie":"5.2.1-6+deb8u6","jessie-security":"5.2.1-6+deb8u8"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"5.1.0-3","repositories":{"sid":"5.7.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-2338":{"scope":"remote","description":"IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authentication by rekeying an IKE_SA during (1) initiation or (2) re-authentication, which triggers the IKE_SA state to be set to established.","releases":{"buster":{"fixed_version":"5.1.2-4","repositories":{"buster":"5.7.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"5.1.2-4","repositories":{"stretch-security":"5.5.1-4+deb9u4","stretch":"5.5.1-4+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"5.1.2-4","repositories":{"jessie":"5.2.1-6+deb8u6","jessie-security":"5.2.1-6+deb8u8"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"5.1.2-4","repositories":{"sid":"5.7.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-0790":{"debianbug":521949,"scope":"remote","description":"The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21 and 2.4 before 2.4.14, and Strongswan 4.2 before 4.2.14 and 2.8 before 2.8.9, allows remote attackers to cause a denial of service (daemon crash and restart) via a crafted (1) R_U_THERE or (2) R_U_THERE_ACK Dead Peer Detection (DPD) IPsec IKE Notification message that triggers a NULL pointer dereference related to inconsistent ISAKMP state and the lack of a phase2 state association in DPD.","releases":{"buster":{"fixed_version":"4.2.14-1","repositories":{"buster":"5.7.2-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"4.2.14-1","repositories":{"stretch-security":"5.5.1-4+deb9u4","stretch":"5.5.1-4+deb9u4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"4.2.14-1","repositories":{"jessie":"5.2.1-6+deb8u6","jessie-security":"5.2.1-6+deb8u8"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"4.2.14-1","repositories":{"sid":"5.7.2-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2014-9221":{"scope":"remote","description":"strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025.","releases":{"buster":{"fixed_version":"5.2.1-5","repositories":{"buster":"5.7.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"5.2.1-5","repositories":{"stretch-security":"5.5.1-4+deb9u4","stretch":"5.5.1-4+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"5.2.1-5","repositories":{"jessie":"5.2.1-6+deb8u6","jessie-security":"5.2.1-6+deb8u8"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"5.2.1-5","repositories":{"sid":"5.7.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-2891":{"scope":"remote","description":"strongSwan before 5.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a crafted ID_DER_ASN1_DN ID payload.","releases":{"buster":{"fixed_version":"5.1.2-1","repositories":{"buster":"5.7.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"5.1.2-1","repositories":{"stretch-security":"5.5.1-4+deb9u4","stretch":"5.5.1-4+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"5.1.2-1","repositories":{"jessie":"5.2.1-6+deb8u6","jessie-security":"5.2.1-6+deb8u8"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"5.1.2-1","repositories":{"sid":"5.7.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-11185":{"debianbug":872155,"scope":"remote","description":"The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature.","releases":{"buster":{"fixed_version":"5.6.0-1","repositories":{"buster":"5.7.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"5.5.1-4+deb9u1","repositories":{"stretch-security":"5.5.1-4+deb9u4","stretch":"5.5.1-4+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"5.2.1-6+deb8u5","repositories":{"jessie":"5.2.1-6+deb8u6","jessie-security":"5.2.1-6+deb8u8"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"5.6.0-1","repositories":{"sid":"5.7.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8023":{"scope":"remote","description":"The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Challenge message.","releases":{"buster":{"fixed_version":"5.3.3-3","repositories":{"buster":"5.7.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"5.3.3-3","repositories":{"stretch-security":"5.5.1-4+deb9u4","stretch":"5.5.1-4+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"5.2.1-6+deb8u2","repositories":{"jessie":"5.2.1-6+deb8u6","jessie-security":"5.2.1-6+deb8u8"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"5.3.3-3","repositories":{"sid":"5.7.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-9022":{"scope":"remote","description":"The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate.","releases":{"buster":{"fixed_version":"5.5.1-4","repositories":{"buster":"5.7.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"5.5.1-4","repositories":{"stretch-security":"5.5.1-4+deb9u4","stretch":"5.5.1-4+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"5.2.1-6+deb8u3","repositories":{"jessie":"5.2.1-6+deb8u6","jessie-security":"5.2.1-6+deb8u8"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"5.5.1-4","repositories":{"sid":"5.7.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-9023":{"scope":"remote","description":"The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted certificate.","releases":{"buster":{"fixed_version":"5.5.1-4","repositories":{"buster":"5.7.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"5.5.1-4","repositories":{"stretch-security":"5.5.1-4+deb9u4","stretch":"5.5.1-4+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"5.2.1-6+deb8u3","repositories":{"jessie":"5.2.1-6+deb8u6","jessie-security":"5.2.1-6+deb8u8"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"5.5.1-4","repositories":{"sid":"5.7.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-6459":{"scope":"remote","description":"The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c in strongSwan 5.6.1 allows remote attackers to cause a denial of service via a crafted RSASSA-PSS signature that lacks a mask generation function parameter.","releases":{"buster":{"fixed_version":"5.6.2-1","repositories":{"buster":"5.7.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"5.5.1-4+deb9u4","stretch":"5.5.1-4+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"5.2.1-6+deb8u6","jessie-security":"5.2.1-6+deb8u8"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"5.6.2-1","repositories":{"sid":"5.7.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-5389":{"scope":"remote","description":"The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline dictionary or brute force attacks. For the main mode, however, only an online attack against PSK authentication was thought to be feasible. This vulnerability could allow an attacker to recover a weak Pre-Shared Key or enable the impersonation of a victim host or network.","releases":{"buster":{"repositories":{"buster":"5.7.2-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"5.5.1-4+deb9u4","stretch":"5.5.1-4+deb9u4"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"5.2.1-6+deb8u6","jessie-security":"5.2.1-6+deb8u8"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"5.7.2-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2018-5388":{"scope":"remote","description":"In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket.","releases":{"buster":{"fixed_version":"5.6.3-1","repositories":{"buster":"5.7.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"needs root priv for access to the stroke socket","fixed_version":"5.5.1-4+deb9u2","repositories":{"stretch-security":"5.5.1-4+deb9u4","stretch":"5.5.1-4+deb9u4"},"urgency":"medium**","nodsa_reason":"","status":"resolved"},"jessie":{"nodsa":"needs root priv for access to the stroke socket","fixed_version":"5.2.1-6+deb8u6","repositories":{"jessie":"5.2.1-6+deb8u6","jessie-security":"5.2.1-6+deb8u8"},"urgency":"medium**","nodsa_reason":"","status":"resolved"},"sid":{"fixed_version":"5.6.3-1","repositories":{"sid":"5.7.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-1957":{"debianbug":531612,"scope":"remote","description":"charon/sa/ike_sa.c in the charon daemon in strongSWAN before 4.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid IKE_SA_INIT request that triggers \"an incomplete state,\" followed by a CREATE_CHILD_SA request.","releases":{"buster":{"fixed_version":"4.2.14-1.1","repositories":{"buster":"5.7.2-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"4.2.14-1.1","repositories":{"stretch-security":"5.5.1-4+deb9u4","stretch":"5.5.1-4+deb9u4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"4.2.14-1.1","repositories":{"jessie":"5.2.1-6+deb8u6","jessie-security":"5.2.1-6+deb8u8"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"4.2.14-1.1","repositories":{"sid":"5.7.2-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2009-1958":{"debianbug":531612,"scope":"remote","description":"charon/sa/tasks/child_create.c in the charon daemon in strongSWAN before 4.3.1 switches the NULL checks for TSi and TSr payloads, which allows remote attackers to cause a denial of service via an IKE_AUTH request without a (1) TSi or (2) TSr traffic selector.","releases":{"buster":{"fixed_version":"4.2.14-1.1","repositories":{"buster":"5.7.2-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"4.2.14-1.1","repositories":{"stretch-security":"5.5.1-4+deb9u4","stretch":"5.5.1-4+deb9u4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"4.2.14-1.1","repositories":{"jessie":"5.2.1-6+deb8u6","jessie-security":"5.2.1-6+deb8u8"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"4.2.14-1.1","repositories":{"sid":"5.7.2-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2013-5018":{"scope":"remote","description":"The is_asn1 function in strongSwan 4.1.11 through 5.0.4 does not properly validate the return value of the asn1_length function, which allows remote attackers to cause a denial of service (segmentation fault) via a (1) XAuth username, (2) EAP identity, or (3) PEM encoded file that starts with a 0x04, 0x30, or 0x31 character followed by an ASN.1 length value that triggers an integer overflow.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.7.2-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"5.5.1-4+deb9u4","stretch":"5.5.1-4+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"5.2.1-6+deb8u6","jessie-security":"5.2.1-6+deb8u8"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.7.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-2661":{"debianbug":540144,"scope":"remote","description":"The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before 4.2.17, and 4.3 before 4.3.3 does not properly handle X.509 certificates with crafted Relative Distinguished Names (RDNs), which allows remote attackers to cause a denial of service (pluto IKE daemon crash) via malformed ASN.1 data.  NOTE: this is due to an incomplete fix for CVE-2009-2185.","releases":{"buster":{"fixed_version":"4.3.2-1.1","repositories":{"buster":"5.7.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.3.2-1.1","repositories":{"stretch-security":"5.5.1-4+deb9u4","stretch":"5.5.1-4+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.3.2-1.1","repositories":{"jessie":"5.2.1-6+deb8u6","jessie-security":"5.2.1-6+deb8u8"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.3.2-1.1","repositories":{"sid":"5.7.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-4171":{"scope":"remote","description":"strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses.","releases":{"buster":{"fixed_version":"5.3.1-1","repositories":{"buster":"5.7.2-1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"5.3.1-1","repositories":{"stretch-security":"5.5.1-4+deb9u4","stretch":"5.5.1-4+deb9u4"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"5.2.1-6+deb8u1","repositories":{"jessie":"5.2.1-6+deb8u6","jessie-security":"5.2.1-6+deb8u8"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"5.3.1-1","repositories":{"sid":"5.7.2-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-10811":{"scope":"remote","description":"strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable.","releases":{"buster":{"fixed_version":"5.6.3-1","repositories":{"buster":"5.7.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"5.5.1-4+deb9u2","repositories":{"stretch-security":"5.5.1-4+deb9u4","stretch":"5.5.1-4+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"5.2.1-6+deb8u6","repositories":{"jessie":"5.2.1-6+deb8u6","jessie-security":"5.2.1-6+deb8u8"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"5.6.3-1","repositories":{"sid":"5.7.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-2628":{"scope":"remote","description":"The IKE daemon in strongSwan 4.3.x before 4.3.7 and 4.4.x before 4.4.1 does not properly check the return values of snprintf calls, which allows remote attackers to execute arbitrary code via crafted (1) certificate or (2) identity data that triggers buffer overflows.","releases":{"buster":{"fixed_version":"4.4.1-1","repositories":{"buster":"5.7.2-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.4.1-1","repositories":{"stretch-security":"5.5.1-4+deb9u4","stretch":"5.5.1-4+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-1","repositories":{"jessie":"5.2.1-6+deb8u6","jessie-security":"5.2.1-6+deb8u8"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.4.1-1","repositories":{"sid":"5.7.2-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-2185":{"debianbug":533837,"scope":"remote","description":"The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and (b) openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial of service (pluto IKE daemon crash) via an X.509 certificate with (1) crafted Relative Distinguished Names (RDNs), (2) a crafted UTCTIME string, or (3) a crafted GENERALIZEDTIME string.","releases":{"buster":{"fixed_version":"4.2.14-1.2","repositories":{"buster":"5.7.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.2.14-1.2","repositories":{"stretch-security":"5.5.1-4+deb9u4","stretch":"5.5.1-4+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.2.14-1.2","repositories":{"jessie":"5.2.1-6+deb8u6","jessie-security":"5.2.1-6+deb8u8"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.2.14-1.2","repositories":{"sid":"5.7.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-2944":{"scope":"remote","description":"strongSwan 4.3.5 through 5.0.3, when using the OpenSSL plugin for ECDSA signature verification, allows remote attackers to authenticate as other users via an invalid signature.","releases":{"buster":{"fixed_version":"4.6.4-7","repositories":{"buster":"5.7.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.6.4-7","repositories":{"stretch-security":"5.5.1-4+deb9u4","stretch":"5.5.1-4+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.6.4-7","repositories":{"jessie":"5.2.1-6+deb8u6","jessie-security":"5.2.1-6+deb8u8"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.6.4-7","repositories":{"sid":"5.7.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5735":{"debianbug":863469,"scope":"remote","description":"Integer overflow in the rwpng_read_image24_libpng function in rwpng.c in pngquant 2.7.0 allows remote attackers to have unspecified impact via a crafted PNG file, which triggers a buffer overflow.","releases":{"buster":{"fixed_version":"2.5.0-2","repositories":{"buster":"2.12.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.5.0-2","repositories":{"stretch":"2.5.0-2"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.3.0-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.5.0-2","repositories":{"sid":"2.12.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-5694":{"debianbug":796108,"releases":{"buster":{"fixed_version":"2015.1.0+2015.08.26.git34.9fa07c5798-1","repositories":{"buster":"1:7.0.0-2"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"2015.1.0+2015.08.26.git34.9fa07c5798-1","repositories":{"stretch":"1:3.0.0-4"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2014.1-18+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2015.1.0+2015.08.26.git34.9fa07c5798-1","repositories":{"sid":"1:7.0.0-2"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2015-5695":{"debianbug":796108,"scope":"remote","description":"Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted resource record set.","releases":{"buster":{"fixed_version":"2015.1.0+2015.08.26.git34.9fa07c5798-1","repositories":{"buster":"1:7.0.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2015.1.0+2015.08.26.git34.9fa07c5798-1","repositories":{"stretch":"1:3.0.0-4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2014.1-18+deb8u1","repositories":{"jessie":"2014.1-18+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2015.1.0+2015.08.26.git34.9fa07c5798-1","repositories":{"sid":"1:7.0.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-4810":{"scope":"remote","description":"The Secure Remote Password (SRP) implementation in Samhain before 2.5.4 does not check for a certain zero value where required by the protocol, which allows remote attackers to bypass authentication via crafted input.","releases":{"buster":{"fixed_version":"2.5.4-1","repositories":{"buster":"4.1.4-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.5.4-1","repositories":{"stretch":"4.1.4-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.5.4-1","repositories":{"jessie":"3.1.0-7"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.5.4-1","repositories":{"sid":"4.1.4-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2004-2410":{"scope":"local","description":"Unknown vulnerability in sh_hash_compdata for Samhain 1.8.9 through 2.0.1 might allow attackers to cause a denial of service (null pointer dereference).","releases":{"buster":{"fixed_version":"2.0.2","repositories":{"buster":"4.1.4-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2.0.2","repositories":{"stretch":"4.1.4-2"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"2.0.2","repositories":{"jessie":"3.1.0-7"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2.0.2","repositories":{"sid":"4.1.4-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2004-2409":{"scope":"local","description":"Buffer overflow in the sh_hash_compdata function for Samhain 1.8.9 through 2.0.1, when running in update mode (\"-t update\"), might allow attackers to execute arbitrary code.","releases":{"buster":{"fixed_version":"2.0.2","repositories":{"buster":"4.1.4-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.0.2","repositories":{"stretch":"4.1.4-2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.0.2","repositories":{"jessie":"3.1.0-7"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.0.2","repositories":{"sid":"4.1.4-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-14054":{"debianbug":903859,"scope":"remote","description":"A double free exists in the MP4StringProperty class in mp4property.cpp in MP4v2 2.0.0. A dangling pointer is freed again in the destructor once an exception is triggered.","releases":{"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.0.0~dfsg0-5"},"urgency":"high**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.0.0~dfsg0-3"},"urgency":"high**","nodsa_reason":"","status":"open"}}}}
{"CVE-2018-14379":{"debianbug":904898,"scope":"remote","description":"MP4Atom::factory in mp4atom.cpp in MP4v2 2.0.0 incorrectly uses the MP4ItemAtom data type in a certain case where MP4DataAtom is required, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted MP4 file, because access to the data structure has different expectations about layout as a result of this type confusion.","releases":{"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.0.0~dfsg0-5"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.0.0~dfsg0-3"},"urgency":"medium**","nodsa_reason":"","status":"open"}}}}
{"CVE-2018-14326":{"debianbug":904900,"scope":"remote","description":"In MP4v2 2.0.0, there is an integer overflow (with resultant memory corruption) when resizing MP4Array for the ftyp atom in mp4array.h.","releases":{"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.0.0~dfsg0-5"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.0.0~dfsg0-3"},"urgency":"medium**","nodsa_reason":"","status":"open"}}}}
{"CVE-2018-14403":{"debianbug":904897,"scope":"remote","description":"MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0 mishandles substrings of atom names, leading to use of an inappropriate data type for associated atoms. The resulting type confusion can cause out-of-bounds memory access.","releases":{"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.0.0~dfsg0-5"},"urgency":"high**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.0.0~dfsg0-3"},"urgency":"high**","nodsa_reason":"","status":"open"}}}}
{"CVE-2018-14325":{"debianbug":904901,"scope":"remote","description":"In MP4v2 2.0.0, there is an integer underflow (with resultant memory corruption) when parsing MP4Atom in mp4atom.cpp.","releases":{"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.0.0~dfsg0-5"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.0.0~dfsg0-3"},"urgency":"medium**","nodsa_reason":"","status":"open"}}}}
{"CVE-2018-14446":{"debianbug":904896,"scope":"remote","description":"MP4Integer32Property::Read in atom_avcC.cpp in MP4v2 2.1.0 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted MP4 file.","releases":{"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.0.0~dfsg0-5"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.0.0~dfsg0-3"},"urgency":"medium**","nodsa_reason":"","status":"open"}}}}
{"CVE-2018-17236":{"debianbug":909277,"scope":"remote","description":"The function MP4Free() in mp4property.cpp in libmp4v2 2.1.0 internally calls free() on a invalid pointer, raising a SIGABRT signal.","releases":{"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.0.0~dfsg0-5"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.0.0~dfsg0-3"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"}}}}
{"CVE-2018-17235":{"debianbug":909278,"scope":"remote","description":"The function mp4v2::impl::MP4Track::FinishSdtp() in mp4track.cpp in libmp4v2 2.1.0 mishandles compatibleBrand while processing a crafted mp4 file, which leads to a heap-based buffer over-read, causing denial of service.","releases":{"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.0.0~dfsg0-5"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.0.0~dfsg0-3"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"}}}}
{"CVE-2018-7339":{"debianbug":893544,"scope":"remote","description":"The MP4Atom class in mp4atom.cpp in MP4v2 through 2.0.0 mishandles Entry Number validation for the MP4 Table Property, which allows remote attackers to cause a denial of service (overflow, insufficient memory allocation, and segmentation fault) or possibly have unspecified other impact via a crafted mp4 file.","releases":{"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.0.0~dfsg0-5"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.0.0~dfsg0-3"},"urgency":"low","nodsa_reason":"","status":"open"}}}}
{"CVE-2011-1756":{"scope":"remote","description":"modules/xmpp/serv_xmpp.c in Citadel 7.86 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.","releases":{"buster":{"fixed_version":"8.04-1","repositories":{"buster":"917-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"8.04-1","repositories":{"stretch":"902-4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"8.04-1","repositories":{"jessie":"8.24-1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"8.04-1","repositories":{"sid":"917-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2008-3930":{"debianbug":496359,"scope":"local","description":"migrate_aliases.sh in Citadel Server 7.37 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.","releases":{"buster":{"fixed_version":"7.37-3","repositories":{"buster":"917-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"7.37-3","repositories":{"stretch":"902-4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"7.37-3","repositories":{"jessie":"8.24-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"7.37-3","repositories":{"sid":"917-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-12558":{"debianbug":901873,"scope":"remote","description":"The parse() method in the Email::Address module through 1.909 for Perl is vulnerable to Algorithmic complexity on specially prepared input, leading to Denial of Service. Prepared special input that caused this problem contained 30 form-field characters (\"\\f\").","releases":{"buster":{"fixed_version":"1.912-1","repositories":{"buster":"1.912-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.908-1+deb9u1","repositories":{"stretch":"1.908-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"repositories":{"jessie":"1.905-2"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"1.912-1","repositories":{"sid":"1.912-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-4720":{"scope":"remote","description":"Email::Address module before 1.904 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service (CPU consumption) via vectors related to \"backtracking into the phrase,\" a different vulnerability than CVE-2014-0477.","releases":{"buster":{"fixed_version":"1.905-1","repositories":{"buster":"1.912-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.905-1","repositories":{"stretch":"1.908-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.905-1","repositories":{"jessie":"1.905-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.905-1","repositories":{"sid":"1.912-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-7686":{"debianbug":868170,"scope":"remote","description":"Algorithmic complexity vulnerability in Address.pm in the Email-Address module 1.908 and earlier for Perl allows remote attackers to cause a denial of service (CPU consumption) via a crafted string containing a list of e-mail addresses in conjunction with parenthesis characters that can be associated with nested comments. NOTE: the default configuration in 1.908 mitigates this vulnerability but misparses certain realistic comments.","releases":{"buster":{"fixed_version":"1.912-1","repositories":{"buster":"1.912-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.908-1+deb9u1","repositories":{"stretch":"1.908-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.905-2"},"urgency":"unimportant","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.912-1","repositories":{"sid":"1.912-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-0477":{"scope":"remote","description":"The parse function in Email::Address module before 1.905 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service (CPU consumption) via an empty quoted string in an RFC 2822 address.","releases":{"buster":{"fixed_version":"1.905-1","repositories":{"buster":"1.912-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.905-1","repositories":{"stretch":"1.908-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.905-1","repositories":{"jessie":"1.905-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.905-1","repositories":{"sid":"1.912-1"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0000000-F41FA7":{"releases":{"buster":{"fixed_version":"1.908-1","repositories":{"buster":"1.912-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"1.908-1","repositories":{"stretch":"1.908-1+deb9u1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"nodsa":"Minor issue vs. usability impact of module","repositories":{"jessie":"1.905-2"},"urgency":"not yet assigned","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"1.908-1","repositories":{"sid":"1.912-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2008-4099":{"debianbug":490217,"scope":"remote","description":"PyDNS (aka python-dns) before 2.3.1-4 in Debian GNU/Linux does not use random source ports or transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.","releases":{"buster":{"fixed_version":"2.3.1-5","repositories":{"buster":"2.3.6-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.3.1-5","repositories":{"stretch":"2.3.6-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.3.1-5","repositories":{"jessie":"2.3.6-3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.3.1-5","repositories":{"sid":"2.3.6-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-1447":{"debianbug":490123,"scope":"remote","description":"The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka \"DNS Insufficient Socket Entropy Vulnerability\" or \"the Kaminsky bug.\"","releases":{"buster":{"fixed_version":"2.3.1-5","repositories":{"buster":"2.3.6-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.3.1-5","repositories":{"stretch":"2.3.6-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.3.1-5","repositories":{"jessie":"2.3.6-3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.3.1-5","repositories":{"sid":"2.3.6-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-4126":{"debianbug":490217,"scope":"remote","description":"PyDNS (aka python-dns) before 2.3.1-5 in Debian GNU/Linux does not use random source ports for DNS requests and does not use random transaction IDs for DNS retries, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4099.","releases":{"buster":{"fixed_version":"2.3.1-5","repositories":{"buster":"2.3.6-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.3.1-5","repositories":{"stretch":"2.3.6-3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.3.1-5","repositories":{"jessie":"2.3.6-3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.3.1-5","repositories":{"sid":"2.3.6-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-3355":{"debianbug":598288,"scope":"local","description":"Ember 0.5.7 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.","releases":{"stretch":{"fixed_version":"0.5.7-1.1","repositories":{"stretch":"0.7.2+dfsg-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.5.7-1.1","repositories":{"jessie":"0.6.2+dfsg-2.1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.5.7-1.1","repositories":{"sid":"0.7.2+dfsg-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-5461":{"scope":"remote","description":"Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.","releases":{"buster":{"fixed_version":"5.2.3-1","repositories":{"buster":"5.2.4-1.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"5.2.3-1","repositories":{"stretch":"5.2.4-1.1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"5.2.3-1","repositories":{"jessie":"5.2.3-1.1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"5.2.3-1","repositories":{"sid":"5.2.4-1.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-6706":{"debianbug":920321,"scope":"remote","description":"Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.2.4-1.1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"5.2.4-1.1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"5.2.3-1.1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.2.4-1.1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-4973":{"debianbug":848704,"scope":"local","description":"Binaries compiled against targets that use the libssp library in GCC for stack smashing protection (SSP) might allow local users to perform buffer overflow attacks by leveraging lack of the Object Size Checking feature.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch-security":"6.3.0-18+deb9u1","stretch":"6.3.0-18+deb9u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-11671":{"scope":"local","description":"Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation.","releases":{"stretch":{"fixed_version":"6.3.0-12","repositories":{"stretch-security":"6.3.0-18+deb9u1","stretch":"6.3.0-18+deb9u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2014-5461":{"scope":"remote","description":"Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.","releases":{"buster":{"fixed_version":"5.1.5-7","repositories":{"buster":"5.1.5-8.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"5.1.5-7","repositories":{"stretch":"5.1.5-8.1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"5.1.5-7","repositories":{"jessie":"5.1.5-7.1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"5.1.5-7","repositories":{"sid":"5.1.5-8.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-6706":{"debianbug":920321,"scope":"remote","description":"Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.1.5-8.1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"5.1.5-8.1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"5.1.5-7.1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.1.5-8.1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-6706":{"debianbug":920321,"scope":"remote","description":"Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.","releases":{"buster":{"nodsa":"Minor issue, revisit when fixed upstream","repositories":{"buster":"5.3.3-1.1"},"urgency":"medium**","nodsa_reason":"postponed","status":"open"},"stretch":{"nodsa":"Minor issue, revisit when fixed upstream","repositories":{"stretch":"5.3.3-1"},"urgency":"medium**","nodsa_reason":"postponed","status":"open"},"sid":{"repositories":{"sid":"5.3.3-1.1"},"urgency":"medium**","status":"open"}}}}
{"CVE-2006-1695":{"debianbug":361370,"scope":"local","description":"The fbgs script in the fbi package 2.01-1.4, when the TMPDIR environment variable is not defined, allows local users to overwrite arbitrary files via a symlink attack on temporary files in /var/tmp/fbps-[PID].","releases":{"buster":{"fixed_version":"2.05-1","repositories":{"buster":"2.10-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2.05-1","repositories":{"stretch":"2.10-2"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"2.05-1","repositories":{"jessie":"2.09-1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2.05-1","repositories":{"sid":"2.10-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2006-3119":{"scope":"remote","description":"The fbgs framebuffer Postscript/PDF viewer in fbi before 2.01 has a typo that prevents a filter from working correctly, which allows user-assisted attackers to bypass the filter and execute malicious Postscript commands.","releases":{"buster":{"fixed_version":"2.05-1","repositories":{"buster":"2.10-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.05-1","repositories":{"stretch":"2.10-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.05-1","repositories":{"jessie":"2.09-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.05-1","repositories":{"sid":"2.10-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-1000223":{"debianbug":905491,"scope":"remote","description":"soundtouch version up to and including 2.0.0 contains a Buffer Overflow vulnerability in SoundStretch/WavFile.cpp:WavInFile::readHeaderBlock() that can result in arbitrary code execution. This attack appear to be exploitable via victim must open maliocius file in soundstretch utility.","releases":{"buster":{"fixed_version":"2.1.2+ds1-1","repositories":{"buster":"2.1.2+ds1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.9.2-2+deb9u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.8.0-1+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.1.2+ds1-1","repositories":{"sid":"2.1.2+ds1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-17098":{"debianbug":913894,"scope":"remote","description":"The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (heap corruption from size inconsistency) or possibly have unspecified other impact, as demonstrated by SoundStretch.","releases":{"buster":{"fixed_version":"2.1.2+ds1-1","repositories":{"buster":"2.1.2+ds1-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.9.2-2+deb9u1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.8.0-1+deb8u1"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"2.1.2+ds1-1","repositories":{"sid":"2.1.2+ds1-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-17096":{"scope":"remote","description":"The BPMDetect class in BPMDetect.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch.","releases":{"buster":{"fixed_version":"2.1.2+ds1-1","repositories":{"buster":"2.1.2+ds1-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.9.2-2+deb9u1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.8.0-1+deb8u1"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"2.1.2+ds1-1","repositories":{"sid":"2.1.2+ds1-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-17097":{"debianbug":913895,"scope":"remote","description":"The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (double free) or possibly have unspecified other impact, as demonstrated by SoundStretch.","releases":{"buster":{"fixed_version":"2.1.2+ds1-1","repositories":{"buster":"2.1.2+ds1-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.9.2-2+deb9u1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.8.0-1+deb8u1"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"2.1.2+ds1-1","repositories":{"sid":"2.1.2+ds1-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-9258":{"debianbug":870854,"scope":"remote","description":"The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted wav file.","releases":{"buster":{"fixed_version":"1.9.2-3","repositories":{"buster":"2.1.2+ds1-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.9.2-2+deb9u1","repositories":{"stretch":"1.9.2-2+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.8.0-1+deb8u1","repositories":{"jessie":"1.8.0-1+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.9.2-3","repositories":{"sid":"2.1.2+ds1-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-9259":{"debianbug":870856,"scope":"remote","description":"The TDStretch::acceptNewOverlapLength function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted wav file.","releases":{"buster":{"fixed_version":"1.9.2-3","repositories":{"buster":"2.1.2+ds1-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.9.2-2+deb9u1","repositories":{"stretch":"1.9.2-2+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.8.0-1+deb8u1","repositories":{"jessie":"1.8.0-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.9.2-3","repositories":{"sid":"2.1.2+ds1-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-14045":{"debianbug":905504,"scope":"remote","description":"The FIRFilter::evaluateFilterMulti function in FIRFilter.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch.","releases":{"buster":{"fixed_version":"2.1.2+ds1-1","repositories":{"buster":"2.1.2+ds1-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.9.2-2+deb9u1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.8.0-1+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.1.2+ds1-1","repositories":{"sid":"2.1.2+ds1-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-9260":{"debianbug":870857,"scope":"remote","description":"The TDStretchSSE::calcCrossCorr function in source/SoundTouch/sse_optimized.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted wav file.","releases":{"buster":{"fixed_version":"1.9.2-3","repositories":{"buster":"2.1.2+ds1-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.9.2-2+deb9u1","repositories":{"stretch":"1.9.2-2+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.8.0-1+deb8u1","repositories":{"jessie":"1.8.0-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.9.2-3","repositories":{"sid":"2.1.2+ds1-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-14044":{"debianbug":905504,"scope":"remote","description":"The RateTransposer::setChannels function in RateTransposer.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch.","releases":{"buster":{"fixed_version":"2.1.2+ds1-1","repositories":{"buster":"2.1.2+ds1-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.9.2-2+deb9u1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.8.0-1+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.1.2+ds1-1","repositories":{"sid":"2.1.2+ds1-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-1254":{"scope":"remote","description":"James Stone Tunapie 2.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a stream URL.","releases":{"buster":{"fixed_version":"2.1.17-1","repositories":{"buster":"2.1.19-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.1.17-1","repositories":{"stretch":"2.1.19-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.1.17-1","repositories":{"jessie":"2.1.17-3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.1.17-1","repositories":{"sid":"2.1.19-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-1253":{"scope":"local","description":"James Stone Tunapie 2.1 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file.","releases":{"buster":{"fixed_version":"2.1.17-1","repositories":{"buster":"2.1.19-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.1.17-1","repositories":{"stretch":"2.1.19-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.1.17-1","repositories":{"jessie":"2.1.17-3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.1.17-1","repositories":{"sid":"2.1.19-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-6049":{"scope":"local","description":"apt-listbugs before 0.1.10 creates temporary files insecurely, which allows attackers to have unspecified impact via unknown vectors.","releases":{"buster":{"fixed_version":"0.1.10","repositories":{"buster":"0.1.28"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.1.10","repositories":{"stretch":"0.1.22"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.1.10","repositories":{"jessie":"0.1.16"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.1.10","repositories":{"sid":"0.1.28"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-9584":{"debianbug":852034,"scope":"remote","description":"libical allows remote attackers to cause a denial of service (use-after-free) and possibly read heap memory via a crafted ics file.","releases":{"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.0.0-0.5"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.0-1.3"},"urgency":"medium**","nodsa_reason":"","status":"open"}}}}
{"CVE-2016-5825":{"scope":"remote","description":"The icalparser_parse_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted ics file.","releases":{"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.0.0-0.5"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.0-1.3"},"urgency":"medium**","nodsa_reason":"","status":"open"}}}}
{"CVE-2016-5824":{"debianbug":860451,"scope":"remote","description":"libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file.","releases":{"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.0.0-0.5"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.0-1.3"},"urgency":"medium**","nodsa_reason":"","status":"open"}}}}
{"CVE-2016-5827":{"scope":"remote","description":"The icaltime_from_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted string to the icalparser_parse_string function.","releases":{"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.0.0-0.5"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.0-1.3"},"urgency":"medium**","nodsa_reason":"","status":"open"}}}}
{"CVE-2016-5826":{"scope":"remote","description":"The parser_get_next_char function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) by crafting a string to the icalparser_parse_string function.","releases":{"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.0.0-0.5"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.0-1.3"},"urgency":"medium**","nodsa_reason":"","status":"open"}}}}
{"CVE-2016-5823":{"scope":"remote","description":"The icalproperty_new_clone function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file.","releases":{"stretch":{"fixed_version":"1.0-1","repositories":{"stretch":"2.0.0-0.5"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0-1","repositories":{"jessie":"1.0-1.3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2004-2552":{"debianbug":343560,"scope":"local","description":"Buffer overflow in XBoard 4.2.7 and earlier might allow local users to execute arbitrary code via a long -icshost command line argument. NOTE: since the program is not setuid and not normally called from remote programs, there may not be a typical attack vector for the issue that crosses privilege boundaries.  Therefore this may not be a vulnerability.","releases":{"buster":{"fixed_version":"4.2.7-3","repositories":{"buster":"4.9.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"4.2.7-3","repositories":{"stretch":"4.9.1-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"4.2.7-3","repositories":{"jessie":"4.8.0-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"4.2.7-3","repositories":{"sid":"4.9.1-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-3378":{"debianbug":598422,"scope":"local","description":"The (1) scilab, (2) scilab-cli, and (3) scilab-adv-cli scripts in Scilab 5.2.2 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.","releases":{"buster":{"fixed_version":"5.2.2-8","repositories":{"buster":"6.0.1-9"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"5.2.2-8","repositories":{"stretch":"5.5.2-4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"5.2.2-8","repositories":{"jessie":"5.5.1-7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"5.2.2-8","repositories":{"sid":"6.0.1-10"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-4983":{"debianbug":496414,"scope":"local","description":"scilab-bin 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/SciLink#####1, (b) /tmp/SciLink#####2, (c) /tmp/SciLink#####3, (d) /tmp/*.#####, (e) /tmp/*.#####.res, (f) /tmp/*.#####.err, and (g) /tmp/*.#####.diff temporary files, related to the (1) scilink, (2) scidoc, and (3) scidem scripts.","releases":{"buster":{"fixed_version":"4.1.2-6","repositories":{"buster":"6.0.1-9"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"4.1.2-6","repositories":{"stretch":"5.5.2-4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"4.1.2-6","repositories":{"jessie":"5.5.1-7"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"4.1.2-6","repositories":{"sid":"6.0.1-10"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-2532":{"debianbug":591409,"scope":"local","description":"** DISPUTED **  lxsession-logout in lxsession in LXDE, as used on SUSE openSUSE 11.3 and other platforms, does not lock the screen when the Suspend or Hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action.  NOTE: there is no general agreement that this is a vulnerability, because separate control over locking can be an equally secure, or more secure, behavior in some threat environments.","releases":{"buster":{"fixed_version":"0.4.4-3","repositories":{"buster":"0.5.4-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.4.4-3","repositories":{"stretch":"0.5.3-2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.4.4-3","repositories":{"jessie":"0.5.1-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.4.4-3","repositories":{"sid":"0.5.4-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-3369":{"debianbug":645324,"scope":"remote","description":"The add_conversation function in conversations.c in EtherApe before 0.9.12 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RPC packet, related to the get_rpc function in decode_proto.c.","releases":{"buster":{"fixed_version":"0.9.12-1","repositories":{"buster":"0.9.18-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.9.12-1","repositories":{"stretch":"0.9.13-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.9.12-1","repositories":{"jessie":"0.9.13-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.9.12-1","repositories":{"sid":"0.9.18-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2006-2196":{"scope":"local","description":"Unspecified vulnerability in pinball 0.3.1 allows local users to gain privileges via unknown attack vectors that cause pinball to load plugins from an attacker-controlled directory while operating at raised privileges.","releases":{"buster":{"fixed_version":"0.3.1-6","repositories":{"buster":"0.3.1-14.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.3.1-6","repositories":{"stretch":"0.3.1-13.6"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.3.1-6","repositories":{"jessie":"0.3.1-13.2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.3.1-6","repositories":{"sid":"0.3.1-14.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-3736":{"debianbug":559797,"scope":"local","description":"ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.","releases":{"buster":{"fixed_version":"0.3.1-11","repositories":{"buster":"0.3.1-14.1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.3.1-11","repositories":{"stretch":"0.3.1-13.6"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.3.1-11","repositories":{"jessie":"0.3.1-13.2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.3.1-11","repositories":{"sid":"0.3.1-14.1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-6173":{"debianbug":830806,"scope":"remote","description":"NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data.","releases":{"buster":{"fixed_version":"4.1.11-1","repositories":{"buster":"4.1.26-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"4.1.11-1","repositories":{"stretch":"4.1.14-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"4.1.0-3"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"4.1.11-1","repositories":{"sid":"4.1.26-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-1755":{"debianbug":529418,"scope":"remote","description":"Off-by-one error in the packet_read_query_section function in packet.c in nsd 3.2.1, and process_query_section in query.c in nsd 2.3.7, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a buffer overflow.","releases":{"buster":{"fixed_version":"2.3.7-3","repositories":{"buster":"4.1.26-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.3.7-3","repositories":{"stretch":"4.1.14-1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.3.7-3","repositories":{"jessie":"4.1.0-3"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.3.7-3","repositories":{"sid":"4.1.26-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2016-2224":{"scope":"remote","description":"The __decode_dotted function in libc/inet/resolv.c in uClibc-ng before 1.0.12 allows remote DNS servers to cause a denial of service (infinite loop) via vectors involving compressed items in a reply.","releases":{"buster":{"repositories":{"buster":"1.0.31-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"1.0.20-2"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"0.9.32-1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"1.0.31-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-2225":{"scope":"remote","description":"The __read_etc_hosts_r function in libc/inet/resolv.c in uClibc-ng before 1.0.12 allows remote DNS servers to cause a denial of service (infinite loop) via a crafted packet.","releases":{"buster":{"repositories":{"buster":"1.0.31-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"1.0.20-2"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"0.9.32-1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"1.0.31-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-6264":{"debianbug":811275,"scope":"remote","description":"Integer signedness error in libc/string/arm/memset.S in uClibc and uClibc-ng before 1.0.16 allows context-dependent attackers to cause a denial of service (crash) via a negative length value to the memset function.","releases":{"buster":{"repositories":{"buster":"1.0.31-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"1.0.20-2"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"0.9.32-1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"1.0.31-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-9728":{"scope":"remote","description":"In uClibc 0.9.33.2, there is an out-of-bounds read in the get_subexp function in misc/regex/regexec.c when processing a crafted regular expression.","releases":{"buster":{"repositories":{"buster":"1.0.31-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"1.0.20-2"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"0.9.32-1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"1.0.31-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-9729":{"scope":"remote","description":"In uClibc 0.9.33.2, there is stack exhaustion (uncontrolled recursion) in the check_dst_limits_calc_pos_1 function in misc/regex/regexec.c when processing a crafted regular expression.","releases":{"buster":{"repositories":{"buster":"1.0.31-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"1.0.20-2"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"0.9.32-1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"1.0.31-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2013-4662":{"scope":"remote","description":"The Quick Search API in CiviCRM 4.2.0 through 4.2.9 and 4.3.0 through 4.3.3 allows remote authenticated users to bypass the validation layer and conduct SQL injection attacks via a direct request to the \"second layer\" of the API, related to contact.getquick.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"5.11.0+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-4661":{"scope":"remote","description":"CiviCRM 2.0.0 through 4.2.9 and 4.3.0 through 4.3.3 does not properly enforce role-based access control (RBAC) restrictions for default custom searches, which allows remote authenticated users with the \"access CiviCRM\" permission to bypass intended access restrictions, as demonstrated by accessing custom contribution data without having the \"access CiviContribute\" permission.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"5.11.0+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-5239":{"scope":"remote","description":"CiviCRM 4.0.5 and 4.1.1 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"5.11.0+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"TEMP-0887330-0F8779":{"debianbug":887330,"releases":{"sid":{"fixed_version":"4.7.30+dfsg-1","repositories":{"sid":"5.11.0+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-1999022":{"debianbug":904215,"scope":"remote","description":"PEAR HTML_QuickForm version 3.2.14 contains an eval injection (CWE-95) vulnerability in HTML_QuickForm's getSubmitValue method, HTML_QuickForm's validate method, HTML_QuickForm_hierselect's _setOptions method, HTML_QuickForm_element's _findValue method, HTML_QuickForm_element's _prepareValue method. that can result in Possible information disclosure, possible impact on data integrity and execution of arbitrary code. This attack appear to be exploitable via A specially crafted query string could be utilised, e.g. http://www.example.com/admin/add_practice_type_id[1]=fubar%27])%20OR%20die(%27OOK!%27);%20//&mode=live. This vulnerability appears to have been fixed in 3.2.15.","releases":{"sid":{"fixed_version":"5.3.1+dfsg-1","repositories":{"sid":"5.11.0+dfsg-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-5957":{"scope":"remote","description":"Multiple SQL injection vulnerabilities in CRM/Core/Page/AJAX/Location.php in CiviCRM before 4.2.12, 4.3.x before 4.3.7, and 4.4.x before 4.4.beta4 allow remote attackers to execute arbitrary SQL commands via the _value parameter to (1) ajax/jqState or (2) ajax/jqcounty.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"5.11.0+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-1292":{"debianbug":471380,"scope":"remote","description":"ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading (1) forbidden pathnames in the revision view, (2) log history that can only be reached by traversing a forbidden object, or (3) forbidden diff view path parameters.","releases":{"buster":{"fixed_version":"1.0.5-0.1","repositories":{"buster":"1.1.26-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.5-0.1","repositories":{"stretch":"1.1.26-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.5-0.1","repositories":{"jessie":"1.1.22-1+deb8u1","jessie-security":"1.1.22-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.5-0.1","repositories":{"sid":"1.1.26-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-1291":{"debianbug":471380,"scope":"remote","description":"ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder.","releases":{"buster":{"fixed_version":"1.0.5-0.1","repositories":{"buster":"1.1.26-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.5-0.1","repositories":{"stretch":"1.1.26-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.5-0.1","repositories":{"jessie":"1.1.22-1+deb8u1","jessie-security":"1.1.22-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.5-0.1","repositories":{"sid":"1.1.26-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-1290":{"debianbug":471380,"scope":"remote","description":"ViewVC before 1.0.5 includes \"all-forbidden\" files within search results that list CVS or Subversion (SVN) commits, which allows remote attackers to obtain sensitive information.","releases":{"buster":{"fixed_version":"1.0.5-0.1","repositories":{"buster":"1.1.26-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.5-0.1","repositories":{"stretch":"1.1.26-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.5-0.1","repositories":{"jessie":"1.1.22-1+deb8u1","jessie-security":"1.1.22-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.5-0.1","repositories":{"sid":"1.1.26-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-3357":{"debianbug":679069,"scope":"remote","description":"The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers to obtain sensitive information, related to a \"log msg leak.\"","releases":{"buster":{"fixed_version":"1.1.5-1.3","repositories":{"buster":"1.1.26-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.1.5-1.3","repositories":{"stretch":"1.1.26-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.1.5-1.3","repositories":{"jessie":"1.1.22-1+deb8u1","jessie-security":"1.1.22-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.1.5-1.3","repositories":{"sid":"1.1.26-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-3356":{"debianbug":679069,"scope":"remote","description":"The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC before 1.1.15 does not properly perform authorization, which allows remote attackers to bypass intended access restrictions via unspecified vectors.","releases":{"buster":{"fixed_version":"1.1.5-1.3","repositories":{"buster":"1.1.26-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.1.5-1.3","repositories":{"stretch":"1.1.26-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.1.5-1.3","repositories":{"jessie":"1.1.22-1+deb8u1","jessie-security":"1.1.22-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.1.5-1.3","repositories":{"sid":"1.1.26-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-4533":{"debianbug":691062,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in the \"extra\" details in the DiffSource._get_row function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13 and 1.1.x before 1.1.16 allows remote authenticated users with repository commit access to inject arbitrary web script or HTML via the \"function name\" line.","releases":{"buster":{"fixed_version":"1.1.5-1.4","repositories":{"buster":"1.1.26-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.1.5-1.4","repositories":{"stretch":"1.1.26-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.1.5-1.4","repositories":{"jessie":"1.1.22-1+deb8u1","jessie-security":"1.1.22-1+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.1.5-1.4","repositories":{"sid":"1.1.26-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-4325":{"debianbug":500779,"scope":"remote","description":"lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in the HTTP request for the Content-Type header in the HTTP response, which allows remote attackers to cause content to be misinterpreted by the browser via a content-type parameter that is inconsistent with the requested object.  NOTE: this issue might not be a vulnerability, since it requires attacker access to the repository that is being viewed.","releases":{"buster":{"fixed_version":"1.0.9-1","repositories":{"buster":"1.1.26-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.0.9-1","repositories":{"stretch":"1.1.26-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1.0.9-1","repositories":{"jessie":"1.1.22-1+deb8u1","jessie-security":"1.1.22-1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.0.9-1","repositories":{"sid":"1.1.26-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-3618":{"debianbug":545779,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in viewvc.py in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the view parameter.  NOTE: some of these details are obtained from third party information.","releases":{"buster":{"fixed_version":"1.0.9-1","repositories":{"buster":"1.1.26-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.0.9-1","repositories":{"stretch":"1.1.26-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.0.9-1","repositories":{"jessie":"1.1.22-1+deb8u1","jessie-security":"1.1.22-1+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.0.9-1","repositories":{"sid":"1.1.26-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-3619":{"debianbug":545779,"scope":"remote","description":"Unspecified vulnerability in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 has unknown impact and remote attack vectors related to \"printing illegal parameter names and values.\"","releases":{"buster":{"fixed_version":"1.0.9-1","repositories":{"buster":"1.1.26-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.0.9-1","repositories":{"stretch":"1.1.26-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.0.9-1","repositories":{"jessie":"1.1.22-1+deb8u1","jessie-security":"1.1.22-1+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.0.9-1","repositories":{"sid":"1.1.26-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-5938":{"debianbug":854681,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name.","releases":{"buster":{"fixed_version":"1.1.26-1","repositories":{"buster":"1.1.26-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.1.26-1","repositories":{"stretch":"1.1.26-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.1.22-1+deb8u1","repositories":{"jessie":"1.1.22-1+deb8u1","jessie-security":"1.1.22-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.1.26-1","repositories":{"sid":"1.1.26-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-0132":{"debianbug":576307,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to \"search_re input,\" a different vulnerability than CVE-2010-0736.","releases":{"buster":{"fixed_version":"1.1.5-1","repositories":{"buster":"1.1.26-1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.1.5-1","repositories":{"stretch":"1.1.26-1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.1.5-1","repositories":{"jessie":"1.1.22-1+deb8u1","jessie-security":"1.1.22-1+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.1.5-1","repositories":{"sid":"1.1.26-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2006-5442":{"debianbug":397669,"scope":"remote","description":"ViewVC 1.0.2 and earlier does not specify a charset in its HTTP headers or HTML documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks that inject arbitrary UTF-7 encoded JavaScript code via a view.","releases":{"buster":{"fixed_version":"1.0.3-1","repositories":{"buster":"1.1.26-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.0.3-1","repositories":{"stretch":"1.1.26-1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.0.3-1","repositories":{"jessie":"1.1.22-1+deb8u1","jessie-security":"1.1.22-1+deb8u1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.0.3-1","repositories":{"sid":"1.1.26-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2009-5024":{"debianbug":671482,"scope":"remote","description":"ViewVC before 1.1.11 allows remote attackers to bypass the cvsdb row_limit configuration setting, and consequently conduct resource-consumption attacks, via the limit parameter, as demonstrated by a \"query revision history\" request.","releases":{"buster":{"fixed_version":"1.1.5-1.3","repositories":{"buster":"1.1.26-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.1.5-1.3","repositories":{"stretch":"1.1.26-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.1.5-1.3","repositories":{"jessie":"1.1.22-1+deb8u1","jessie-security":"1.1.22-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.1.5-1.3","repositories":{"sid":"1.1.26-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-4831":{"scope":"remote","description":"viewcvs in ViewCVS 0.9.2 allows remote attackers to set the Content-Type header to arbitrary values via the content-type parameter, which can be leveraged for cross-site scripting (XSS) and other attacks, as demonstrated using (1) \"text/html\", or (2) \"image/jpeg\" with an image that is rendered as HTML by Internet Explorer, a different vulnerability than CVE-2004-1062.  NOTE: it was later reported that 0.9.4 is also affected.","releases":{"buster":{"fixed_version":"0.9.4+svn20060318-1","repositories":{"buster":"1.1.26-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.9.4+svn20060318-1","repositories":{"stretch":"1.1.26-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.9.4+svn20060318-1","repositories":{"jessie":"1.1.22-1+deb8u1","jessie-security":"1.1.22-1+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.9.4+svn20060318-1","repositories":{"sid":"1.1.26-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2005-4830":{"scope":"remote","description":"CRLF injection vulnerability in viewcvs in ViewCVS 0.9.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the content-type parameter.","releases":{"buster":{"fixed_version":"0.9.4+svn20060318-1","repositories":{"buster":"1.1.26-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.9.4+svn20060318-1","repositories":{"stretch":"1.1.26-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.9.4+svn20060318-1","repositories":{"jessie":"1.1.22-1+deb8u1","jessie-security":"1.1.22-1+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.9.4+svn20060318-1","repositories":{"sid":"1.1.26-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-0736":{"debianbug":575787,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in the view_queryform function in lib/viewvc.py in ViewVC before 1.0.10, and 1.1.x before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via \"user-provided input.\"","releases":{"buster":{"fixed_version":"1.1.5-1","repositories":{"buster":"1.1.26-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.1.5-1","repositories":{"stretch":"1.1.26-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.1.5-1","repositories":{"jessie":"1.1.22-1+deb8u1","jessie-security":"1.1.22-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.1.5-1","repositories":{"sid":"1.1.26-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-5743":{"debianbug":416696,"releases":{"buster":{"fixed_version":"1.0.3-2.1","repositories":{"buster":"1.1.26-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"1.0.3-2.1","repositories":{"stretch":"1.1.26-1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"1.0.3-2.1","repositories":{"jessie":"1.1.22-1+deb8u1","jessie-security":"1.1.22-1+deb8u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"1.0.3-2.1","repositories":{"sid":"1.1.26-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2010-0005":{"debianbug":575777,"scope":"remote","description":"query.py in the query interface in ViewVC before 1.1.3 does not reject configurations that specify an unsupported authorizer for a root, which might allow remote attackers to bypass intended access restrictions via a query.","releases":{"buster":{"fixed_version":"1.1.5-1","repositories":{"buster":"1.1.26-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.1.5-1","repositories":{"stretch":"1.1.26-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.1.5-1","repositories":{"jessie":"1.1.22-1+deb8u1","jessie-security":"1.1.22-1+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.1.5-1","repositories":{"sid":"1.1.26-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-0004":{"debianbug":575777,"scope":"remote","description":"ViewVC before 1.1.3 composes the root listing view without using the authorizer for each root, which might allow remote attackers to discover private root names by reading this view.","releases":{"buster":{"fixed_version":"1.1.5-1","repositories":{"buster":"1.1.26-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.1.5-1","repositories":{"stretch":"1.1.26-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.1.5-1","repositories":{"jessie":"1.1.22-1+deb8u1","jessie-security":"1.1.22-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.1.5-1","repositories":{"sid":"1.1.26-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-9622":{"debianbug":773085,"scope":"remote","description":"Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open.","releases":{"buster":{"fixed_version":"1.1.0~rc1+git20111210-7.3","repositories":{"buster":"1.1.3-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.1.0~rc1+git20111210-7.3","repositories":{"stretch-security":"1.1.1-1+deb9u1","stretch":"1.1.1-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.1.0~rc1+git20111210-7.3","repositories":{"jessie":"1.1.0~rc1+git20111210-7.4+deb8u1","jessie-security":"1.1.0~rc1+git20111210-7.4+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.1.0~rc1+git20111210-7.3","repositories":{"sid":"1.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-18266":{"debianbug":898317,"scope":"remote","description":"The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable.","releases":{"buster":{"fixed_version":"1.1.3-1","repositories":{"buster":"1.1.3-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.1.1-1+deb9u1","repositories":{"stretch-security":"1.1.1-1+deb9u1","stretch":"1.1.1-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.1.0~rc1+git20111210-7.4+deb8u1","repositories":{"jessie":"1.1.0~rc1+git20111210-7.4+deb8u1","jessie-security":"1.1.0~rc1+git20111210-7.4+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.1.3-1","repositories":{"sid":"1.1.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-0068":{"scope":"remote","description":"Interaction error in xdg-open allows remote attackers to execute arbitrary code by sending a file with a dangerous MIME type but using a safe type that Firefox sends to xdg-open, which causes xdg-open to process the dangerous file type through automatic type detection, as demonstrated by overwriting the .desktop file.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.1.3-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1.1.1-1+deb9u1","stretch":"1.1.1-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.1.0~rc1+git20111210-7.4+deb8u1","jessie-security":"1.1.0~rc1+git20111210-7.4+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.1.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-1877":{"debianbug":777722,"releases":{"buster":{"fixed_version":"1.1.0~rc1+git20111210-7.4","repositories":{"buster":"1.1.3-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"1.1.0~rc1+git20111210-7.4","repositories":{"stretch-security":"1.1.1-1+deb9u1","stretch":"1.1.1-1+deb9u1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"1.1.0~rc1+git20111210-7.4","repositories":{"jessie":"1.1.0~rc1+git20111210-7.4+deb8u1","jessie-security":"1.1.0~rc1+git20111210-7.4+deb8u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"1.1.0~rc1+git20111210-7.4","repositories":{"sid":"1.1.3-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2008-0386":{"scope":"remote","description":"Xdg-utils 1.0.2 and earlier allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URL argument to (1) xdg-open or (2) xdg-email.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.1.3-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1.1.1-1+deb9u1","stretch":"1.1.1-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.1.0~rc1+git20111210-7.4+deb8u1","jessie-security":"1.1.0~rc1+git20111210-7.4+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.1.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-0118":{"scope":"remote","description":"The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size.","releases":{"buster":{"fixed_version":"2.4.10-1","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.10-1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.10-1","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.10-1","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-0117":{"scope":"remote","description":"The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header.","releases":{"buster":{"fixed_version":"2.4.10-1","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.10-1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.10-1","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.10-1","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-3607":{"scope":"local","description":"Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"2.2.21-4","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.2.21-4","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.2.21-4","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.2.21-4","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-4415":{"scope":"local","description":"The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the \"len +=\" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.","releases":{"buster":{"fixed_version":"2.4.1-1","repositories":{"buster":"2.4.38-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.4.1-1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.4.1-1","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.4.1-1","repositories":{"sid":"2.4.38-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2004-0942":{"scope":"remote","description":"Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.","releases":{"buster":{"fixed_version":"2.0.52-2","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.0.52-2","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.0.52-2","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.0.52-2","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-2970":{"debianbug":340337,"scope":"remote","description":"Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.","releases":{"buster":{"fixed_version":"2.0.55-1","repositories":{"buster":"2.4.38-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.0.55-1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.0.55-1","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.0.55-1","repositories":{"sid":"2.4.38-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2004-0786":{"scope":"remote","description":"The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.","releases":{"buster":{"fixed_version":"2.0.51","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.0.51","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.0.51","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.0.51","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-0231":{"scope":"remote","description":"The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.","releases":{"buster":{"fixed_version":"2.4.10-1","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.10-1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.10-1","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.10-1","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5387":{"scope":"remote","description":"The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue.  NOTE: the vendor states \"This mitigation has been assigned the identifier CVE-2016-5387\"; in other words, this is not a CVE ID for a vulnerability.","releases":{"buster":{"fixed_version":"2.4.23-2","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.23-2","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.10-10+deb8u5","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.23-2","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0535886-8B62DC":{"debianbug":535886,"releases":{"buster":{"fixed_version":"2.2.9-1","repositories":{"buster":"2.4.38-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.2.9-1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.2.9-1","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.2.9-1","repositories":{"sid":"2.4.38-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2003-0254":{"scope":"remote","description":"Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.","releases":{"buster":{"fixed_version":"2.0.47","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.0.47","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.0.47","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.0.47","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2003-0134":{"scope":"remote","description":"Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.","releases":{"buster":{"fixed_version":"2.0.46","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.0.46","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.0.46","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.0.46","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2003-0253":{"scope":"remote","description":"The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.","releases":{"buster":{"fixed_version":"2.0.47","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.0.47","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.0.47","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.0.47","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2003-0132":{"scope":"remote","description":"A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.","releases":{"buster":{"fixed_version":"2.0.45","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.0.45","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.0.45","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.0.45","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-1048":{"scope":"local","description":"The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.","releases":{"buster":{"fixed_version":"2.2.22-13","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.2.22-13","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.2.22-13","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.2.22-13","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2003-1581":{"debianbug":570740,"scope":"remote","description":"The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an \"Inverse Lookup Log Corruption (ILLC)\" issue.","releases":{"buster":{"repositories":{"buster":"2.4.38-3"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2.4.38-3"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-4979":{"scope":"remote","description":"The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not properly recognize the \"SSLVerifyClient require\" directive for HTTP/2 request authorization, which allows remote attackers to bypass intended access restrictions by leveraging the ability to send multiple requests over a single connection and aborting a renegotiation.","releases":{"buster":{"fixed_version":"2.4.23-1","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.23-1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.4.23-1","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2003-1580":{"debianbug":570740,"scope":"remote","description":"The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an \"Inverse Lookup Log Corruption (ILLC)\" issue.","releases":{"buster":{"repositories":{"buster":"2.4.38-3"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2.4.38-3"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2014-3583":{"scope":"remote","description":"The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers.","releases":{"buster":{"fixed_version":"2.4.10-8","repositories":{"buster":"2.4.38-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.4.10-8","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.4.10-8","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.4.10-8","repositories":{"sid":"2.4.38-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2006-4110":{"scope":"remote","description":"Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.4.38-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.4.38-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-3581":{"scope":"remote","description":"The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header.","releases":{"buster":{"fixed_version":"2.4.10-3","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.10-3","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.10-3","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.10-3","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-0455":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) \"406 Not Acceptable\" or (2) \"300 Multiple Choices\" HTTP response when the extension is omitted in a request for the file.","releases":{"buster":{"repositories":{"buster":"2.4.38-3"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2.4.38-3"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-4975":{"scope":"remote","description":"Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the \"Location\" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).","releases":{"buster":{"fixed_version":"2.4.25-1","repositories":{"buster":"2.4.38-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.4.25-1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.4.10-10+deb8u8","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.25-1","repositories":{"sid":"2.4.38-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-0456":{"scope":"remote","description":"CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) \"406 Not Acceptable\" or (2) \"300 Multiple Choices\" HTTP response when the extension is omitted in a request for the file.","releases":{"buster":{"repositories":{"buster":"2.4.38-3"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2.4.38-3"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2007-6423":{"scope":"remote","description":"** DISPUTED **  Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL.  NOTE: the vendor could not reproduce this issue.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.4.38-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.4.38-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-6420":{"scope":"remote","description":"Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.","releases":{"buster":{"fixed_version":"2.2.9-1","repositories":{"buster":"2.4.38-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.2.9-1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.2.9-1","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.2.9-1","repositories":{"sid":"2.4.38-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-6388":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","releases":{"buster":{"fixed_version":"2.2.8-1","repositories":{"buster":"2.4.38-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.2.8-1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.2.8-1","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.2.8-1","repositories":{"sid":"2.4.38-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2002-0654":{"scope":"remote","description":"Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.","releases":{"buster":{"fixed_version":"2.0.40","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.0.40","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.0.40","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.0.40","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-6421":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.","releases":{"buster":{"fixed_version":"2.2.8-1","repositories":{"buster":"2.4.38-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.2.8-1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.2.8-1","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.2.8-1","repositories":{"sid":"2.4.38-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-6422":{"scope":"remote","description":"The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.","releases":{"buster":{"fixed_version":"2.2.8-1","repositories":{"buster":"2.4.38-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.2.8-1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.2.8-1","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.2.8-1","repositories":{"sid":"2.4.38-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-3304":{"scope":"local","description":"Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka \"SIGUSR1 killer.\"","releases":{"buster":{"fixed_version":"2.2.4-2","repositories":{"buster":"2.4.38-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.2.4-2","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.2.4-2","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.2.4-2","repositories":{"sid":"2.4.38-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-3303":{"scope":"local","description":"Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes.  NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.","releases":{"buster":{"repositories":{"buster":"2.4.38-3"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2.4.38-3"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2015-3185":{"scope":"remote","description":"The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior.","releases":{"buster":{"fixed_version":"2.4.16-1","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.16-1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.10-10+deb8u1","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.16-1","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-3183":{"scope":"remote","description":"The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.","releases":{"buster":{"fixed_version":"2.4.16-1","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.16-1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.10-10+deb8u1","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.16-1","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-4558":{"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.","releases":{"buster":{"fixed_version":"2.2.22-13","repositories":{"buster":"2.4.38-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.2.22-13","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.2.22-13","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.2.22-13","repositories":{"sid":"2.4.38-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-3502":{"scope":"remote","description":"The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.4.38-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.4.38-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-4557":{"scope":"remote","description":"The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.","releases":{"buster":{"fixed_version":"2.2.22-1","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.2.22-1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.2.22-1","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.2.22-1","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2003-0789":{"scope":"remote","description":"mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.","releases":{"buster":{"fixed_version":"2.0.48","repositories":{"buster":"2.4.38-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.0.48","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.0.48","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.0.48","repositories":{"sid":"2.4.38-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-12171":{"scope":"remote","description":"A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the \"Allow\" and \"Deny\" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.4.38-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.4.38-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2003-0542":{"scope":"local","description":"Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.","releases":{"buster":{"fixed_version":"2.0.48","repositories":{"buster":"2.4.38-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.0.48","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.0.48","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.0.48","repositories":{"sid":"2.4.38-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-0226":{"scope":"remote","description":"Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.","releases":{"buster":{"fixed_version":"2.4.10-1","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.10-1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.10-1","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.10-1","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-8109":{"scope":"remote","description":"mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory.","releases":{"buster":{"fixed_version":"2.4.10-9","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.10-9","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.10-9","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.10-9","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2003-0020":{"scope":"remote","description":"Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.","releases":{"buster":{"fixed_version":"2.0.49","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.0.49","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.0.49","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.0.49","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-2068":{"scope":"remote","description":"mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.4.38-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.4.38-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-15710":{"scope":"remote","description":"In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.","releases":{"buster":{"fixed_version":"2.4.33-1","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.25-3+deb9u4","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.10-10+deb8u12","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.33-1","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2002-1850":{"scope":"remote","description":"mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.","releases":{"buster":{"fixed_version":"2.0.42-1","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.0.42-1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.0.42-1","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.0.42-1","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-15715":{"scope":"remote","description":"In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.","releases":{"buster":{"fixed_version":"2.4.33-1","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.25-3+deb9u4","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.10-10+deb8u12","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.33-1","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-1333":{"debianbug":904106,"scope":"remote","description":"By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33).","releases":{"buster":{"fixed_version":"2.4.34-1","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.25-3+deb9u6","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.4.34-1","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2002-0392":{"scope":"remote","description":"Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.","releases":{"buster":{"fixed_version":"2.0.37","repositories":{"buster":"2.4.38-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.0.37","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.0.37","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.0.37","repositories":{"sid":"2.4.38-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2019-0211":{"scope":"local","description":"In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.","releases":{"buster":{"fixed_version":"2.4.38-3","repositories":{"buster":"2.4.38-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.4.25-3+deb9u7","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.4.38-3","repositories":{"sid":"2.4.38-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-6438":{"scope":"remote","description":"The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.","releases":{"buster":{"fixed_version":"2.4.9-1","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.9-1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.9-1","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.9-1","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-0215":{"scope":"remote","description":"In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions.","releases":{"buster":{"fixed_version":"2.4.38-3","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.4.38-3","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-0217":{"scope":"remote","description":"In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.","releases":{"buster":{"fixed_version":"2.4.38-3","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.25-3+deb9u7","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.10-10+deb8u14","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.38-3","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2003-0192":{"scope":"remote","description":"Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle \"certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one,\" which could cause Apache to use the weak ciphersuite.","releases":{"buster":{"fixed_version":"2.0.47","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.0.47","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.0.47","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.0.47","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-6203":{"scope":"remote","description":"Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a \"413 Request Entity Too Large\" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.","releases":{"buster":{"fixed_version":"2.2.6-3","repositories":{"buster":"2.4.38-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.2.6-3","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.2.6-3","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.2.6-3","repositories":{"sid":"2.4.38-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-0883":{"scope":"local","description":"envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.4.38-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.4.38-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2005-1344":{"debianbug":322604,"scope":"remote","description":"Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument.  NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program.  Therefore this may not be a vulnerability.","releases":{"buster":{"fixed_version":"2.0.54-3","repositories":{"buster":"2.4.38-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.0.54-3","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.0.54-3","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.0.54-3","repositories":{"sid":"2.4.38-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-3918":{"debianbug":381376,"scope":"remote","description":"http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.","releases":{"buster":{"fixed_version":"2.0.55-4.1","repositories":{"buster":"2.4.38-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.0.55-4.1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.0.55-4.1","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.0.55-4.1","repositories":{"sid":"2.4.38-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2002-1592":{"scope":"remote","description":"The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.","releases":{"buster":{"fixed_version":"2.0.36","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.0.36","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.0.36","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.0.36","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-3847":{"debianbug":441845,"scope":"remote","description":"The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.","releases":{"buster":{"fixed_version":"2.2.6-1","repositories":{"buster":"2.4.38-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.2.6-1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.2.6-1","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.2.6-1","repositories":{"sid":"2.4.38-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2003-0245":{"scope":"remote","description":"Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.","releases":{"buster":{"fixed_version":"2.0.46","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.0.46","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.0.46","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.0.46","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-2168":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.","releases":{"buster":{"fixed_version":"2.2.8-1","repositories":{"buster":"2.4.38-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.2.8-1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.2.8-1","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.2.8-1","repositories":{"sid":"2.4.38-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-8743":{"scope":"remote","description":"Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.","releases":{"buster":{"fixed_version":"2.4.25-1","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.25-1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.10-10+deb8u8","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.25-1","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-8740":{"debianbug":847124,"scope":"remote","description":"The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request.","releases":{"buster":{"fixed_version":"2.4.25-1","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.25-1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.4.25-1","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-0220":{"releases":{"buster":{"fixed_version":"2.4.38-3","repositories":{"buster":"2.4.38-3"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"2.4.25-3+deb9u7","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"2.4.10-10+deb8u14","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"2.4.38-3","repositories":{"sid":"2.4.38-3"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2013-2249":{"scope":"remote","description":"mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.","releases":{"buster":{"fixed_version":"2.4.6-1","repositories":{"buster":"2.4.38-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.4.6-1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.4.6-1","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.4.6-1","repositories":{"sid":"2.4.38-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2003-0083":{"scope":"remote","description":"Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.","releases":{"buster":{"fixed_version":"2.0.46","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.0.46","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.0.46","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.0.46","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-2728":{"debianbug":326435,"scope":"remote","description":"The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.","releases":{"buster":{"fixed_version":"2.0.54-5","repositories":{"buster":"2.4.38-3"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.0.54-5","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.0.54-5","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.0.54-5","repositories":{"sid":"2.4.38-3"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2018-8011":{"debianbug":904107,"scope":"remote","description":"By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33).","releases":{"buster":{"fixed_version":"2.4.34-1","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.4.34-1","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2002-1593":{"scope":"remote","description":"mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.","releases":{"buster":{"fixed_version":"2.0.42","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.0.42","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.0.42","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.0.42","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2002-0661":{"scope":"remote","description":"Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \\ (backslash) characters.","releases":{"buster":{"fixed_version":"2.0.40","repositories":{"buster":"2.4.38-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.0.40","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.0.40","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.0.40","repositories":{"sid":"2.4.38-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-0253":{"scope":"remote","description":"The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.4.38-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.4.38-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2003-1307":{"scope":"local","description":"** DISPUTED **  The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port.  NOTE: the PHP developer has disputed this vulnerability, saying \"The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP.\"","releases":{"buster":{"repositories":{"buster":"2.4.38-3"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2.4.38-3"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2019-0190":{"debianbug":920220,"scope":"remote","description":"A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to handling of renegotiation attempts.","releases":{"buster":{"fixed_version":"2.4.38-1","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.4.38-1","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-3499":{"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.","releases":{"buster":{"fixed_version":"2.2.22-13","repositories":{"buster":"2.4.38-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.2.22-13","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.2.22-13","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.2.22-13","repositories":{"sid":"2.4.38-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-2687":{"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.","releases":{"buster":{"fixed_version":"2.2.22-8","repositories":{"buster":"2.4.38-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.2.22-8","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.2.22-8","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.2.22-8","repositories":{"sid":"2.4.38-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-0408":{"scope":"remote","description":"The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.","releases":{"buster":{"fixed_version":"2.2.15-1","repositories":{"buster":"2.4.38-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.2.15-1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.2.15-1","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.2.15-1","repositories":{"sid":"2.4.38-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2004-0748":{"scope":"remote","description":"mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.","releases":{"buster":{"fixed_version":"2.0.51","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.0.51","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.0.51","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.0.51","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-4352":{"scope":"remote","description":"The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger a missing hostname value.","releases":{"buster":{"fixed_version":"2.4.7-1","repositories":{"buster":"2.4.38-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.4.7-1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.4.7-1","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.4.7-1","repositories":{"sid":"2.4.38-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2004-0747":{"scope":"local","description":"Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.","releases":{"buster":{"fixed_version":"2.0.51","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.0.51","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.0.51","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.0.51","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-0197":{"releases":{"buster":{"fixed_version":"2.4.38-3","repositories":{"buster":"2.4.38-3"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.4.38-3","repositories":{"sid":"2.4.38-3"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2011-3368":{"scope":"remote","description":"The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.","releases":{"buster":{"fixed_version":"2.2.21-2","repositories":{"buster":"2.4.38-3"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.2.21-2","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.2.21-2","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.2.21-2","repositories":{"sid":"2.4.38-3"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2019-0196":{"releases":{"buster":{"fixed_version":"2.4.38-3","repositories":{"buster":"2.4.38-3"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"2.4.25-3+deb9u7","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.4.38-3","repositories":{"sid":"2.4.38-3"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2006-3747":{"debianbug":380182,"scope":"remote","description":"Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.","releases":{"buster":{"fixed_version":"2.0.55-4.1","repositories":{"buster":"2.4.38-3"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.0.55-4.1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.0.55-4.1","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.0.55-4.1","repositories":{"sid":"2.4.38-3"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2004-1834":{"scope":"local","description":"mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.","releases":{"buster":{"fixed_version":"2.0.53-1","repositories":{"buster":"2.4.38-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2.0.53-1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"2.0.53-1","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2.0.53-1","repositories":{"sid":"2.4.38-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2001-1534":{"debianbug":328919,"scope":"local","description":"mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.","releases":{"buster":{"repositories":{"buster":"2.4.38-3"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2.4.38-3"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-9788":{"debianbug":868467,"scope":"remote","description":"In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.","releases":{"buster":{"fixed_version":"2.4.27-1","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.25-3+deb9u2","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.10-10+deb8u10","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.27-1","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-9789":{"scope":"remote","description":"When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behaviour.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.4.38-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.4.38-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-3167":{"scope":"remote","description":"In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.","releases":{"buster":{"fixed_version":"2.4.25-4","repositories":{"buster":"2.4.38-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.4.25-3+deb9u1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.4.10-10+deb8u9","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.4.25-4","repositories":{"sid":"2.4.38-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-2791":{"scope":"remote","description":"mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.  NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.","releases":{"buster":{"fixed_version":"2.2.9-10","repositories":{"buster":"2.4.38-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.2.9-10","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.2.9-10","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.2.9-10","repositories":{"sid":"2.4.38-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-3169":{"scope":"remote","description":"In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.","releases":{"buster":{"fixed_version":"2.4.25-4","repositories":{"buster":"2.4.38-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.4.25-3+deb9u1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.4.10-10+deb8u9","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.4.25-4","repositories":{"sid":"2.4.38-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-1546":{"scope":"remote","description":"The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a denial of service (stream-processing outage) via modified flow-control windows.","releases":{"buster":{"fixed_version":"2.4.20-1","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.20-1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.4.20-1","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-0086":{"scope":"remote","description":"** DISPUTED **  The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment.  NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.","releases":{"buster":{"repositories":{"buster":"2.4.38-3"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2.4.38-3"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-0736":{"scope":"remote","description":"In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks, particularly with CBC.","releases":{"buster":{"fixed_version":"2.4.25-1","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.25-1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.10-10+deb8u8","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.25-1","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-0021":{"scope":"remote","description":"The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.","releases":{"buster":{"fixed_version":"2.2.22-1","repositories":{"buster":"2.4.38-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2.2.22-1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"2.2.22-1","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2.2.22-1","repositories":{"sid":"2.4.38-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2010-1623":{"scope":"remote","description":"Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.","releases":{"buster":{"fixed_version":"2.2.16-3","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.2.16-3","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.2.16-3","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.2.16-3","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-1312":{"scope":"remote","description":"In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.","releases":{"buster":{"fixed_version":"2.4.33-1","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.25-3+deb9u4","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.10-10+deb8u12","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.33-1","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-3675":{"scope":"remote","description":"The default configuration of the Apache HTTP Server on Apple OS X before 10.10.4 does not enable the mod_hfs_apple module, which allows remote attackers to bypass HTTP authentication via a crafted URL.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.4.38-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.4.38-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2004-0113":{"scope":"remote","description":"Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.","releases":{"buster":{"fixed_version":"2.0.52","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.0.52","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.0.52","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.0.52","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2004-0751":{"scope":"remote","description":"The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).","releases":{"buster":{"fixed_version":"2.0.50-11","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.0.50-11","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.0.50-11","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.0.50-11","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-1283":{"scope":"remote","description":"In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a \"Session\" header. This comes from the \"HTTP_SESSION\" variable name used by mod_session to forward its data to CGIs, since the prefix \"HTTP_\" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications.","releases":{"buster":{"fixed_version":"2.4.33-1","repositories":{"buster":"2.4.38-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2.4.25-3+deb9u4","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"2.4.10-10+deb8u12","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2.4.33-1","repositories":{"sid":"2.4.38-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2005-3352":{"debianbug":343466,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.","releases":{"buster":{"fixed_version":"2.0.55-4","repositories":{"buster":"2.4.38-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.0.55-4","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.0.55-4","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.0.55-4","repositories":{"sid":"2.4.38-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-7659":{"scope":"remote","description":"A maliciously constructed HTTP/2 request could cause mod_http2 in Apache HTTP Server 2.4.24, 2.4.25 to dereference a NULL pointer and crash the server process.","releases":{"buster":{"fixed_version":"2.4.25-4","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.25-3+deb9u1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.4.25-4","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2003-0189":{"scope":"remote","description":"The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.","releases":{"buster":{"fixed_version":"2.0.46","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.0.46","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.0.46","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.0.46","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-5752":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform \"charset detection\" when the content-type is not specified.","releases":{"buster":{"fixed_version":"2.2.4-2","repositories":{"buster":"2.4.38-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.2.4-2","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.2.4-2","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.2.4-2","repositories":{"sid":"2.4.38-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-1452":{"scope":"remote","description":"The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.","releases":{"buster":{"fixed_version":"2.2.16-1","repositories":{"buster":"2.4.38-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.2.16-1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.2.16-1","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.2.16-1","repositories":{"sid":"2.4.38-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-1896":{"debianbug":717272,"scope":"remote","description":"mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.","releases":{"buster":{"fixed_version":"2.4.6-1","repositories":{"buster":"2.4.38-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.4.6-1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.4.6-1","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.4.6-1","repositories":{"sid":"2.4.38-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-9798":{"debianbug":876109,"scope":"remote","description":"Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.","releases":{"buster":{"fixed_version":"2.4.27-6","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.25-3+deb9u3","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.10-10+deb8u11","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.27-6","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-0005":{"scope":"remote","description":"mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.","releases":{"buster":{"fixed_version":"2.2.8-1","repositories":{"buster":"2.4.38-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.2.8-1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.2.8-1","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.2.8-1","repositories":{"sid":"2.4.38-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-1191":{"scope":"remote","description":"mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.","releases":{"buster":{"fixed_version":"2.2.11-4","repositories":{"buster":"2.4.38-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.2.11-4","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.2.11-4","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.2.11-4","repositories":{"sid":"2.4.38-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-3095":{"debianbug":545951,"scope":"remote","description":"The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.","releases":{"buster":{"fixed_version":"2.2.13-2","repositories":{"buster":"2.4.38-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.2.13-2","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.2.13-2","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.2.13-2","repositories":{"sid":"2.4.38-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2005-3357":{"debianbug":351246,"scope":"remote","description":"mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.","releases":{"buster":{"fixed_version":"2.0.55-4","repositories":{"buster":"2.4.38-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.0.55-4","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.0.55-4","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.0.55-4","repositories":{"sid":"2.4.38-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-1195":{"debianbug":530834,"scope":"local","description":"The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.","releases":{"buster":{"fixed_version":"2.2.11-6","repositories":{"buster":"2.4.38-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.2.11-6","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.2.11-6","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.2.11-6","repositories":{"sid":"2.4.38-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-5000":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","releases":{"buster":{"fixed_version":"2.2.8-1","repositories":{"buster":"2.4.38-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.2.8-1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.2.8-1","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.2.8-1","repositories":{"sid":"2.4.38-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2005-2700":{"debianbug":327210,"scope":"remote","description":"ssl_engine_kernel.c in mod_ssl before 2.8.24, when using \"SSLVerifyClient optional\" in the global virtual host configuration, does not properly enforce \"SSLVerifyClient require\" in a per-location context, which allows remote attackers to bypass intended access restrictions.","releases":{"buster":{"fixed_version":"2.0.54-5","repositories":{"buster":"2.4.38-3"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.0.54-5","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.0.54-5","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.0.54-5","repositories":{"sid":"2.4.38-3"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2012-0031":{"scope":"local","description":"scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.","releases":{"buster":{"fixed_version":"2.2.22-1","repositories":{"buster":"2.4.38-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.2.22-1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.2.22-1","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.2.22-1","repositories":{"sid":"2.4.38-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2002-0840":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is \"Off\" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.","releases":{"buster":{"fixed_version":"2.0.43-1","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.0.43-1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.0.43-1","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.0.43-1","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-3094":{"debianbug":545951,"scope":"remote","description":"The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.","releases":{"buster":{"fixed_version":"2.2.13-2","repositories":{"buster":"2.4.38-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.2.13-2","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.2.13-2","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.2.13-2","repositories":{"sid":"2.4.38-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-17189":{"debianbug":920302,"scope":"remote","description":"In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.","releases":{"buster":{"fixed_version":"2.4.38-1","repositories":{"buster":"2.4.38-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.4.25-3+deb9u7","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.4.38-1","repositories":{"sid":"2.4.38-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-3348":{"scope":"remote","description":"The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary \"error state\" in the backend server) via a malformed HTTP request.","releases":{"buster":{"fixed_version":"2.2.21-1","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.2.21-1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.2.21-1","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.2.21-1","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-4317":{"scope":"remote","description":"The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.","releases":{"buster":{"fixed_version":"2.2.21-3","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.2.21-3","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.2.21-3","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.2.21-3","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2004-0885":{"scope":"remote","description":"The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the \"SSLCipherSuite\" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.","releases":{"buster":{"fixed_version":"2.0.52-2","repositories":{"buster":"2.4.38-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.0.52-2","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.0.52-2","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.0.52-2","repositories":{"sid":"2.4.38-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2004-0488":{"scope":"remote","description":"Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.","releases":{"buster":{"fixed_version":"2.0.50-1","repositories":{"buster":"2.4.38-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.0.50-1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.0.50-1","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.0.50-1","repositories":{"sid":"2.4.38-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-0098":{"scope":"remote","description":"The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.","releases":{"buster":{"fixed_version":"2.4.9-1","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.9-1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.9-1","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.9-1","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-3523":{"scope":"remote","description":"Memory leak in the winnt_accept function in server/mpm/winnt/child.c in the WinNT MPM in the Apache HTTP Server 2.4.x before 2.4.10 on Windows, when the default AcceptFilter is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted requests.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.4.38-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.4.38-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-4929":{"debianbug":689936,"scope":"remote","description":"The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a \"CRIME\" attack.","releases":{"buster":{"fixed_version":"2.2.22-12","repositories":{"buster":"2.4.38-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2.2.22-12","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"2.2.22-12","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2.2.22-12","repositories":{"sid":"2.4.38-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2013-1862":{"scope":"remote","description":"mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.","releases":{"buster":{"fixed_version":"2.4.1-1","repositories":{"buster":"2.4.38-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.4.1-1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.4.1-1","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.4.1-1","repositories":{"sid":"2.4.38-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7668":{"scope":"remote","description":"The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.","releases":{"buster":{"fixed_version":"2.4.25-4","repositories":{"buster":"2.4.38-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.4.25-3+deb9u1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.4.10-10+deb8u9","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.4.25-4","repositories":{"sid":"2.4.38-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-0228":{"scope":"remote","description":"The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function.","releases":{"buster":{"fixed_version":"2.4.10-10","repositories":{"buster":"2.4.38-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.4.10-10","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.4.10-10","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.4.10-10","repositories":{"sid":"2.4.38-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2005-1268":{"debianbug":320048,"scope":"remote","description":"Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.","releases":{"buster":{"fixed_version":"2.0.54-5","repositories":{"buster":"2.4.38-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.0.54-5","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.0.54-5","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.0.54-5","repositories":{"sid":"2.4.38-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-0434":{"scope":"remote","description":"The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.","releases":{"buster":{"fixed_version":"2.2.15-1","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.2.15-1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.2.15-1","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.2.15-1","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-2939":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.","releases":{"buster":{"fixed_version":"2.2.9-7","repositories":{"buster":"2.4.38-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.2.9-7","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.2.9-7","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.2.9-7","repositories":{"sid":"2.4.38-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-5704":{"scope":"remote","description":"The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass \"RequestHeader unset\" directives by placing a header in the trailer portion of data sent with chunked transfer coding.  NOTE: the vendor states \"this is not a security issue in httpd as such.\"","releases":{"buster":{"fixed_version":"2.4.10-2","repositories":{"buster":"2.4.38-3"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.4.10-2","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.4.10-2","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.4.10-2","repositories":{"sid":"2.4.38-3"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2007-4465":{"debianbug":453783,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset.  NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.","releases":{"buster":{"fixed_version":"2.2.6-1","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.2.6-1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.2.6-1","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.2.6-1","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-1743":{"scope":"local","description":"suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted.  NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because \"the attacks described rely on an insecure server configuration\" in which the user \"has write access to the document root.\"  In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.","releases":{"buster":{"repositories":{"buster":"2.4.38-3"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2.4.38-3"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2018-17199":{"debianbug":920303,"scope":"remote","description":"In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.","releases":{"buster":{"fixed_version":"2.4.38-1","repositories":{"buster":"2.4.38-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.4.25-3+deb9u7","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.10-10+deb8u13","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.38-1","repositories":{"sid":"2.4.38-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-3639":{"scope":"remote","description":"The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.","releases":{"buster":{"fixed_version":"2.2.18-1","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.2.18-1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.2.18-1","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.2.18-1","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-1862":{"scope":"remote","description":"The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.4.38-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.4.38-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-1741":{"scope":"local","description":"Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because \"the attacks described rely on an insecure server configuration\" in which the user \"has write access to the document root.\"","releases":{"buster":{"fixed_version":"2.2.8-5","repositories":{"buster":"2.4.38-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.2.8-5","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.2.8-5","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.2.8-5","repositories":{"sid":"2.4.38-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-1863":{"scope":"remote","description":"cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.","releases":{"buster":{"fixed_version":"2.2.4-1","repositories":{"buster":"2.4.38-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.2.4-1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.2.4-1","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.2.4-1","repositories":{"sid":"2.4.38-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-1742":{"scope":"local","description":"suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using \"html_backup\" and \"htmleditor\" under an \"html\" directory.  NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because \"the attacks described rely on an insecure server configuration\" in which the user \"has write access to the document root.\"","releases":{"buster":{"fixed_version":"2.2.8-5","repositories":{"buster":"2.4.38-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.2.8-5","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.2.8-5","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.2.8-5","repositories":{"sid":"2.4.38-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2005-2088":{"debianbug":316173,"scope":"remote","description":"The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a \"Transfer-Encoding: chunked\" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka \"HTTP Request Smuggling.\"","releases":{"buster":{"fixed_version":"2.0.54-5","repositories":{"buster":"2.4.38-3"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.0.54-5","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.0.54-5","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.0.54-5","repositories":{"sid":"2.4.38-3"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2003-1138":{"scope":"remote","description":"The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.4.38-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.4.38-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-1176":{"debianbug":618857,"scope":"remote","description":"The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.","releases":{"buster":{"fixed_version":"2.2.17-2","repositories":{"buster":"2.4.38-3"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.2.17-2","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.2.17-2","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.2.17-2","repositories":{"sid":"2.4.38-3"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2004-0811":{"scope":"remote","description":"Unknown vulnerability in Apache 2.0.51 prevents \"the merging of the Satisfy directive,\" which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.","releases":{"buster":{"fixed_version":"2.0.52","repositories":{"buster":"2.4.38-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.0.52","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.0.52","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.0.52","repositories":{"sid":"2.4.38-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-2364":{"scope":"remote","description":"The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.","releases":{"buster":{"fixed_version":"2.2.9-1","repositories":{"buster":"2.4.38-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.2.9-1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.2.9-1","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.2.9-1","repositories":{"sid":"2.4.38-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-2161":{"scope":"remote","description":"In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests.","releases":{"buster":{"fixed_version":"2.4.25-1","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.25-1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.10-10+deb8u8","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.25-1","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-3555":{"debianbug":704946,"scope":"remote","description":"The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue.","releases":{"buster":{"fixed_version":"2.2.14-2","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.2.14-2","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.2.14-2","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.2.14-2","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2004-0809":{"scope":"remote","description":"The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.","releases":{"buster":{"fixed_version":"2.0.51-1","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.0.51-1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.0.51-1","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.0.51-1","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7679":{"scope":"remote","description":"In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.","releases":{"buster":{"fixed_version":"2.4.25-4","repositories":{"buster":"2.4.38-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.4.25-3+deb9u1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.4.10-10+deb8u9","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.4.25-4","repositories":{"sid":"2.4.38-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-0216":{"scope":"local","description":"The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.","releases":{"buster":{"fixed_version":"2.2.22-4","repositories":{"buster":"2.4.38-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.2.22-4","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.2.22-4","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.2.22-4","repositories":{"sid":"2.4.38-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-1678":{"scope":"remote","description":"Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.","releases":{"buster":{"fixed_version":"2.2.8-4","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.2.8-4","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.2.8-4","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.2.8-4","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-1890":{"debianbug":536718,"scope":"remote","description":"The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.","releases":{"buster":{"fixed_version":"2.2.11-7","repositories":{"buster":"2.4.38-3"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.2.11-7","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.2.11-7","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.2.11-7","repositories":{"sid":"2.4.38-3"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2009-1891":{"debianbug":534712,"scope":"remote","description":"The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).","releases":{"buster":{"fixed_version":"2.2.11-7","repositories":{"buster":"2.4.38-3"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.2.11-7","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.2.11-7","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.2.11-7","repositories":{"sid":"2.4.38-3"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2011-3192":{"scope":"remote","description":"The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.","releases":{"buster":{"fixed_version":"2.2.19-2","repositories":{"buster":"2.4.38-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.2.19-2","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.2.19-2","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.2.19-2","repositories":{"sid":"2.4.38-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-0425":{"scope":"remote","description":"modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and \"orphaned callback pointers.\"","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.4.38-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.4.38-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2002-1156":{"scope":"remote","description":"Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.","releases":{"buster":{"fixed_version":"2.0.43","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.0.43","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.0.43","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.0.43","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-11763":{"debianbug":909591,"scope":"remote","description":"In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.","releases":{"buster":{"fixed_version":"2.4.35-1","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.25-3+deb9u6","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.4.35-1","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-1302":{"scope":"remote","description":"When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.","releases":{"buster":{"fixed_version":"2.4.33-1","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.25-3+deb9u5","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.4.33-1","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-1301":{"scope":"remote","description":"A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.","releases":{"buster":{"fixed_version":"2.4.33-1","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.25-3+deb9u4","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.10-10+deb8u12","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.33-1","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-6750":{"debianbug":533661,"scope":"remote","description":"The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.","releases":{"buster":{"fixed_version":"2.2.15-3","repositories":{"buster":"2.4.38-3"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.2.15-3","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.2.15-3","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.2.15-3","repositories":{"sid":"2.4.38-3"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2004-0493":{"scope":"remote","description":"The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.","releases":{"buster":{"fixed_version":"2.0.50-1","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.0.50-1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.0.50-1","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.0.50-1","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-0053":{"scope":"remote","description":"protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.","releases":{"buster":{"fixed_version":"2.2.22-1","repositories":{"buster":"2.4.38-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.2.22-1","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.2.22-1","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.2.22-1","repositories":{"sid":"2.4.38-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-1303":{"scope":"remote","description":"A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability.","releases":{"buster":{"fixed_version":"2.4.33-1","repositories":{"buster":"2.4.38-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.25-3+deb9u4","repositories":{"stretch-security":"2.4.25-3+deb9u7","stretch":"2.4.25-3+deb9u7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.10-10+deb8u12","repositories":{"jessie":"2.4.10-10+deb8u12","jessie-security":"2.4.10-10+deb8u14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.33-1","repositories":{"sid":"2.4.38-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-4099":{"scope":"local","description":"The capsh program in libcap before 2.22 does not change the current working directory when the --chroot option is specified, which allows local users to bypass the chroot restrictions via unspecified vectors.","releases":{"buster":{"fixed_version":"1:2.22-1","repositories":{"buster":"1:2.25-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:2.22-1","repositories":{"stretch":"1:2.25-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:2.22-1","repositories":{"jessie":"1:2.24-8"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:2.22-1","repositories":{"sid":"1:2.25-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-2385":{"debianbug":673871,"scope":"remote","description":"The terminal dispatcher in mosh before 1.2.1 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value.","releases":{"buster":{"fixed_version":"1.2.1-1","repositories":{"buster":"1.3.2-2.1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.2.1-1","repositories":{"stretch":"1.2.6-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.2.1-1","repositories":{"jessie":"1.2.4a-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.2.1-1","repositories":{"sid":"1.3.2-2.1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-4617":{"debianbug":652653,"scope":"local","description":"virtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/.","releases":{"buster":{"fixed_version":"1.6-1","repositories":{"buster":"15.1.0+ds-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.6-1","repositories":{"stretch":"15.1.0+ds-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.6-1","repositories":{"jessie":"1.11.6+ds-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.6-1","repositories":{"sid":"15.1.0+ds-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-17793":{"scope":"remote","description":"** DISPUTED ** Virtualenv 16.0.0 allows a sandbox escape via \"python $(bash >&2)\" and \"python $(rbash >&2)\" commands. NOTE: the software maintainer disputes this because the Python interpreter in a virtualenv is supposed to be able to execute arbitrary code.","releases":{"buster":{"repositories":{"buster":"15.1.0+ds-2"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"15.1.0+ds-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1.11.6+ds-1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"15.1.0+ds-2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2013-1629":{"debianbug":710163,"scope":"remote","description":"pip before 1.3 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to a \"pip install\" operation.","releases":{"buster":{"fixed_version":"1.9.1-1","repositories":{"buster":"15.1.0+ds-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.9.1-1","repositories":{"stretch":"15.1.0+ds-1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.9.1-1","repositories":{"jessie":"1.11.6+ds-1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.9.1-1","repositories":{"sid":"15.1.0+ds-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2003-0828":{"debianbug":242616,"scope":"local","description":"Buffer overflow in freesweep in Debian GNU/Linux 3.0 allows local users to gain \"games\" group privileges when processing environment variables.","releases":{"buster":{"fixed_version":"0.88-4.1","repositories":{"buster":"1.0.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.88-4.1","repositories":{"stretch":"0.90-3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.88-4.1","repositories":{"jessie":"0.90-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.88-4.1","repositories":{"sid":"1.0.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2002-1124":{"scope":"local","description":"Multiple buffer overflows in purity 1-16 allow local users to gain privileges and modify high scores tables.","releases":{"buster":{"fixed_version":"1-16","repositories":{"buster":"1-19"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1-16","repositories":{"stretch":"1-19"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1-16","repositories":{"jessie":"1-18"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1-16","repositories":{"sid":"1-19"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-10887":{"debianbug":903509,"scope":"remote","description":"A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service.","releases":{"buster":{"fixed_version":"0.27.4+dfsg.1-0.1","repositories":{"buster":"0.27.7+dfsg.1-0.1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.25.1+really0.24.6-1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"0.21.1-3+deb8u1","repositories":{"jessie":"0.21.1-3","jessie-security":"0.21.1-3+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.27.4+dfsg.1-0.1","repositories":{"sid":"0.27.7+dfsg.1-0.2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-8098":{"debianbug":892961,"scope":"remote","description":"Integer overflow in the index.c:read_entry() function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a denial of service (out-of-bounds read) via a crafted repository index file.","releases":{"buster":{"fixed_version":"0.27.0+dfsg.1-0.6","repositories":{"buster":"0.27.7+dfsg.1-0.1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.25.1+really0.24.6-1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.21.1-3","jessie-security":"0.21.1-3+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.27.0+dfsg.1-0.6","repositories":{"sid":"0.27.7+dfsg.1-0.2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-8099":{"debianbug":892962,"scope":"remote","description":"Incorrect returning of an error code in the index.c:read_entry() function leads to a double free in libgit2 before v0.26.2, which allows an attacker to cause a denial of service via a crafted repository index file.","releases":{"buster":{"fixed_version":"0.27.0+dfsg.1-0.6","repositories":{"buster":"0.27.7+dfsg.1-0.1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.25.1+really0.24.6-1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.21.1-3","jessie-security":"0.21.1-3+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.27.0+dfsg.1-0.6","repositories":{"sid":"0.27.7+dfsg.1-0.2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-10129":{"debianbug":851406,"scope":"remote","description":"The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.","releases":{"buster":{"fixed_version":"0.25.1+really0.24.6-1","repositories":{"buster":"0.27.7+dfsg.1-0.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.25.1+really0.24.6-1","repositories":{"stretch":"0.25.1+really0.24.6-1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.21.1-3","jessie-security":"0.21.1-3+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.25.1+really0.24.6-1","repositories":{"sid":"0.27.7+dfsg.1-0.2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-10128":{"debianbug":851406,"scope":"remote","description":"Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet.","releases":{"buster":{"fixed_version":"0.25.1+really0.24.6-1","repositories":{"buster":"0.27.7+dfsg.1-0.1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.25.1+really0.24.6-1","repositories":{"stretch":"0.25.1+really0.24.6-1"},"urgency":"high**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.21.1-3","jessie-security":"0.21.1-3+deb8u1"},"urgency":"high**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.25.1+really0.24.6-1","repositories":{"sid":"0.27.7+dfsg.1-0.2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-10888":{"debianbug":903508,"scope":"remote","description":"A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service.","releases":{"buster":{"fixed_version":"0.27.4+dfsg.1-0.1","repositories":{"buster":"0.27.7+dfsg.1-0.1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.25.1+really0.24.6-1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"0.21.1-3+deb8u1","repositories":{"jessie":"0.21.1-3","jessie-security":"0.21.1-3+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.27.4+dfsg.1-0.1","repositories":{"sid":"0.27.7+dfsg.1-0.2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-15501":{"scope":"remote","description":"In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol \"ng\" packet that lacks a '\\0' byte to trigger an out-of-bounds read that leads to DoS.","releases":{"buster":{"fixed_version":"0.27.4+dfsg.1-0.1","repositories":{"buster":"0.27.7+dfsg.1-0.1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.25.1+really0.24.6-1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"0.21.1-3+deb8u1","repositories":{"jessie":"0.21.1-3","jessie-security":"0.21.1-3+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.27.4+dfsg.1-0.1","repositories":{"sid":"0.27.7+dfsg.1-0.2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-8568":{"debianbug":840227,"scope":"remote","description":"The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file.","releases":{"buster":{"fixed_version":"0.24.5-1","repositories":{"buster":"0.27.7+dfsg.1-0.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.24.5-1","repositories":{"stretch":"0.25.1+really0.24.6-1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.21.1-3","jessie-security":"0.21.1-3+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.24.5-1","repositories":{"sid":"0.27.7+dfsg.1-0.2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-8569":{"debianbug":840227,"scope":"remote","description":"The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file.","releases":{"buster":{"fixed_version":"0.24.2-2","repositories":{"buster":"0.27.7+dfsg.1-0.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.24.2-2","repositories":{"stretch":"0.25.1+really0.24.6-1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.21.1-3","jessie-security":"0.21.1-3+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.24.2-2","repositories":{"sid":"0.27.7+dfsg.1-0.2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-9390":{"debianbug":773640,"releases":{"buster":{"fixed_version":"0.21.3-1","repositories":{"buster":"0.27.7+dfsg.1-0.1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"0.21.3-1","repositories":{"stretch":"0.25.1+really0.24.6-1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"0.21.1-3","repositories":{"jessie":"0.21.1-3","jessie-security":"0.21.1-3+deb8u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"0.21.3-1","repositories":{"sid":"0.27.7+dfsg.1-0.2"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2016-10130":{"debianbug":851406,"scope":"remote","description":"The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable.","releases":{"buster":{"fixed_version":"0.25.1+really0.24.6-1","repositories":{"buster":"0.27.7+dfsg.1-0.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.25.1+really0.24.6-1","repositories":{"stretch":"0.25.1+really0.24.6-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.21.1-3","jessie-security":"0.21.1-3+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0.25.1+really0.24.6-1","repositories":{"sid":"0.27.7+dfsg.1-0.2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-2524":{"debianbug":635837,"scope":"remote","description":"Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI.","releases":{"buster":{"fixed_version":"2.34.3-1","repositories":{"buster":"2.64.2-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.34.3-1","repositories":{"stretch-security":"2.56.0-2+deb9u2","stretch":"2.56.0-2+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.34.3-1","repositories":{"jessie":"2.48.0-1+deb8u1","jessie-security":"2.48.0-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.34.3-1","repositories":{"sid":"2.64.2-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-12910":{"scope":"remote","description":"The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.","releases":{"buster":{"fixed_version":"2.62.2-2","repositories":{"buster":"2.64.2-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.56.0-2+deb9u2","repositories":{"stretch-security":"2.56.0-2+deb9u2","stretch":"2.56.0-2+deb9u2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.48.0-1+deb8u2","repositories":{"jessie":"2.48.0-1+deb8u1","jessie-security":"2.48.0-1+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.62.2-2","repositories":{"sid":"2.64.2-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-2885":{"debianbug":871650,"scope":"remote","description":"An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability.","releases":{"buster":{"fixed_version":"2.56.1-1","repositories":{"buster":"2.64.2-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.56.0-2+deb9u1","repositories":{"stretch-security":"2.56.0-2+deb9u2","stretch":"2.56.0-2+deb9u2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.48.0-1+deb8u1","repositories":{"jessie":"2.48.0-1+deb8u1","jessie-security":"2.48.0-1+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.56.1-1","repositories":{"sid":"2.64.2-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-9130":{"debianbug":771365,"scope":"remote","description":"scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.","releases":{"buster":{"fixed_version":"0.1.6-3","repositories":{"buster":"0.2.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.1.6-3","repositories":{"stretch":"0.1.7-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.1.6-3","repositories":{"jessie":"0.1.6-3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.1.6-3","repositories":{"sid":"0.2.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-2525":{"debianbug":742732,"scope":"remote","description":"Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.","releases":{"buster":{"fixed_version":"0.1.4-3.2","repositories":{"buster":"0.2.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.1.4-3.2","repositories":{"stretch":"0.1.7-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.1.4-3.2","repositories":{"jessie":"0.1.6-3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.1.4-3.2","repositories":{"sid":"0.2.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-6393":{"debianbug":737076,"scope":"remote","description":"The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"0.1.4-3","repositories":{"buster":"0.2.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.1.4-3","repositories":{"stretch":"0.1.7-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.1.4-3","repositories":{"jessie":"0.1.6-3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.1.4-3","repositories":{"sid":"0.2.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5331":{"releases":{"buster":{"fixed_version":"0.31.1-1","repositories":{"buster":"0.32.3-2.1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"0.31.1-1","repositories":{"stretch":"0.31.2-1.1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"0.31.0-2+deb8u2","repositories":{"jessie":"0.31.0-2+deb8u3","jessie-security":"0.31.0-2+deb8u3"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"0.31.1-1","repositories":{"sid":"0.32.3-2.1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2017-5332":{"releases":{"buster":{"fixed_version":"0.31.1-1","repositories":{"buster":"0.32.3-2.1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"0.31.1-1","repositories":{"stretch":"0.31.2-1.1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"0.31.0-2+deb8u2","repositories":{"jessie":"0.31.0-2+deb8u3","jessie-security":"0.31.0-2+deb8u3"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"0.31.1-1","repositories":{"sid":"0.32.3-2.1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2017-6011":{"debianbug":854054,"scope":"remote","description":"An issue was discovered in icoutils 0.31.1. An out-of-bounds read leading to a buffer overflow was observed in the \"simple_vec\" function in the \"extract.c\" source file. This affects icotool.","releases":{"buster":{"fixed_version":"0.31.2-1","repositories":{"buster":"0.32.3-2.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.31.2-1","repositories":{"stretch":"0.31.2-1.1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.31.0-2+deb8u3","repositories":{"jessie":"0.31.0-2+deb8u3","jessie-security":"0.31.0-2+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.31.2-1","repositories":{"sid":"0.32.3-2.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5333":{"releases":{"buster":{"fixed_version":"0.31.1-1","repositories":{"buster":"0.32.3-2.1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"0.31.1-1","repositories":{"stretch":"0.31.2-1.1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"0.31.0-2+deb8u2","repositories":{"jessie":"0.31.0-2+deb8u3","jessie-security":"0.31.0-2+deb8u3"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"0.31.1-1","repositories":{"sid":"0.32.3-2.1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2017-5208":{"debianbug":850017,"scope":"remote","description":"Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of execution of arbitrary code.","releases":{"buster":{"fixed_version":"0.31.0-4","repositories":{"buster":"0.32.3-2.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.31.0-4","repositories":{"stretch":"0.31.2-1.1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.31.0-2+deb8u1","repositories":{"jessie":"0.31.0-2+deb8u3","jessie-security":"0.31.0-2+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.31.0-4","repositories":{"sid":"0.32.3-2.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6009":{"debianbug":854050,"scope":"remote","description":"An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the \"decode_ne_resource_id\" function in the \"restable.c\" source file. This is happening because the \"len\" parameter for memcpy is not checked for size and thus becomes a negative integer in the process, resulting in a failed memcpy. This affects wrestool.","releases":{"buster":{"fixed_version":"0.31.2-1","repositories":{"buster":"0.32.3-2.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.31.2-1","repositories":{"stretch":"0.31.2-1.1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.31.0-2+deb8u3","repositories":{"jessie":"0.31.0-2+deb8u3","jessie-security":"0.31.0-2+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.31.2-1","repositories":{"sid":"0.32.3-2.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6010":{"debianbug":854054,"scope":"remote","description":"An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the \"extract_icons\" function in the \"extract.c\" source file. This issue can be triggered by processing a corrupted ico file and will result in an icotool crash.","releases":{"buster":{"fixed_version":"0.31.2-1","repositories":{"buster":"0.32.3-2.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.31.2-1","repositories":{"stretch":"0.31.2-1.1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.31.0-2+deb8u3","repositories":{"jessie":"0.31.0-2+deb8u3","jessie-security":"0.31.0-2+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.31.2-1","repositories":{"sid":"0.32.3-2.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-4039":{"scope":"local","description":"ppc64-diag 2.6.1 uses 0775 permissions for /tmp/diagSEsnap and does not properly restrict permissions for /tmp/diagSEsnap/snapH.tar.gz, which allows local users to obtain sensitive information by reading files in this archive, as demonstrated by /var/log/messages and /etc/yaboot.conf.","releases":{"buster":{"fixed_version":"2.7.1-5","repositories":{"buster":"2.7.4-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2.7.1-5","repositories":{"stretch":"2.7.1-6"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2.7.1-5","repositories":{"sid":"2.7.4-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2014-4038":{"scope":"local","description":"ppc64-diag 2.6.1 allows local users to overwrite arbitrary files via a symlink attack related to (1) rtas_errd/diag_support.c and /tmp/get_dt_files, (2) scripts/ppc64_diag_mkrsrc and /tmp/diagSEsnap/snapH.tar.gz, or (3) lpd/test/lpd_ela_test.sh and /var/tmp/ras.","releases":{"buster":{"fixed_version":"2.7.1-5","repositories":{"buster":"2.7.4-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.7.1-5","repositories":{"stretch":"2.7.1-6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.7.1-5","repositories":{"sid":"2.7.4-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-4406":{"scope":"remote","description":"ircu 2.10.12.01 through 2.10.12.04 does not remove ops privilege after a join from a server with an older timestamp (TS), which allows remote attackers to gain control of a channel during a split.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.10.12.10.dfsg1-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.10.12.10.dfsg1-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.10.12.10.dfsg1-1.1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.10.12.10.dfsg1-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-4405":{"scope":"remote","description":"ircu 2.10.12.02 through 2.10.12.04 allows remote attackers to cause a denial of service (memory and bandwidth consumption) by creating a large number of unused channels (zannels).","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.10.12.10.dfsg1-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.10.12.10.dfsg1-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.10.12.10.dfsg1-1.1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.10.12.10.dfsg1-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-4404":{"scope":"remote","description":"ircu 2.10.12.01 allows remote attackers to (1) cause a denial of service (flood wallops) by joining two channels with certain long names that differ in the final character, which triggers a protocol violation and (2) cause a denial of service (daemon crash) via a \"J 0:#channel\" message on a channel without an apass; and (3) allows remote authenticated operators to cause a denial of service (daemon crash) via a remote \"names -D\" command.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.10.12.10.dfsg1-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.10.12.10.dfsg1-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.10.12.10.dfsg1-1.1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.10.12.10.dfsg1-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-4409":{"scope":"remote","description":"Race condition in ircu 2.10.12.01 through 2.10.12.05 allows remote attackers to set a new Apass during a netburst by arranging for ops privilege to be granted before the mode arrives.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.10.12.10.dfsg1-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.10.12.10.dfsg1-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.10.12.10.dfsg1-1.1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.10.12.10.dfsg1-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-4408":{"debianbug":439314,"scope":"remote","description":"ircu 2.10.12.05 and earlier ignores timestamps in bounces, which allows remote attackers to take over a channel during a netjoin by causing a bounce while a server with an older version of the channel is linking.","releases":{"buster":{"fixed_version":"2.10.12.10.dfsg1-1","repositories":{"buster":"2.10.12.10.dfsg1-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.10.12.10.dfsg1-1","repositories":{"stretch":"2.10.12.10.dfsg1-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.10.12.10.dfsg1-1","repositories":{"jessie":"2.10.12.10.dfsg1-1.1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.10.12.10.dfsg1-1","repositories":{"sid":"2.10.12.10.dfsg1-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-1501":{"scope":"remote","description":"The send_user_mode function in s_user.c in (1) Undernet ircu 2.10.12.12 and earlier, (2) snircd 1.3.4 and earlier, and unspecified other ircu derivatives allows remote attackers to cause a denial of service (daemon crash) via a malformed MODE command.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.10.12.10.dfsg1-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.10.12.10.dfsg1-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.10.12.10.dfsg1-1.1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.10.12.10.dfsg1-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-4407":{"scope":"remote","description":"ircu 2.10.12.03 and 2.10.12.04 does not associate a timestamp with ops privilege on an unused channel (zannel), which allows remote attackers to (1) set or remove certain channel modes via a \"netriding\" attack or (2) take over a channel by joining an unlinked server with the A/Upass and then setting a new Apass.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.10.12.10.dfsg1-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.10.12.10.dfsg1-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.10.12.10.dfsg1-1.1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.10.12.10.dfsg1-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-4411":{"debianbug":439314,"scope":"remote","description":"ircu 2.10.12.05 and earlier allows remote attackers to discover the hidden IP address of arbitrary +x users via a series of /silence commands with (1) CIDR mask arguments or (2) certain other arguments that represent groups of IP addresses, then monitoring CTCP ping replies.","releases":{"buster":{"fixed_version":"2.10.12.10.dfsg1-1","repositories":{"buster":"2.10.12.10.dfsg1-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.10.12.10.dfsg1-1","repositories":{"stretch":"2.10.12.10.dfsg1-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.10.12.10.dfsg1-1","repositories":{"jessie":"2.10.12.10.dfsg1-1.1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.10.12.10.dfsg1-1","repositories":{"sid":"2.10.12.10.dfsg1-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-4410":{"debianbug":439314,"scope":"remote","description":"ircu 2.10.12.05 and earlier does not properly synchronize a kick action in certain cross scenarios, which allows remote authenticated operators to prevent later kick or de-op actions from non-local ops.","releases":{"buster":{"fixed_version":"2.10.12.10.dfsg1-1","repositories":{"buster":"2.10.12.10.dfsg1-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.10.12.10.dfsg1-1","repositories":{"stretch":"2.10.12.10.dfsg1-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.10.12.10.dfsg1-1","repositories":{"jessie":"2.10.12.10.dfsg1-1.1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.10.12.10.dfsg1-1","repositories":{"sid":"2.10.12.10.dfsg1-3"},"urgency":"low","status":"resolved"}}}}
{"TEMP-0000000-583651":{"releases":{"buster":{"fixed_version":"2:3.23-1","repositories":{"buster":"2:3.42.1-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2:3.23-1","repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2:3.26-1+debu8u1","repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"2:3.23-1","repositories":{"sid":"2:3.42.1-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-1569":{"debianbug":773625,"scope":"remote","description":"The definite_length_decoder function in lib/util/quickder.c in Mozilla Network Security Services (NSS) before 3.16.2.4 and 3.17.x before 3.17.3 does not ensure that the DER encoding of an ASN.1 length is properly formed, which allows remote attackers to conduct data-smuggling attacks by using a long byte sequence for an encoding, as demonstrated by the SEC_QuickDERDecodeItem function's improper handling of an arbitrary-length encoding of 0x00.","releases":{"buster":{"fixed_version":"2:3.17.2-1.1","repositories":{"buster":"2:3.42.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2:3.17.2-1.1","repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2:3.17.2-1.1","repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2:3.17.2-1.1","repositories":{"sid":"2:3.42.1-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1568":{"scope":"remote","description":"Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a \"signature malleability\" issue.","releases":{"buster":{"fixed_version":"2:3.17.1-1","repositories":{"buster":"2:3.42.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2:3.17.1-1","repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2:3.17.1-1","repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2:3.17.1-1","repositories":{"sid":"2:3.42.1-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7805":{"scope":"remote","description":"During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.","releases":{"buster":{"fixed_version":"2:3.33-1","repositories":{"buster":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:3.26.2-1.1+deb9u1","repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:3.26-1+debu8u3","repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:3.33-1","repositories":{"sid":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-3640":{"debianbug":647614,"scope":"remote","description":"** DISPUTED ** Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory.  NOTE: the vendor's response was \"Strange behavior, but we're not treating this as a security bug.\"","releases":{"buster":{"fixed_version":"3.13.1.with.ckbi.1.88-1","repositories":{"buster":"2:3.42.1-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.13.1.with.ckbi.1.88-1","repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3.13.1.with.ckbi.1.88-1","repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"3.13.1.with.ckbi.1.88-1","repositories":{"sid":"2:3.42.1-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-5461":{"debianbug":862958,"scope":"remote","description":"Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations.","releases":{"buster":{"fixed_version":"2:3.26.2-1.1","repositories":{"buster":"2:3.42.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2:3.26.2-1.1","repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2:3.26-1+debu8u2","repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2:3.26.2-1.1","repositories":{"sid":"2:3.42.1-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-2834":{"scope":"remote","description":"Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.","releases":{"buster":{"fixed_version":"2:3.23-1","repositories":{"buster":"2:3.42.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2:3.23-1","repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2:3.26-1+debu8u1","repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2:3.23-1","repositories":{"sid":"2:3.42.1-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-5462":{"debianbug":862958,"scope":"remote","description":"A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.","releases":{"buster":{"fixed_version":"2:3.26.2-1.1","repositories":{"buster":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:3.26.2-1.1","repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:3.26-1+debu8u2","repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:3.26.2-1.1","repositories":{"sid":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-0791":{"scope":"remote","description":"The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate.","releases":{"buster":{"fixed_version":"2:3.14.3-1","repositories":{"buster":"2:3.42.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2:3.14.3-1","repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2:3.14.3-1","repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2:3.14.3-1","repositories":{"sid":"2:3.42.1-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-4000":{"scope":"remote","description":"The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the \"Logjam\" issue.","releases":{"buster":{"fixed_version":"2:3.19.1-1","repositories":{"buster":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:3.19.1-1","repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:3.26-1+debu8u1","repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:3.19.1-1","repositories":{"sid":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-12384":{"debianbug":908332,"scope":"remote","description":"When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3.","releases":{"buster":{"fixed_version":"2:3.39-1","repositories":{"buster":"2:3.42.1-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue, can be fixed along in future DSA","repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"low","nodsa_reason":"postponed","status":"open"},"jessie":{"nodsa":"Minor issue, can be fixed along in future DSA","repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"low","nodsa_reason":"postponed","status":"open"},"sid":{"fixed_version":"2:3.39-1","repositories":{"sid":"2:3.42.1-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-5605":{"scope":"remote","description":"Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets.","releases":{"buster":{"fixed_version":"2:3.15.3-1","repositories":{"buster":"2:3.42.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2:3.15.3-1","repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2:3.15.3-1","repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2:3.15.3-1","repositories":{"sid":"2:3.42.1-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-5606":{"debianbug":735105,"scope":"remote","description":"The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions via a crafted certificate.","releases":{"buster":{"fixed_version":"2:3.15.3-1","repositories":{"buster":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:3.15.3-1","repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:3.15.3-1","repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:3.15.3-1","repositories":{"sid":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-2408":{"debianbug":539934,"scope":"remote","description":"Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5.","releases":{"buster":{"fixed_version":"3.12.3-1","repositories":{"buster":"2:3.42.1-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"3.12.3-1","repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"3.12.3-1","repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"3.12.3-1","repositories":{"sid":"2:3.42.1-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2009-2409":{"debianbug":539895,"scope":"remote","description":"The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time.  NOTE: the scope of this issue is currently limited because the amount of computation required is still large.","releases":{"buster":{"fixed_version":"3.12.3-1","repositories":{"buster":"2:3.42.1-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.12.3-1","repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3.12.3-1","repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"3.12.3-1","repositories":{"sid":"2:3.42.1-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-2404":{"debianbug":539934,"scope":"remote","description":"Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.","releases":{"buster":{"fixed_version":"3.12.3-1","repositories":{"buster":"2:3.42.1-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.12.3-1","repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3.12.3-1","repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"3.12.3-1","repositories":{"sid":"2:3.42.1-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-9574":{"scope":"remote","description":"nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.","releases":{"buster":{"fixed_version":"2:3.25-1","repositories":{"buster":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:3.25-1","repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:3.25-1","repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:3.25-1","repositories":{"sid":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-7181":{"scope":"remote","description":"The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a \"use-after-poison\" issue.","releases":{"buster":{"fixed_version":"2:3.20.1-1","repositories":{"buster":"2:3.42.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2:3.20.1-1","repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2:3.26-1+debu8u1","repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2:3.20.1-1","repositories":{"sid":"2:3.42.1-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-0169":{"debianbug":699885,"scope":"remote","description":"The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the \"Lucky Thirteen\" issue.","releases":{"buster":{"fixed_version":"2:3.14.3-1","repositories":{"buster":"2:3.42.1-1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2:3.14.3-1","repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"2:3.14.3-1","repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2:3.14.3-1","repositories":{"sid":"2:3.42.1-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-0800":{"scope":"remote","description":"The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a \"DROWN\" attack.","releases":{"buster":{"fixed_version":"3.13","repositories":{"buster":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.13","repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.13","repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.13","repositories":{"sid":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-7182":{"scope":"remote","description":"Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.","releases":{"buster":{"fixed_version":"2:3.20.1-1","repositories":{"buster":"2:3.42.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2:3.20.1-1","repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2:3.26-1+debu8u1","repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2:3.20.1-1","repositories":{"sid":"2:3.42.1-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-1979":{"scope":"remote","description":"Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding.","releases":{"buster":{"fixed_version":"2:3.21-1","repositories":{"buster":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:3.21-1","repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:3.26-1+debu8u1","repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:3.21-1","repositories":{"sid":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-1739":{"debianbug":726473,"scope":"remote","description":"Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure.","releases":{"buster":{"fixed_version":"2:3.15.2-1","repositories":{"buster":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:3.15.2-1","repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:3.15.2-1","repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:3.15.2-1","repositories":{"sid":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-1978":{"scope":"remote","description":"Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption.","releases":{"buster":{"fixed_version":"2:3.21-1","repositories":{"buster":"2:3.42.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2:3.21-1","repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2:3.26-1+debu8u1","repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2:3.21-1","repositories":{"sid":"2:3.42.1-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-2730":{"scope":"remote","description":"Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof ECDSA signatures via unspecified vectors.","releases":{"buster":{"fixed_version":"2:3.19.1-1","repositories":{"buster":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:3.19.1-1","repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:3.17.2-1.1+deb8u1","repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:3.19.1-1","repositories":{"sid":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-1938":{"scope":"remote","description":"The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.","releases":{"buster":{"fixed_version":"2:3.21-1","repositories":{"buster":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:3.21-1","repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:3.26-1+debu8u1","repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:3.21-1","repositories":{"sid":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-3566":{"debianbug":765539,"scope":"remote","description":"The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the \"POODLE\" issue.","releases":{"buster":{"fixed_version":"2:3.17.1-1","repositories":{"buster":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:3.17.1-1","repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:3.17.1-1","repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:3.17.1-1","repositories":{"sid":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-8635":{"scope":"remote","description":"It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.","releases":{"buster":{"fixed_version":"2:3.25-1","repositories":{"buster":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:3.25-1","repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:3.25-1","repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:3.25-1","repositories":{"sid":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-3389":{"debianbug":645881,"scope":"remote","description":"The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.","releases":{"buster":{"fixed_version":"3.13.1.with.ckbi.1.88-1","repositories":{"buster":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.13.1.with.ckbi.1.88-1","repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.13.1.with.ckbi.1.88-1","repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.13.1.with.ckbi.1.88-1","repositories":{"sid":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5285":{"releases":{"buster":{"fixed_version":"2:3.25-1","repositories":{"buster":"2:3.42.1-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"2:3.25-1","repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"2:3.25-1","repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"2:3.25-1","repositories":{"sid":"2:3.42.1-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2014-1544":{"scope":"remote","description":"Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain.","releases":{"buster":{"fixed_version":"2:3.16.3-1","repositories":{"buster":"2:3.42.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2:3.16.3-1","repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2:3.16.3-1","repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2:3.16.3-1","repositories":{"sid":"2:3.42.1-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-1741":{"debianbug":735105,"scope":"remote","description":"Integer overflow in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value.","releases":{"buster":{"fixed_version":"2:3.15.3-1","repositories":{"buster":"2:3.42.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2:3.15.3-1","repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2:3.15.3-1","repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2:3.15.3-1","repositories":{"sid":"2:3.42.1-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-1620":{"debianbug":699888,"scope":"remote","description":"The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.","releases":{"buster":{"fixed_version":"2:3.14.3-1","repositories":{"buster":"2:3.42.1-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2:3.14.3-1","repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2:3.14.3-1","repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2:3.14.3-1","repositories":{"sid":"2:3.42.1-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-1740":{"scope":"remote","description":"The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic.","releases":{"buster":{"fixed_version":"2:3.15.4-1","repositories":{"buster":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:3.15.4-1","repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:3.15.4-1","repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:3.15.4-1","repositories":{"sid":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7502":{"debianbug":863839,"scope":"remote","description":"Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker.","releases":{"buster":{"fixed_version":"2:3.26.2-1.1","repositories":{"buster":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:3.26.2-1.1","repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:3.26-1+debu8u2","repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:3.26.2-1.1","repositories":{"sid":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-18508":{"debianbug":921614,"releases":{"buster":{"fixed_version":"2:3.42.1-1","repositories":{"buster":"2:3.42.1-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"not yet assigned","status":"open"},"jessie":{"fixed_version":"2:3.26-1+debu8u4","repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"2:3.42.1-1","repositories":{"sid":"2:3.42.1-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-12404":{"scope":"remote","description":"A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.","releases":{"buster":{"fixed_version":"2:3.41-1","repositories":{"buster":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"medium**","status":"open"},"jessie":{"fixed_version":"2:3.26-1+debu8u4","repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:3.41-1","repositories":{"sid":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-2721":{"scope":"remote","description":"Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a \"SMACK SKIP-TLS\" issue.","releases":{"buster":{"fixed_version":"2:3.19.1-1","repositories":{"buster":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:3.19.1-1","repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:3.17.2-1.1+deb8u1","repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:3.19.1-1","repositories":{"sid":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-0441":{"scope":"remote","description":"The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response.","releases":{"buster":{"fixed_version":"3.13.4-1","repositories":{"buster":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.13.4-1","repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.13.4-1","repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.13.4-1","repositories":{"sid":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-7575":{"scope":"remote","description":"Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.","releases":{"buster":{"fixed_version":"2:3.21-1","repositories":{"buster":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:3.21-1","repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:3.26-1+debu8u1","repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:3.21-1","repositories":{"sid":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9074":{"scope":"remote","description":"An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.","releases":{"buster":{"fixed_version":"2:3.26.2-1","repositories":{"buster":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:3.26.2-1","repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue, can be fixed in point release or future DSA","repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2:3.26.2-1","repositories":{"sid":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-3173":{"scope":"remote","description":"The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.","releases":{"buster":{"fixed_version":"3.12.8-1","repositories":{"buster":"2:3.42.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.12.8-1","repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.12.8-1","repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.12.8-1","repositories":{"sid":"2:3.42.1-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-3170":{"scope":"remote","description":"Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.","releases":{"buster":{"fixed_version":"3.12.8-1","repositories":{"buster":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.12.8-1","repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.12.8-1","repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.12.8-1","repositories":{"sid":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-11696":{"debianbug":873257,"scope":"local","description":"Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.","releases":{"buster":{"repositories":{"buster":"2:3.42.1-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2:3.42.1-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-11695":{"debianbug":873256,"scope":"local","description":"Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.","releases":{"buster":{"repositories":{"buster":"2:3.42.1-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2:3.42.1-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2009-3555":{"debianbug":704946,"scope":"remote","description":"The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue.","releases":{"buster":{"fixed_version":"3.12.6-1","repositories":{"buster":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.12.6-1","repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.12.6-1","repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.12.6-1","repositories":{"sid":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-1950":{"scope":"remote","description":"Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.","releases":{"buster":{"fixed_version":"2:3.23-1","repositories":{"buster":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:3.23-1","repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:3.26-1+debu8u1","repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:3.23-1","repositories":{"sid":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-11698":{"debianbug":873259,"scope":"local","description":"Heap-based buffer overflow in the __get_page function in lib/dbm/src/h_page.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.","releases":{"buster":{"repositories":{"buster":"2:3.42.1-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2:3.42.1-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2014-1490":{"scope":"remote","description":"Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket.","releases":{"buster":{"fixed_version":"2:3.15.4-1","repositories":{"buster":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:3.15.4-1","repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:3.15.4-1","repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:3.15.4-1","repositories":{"sid":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-11697":{"debianbug":873258,"scope":"local","description":"The __hash_open function in hash.c:229 in Mozilla Network Security Services (NSS) allows context-dependent attackers to cause a denial of service (floating point exception and crash) via a crafted cert8.db file.","releases":{"buster":{"repositories":{"buster":"2:3.42.1-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2:3.42.1-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2014-1492":{"scope":"remote","description":"The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate.","releases":{"buster":{"fixed_version":"2:3.16-1","repositories":{"buster":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:3.16-1","repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:3.16-1","repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:3.16-1","repositories":{"sid":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-1491":{"scope":"remote","description":"Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value.","releases":{"buster":{"fixed_version":"2:3.15.4-1","repositories":{"buster":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:3.15.4-1","repositories":{"stretch-security":"2:3.26.2-1.1+deb9u1","stretch":"2:3.26.2-1.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:3.15.4-1","repositories":{"jessie":"2:3.26-1+debu8u3","jessie-security":"2:3.26-1+debu8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:3.15.4-1","repositories":{"sid":"2:3.42.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-19760":{"scope":"remote","description":"cfg_init in confuse.c in libConfuse 3.2.2 has a memory leak.","releases":{"buster":{"repositories":{"buster":"3.2.2+dfsg-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.0+dfsg-2+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.7-5","jessie-security":"2.7-5+deb8u1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.2.2+dfsg-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2018-14447":{"debianbug":904159,"scope":"remote","description":"trim_whitespace in lexer.l in libConfuse v3.2.1 has an out-of-bounds read.","releases":{"buster":{"fixed_version":"3.2.1+dfsg-5","repositories":{"buster":"3.2.2+dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.0+dfsg-2+deb9u1","repositories":{"stretch":"3.0+dfsg-2+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.7-5+deb8u1","repositories":{"jessie":"2.7-5","jessie-security":"2.7-5+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.2.1+dfsg-5","repositories":{"sid":"3.2.2+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-3720":{"debianbug":551936,"scope":"remote","description":"The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.","releases":{"buster":{"fixed_version":"3.6.2-1","repositories":{"buster":"5.4.1+dfsg4-3.1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"3.6.2-1","repositories":{"stretch":"5.1.2+dfsg1-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"3.6.2-1","repositories":{"jessie":"4.1.0+dfsg+1-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"3.6.2-1","repositories":{"sid":"5.4.1+dfsg4-3.1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-3560":{"debianbug":560901,"scope":"remote","description":"The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.","releases":{"buster":{"fixed_version":"3.6.2-1","repositories":{"buster":"5.4.1+dfsg4-3.1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"3.6.2-1","repositories":{"stretch":"5.1.2+dfsg1-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"3.6.2-1","repositories":{"jessie":"4.1.0+dfsg+1-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"3.6.2-1","repositories":{"sid":"5.4.1+dfsg4-3.1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-5214":{"scope":"local","description":"Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is performed, which allows local users to read Xsession errors files of other users.","releases":{"buster":{"fixed_version":"1:7.1.0-13","repositories":{"buster":"1:7.7+19"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:7.1.0-13","repositories":{"stretch":"1:7.7+19"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:7.1.0-13","repositories":{"jessie":"1:7.7+7"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:7.1.0-13","repositories":{"sid":"1:7.7+19"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-4613":{"debianbug":652249,"scope":"local","description":"The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY.","releases":{"buster":{"fixed_version":"1:7.6+10","repositories":{"buster":"1:7.7+19"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:7.6+10","repositories":{"stretch":"1:7.7+19"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:7.6+10","repositories":{"jessie":"1:7.7+7"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:7.6+10","repositories":{"sid":"1:7.7+19"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-1093":{"debianbug":661627,"releases":{"buster":{"fixed_version":"1:7.6+12","repositories":{"buster":"1:7.7+19"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"1:7.6+12","repositories":{"stretch":"1:7.7+19"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"1:7.6+12","repositories":{"jessie":"1:7.7+7"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"1:7.6+12","repositories":{"sid":"1:7.7+19"},"urgency":"not yet assigned","status":"resolved"}}}}
{"TEMP-0000000-269968":{"releases":{"buster":{"fixed_version":"1:7.6+10","repositories":{"buster":"1:7.7+19"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:7.6+10","repositories":{"stretch":"1:7.7+19"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:7.6+10","repositories":{"jessie":"1:7.7+7"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:7.6+10","repositories":{"sid":"1:7.7+19"},"urgency":"low","status":"resolved"}}}}
{"CVE-2006-1321":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in webcheck before 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the (1) url, (2) title, or (3) author name in a crawled page, which is not properly sanitized in the tooltips of a report.","releases":{"buster":{"fixed_version":"1.9.6","repositories":{"buster":"1.10.4-1.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.9.6","repositories":{"stretch":"1.10.4-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.9.6","repositories":{"jessie":"1.10.4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.9.6","repositories":{"sid":"1.10.4-1.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-20200":{"scope":"remote","description":"** DISPUTED ** CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application. NOTE: This id is disputed because some parties don't consider this is a vulnerability. Their rationale can be found in https://github.com/square/okhttp/issues/4967.","releases":{"buster":{"repositories":{"buster":"3.13.1-1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.13.1-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2014-3956":{"debianbug":750562,"scope":"local","description":"The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.","releases":{"buster":{"fixed_version":"8.14.4-6","repositories":{"buster":"8.15.2-12"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"8.14.4-6","repositories":{"stretch":"8.15.2-8"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"8.14.4-6","repositories":{"jessie":"8.14.4-8+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"8.14.4-6","repositories":{"sid":"8.15.2-12"},"urgency":"low","status":"resolved"}}}}
{"CVE-2003-0308":{"scope":"local","description":"The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely create temporary files, which could allow local users to gain additional privileges via (1) expn, (2) checksendmail, or (3) doublebounce.pl.","releases":{"buster":{"fixed_version":"8.12.9-2","repositories":{"buster":"8.15.2-12"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"8.12.9-2","repositories":{"stretch":"8.15.2-8"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"8.12.9-2","repositories":{"jessie":"8.14.4-8+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"8.12.9-2","repositories":{"sid":"8.15.2-12"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-7175":{"scope":"remote","description":"The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not allow the administrator to disable SSLv2 encryption, which could cause less secure channels to be used than desired.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"8.15.2-12"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"8.15.2-8"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"8.14.4-8+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"8.15.2-12"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2002-2261":{"scope":"remote","description":"Sendmail 8.9.0 through 8.12.6 allows remote attackers to bypass relaying restrictions enforced by the 'check_relay' function by spoofing a blank DNS hostname.","releases":{"buster":{"fixed_version":"8.12.7","repositories":{"buster":"8.15.2-12"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"8.12.7","repositories":{"stretch":"8.15.2-8"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"8.12.7","repositories":{"jessie":"8.14.4-8+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"8.12.7","repositories":{"sid":"8.15.2-12"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-7176":{"scope":"remote","description":"The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not reject the \"localhost.localdomain\" domain name for e-mail messages that come from external hosts, which might allow remote attackers to spoof messages.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"8.15.2-12"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"8.15.2-8"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"8.14.4-8+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"8.15.2-12"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2002-0906":{"scope":"remote","description":"Buffer overflow in Sendmail before 8.12.5, when configured to use a custom DNS map to query TXT records, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malicious DNS server.","releases":{"buster":{"fixed_version":"8.12.5","repositories":{"buster":"8.15.2-12"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"8.12.5","repositories":{"stretch":"8.15.2-8"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"8.12.5","repositories":{"jessie":"8.14.4-8+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"8.12.5","repositories":{"sid":"8.15.2-12"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2003-0688":{"scope":"remote","description":"The DNS map code in Sendmail 8.12.8 and earlier, when using the \"enhdnsbl\" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect data.","releases":{"buster":{"fixed_version":"8.12.9","repositories":{"buster":"8.15.2-12"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"8.12.9","repositories":{"stretch":"8.15.2-8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"8.12.9","repositories":{"jessie":"8.14.4-8+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"8.12.9","repositories":{"sid":"8.15.2-12"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2004-0833":{"scope":"remote","description":"Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and sasl-bin, uses a Sendmail configuration script with a fixed username and password, which could allow remote attackers to use Sendmail as an open mail relay and send spam messages.","releases":{"buster":{"fixed_version":"8.13.1-13","repositories":{"buster":"8.15.2-12"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"8.13.1-13","repositories":{"stretch":"8.15.2-8"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"8.13.1-13","repositories":{"jessie":"8.14.4-8+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"8.13.1-13","repositories":{"sid":"8.15.2-12"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2003-0694":{"scope":"remote","description":"The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.","releases":{"buster":{"fixed_version":"8.12.10-1","repositories":{"buster":"8.15.2-12"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"8.12.10-1","repositories":{"stretch":"8.15.2-8"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"8.12.10-1","repositories":{"jessie":"8.14.4-8+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"8.12.10-1","repositories":{"sid":"8.15.2-12"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-0058":{"debianbug":358440,"scope":"remote","description":"Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations.","releases":{"buster":{"fixed_version":"8.13.6-1","repositories":{"buster":"8.15.2-12"},"urgency":"high","status":"resolved"},"stretch":{"fixed_version":"8.13.6-1","repositories":{"stretch":"8.15.2-8"},"urgency":"high","status":"resolved"},"jessie":{"fixed_version":"8.13.6-1","repositories":{"jessie":"8.14.4-8+deb8u2"},"urgency":"high","status":"resolved"},"sid":{"fixed_version":"8.13.6-1","repositories":{"sid":"8.15.2-12"},"urgency":"high","status":"resolved"}}}}
{"CVE-2003-0681":{"scope":"remote","description":"A \"potential buffer overflow in ruleset parsing\" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.","releases":{"buster":{"fixed_version":"8.12.10-1","repositories":{"buster":"8.15.2-12"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"8.12.10-1","repositories":{"stretch":"8.15.2-8"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"8.12.10-1","repositories":{"jessie":"8.14.4-8+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"8.12.10-1","repositories":{"sid":"8.15.2-12"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-4434":{"debianbug":385054,"scope":"remote","description":"Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long \"header line\", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying \"The only denial of service that is possible here is to fill up the disk with core dumps if the OS actually generates different core dumps (which is unlikely)... the bug is in the shutdown code (finis()) which leads directly to exit(3), i.e., the process would terminate anyway, no mail delivery or receiption is affected.\"","releases":{"buster":{"fixed_version":"8.13.8-1","repositories":{"buster":"8.15.2-12"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"8.13.8-1","repositories":{"stretch":"8.15.2-8"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"8.13.8-1","repositories":{"jessie":"8.14.4-8+deb8u2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"8.13.8-1","repositories":{"sid":"8.15.2-12"},"urgency":"medium","status":"resolved"}}}}
{"TEMP-0841257-B7CD60":{"debianbug":841257,"releases":{"buster":{"fixed_version":"8.15.2-7","repositories":{"buster":"8.15.2-12"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"8.15.2-7","repositories":{"stretch":"8.15.2-8"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"8.14.4-8+deb8u2","repositories":{"jessie":"8.14.4-8+deb8u2"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"8.15.2-7","repositories":{"sid":"8.15.2-12"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2002-1337":{"scope":"remote","description":"Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.","releases":{"buster":{"fixed_version":"8.13.0.PreAlpha4-0","repositories":{"buster":"8.15.2-12"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"8.13.0.PreAlpha4-0","repositories":{"stretch":"8.15.2-8"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"8.13.0.PreAlpha4-0","repositories":{"jessie":"8.14.4-8+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"8.13.0.PreAlpha4-0","repositories":{"sid":"8.15.2-12"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2003-0161":{"scope":"remote","description":"The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special \"NOCHAR\" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.","releases":{"buster":{"fixed_version":"8.12.9-1","repositories":{"buster":"8.15.2-12"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"8.12.9-1","repositories":{"stretch":"8.15.2-8"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"8.12.9-1","repositories":{"jessie":"8.14.4-8+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"8.12.9-1","repositories":{"sid":"8.15.2-12"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2002-1827":{"scope":"local","description":"Sendmail 8.9.0 through 8.12.3 allows local users to cause a denial of service by obtaining an exclusive lock on the (1) alias, (2) map, (3) statistics, and (4) pid files.","releases":{"buster":{"fixed_version":"8.12-4","repositories":{"buster":"8.15.2-12"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"8.12-4","repositories":{"stretch":"8.15.2-8"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"8.12-4","repositories":{"jessie":"8.14.4-8+deb8u2"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"8.12-4","repositories":{"sid":"8.15.2-12"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2009-4565":{"debianbug":564581,"scope":"remote","description":"sendmail before 8.14.4 does not properly handle a '\\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.","releases":{"buster":{"fixed_version":"8.14.3-9.1","repositories":{"buster":"8.15.2-12"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"8.14.3-9.1","repositories":{"stretch":"8.15.2-8"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"8.14.3-9.1","repositories":{"jessie":"8.14.4-8+deb8u2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"8.14.3-9.1","repositories":{"sid":"8.15.2-12"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2006-1173":{"debianbug":373801,"scope":"remote","description":"Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files.","releases":{"buster":{"fixed_version":"8.13.7-1","repositories":{"buster":"8.15.2-12"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"8.13.7-1","repositories":{"stretch":"8.15.2-8"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"8.13.7-1","repositories":{"jessie":"8.14.4-8+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"8.13.7-1","repositories":{"sid":"8.15.2-12"},"urgency":"low","status":"resolved"}}}}
{"CVE-2002-1165":{"scope":"local","description":"Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, 8.11.6-15, and possibly other versions after 8.11 from 5/19/1998, allows attackers to bypass the intended restrictions of smrsh by inserting additional commands after (1) \"||\" sequences or (2) \"/\" characters, which are not properly filtered or verified.","releases":{"buster":{"fixed_version":"8.12.3-5","repositories":{"buster":"8.15.2-12"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"8.12.3-5","repositories":{"stretch":"8.15.2-8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"8.12.3-5","repositories":{"jessie":"8.14.4-8+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"8.12.3-5","repositories":{"sid":"8.15.2-12"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-1999-1580":{"scope":"local","description":"SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding host argument, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable and passing crafted values to the -oR option.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"8.15.2-12"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"8.15.2-8"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"8.14.4-8+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"8.15.2-12"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-1999-1592":{"scope":"remote","description":"Multiple unspecified vulnerabilities in sendmail 5, as installed on Sun SunOS 4.1.3_U1 and 4.1.4, have unspecified attack vectors and impact.  NOTE: this might overlap CVE-1999-0129.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"8.15.2-12"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"8.15.2-8"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"8.14.4-8+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"8.15.2-12"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-1490":{"scope":"remote","description":"Heap-based buffer overflow in Sendmail before 8.13.2 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long X- header, as demonstrated by an X-Testing header.","releases":{"buster":{"fixed_version":"8.13.2-0","repositories":{"buster":"8.15.2-12"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"8.13.2-0","repositories":{"stretch":"8.15.2-8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"8.13.2-0","repositories":{"jessie":"8.14.4-8+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"8.13.2-0","repositories":{"sid":"8.15.2-12"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0612034-33CBAD":{"debianbug":612034,"releases":{"buster":{"fixed_version":"0.6.3-4","repositories":{"buster":"0.8.11-7"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.6.3-4","repositories":{"stretch":"0.8.7-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.6.3-4","repositories":{"jessie":"0.6.11-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.6.3-4","repositories":{"sid":"0.8.11-7"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-1933":{"debianbug":622919,"releases":{"buster":{"fixed_version":"0.68-1","repositories":{"buster":"0.78-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.68-1","repositories":{"stretch":"0.78-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.68-1","repositories":{"jessie":"0.77-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.68-1","repositories":{"sid":"0.78-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-7753":{"debianbug":892252,"scope":"remote","description":"An issue was discovered in Bleach 2.1.x before 2.1.3. Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possible to construct a URI value with a scheme that was not allowed that would slide through unsanitized.","releases":{"buster":{"fixed_version":"2.1.3-1","repositories":{"buster":"3.1.0-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.0-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.4-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.1.3-1","repositories":{"sid":"3.1.0-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-8557":{"debianbug":802828,"scope":"remote","description":"The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name.","releases":{"buster":{"fixed_version":"2.0.1+dfsg-2","repositories":{"buster":"2.3.1+dfsg-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.0.1+dfsg-2","repositories":{"stretch":"2.2.0+dfsg-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.0.1+dfsg-1.1+deb8u1","repositories":{"jessie":"2.0.1+dfsg-1.1+deb8u1","jessie-security":"2.0.1+dfsg-1.1+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.0.1+dfsg-2","repositories":{"sid":"2.3.1+dfsg-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2019-3804":{"scope":"remote","description":"It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash.","releases":{"buster":{"fixed_version":"184-1","repositories":{"buster":"188-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"184-1","repositories":{"sid":"188-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5725":{"scope":"remote","description":"Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\\ (dot dot backslash) in a response to a recursive GET command.","releases":{"buster":{"fixed_version":"0.1.54-1","repositories":{"buster":"0.1.55-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.1.54-1","repositories":{"stretch":"0.1.54-1"},"urgency":"low","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.1.51-1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.1.54-1","repositories":{"sid":"0.1.55-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-4523":{"scope":"remote","description":"radsecproxy before 1.6.1 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spoof clients.","releases":{"buster":{"fixed_version":"1.6.2-1","repositories":{"buster":"1.7.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.6.2-1","repositories":{"stretch":"1.6.8-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.6.2-1","repositories":{"jessie":"1.6.5-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.6.2-1","repositories":{"sid":"1.7.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-4566":{"scope":"remote","description":"The DTLS support in radsecproxy before 1.6.2 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spoof clients, a different vulnerability than CVE-2012-4523.","releases":{"buster":{"fixed_version":"1.6.2-1","repositories":{"buster":"1.7.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.6.2-1","repositories":{"stretch":"1.6.8-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.6.2-1","repositories":{"jessie":"1.6.5-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.6.2-1","repositories":{"sid":"1.7.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-0706":{"debianbug":304799,"scope":"remote","description":"Buffer overflow in discdb.c for grip 3.1.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the cddb lookup to return more matches than expected.","releases":{"buster":{"fixed_version":"3.2.0-4","repositories":{"buster":"4.2.0-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.2.0-4","repositories":{"stretch":"4.2.0-3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"3.2.0-4","repositories":{"sid":"4.2.0-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-17718":{"debianbug":884693,"scope":"remote","description":"The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation.","releases":{"buster":{"fixed_version":"0.16.1-1","repositories":{"buster":"0.16.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.12.1-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.8.0-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0.16.1-1","repositories":{"sid":"0.16.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-0083":{"releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.16.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"0.12.1-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.8.0-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.16.1-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-6085":{"scope":"remote","description":"Kile before 1.9.3 does not assign a backup file the same permissions as the original file, which might allow local users to obtain sensitive information.","releases":{"buster":{"fixed_version":"1:1.9.3-1","repositories":{"buster":"4:2.9.92-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:1.9.3-1","repositories":{"stretch":"4:2.1.3-4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:1.9.3-1","repositories":{"jessie":"4:2.1.3-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:1.9.3-1","repositories":{"sid":"4:2.9.92-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-1932":{"debianbug":617960,"scope":"remote","description":"Directory traversal vulnerability in io/filesystem/filesystem.cc in Widelands before 15.1 might allow remote attackers to overwrite arbitrary files via . (dot) characters in a pathname that is used for a file transfer in an Internet game.","releases":{"buster":{"fixed_version":"1:15-3","repositories":{"buster":"1:19+repack-6"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:15-3","repositories":{"stretch":"1:19+repack-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:15-3","repositories":{"jessie":"1:18-3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:15-3","repositories":{"sid":"1:19+repack-6"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-4675":{"scope":"remote","description":"The pathname canonicalization functionality in io/filesystem/filesystem.cc in Widelands before 15.1 expands leading ~ (tilde) characters to home-directory pathnames but does not restrict use of these characters in strings received from the network, which might allow remote attackers to conduct absolute path traversal attacks and overwrite arbitrary files via a ~ in a pathname that is used for a file transfer in an Internet game, a different vulnerability than CVE-2011-1932.","releases":{"buster":{"fixed_version":"1:15-3","repositories":{"buster":"1:19+repack-6"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:15-3","repositories":{"stretch":"1:19+repack-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:15-3","repositories":{"jessie":"1:18-3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:15-3","repositories":{"sid":"1:19+repack-6"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-3770":{"debianbug":437454,"scope":"remote","description":"The terminal_helper_execute function in terminal/terminal.c in Xfce Terminal 0.2.6 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a crafted link, as demonstrated using the \"Open Link\" functionality.","releases":{"buster":{"fixed_version":"0.2.6-3","repositories":{"buster":"0.8.7.4-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.2.6-3","repositories":{"stretch":"0.8.3-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.2.6-3","repositories":{"jessie":"0.6.3-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.2.6-3","repositories":{"sid":"0.8.7.4-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-2561":{"debianbug":704063,"scope":"local","description":"OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary files via a symlink attack on (1) ibdiagnet.db, (2) ibdiagnet.fdbs, (3) ibdiagnet_ibis.log, (4) ibdiagnet.log, (5) ibdiagnet.lst, (6) ibdiagnet.mcfdbs, (7) ibdiagnet.pkey, (8) ibdiagnet.psl, (9) ibdiagnet.slvl, or (10) ibdiagnet.sm in /tmp/.","releases":{"buster":{"fixed_version":"1.5.7-2","repositories":{"buster":"1.5.7+0.2.gbd7e502-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.5.7-2","repositories":{"stretch":"1.5.7-5"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.5.7-2","repositories":{"jessie":"1.5.7-3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.5.7-2","repositories":{"sid":"1.5.7+0.2.gbd7e502-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-3277":{"scope":"local","description":"Untrusted search path vulnerability in a certain Red Hat build script for the ibmssh executable in ibutils packages before ibutils-1.5.7-2.el6 in Red Hat Enterprise Linux (RHEL) 6 and ibutils-1.2-11.2.el5 in Red Hat Enterprise Linux (RHEL) 5 allows local users to gain privileges via a Trojan Horse program in refix/lib/, related to an incorrect RPATH setting in the ELF header.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.5.7+0.2.gbd7e502-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.5.7-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.5.7-3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.5.7+0.2.gbd7e502-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2004-0366":{"scope":"remote","description":"SQL injection vulnerability in the libpam-pgsql library before 0.5.2 allows attackers to execute arbitrary SQL statements.","releases":{"stretch":{"fixed_version":"0.5.2-7.1","repositories":{"stretch":"0.7.3.2-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.5.2-7.1","repositories":{"jessie":"0.7.3.2-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.5.2-7.1","repositories":{"sid":"0.7.3.2-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-2516":{"debianbug":481970,"scope":"local","description":"pam_sm_authenticate in pam_pgsql.c in libpam-pgsql 0.6.3 does not properly consider operator precedence when evaluating the success of a pam_get_pass function call, which allows local users to gain privileges via a SIGINT signal when this function is executing, as demonstrated by a CTRL-C sequence at a sudo password prompt in an \"auth sufficient pam_pgsql.so\" configuration.","releases":{"stretch":{"fixed_version":"0.6.3-2","repositories":{"stretch":"0.7.3.2-1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"0.6.3-2","repositories":{"jessie":"0.7.3.2-1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"0.6.3-2","repositories":{"sid":"0.7.3.2-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2003-0672":{"scope":"remote","description":"Format string vulnerability in pam-pgsql 0.5.2 and earlier allows remote attackers to execute arbitrary code via the username that isp rovided during authentication, which is not properly handled when recording a log message.","releases":{"stretch":{"fixed_version":"0.5.2-7","repositories":{"stretch":"0.7.3.2-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.5.2-7","repositories":{"jessie":"0.7.3.2-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.5.2-7","repositories":{"sid":"0.7.3.2-1"},"urgency":"high**","status":"resolved"}}}}
{"TEMP-0603436-5CA466":{"debianbug":603436,"releases":{"stretch":{"fixed_version":"0.7.1-5","repositories":{"stretch":"0.7.3.2-1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"0.7.1-5","repositories":{"jessie":"0.7.3.2-1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"0.7.1-5","repositories":{"sid":"0.7.3.2-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2013-0191":{"debianbug":698241,"scope":"remote","description":"libpam-pgsql (aka pam_pgsql) 0.7 does not properly handle a NULL value returned by the password search query, which allows remote attackers to bypass authentication via a crafted password.","releases":{"stretch":{"fixed_version":"0.7.3.1-4","repositories":{"stretch":"0.7.3.2-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.7.3.1-4","repositories":{"jessie":"0.7.3.2-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.7.3.1-4","repositories":{"sid":"0.7.3.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-3720":{"debianbug":551936,"scope":"remote","description":"The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.","releases":{"buster":{"repositories":{"buster":"0.13+ds1-6"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"0.13+ds1-5"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"0.13+ds1-5"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"0.13+ds1-6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2009-3560":{"debianbug":560901,"scope":"remote","description":"The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.","releases":{"buster":{"repositories":{"buster":"0.13+ds1-6"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"0.13+ds1-5"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"0.13+ds1-5"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"0.13+ds1-6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2015-5219":{"scope":"remote","description":"The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.","releases":{"buster":{"fixed_version":"1:4.2.8p3+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p3+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"low","status":"resolved"},"jessie":{"nodsa":"Minor issue","fixed_version":"1:4.2.6.p5+dfsg-7+deb8u1","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"medium**","nodsa_reason":"","status":"resolved"},"sid":{"fixed_version":"1:4.2.8p3+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2005-2496":{"scope":"local","description":"The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u option and using a string to specify the group, uses the group ID of the user instead of the group, which causes xntpd to run with different privileges than intended.","releases":{"buster":{"fixed_version":"1:4.2.0a+stable-2sarge1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1:4.2.0a+stable-2sarge1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1:4.2.0a+stable-2sarge1","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1:4.2.0a+stable-2sarge1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2018-7170":{"scope":"remote","description":"ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.","releases":{"buster":{"fixed_version":"1:4.2.8p11+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"low**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"low**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"low**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1:4.2.8p11+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-2516":{"scope":"remote","description":"NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive.","releases":{"buster":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:4.2.6.p5+dfsg-7+deb8u2","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-1548":{"scope":"remote","description":"An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched.","releases":{"buster":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:4.2.6.p5+dfsg-7+deb8u2","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-1547":{"scope":"remote","description":"An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled.","releases":{"buster":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:4.2.6.p5+dfsg-7+deb8u2","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-3563":{"debianbug":560074,"scope":"remote","description":"ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.","releases":{"buster":{"fixed_version":"1:4.2.4p8+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1:4.2.4p8+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1:4.2.4p8+dfsg-1","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1:4.2.4p8+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2015-7871":{"scope":"remote","description":"Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.","releases":{"buster":{"fixed_version":"1:4.2.8p4+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p4+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:4.2.6.p5+dfsg-7+deb8u1","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:4.2.8p4+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-1549":{"scope":"remote","description":"A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock.","releases":{"buster":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2517":{"scope":"remote","description":"NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey.  NOTE: this vulnerability exists because of a CVE-2016-2516 regression.","releases":{"buster":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-2518":{"scope":"remote","description":"The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.","releases":{"buster":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:4.2.6.p5+dfsg-7+deb8u2","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2519":{"scope":"remote","description":"ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value.","releases":{"buster":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-7701":{"scope":"remote","description":"Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption).","releases":{"buster":{"fixed_version":"1:4.2.8p4+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p4+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:4.2.6.p5+dfsg-7+deb8u1","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:4.2.8p4+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-7703":{"scope":"remote","description":"The \"pidfile\" or \"driftfile\" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.","releases":{"buster":{"fixed_version":"1:4.2.8p4+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p4+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:4.2.6.p5+dfsg-7+deb8u1","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:4.2.8p4+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-7702":{"scope":"remote","description":"The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash).  NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.","releases":{"buster":{"fixed_version":"1:4.2.8p4+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p4+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:4.2.6.p5+dfsg-7+deb8u1","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:4.2.8p4+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-7705":{"scope":"remote","description":"The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.","releases":{"buster":{"fixed_version":"1:4.2.8p4+dfsg-3","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p4+dfsg-3","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"high**","status":"resolved"},"jessie":{"nodsa":"Default config not affected","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"high**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1:4.2.8p4+dfsg-3","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-7704":{"scope":"remote","description":"The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted \"KOD\" messages.","releases":{"buster":{"fixed_version":"1:4.2.8p4+dfsg-3","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p4+dfsg-3","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:4.2.6.p5+dfsg-7+deb8u1","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:4.2.8p4+dfsg-3","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-5211":{"debianbug":733940,"scope":"remote","description":"The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.","releases":{"buster":{"fixed_version":"1:4.2.8p3+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p3+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"low","status":"resolved"},"jessie":{"nodsa":"No backportable code fix exists, default configuration is safe, tiny subsection of affected users can run a backport","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1:4.2.8p3+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-7433":{"scope":"remote","description":"NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a \"root distance that did not include the peer dispersion.\"","releases":{"buster":{"fixed_version":"1:4.2.8p9+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p9+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:4.2.8p9+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-7434":{"scope":"remote","description":"The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query.","releases":{"buster":{"fixed_version":"1:4.2.8p9+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p9+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:4.2.8p9+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-7431":{"scope":"remote","description":"NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero.  NOTE: this vulnerability exists because of a CVE-2015-8138 regression.","releases":{"buster":{"fixed_version":"1:4.2.8p9+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p9+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:4.2.8p9+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-0021":{"scope":"remote","description":"NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077.","releases":{"buster":{"fixed_version":"1:4.2.4p4+dfsg-8","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.4p4+dfsg-8","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:4.2.4p4+dfsg-8","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:4.2.4p4+dfsg-8","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-7182":{"scope":"remote","description":"The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.","releases":{"buster":{"fixed_version":"1:4.2.8p11+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Can be fixed along in a future update","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"medium**","nodsa_reason":"postponed","status":"open"},"jessie":{"nodsa":"Can be fixed along in a future update","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"medium**","nodsa_reason":"postponed","status":"open"},"sid":{"fixed_version":"1:4.2.8p11+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-7183":{"scope":"remote","description":"Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.","releases":{"buster":{"fixed_version":"1:4.2.8p11+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1:4.2.8p11+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-7184":{"scope":"remote","description":"ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the \"received\" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704.","releases":{"buster":{"fixed_version":"1:4.2.8p11+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1:4.2.8p11+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-7185":{"scope":"remote","description":"The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the \"other side\" of an interleaved association causing the victim ntpd to reset its association.","releases":{"buster":{"fixed_version":"1:4.2.8p11+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1:4.2.8p11+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-9751":{"scope":"remote","description":"The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine's network interface with a packet from the ::1 address.","releases":{"buster":{"fixed_version":"1:4.2.6.p5+dfsg-4","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.6.p5+dfsg-4","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:4.2.6.p5+dfsg-4","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:4.2.6.p5+dfsg-4","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-9750":{"scope":"remote","description":"ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field.","releases":{"buster":{"fixed_version":"1:4.2.6.p5+dfsg-5","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.6.p5+dfsg-5","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:4.2.6.p5+dfsg-5","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:4.2.6.p5+dfsg-5","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-0727":{"debianbug":839998,"scope":"local","description":"The crontab script in the ntp package before 1:4.2.6.p3+dfsg-1ubuntu3.11 on Ubuntu 12.04 LTS, before 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 on Ubuntu 14.04 LTS, on Ubuntu Wily, and before 1:4.2.8p4+dfsg-3ubuntu5.3 on Ubuntu 16.04 LTS allows local users with access to the ntp account to write to arbitrary files and consequently gain privileges via vectors involving statistics directory cleanup.","releases":{"buster":{"fixed_version":"1:4.2.8p9+dfsg-2","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p9+dfsg-2","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"low","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1:4.2.8p9+dfsg-2","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-8158":{"scope":"remote","description":"The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values.","releases":{"buster":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:4.2.6.p5+dfsg-7+deb8u2","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-7855":{"scope":"remote","description":"The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.","releases":{"buster":{"fixed_version":"1:4.2.8p4+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p4+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:4.2.6.p5+dfsg-7+deb8u1","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:4.2.8p4+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-7976":{"scope":"remote","description":"The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.","releases":{"buster":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"low","status":"resolved"},"jessie":{"nodsa":"Minor issue, mitigation exists","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-7975":{"scope":"local","description":"The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service (application crash).","releases":{"buster":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2015-7854":{"scope":"remote","description":"Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file.","releases":{"buster":{"fixed_version":"1:4.2.8p4+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p4+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:4.2.8p4+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-7978":{"scope":"remote","description":"NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list.","releases":{"buster":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:4.2.6.p5+dfsg-7+deb8u2","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9042":{"scope":"remote","description":"An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.","releases":{"buster":{"fixed_version":"1:4.2.8p10+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p10+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:4.2.8p10+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-7977":{"scope":"remote","description":"ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.","releases":{"buster":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:4.2.6.p5+dfsg-7+deb8u2","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-7979":{"scope":"remote","description":"NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client.","releases":{"buster":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:4.2.6.p5+dfsg-7+deb8u2","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6459":{"scope":"local","description":"The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via vectors related to an argument with multiple null bytes.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-0159":{"debianbug":525373,"scope":"remote","description":"Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.","releases":{"buster":{"fixed_version":"1:4.2.4p6+dfsg-2","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:4.2.4p6+dfsg-2","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:4.2.4p6+dfsg-2","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:4.2.4p6+dfsg-2","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-4956":{"scope":"remote","description":"ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.","releases":{"buster":{"fixed_version":"1:4.2.8p8+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p8+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:4.2.8p8+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-4955":{"scope":"remote","description":"ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.","releases":{"buster":{"fixed_version":"1:4.2.8p8+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p8+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"low**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"low**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1:4.2.8p8+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-6451":{"scope":"local","description":"The mx4200_send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which trigger an out-of-bounds memory write.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-4957":{"scope":"remote","description":"ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.","releases":{"buster":{"fixed_version":"1:4.2.8p8+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p8+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:4.2.8p8+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6452":{"scope":"local","description":"Stack-based buffer overflow in the Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via an application path on the command line.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-7428":{"scope":"remote","description":"ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet.","releases":{"buster":{"fixed_version":"1:4.2.8p9+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p9+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:4.2.8p9+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2015-8140":{"scope":"remote","description":"The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network.","releases":{"buster":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue, no code fix by upstream and mitigation exists","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-8936":{"debianbug":924228,"scope":"local","description":"NTP through 4.2.8p12 has a NULL Pointer Dereference.","releases":{"buster":{"fixed_version":"1:4.2.8p12+dfsg-4","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:4.2.8p12+dfsg-4","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2016-7429":{"scope":"remote","description":"NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use.","releases":{"buster":{"fixed_version":"1:4.2.8p9+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p9+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1:4.2.8p9+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6458":{"scope":"remote","description":"Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable.","releases":{"buster":{"fixed_version":"1:4.2.8p10+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p10+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"1:4.2.8p10+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-7691":{"scope":"remote","description":"The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations.  NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.","releases":{"buster":{"fixed_version":"1:4.2.8p4+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p4+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:4.2.6.p5+dfsg-7+deb8u1","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:4.2.8p4+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-4954":{"scope":"remote","description":"The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.","releases":{"buster":{"fixed_version":"1:4.2.8p8+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p8+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1:4.2.8p8+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6455":{"scope":"local","description":"NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows local users to gain privileges via a DLL in the PPSAPI_DLLS environment variable.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-7426":{"scope":"remote","description":"NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.","releases":{"buster":{"fixed_version":"1:4.2.8p9+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p9+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1:4.2.8p9+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-12327":{"scope":"remote","description":"Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source.","releases":{"buster":{"repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-4953":{"scope":"remote","description":"ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.","releases":{"buster":{"fixed_version":"1:4.2.8p8+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p8+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:4.2.8p8+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-5194":{"scope":"remote","description":"The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.","releases":{"buster":{"fixed_version":"1:4.2.8p3+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p3+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"low","status":"resolved"},"jessie":{"nodsa":"Minor issue","fixed_version":"1:4.2.6.p5+dfsg-7+deb8u1","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"medium**","nodsa_reason":"","status":"resolved"},"sid":{"fixed_version":"1:4.2.8p3+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-7427":{"scope":"remote","description":"The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet.","releases":{"buster":{"fixed_version":"1:4.2.8p9+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p9+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:4.2.8p9+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2015-5195":{"scope":"remote","description":"ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation.","releases":{"buster":{"fixed_version":"1:4.2.8p3+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p3+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"low","status":"resolved"},"jessie":{"nodsa":"Minor issue","fixed_version":"1:4.2.6.p5+dfsg-7+deb8u1","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"medium**","nodsa_reason":"","status":"resolved"},"sid":{"fixed_version":"1:4.2.8p3+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-1799":{"debianbug":782095,"scope":"remote","description":"The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer.","releases":{"buster":{"fixed_version":"1:4.2.6.p5+dfsg-6","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.6.p5+dfsg-6","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:4.2.6.p5+dfsg-6","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:4.2.6.p5+dfsg-6","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-7692":{"scope":"remote","description":"The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash).  NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.","releases":{"buster":{"fixed_version":"1:4.2.8p4+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p4+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:4.2.6.p5+dfsg-7+deb8u1","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:4.2.8p4+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-1798":{"debianbug":782095,"scope":"remote","description":"The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC.","releases":{"buster":{"fixed_version":"1:4.2.6.p5+dfsg-6","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.6.p5+dfsg-6","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1:4.2.6.p5+dfsg-6","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1:4.2.6.p5+dfsg-6","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2015-7851":{"releases":{"buster":{"fixed_version":"1:4.2.8p4+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p4+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"nodsa":"Vulnerability only affects VMS","fixed_version":"1:4.2.6.p5+dfsg-7+deb8u1","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"not yet assigned","nodsa_reason":"","status":"resolved"},"sid":{"fixed_version":"1:4.2.8p4+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2015-7850":{"scope":"remote","description":"ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file.","releases":{"buster":{"fixed_version":"1:4.2.8p4+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p4+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:4.2.6.p5+dfsg-7+deb8u1","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:4.2.8p4+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-7853":{"scope":"remote","description":"The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.","releases":{"buster":{"fixed_version":"1:4.2.8p4+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p4+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:4.2.8p4+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-7974":{"scope":"remote","description":"NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a \"skeleton key.\"","releases":{"buster":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:4.2.6.p5+dfsg-7+deb8u2","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-7852":{"scope":"remote","description":"ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets.","releases":{"buster":{"fixed_version":"1:4.2.8p4+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p4+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:4.2.6.p5+dfsg-7+deb8u1","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:4.2.8p4+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-7973":{"scope":"remote","description":"NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network.","releases":{"buster":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"low","status":"resolved"},"jessie":{"nodsa":"Minor issue, can be fixed along in a future update","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-7848":{"scope":"remote","description":"An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP daemon, it leads to an immediate crash.","releases":{"buster":{"fixed_version":"1:4.2.8p4+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p4+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:4.2.8p4+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-7849":{"scope":"remote","description":"Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets.","releases":{"buster":{"fixed_version":"1:4.2.8p4+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p4+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:4.2.8p4+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2004-0657":{"scope":"remote","description":"Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP server to return the wrong date/time offset when a client requests a date/time that is more than 34 years away from the server's time.","releases":{"buster":{"fixed_version":"4.0","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.0","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.0","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.0","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-1551":{"scope":"remote","description":"ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference clocks are treated like other peers and stored in the same structure, any packet with a source ip address of a reference clock (127.127.1.1 for example) that reaches the receive() function will match that reference clock's peer record and will be treated as a trusted peer. Any system that lacks the typical martian packet filtering which would block these packets is in danger of having its time controlled by an attacker.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-1550":{"scope":"remote","description":"An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key.","releases":{"buster":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:4.2.6.p5+dfsg-7+deb8u2","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9312":{"scope":"remote","description":"ntpd in NTP before 4.2.8p9, when running on Windows, allows remote attackers to cause a denial of service via a large UDP packet.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-9311":{"scope":"remote","description":"ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet.","releases":{"buster":{"fixed_version":"1:4.2.8p9+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p9+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"high**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"high**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1:4.2.8p9+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-9310":{"scope":"remote","description":"The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.","releases":{"buster":{"fixed_version":"1:4.2.8p9+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p9+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1:4.2.8p9+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6464":{"scope":"remote","description":"NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive.","releases":{"buster":{"fixed_version":"1:4.2.8p10+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p10+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"low","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1:4.2.8p10+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-6462":{"scope":"local","description":"Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device.","releases":{"buster":{"fixed_version":"1:4.2.8p10+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p10+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"1:4.2.8p10+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-1252":{"debianbug":525373,"scope":"remote","description":"Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field.","releases":{"buster":{"fixed_version":"1:4.2.4p6+dfsg-2","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"high","status":"resolved"},"stretch":{"fixed_version":"1:4.2.4p6+dfsg-2","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"high","status":"resolved"},"jessie":{"fixed_version":"1:4.2.4p6+dfsg-2","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"high","status":"resolved"},"sid":{"fixed_version":"1:4.2.4p6+dfsg-2","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"high","status":"resolved"}}}}
{"CVE-2017-6463":{"scope":"remote","description":"NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a :config directive, related to the unpeer option.","releases":{"buster":{"fixed_version":"1:4.2.8p10+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p10+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1:4.2.8p10+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-9294":{"debianbug":773576,"scope":"remote","description":"util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.","releases":{"buster":{"fixed_version":"1:4.2.6.p5+dfsg-3.2","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.6.p5+dfsg-3.2","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:4.2.6.p5+dfsg-3.2","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:4.2.6.p5+dfsg-3.2","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-3405":{"scope":"remote","description":"ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.","releases":{"buster":{"fixed_version":"1:4.2.6.p5+dfsg-7","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.6.p5+dfsg-7","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:4.2.6.p5+dfsg-7","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:4.2.6.p5+dfsg-7","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-9293":{"debianbug":773576,"scope":"remote","description":"The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.","releases":{"buster":{"fixed_version":"1:4.2.6.p5+dfsg-3.2","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.6.p5+dfsg-3.2","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:4.2.6.p5+dfsg-3.2","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:4.2.6.p5+dfsg-3.2","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-9296":{"debianbug":773576,"scope":"remote","description":"The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets.","releases":{"buster":{"fixed_version":"1:4.2.6.p5+dfsg-3.2","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.6.p5+dfsg-3.2","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:4.2.6.p5+dfsg-3.2","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:4.2.6.p5+dfsg-3.2","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-9295":{"debianbug":773576,"scope":"remote","description":"Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function.","releases":{"buster":{"fixed_version":"1:4.2.6.p5+dfsg-3.2","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.6.p5+dfsg-3.2","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:4.2.6.p5+dfsg-3.2","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:4.2.6.p5+dfsg-3.2","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-6460":{"scope":"remote","description":"Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response.","releases":{"buster":{"fixed_version":"1:4.2.8p10+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p10+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:4.2.8p10+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-5146":{"scope":"remote","description":"ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet.","releases":{"buster":{"fixed_version":"1:4.2.8p3+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p3+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"low**","status":"resolved"},"jessie":{"nodsa":"Minor issue","fixed_version":"1:4.2.6.p5+dfsg-7+deb8u1","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"low**","nodsa_reason":"","status":"resolved"},"sid":{"fixed_version":"1:4.2.8p3+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2015-8139":{"scope":"remote","description":"ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors.","releases":{"buster":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue, no code fix by upstream and mitigation exists","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-5300":{"scope":"remote","description":"The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).","releases":{"buster":{"fixed_version":"1:4.2.8p4+dfsg-2","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p4+dfsg-2","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:4.2.6.p5+dfsg-7+deb8u1","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:4.2.8p4+dfsg-2","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8138":{"scope":"remote","description":"NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero.","releases":{"buster":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"buster":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"stretch":"1:4.2.8p10+dfsg-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:4.2.6.p5+dfsg-7+deb8u2","repositories":{"jessie":"1:4.2.6.p5+dfsg-7+deb8u2","jessie-security":"1:4.2.6.p5+dfsg-7+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:4.2.8p7+dfsg-1","repositories":{"sid":"1:4.2.8p12+dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-6532":{"scope":"remote","description":"Double free vulnerability in the Widget Library (libxfcegui4) in Xfce before 4.4.2 might allow remote attackers to execute arbitrary code via unknown vectors related to the \"cliend id, program name and working directory in session management.\"","releases":{"stretch":{"fixed_version":"4.4.2","repositories":{"stretch":"4.10.0-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"4.4.2","repositories":{"jessie":"4.10.0-2"},"urgency":"low","status":"resolved"}}}}
{"TEMP-0358157-34A070":{"debianbug":358157,"releases":{"buster":{"fixed_version":"2.1.3-17","repositories":{"buster":"2.1.5-4.2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.1.3-17","repositories":{"stretch":"2.1.5-4.1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.1.3-17","repositories":{"jessie":"2.1.5-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.1.3-17","repositories":{"sid":"2.1.5-4.2"},"urgency":"low","status":"resolved"}}}}
{"TEMP-0378571-06BD02":{"debianbug":378571,"releases":{"buster":{"fixed_version":"0.58-3.1","repositories":{"buster":"0.69.0-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"0.58-3.1","repositories":{"stretch":"0.66.4-9"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"0.58-3.1","repositories":{"jessie":"0.66.1-1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"0.58-3.1","repositories":{"sid":"0.69.0-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2008-2380":{"scope":"remote","description":"SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes.","releases":{"buster":{"fixed_version":"0.61.0-1+lenny1","repositories":{"buster":"0.69.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.61.0-1+lenny1","repositories":{"stretch":"0.66.4-9"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.61.0-1+lenny1","repositories":{"jessie":"0.66.1-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.61.0-1+lenny1","repositories":{"sid":"0.69.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-2667":{"debianbug":485424,"scope":"remote","description":"SQL injection vulnerability in the Courier Authentication Library (aka courier-authlib) before 0.60.6 on SUSE openSUSE 10.3 and 11.0, and other platforms, when MySQL and a non-Latin character set are used, allows remote attackers to execute arbitrary SQL commands via the username and unspecified other vectors.","releases":{"buster":{"fixed_version":"0.60.1-2.1","repositories":{"buster":"0.69.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.60.1-2.1","repositories":{"stretch":"0.66.4-9"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.60.1-2.1","repositories":{"jessie":"0.66.1-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.60.1-2.1","repositories":{"sid":"0.69.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-3863":{"scope":"remote","description":"Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.3.2-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.3.2-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.2.3-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.3.2-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-4437":{"debianbug":826653,"scope":"remote","description":"Apache Shiro before 1.2.5, when a cipher key has not been configured for the \"remember me\" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.","releases":{"buster":{"fixed_version":"1.2.5-1","repositories":{"buster":"1.3.2-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.2.5-1","repositories":{"stretch":"1.3.2-1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.2.3-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.2.5-1","repositories":{"sid":"1.3.2-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-6802":{"scope":"remote","description":"Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path.","releases":{"buster":{"fixed_version":"1.3.2-1","repositories":{"buster":"1.3.2-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.3.2-1","repositories":{"stretch":"1.3.2-1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.2.3-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.3.2-1","repositories":{"sid":"1.3.2-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-0074":{"scope":"remote","description":"Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty (1) username or (2) password.","releases":{"buster":{"fixed_version":"1.2.3-1","repositories":{"buster":"1.3.2-4"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.2.3-1","repositories":{"stretch":"1.3.2-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.2.3-1","repositories":{"jessie":"1.2.3-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.2.3-1","repositories":{"sid":"1.3.2-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-6490":{"scope":"remote","description":"The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a negative Content-Length header, which triggers a buffer overflow.","releases":{"buster":{"fixed_version":"2.10.8-1","repositories":{"buster":"2.13.0-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.10.8-1","repositories":{"stretch":"2.12.0-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.10.8-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.10.8-1","repositories":{"sid":"2.13.0-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-3374":{"debianbug":680661,"scope":"remote","description":"Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a crafted inline image in a message.","releases":{"buster":{"fixed_version":"2.10.6-1","repositories":{"buster":"2.13.0-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.10.6-1","repositories":{"stretch":"2.12.0-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.10.6-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.10.6-1","repositories":{"sid":"2.13.0-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-4939":{"debianbug":664028,"scope":"remote","description":"The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin before 2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by changing a nickname while in an XMPP chat room.","releases":{"buster":{"fixed_version":"2.10.2-1","repositories":{"buster":"2.13.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.10.2-1","repositories":{"stretch":"2.12.0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.10.2-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.10.2-1","repositories":{"sid":"2.13.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-0271":{"scope":"remote","description":"The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a crafted (1) mxit or (2) mxit/imagestrips pathname.","releases":{"buster":{"fixed_version":"2.10.6-3","repositories":{"buster":"2.13.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.10.6-3","repositories":{"stretch":"2.12.0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.10.6-3","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.10.6-3","repositories":{"sid":"2.13.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-0272":{"scope":"remote","description":"Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code via a long HTTP header.","releases":{"buster":{"fixed_version":"2.10.6-3","repositories":{"buster":"2.13.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.10.6-3","repositories":{"stretch":"2.12.0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.10.6-3","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.10.6-3","repositories":{"sid":"2.13.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-0013":{"debianbug":563206,"scope":"remote","description":"Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122.  NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon.","releases":{"buster":{"fixed_version":"2.6.5-1","repositories":{"buster":"2.13.0-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.6.5-1","repositories":{"stretch":"2.12.0-1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.6.5-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.6.5-1","repositories":{"sid":"2.13.0-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2008-2957":{"debianbug":488632,"scope":"remote","description":"The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL.","releases":{"buster":{"fixed_version":"2.4.3-4","repositories":{"buster":"2.13.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.4.3-4","repositories":{"stretch":"2.12.0-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.4.3-4","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.4.3-4","repositories":{"sid":"2.13.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-1000030":{"scope":"remote","description":"Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutls_x509_crt_init() and gnutls_x509_crt_import() that can result in code execution. This attack appear to be exploitable via custom X.509 certificate from another client. This vulnerability appears to have been fixed in 2.11.0.","releases":{"buster":{"fixed_version":"2.11.0-1","repositories":{"buster":"2.13.0-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.11.0-1","repositories":{"stretch":"2.12.0-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.11.0-0+deb8u1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.11.0-1","repositories":{"sid":"2.13.0-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-2956":{"debianbug":488632,"scope":"remote","description":"** DISPUTED **  Memory leak in Pidgin 2.0.0, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via malformed XML documents.   NOTE: this issue has been disputed by the upstream vendor, who states: \"I was never able to identify a scenario under which a problem occurred and the original reporter wasn't able to supply any sort of reproduction details.\"","releases":{"buster":{"repositories":{"buster":"2.13.0-2"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"2.12.0-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2.13.0-2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2008-2955":{"debianbug":488632,"scope":"remote","description":"Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function.","releases":{"buster":{"fixed_version":"2.4.3-1","repositories":{"buster":"2.13.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.4.3-1","repositories":{"stretch":"2.12.0-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.4.3-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.4.3-1","repositories":{"sid":"2.13.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-0273":{"scope":"remote","description":"sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows remote servers to cause a denial of service (application crash) via a crafted packet.","releases":{"buster":{"fixed_version":"2.10.6-3","repositories":{"buster":"2.13.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.10.6-3","repositories":{"stretch":"2.12.0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.10.6-3","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.10.6-3","repositories":{"sid":"2.13.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-0274":{"scope":"remote","description":"upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local network.","releases":{"buster":{"fixed_version":"2.10.6-3","repositories":{"buster":"2.13.0-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2.10.6-3","repositories":{"stretch":"2.12.0-1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"2.10.6-3","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2.10.6-3","repositories":{"sid":"2.13.0-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2009-3084":{"scope":"remote","description":"The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to an uninitialized variable and the incorrect \"UTF16-LE\" charset name.","releases":{"buster":{"fixed_version":"2.6.2-1","repositories":{"buster":"2.13.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.6.2-1","repositories":{"stretch":"2.12.0-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.6.2-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.6.2-1","repositories":{"sid":"2.13.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-3085":{"scope":"remote","description":"The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images.","releases":{"buster":{"fixed_version":"2.6.2-1","repositories":{"buster":"2.13.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.6.2-1","repositories":{"stretch":"2.12.0-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.6.2-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.6.2-1","repositories":{"sid":"2.13.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-1624":{"scope":"remote","description":"The msn_emoticon_msg function in slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.7.0 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a custom emoticon in a malformed SLP message.","releases":{"buster":{"fixed_version":"2.7.0-1","repositories":{"buster":"2.13.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.7.0-1","repositories":{"stretch":"2.12.0-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.7.0-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.7.0-1","repositories":{"sid":"2.13.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-3083":{"scope":"remote","description":"The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain required fields, as demonstrated by a malformed message from a KMess client.","releases":{"buster":{"fixed_version":"2.6.2-1","repositories":{"buster":"2.13.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.6.2-1","repositories":{"stretch":"2.12.0-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.6.2-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.6.2-1","repositories":{"sid":"2.13.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-4999":{"scope":"remote","description":"libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote attackers to cause a denial of service (NULL dereference and application crash) via a message that contains invalid HTML data, a different vector than CVE-2007-4996.","releases":{"buster":{"fixed_version":"2.2.2-1","repositories":{"buster":"2.13.0-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.2.2-1","repositories":{"stretch":"2.12.0-1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.2.2-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.2.2-1","repositories":{"sid":"2.13.0-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2012-2214":{"scope":"remote","description":"proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remote authenticated users to cause a denial of service (application crash) via a sequence of XMPP file-transfer requests.","releases":{"buster":{"fixed_version":"2.10.4-1","repositories":{"buster":"2.13.0-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2.10.4-1","repositories":{"stretch":"2.12.0-1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"2.10.4-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2.10.4-1","repositories":{"sid":"2.13.0-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2014-3697":{"scope":"remote","description":"Absolute path traversal vulnerability in the untar_block function in win32/untar.c in Pidgin before 2.10.10 on Windows allows remote attackers to write to arbitrary files via a drive name in a tar archive of a smiley theme.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.13.0-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.12.0-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.13.0-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-3698":{"scope":"remote","description":"The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to obtain sensitive information from process memory via a crafted XMPP message.","releases":{"buster":{"fixed_version":"2.10.10-1","repositories":{"buster":"2.13.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.10.10-1","repositories":{"stretch":"2.12.0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.10.10-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.10.10-1","repositories":{"sid":"2.13.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-3695":{"scope":"remote","description":"markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a large length value in an emoticon response.","releases":{"buster":{"fixed_version":"2.10.10-1","repositories":{"buster":"2.13.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.10.10-1","repositories":{"stretch":"2.12.0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.10.10-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.10.10-1","repositories":{"sid":"2.13.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-4323":{"scope":"remote","description":"A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or someone with access to the network traffic can provide an invalid filename for a splash image triggering the vulnerability.","releases":{"buster":{"fixed_version":"2.11.0-1","repositories":{"buster":"2.13.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.11.0-1","repositories":{"stretch":"2.12.0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.11.0-0+deb8u1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.11.0-1","repositories":{"sid":"2.13.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-3696":{"scope":"remote","description":"nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a crafted server message that triggers a large memory allocation.","releases":{"buster":{"fixed_version":"2.10.10-1","repositories":{"buster":"2.13.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.10.10-1","repositories":{"stretch":"2.12.0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.10.10-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.10.10-1","repositories":{"sid":"2.13.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2380":{"scope":"remote","description":"An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent to the server could potentially result in an out-of-bounds read. A user could be convinced to enter a particular string which would then get converted incorrectly and could lead to a potential out-of-bounds read.","releases":{"buster":{"fixed_version":"2.11.0-1","repositories":{"buster":"2.13.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.11.0-1","repositories":{"stretch":"2.12.0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.11.0-0+deb8u1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.11.0-1","repositories":{"sid":"2.13.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-3615":{"scope":"remote","description":"The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client.","releases":{"buster":{"fixed_version":"2.6.3-1","repositories":{"buster":"2.13.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.6.3-1","repositories":{"stretch":"2.12.0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.6.3-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.6.3-1","repositories":{"sid":"2.13.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-3694":{"scope":"remote","description":"The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.","releases":{"buster":{"fixed_version":"2.10.10-1","repositories":{"buster":"2.13.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.10.10-1","repositories":{"stretch":"2.12.0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.10.10-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.10.10-1","repositories":{"sid":"2.13.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-0020":{"scope":"remote","description":"The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not validate argument counts, which allows remote IRC servers to cause a denial of service (application crash) via a crafted message.","releases":{"buster":{"fixed_version":"2.10.8-1","repositories":{"buster":"2.13.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.10.8-1","repositories":{"stretch":"2.12.0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.10.8-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.10.8-1","repositories":{"sid":"2.13.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-2640":{"debianbug":859159,"scope":"remote","description":"An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process.","releases":{"buster":{"fixed_version":"2.12.0-1","repositories":{"buster":"2.13.0-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.12.0-1","repositories":{"stretch":"2.12.0-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.11.0-0+deb8u2","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.12.0-1","repositories":{"sid":"2.13.0-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-4528":{"debianbug":608331,"scope":"remote","description":"directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7.8 in Pidgin before 2.7.9 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a short p2pv2 packet in a DirectConnect (aka direct connection) session.","releases":{"buster":{"fixed_version":"2.7.9-1","repositories":{"buster":"2.13.0-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.7.9-1","repositories":{"stretch":"2.12.0-1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.7.9-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.7.9-1","repositories":{"sid":"2.13.0-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2007-4996":{"scope":"remote","description":"libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver's buddy list, which allows remote attackers to cause a denial of service (crash) via a nudge message that triggers an access of \"an invalid memory location.\"","releases":{"buster":{"fixed_version":"2.2.1-1","repositories":{"buster":"2.13.0-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.2.1-1","repositories":{"stretch":"2.12.0-1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.2.1-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.2.1-1","repositories":{"sid":"2.13.0-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2010-3711":{"scope":"remote","description":"libpurple in Pidgin before 2.7.4 does not properly validate the return value of the purple_base64_decode function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a crafted message, related to the plugins for MSN, MySpaceIM, XMPP, and Yahoo! and the NTLM authentication support.","releases":{"buster":{"fixed_version":"2.7.4-1","repositories":{"buster":"2.13.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.7.4-1","repositories":{"stretch":"2.12.0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.7.4-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.7.4-1","repositories":{"sid":"2.13.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-1178":{"debianbug":664030,"scope":"remote","description":"The msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause a denial of service (application crash) via an OIM message that lacks UTF-8 encoding.","releases":{"buster":{"fixed_version":"2.10.2-1","repositories":{"buster":"2.13.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.10.2-1","repositories":{"stretch":"2.12.0-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.10.2-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.10.2-1","repositories":{"sid":"2.13.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-1257":{"releases":{"buster":{"repositories":{"buster":"2.13.0-2"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"2.12.0-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2.13.0-2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-2373":{"scope":"remote","description":"A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or user can send an invalid mood to trigger this vulnerability.","releases":{"buster":{"fixed_version":"2.11.0-1","repositories":{"buster":"2.13.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.11.0-1","repositories":{"stretch":"2.12.0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.11.0-0+deb8u1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.11.0-1","repositories":{"sid":"2.13.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2374":{"scope":"remote","description":"An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT MultiMX message sent via the server can result in an out-of-bounds write leading to memory disclosure and code execution.","releases":{"buster":{"fixed_version":"2.11.0-1","repositories":{"buster":"2.13.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.11.0-1","repositories":{"stretch":"2.12.0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.11.0-0+deb8u1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.11.0-1","repositories":{"sid":"2.13.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2375":{"scope":"remote","description":"An exploitable out-of-bounds read exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT contact information sent from the server can result in memory disclosure.","releases":{"buster":{"fixed_version":"2.11.0-1","repositories":{"buster":"2.13.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.11.0-1","repositories":{"stretch":"2.12.0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.11.0-0+deb8u1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.11.0-1","repositories":{"sid":"2.13.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2376":{"scope":"remote","description":"A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in arbitrary code execution. A malicious server or an attacker who intercepts the network traffic can send an invalid size for a packet which will trigger a buffer overflow.","releases":{"buster":{"fixed_version":"2.11.0-1","repositories":{"buster":"2.13.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.11.0-1","repositories":{"stretch":"2.12.0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.11.0-0+deb8u1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.11.0-1","repositories":{"sid":"2.13.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2370":{"scope":"remote","description":"A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle attacker can send invalid data to trigger this vulnerability.","releases":{"buster":{"fixed_version":"2.11.0-1","repositories":{"buster":"2.13.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.11.0-1","repositories":{"stretch":"2.12.0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.11.0-0+deb8u1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.11.0-1","repositories":{"sid":"2.13.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2371":{"scope":"remote","description":"An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could cause memory corruption resulting in code execution.","releases":{"buster":{"fixed_version":"2.11.0-1","repositories":{"buster":"2.13.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.11.0-1","repositories":{"stretch":"2.12.0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.11.0-0+deb8u1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.11.0-1","repositories":{"sid":"2.13.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-1889":{"debianbug":535790,"scope":"remote","description":"The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets the ICQWebMessage message type as the ICQSMS message type, which allows remote attackers to cause a denial of service (application crash) via a crafted ICQ web message that triggers allocation of a large amount of memory.","releases":{"buster":{"fixed_version":"2.5.8-1","repositories":{"buster":"2.13.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.5.8-1","repositories":{"stretch":"2.12.0-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.5.8-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.5.8-1","repositories":{"sid":"2.13.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-2372":{"scope":"remote","description":"An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle attacker can send an invalid size for a file transfer which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the file is sent to another user.","releases":{"buster":{"fixed_version":"2.11.0-1","repositories":{"buster":"2.13.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.11.0-1","repositories":{"stretch":"2.12.0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.11.0-0+deb8u1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.11.0-1","repositories":{"sid":"2.13.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-3026":{"debianbug":542891,"scope":"remote","description":"protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the \"require TLS/SSL\" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption and allows remote attackers to sniff sessions.","releases":{"buster":{"fixed_version":"2.6.1-1","repositories":{"buster":"2.13.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.6.1-1","repositories":{"stretch":"2.12.0-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.6.1-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.6.1-1","repositories":{"sid":"2.13.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-0277":{"debianbug":566775,"scope":"remote","description":"slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed MSNSLP INVITE request in an SLP message, a different issue than CVE-2010-0013.","releases":{"buster":{"fixed_version":"2.6.6-1","repositories":{"buster":"2.13.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.6.6-1","repositories":{"stretch":"2.12.0-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.6.6-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.6.6-1","repositories":{"sid":"2.13.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-3184":{"scope":"remote","description":"The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not properly handle HTTP 100 responses, which allows remote attackers to cause a denial of service (incorrect memory access and application crash) via vectors involving a crafted server message.","releases":{"buster":{"fixed_version":"2.10.0-1","repositories":{"buster":"2.13.0-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.10.0-1","repositories":{"stretch":"2.12.0-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.10.0-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.10.0-1","repositories":{"sid":"2.13.0-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-3185":{"scope":"remote","description":"gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attackers to execute arbitrary programs via a file: URL in a message.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.13.0-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.12.0-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.13.0-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-2377":{"scope":"remote","description":"A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent by the server could potentially result in an out-of-bounds write of one byte. A malicious server can send a negative content-length in response to a HTTP request triggering the vulnerability.","releases":{"buster":{"fixed_version":"2.11.0-1","repositories":{"buster":"2.13.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.11.0-1","repositories":{"stretch":"2.12.0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.11.0-0+deb8u1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.11.0-1","repositories":{"sid":"2.13.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-6479":{"scope":"remote","description":"util.c in libpurple in Pidgin before 2.10.8 does not properly allocate memory for HTTP responses that are inconsistent with the Content-Length header, which allows remote HTTP servers to cause a denial of service (application crash) via a crafted response.","releases":{"buster":{"fixed_version":"2.10.8-1","repositories":{"buster":"2.13.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.10.8-1","repositories":{"stretch":"2.12.0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.10.8-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.10.8-1","repositories":{"sid":"2.13.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2378":{"scope":"remote","description":"A buffer overflow vulnerability exists in the handling of the MXIT protocol Pidgin. Specially crafted data sent via the server could potentially result in a buffer overflow, potentially resulting in memory corruption. A malicious server or an unfiltered malicious user can send negative length values to trigger this vulnerability.","releases":{"buster":{"fixed_version":"2.11.0-1","repositories":{"buster":"2.13.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.11.0-1","repositories":{"stretch":"2.12.0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.11.0-0+deb8u1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.11.0-1","repositories":{"sid":"2.13.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-2694":{"debianbug":542486,"scope":"remote","description":"The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location.  NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.","releases":{"buster":{"fixed_version":"2.5.9-1","repositories":{"buster":"2.13.0-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.5.9-1","repositories":{"stretch":"2.12.0-1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.5.9-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.5.9-1","repositories":{"sid":"2.13.0-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2013-6478":{"scope":"remote","description":"gtkimhtml.c in Pidgin before 2.10.8 does not properly interact with underlying library support for wide Pango layouts, which allows user-assisted remote attackers to cause a denial of service (application crash) via a long URL that is examined with a tooltip.","releases":{"buster":{"fixed_version":"2.10.8-1","repositories":{"buster":"2.13.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.10.8-1","repositories":{"stretch":"2.12.0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.10.8-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.10.8-1","repositories":{"sid":"2.13.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-6477":{"scope":"remote","description":"Multiple integer signedness errors in libpurple in Pidgin before 2.10.8 allow remote attackers to cause a denial of service (application crash) via a crafted timestamp value in an XMPP message.","releases":{"buster":{"fixed_version":"2.10.8-1","repositories":{"buster":"2.13.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.10.8-1","repositories":{"stretch":"2.12.0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.10.8-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.10.8-1","repositories":{"sid":"2.13.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-3025":{"scope":"remote","description":"Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to cause a denial of service (crash) via a link in a Yahoo IM.","releases":{"buster":{"fixed_version":"2.6.1-1","repositories":{"buster":"2.13.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.6.1-1","repositories":{"stretch":"2.12.0-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.6.1-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.6.1-1","repositories":{"sid":"2.13.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-2943":{"debianbug":638709,"scope":"remote","description":"The irc_msg_who function in msgs.c in the IRC protocol plugin in libpurple 2.8.0 through 2.9.0 in Pidgin before 2.10.0 does not properly validate characters in nicknames, which allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted nickname that is not properly handled in a WHO response.","releases":{"buster":{"fixed_version":"2.10.0-1","repositories":{"buster":"2.13.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.10.0-1","repositories":{"stretch":"2.12.0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.10.0-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.10.0-1","repositories":{"sid":"2.13.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-4602":{"scope":"remote","description":"The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not properly handle missing fields in (1) voice-chat and (2) video-chat stanzas, which allows remote attackers to cause a denial of service (application crash) via a crafted message.","releases":{"buster":{"fixed_version":"2.10.1-1","repositories":{"buster":"2.13.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.10.1-1","repositories":{"stretch":"2.12.0-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.10.1-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.10.1-1","repositories":{"sid":"2.13.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-4603":{"scope":"remote","description":"The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted message, a different vulnerability than CVE-2011-3594.","releases":{"buster":{"fixed_version":"2.10.1-1","repositories":{"buster":"2.13.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.10.1-1","repositories":{"stretch":"2.12.0-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.10.1-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.10.1-1","repositories":{"sid":"2.13.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-4922":{"scope":"local","description":"cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents.","releases":{"buster":{"fixed_version":"2.7.11-1","repositories":{"buster":"2.13.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.7.11-1","repositories":{"stretch":"2.12.0-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.7.11-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.7.11-1","repositories":{"sid":"2.13.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-3532":{"debianbug":492434,"scope":"remote","description":"The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service.","releases":{"buster":{"fixed_version":"2.4.3-2","repositories":{"buster":"2.13.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.3-2","repositories":{"stretch":"2.12.0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.3-2","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.3-2","repositories":{"sid":"2.13.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-6487":{"scope":"remote","description":"Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu (gg) parser in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a large Content-Length value, which triggers a buffer overflow.","releases":{"buster":{"fixed_version":"2.10.8-1","repositories":{"buster":"2.13.0-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.10.8-1","repositories":{"stretch":"2.12.0-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.10.8-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.10.8-1","repositories":{"sid":"2.13.0-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-6486":{"scope":"remote","description":"gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted remote attackers to execute arbitrary programs via a message containing a file: URL that is improperly handled during construction of an explorer.exe command.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3185.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.13.0-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.12.0-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.13.0-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-6485":{"scope":"remote","description":"Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows remote HTTP servers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid chunk-size field in chunked transfer-coding data.","releases":{"buster":{"fixed_version":"2.10.8-1","repositories":{"buster":"2.13.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.10.8-1","repositories":{"stretch":"2.12.0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.10.8-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.10.8-1","repositories":{"sid":"2.13.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-2318":{"scope":"remote","description":"msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which allows remote servers to cause a denial of service (application crash) by placing these characters in a text/plain message.","releases":{"buster":{"fixed_version":"2.10.4-1","repositories":{"buster":"2.13.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.10.4-1","repositories":{"stretch":"2.12.0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.10.4-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.10.4-1","repositories":{"sid":"2.13.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-6484":{"scope":"remote","description":"The STUN protocol implementation in libpurple in Pidgin before 2.10.8 allows remote STUN servers to cause a denial of service (out-of-bounds write operation and application crash) by triggering a socket read error.","releases":{"buster":{"fixed_version":"2.10.8-1","repositories":{"buster":"2.13.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.10.8-1","repositories":{"stretch":"2.12.0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.10.8-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.10.8-1","repositories":{"sid":"2.13.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2365":{"scope":"remote","description":"A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a null pointer dereference. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger this vulnerability and cause a crash.","releases":{"buster":{"fixed_version":"2.11.0-1","repositories":{"buster":"2.13.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.11.0-1","repositories":{"stretch":"2.12.0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.11.0-0+deb8u1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.11.0-1","repositories":{"sid":"2.13.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-4601":{"scope":"remote","description":"family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted (1) AIM or (2) ICQ message associated with buddy-list addition.","releases":{"buster":{"fixed_version":"2.10.1-1","repositories":{"buster":"2.13.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.10.1-1","repositories":{"stretch":"2.12.0-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.10.1-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.10.1-1","repositories":{"sid":"2.13.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-6483":{"scope":"remote","description":"The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine whether the from address in an iq reply is consistent with the to address in an iq request, which allows remote attackers to spoof iq traffic or cause a denial of service (NULL pointer dereference and application crash) via a crafted reply.","releases":{"buster":{"fixed_version":"2.10.8-1","repositories":{"buster":"2.13.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.10.8-1","repositories":{"stretch":"2.12.0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.10.8-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.10.8-1","repositories":{"sid":"2.13.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-3594":{"scope":"remote","description":"The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2.","releases":{"buster":{"fixed_version":"2.10.1-1","repositories":{"buster":"2.13.0-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.10.1-1","repositories":{"stretch":"2.12.0-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.10.1-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.10.1-1","repositories":{"sid":"2.13.0-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-6482":{"scope":"remote","description":"Pidgin before 2.10.8 allows remote MSN servers to cause a denial of service (NULL pointer dereference and crash) via a crafted (1) SOAP response, (2) OIM XML response, or (3) Content-Length header.","releases":{"buster":{"fixed_version":"2.10.8-1","repositories":{"buster":"2.13.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.10.8-1","repositories":{"stretch":"2.12.0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.10.8-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.10.8-1","repositories":{"sid":"2.13.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-6481":{"scope":"remote","description":"libpurple/protocols/yahoo/libymsg.c in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (crash) via a Yahoo! P2P message with a crafted length field, which triggers a buffer over-read.","releases":{"buster":{"fixed_version":"2.10.8-1","repositories":{"buster":"2.13.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.10.8-1","repositories":{"stretch":"2.12.0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.10.8-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.10.8-1","repositories":{"sid":"2.13.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-2703":{"scope":"remote","description":"libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string.","releases":{"buster":{"fixed_version":"2.6.2","repositories":{"buster":"2.13.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.6.2","repositories":{"stretch":"2.12.0-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.6.2","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.6.2","repositories":{"sid":"2.13.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-1091":{"scope":"remote","description":"libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0 through 2.7.10 allows (1) remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG notification packet, and allows (2) remote Yahoo! servers to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG SMS message.","releases":{"buster":{"fixed_version":"2.7.11-1","repositories":{"buster":"2.13.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.7.11-1","repositories":{"stretch":"2.12.0-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.7.11-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.7.11-1","repositories":{"sid":"2.13.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-1375":{"scope":"remote","description":"The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service (memory corruption and application crash) via vectors involving the (1) XMPP or (2) Sametime protocol.","releases":{"buster":{"fixed_version":"2.5.6-1","repositories":{"buster":"2.13.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.5.6-1","repositories":{"stretch":"2.12.0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.5.6-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.5.6-1","repositories":{"sid":"2.13.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-0420":{"debianbug":572946,"scope":"remote","description":"libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user chat (MUC) room is used, does not properly parse nicknames containing <br> sequences, which allows remote attackers to cause a denial of service (application crash) via a crafted nickname.","releases":{"buster":{"fixed_version":"2.6.6-1","repositories":{"buster":"2.13.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.6.6-1","repositories":{"stretch":"2.12.0-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.6.6-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.6.6-1","repositories":{"sid":"2.13.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-1374":{"scope":"remote","description":"Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of service (application crash) via a QQ packet.","releases":{"buster":{"fixed_version":"2.5.6-1","repositories":{"buster":"2.13.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.5.6-1","repositories":{"stretch":"2.12.0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.5.6-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.5.6-1","repositories":{"sid":"2.13.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-1373":{"scope":"remote","description":"Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer.  NOTE: some of these details are obtained from third party information.","releases":{"buster":{"fixed_version":"2.5.6-1","repositories":{"buster":"2.13.0-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.5.6-1","repositories":{"stretch":"2.12.0-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.5.6-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.5.6-1","repositories":{"sid":"2.13.0-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-2366":{"scope":"remote","description":"A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger this vulnerability and cause a crash.","releases":{"buster":{"fixed_version":"2.11.0-1","repositories":{"buster":"2.13.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.11.0-1","repositories":{"stretch":"2.12.0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.11.0-0+deb8u1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.11.0-1","repositories":{"sid":"2.13.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2367":{"scope":"remote","description":"An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle can send an invalid size for an avatar which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the avatar is sent to another user.","releases":{"buster":{"fixed_version":"2.11.0-1","repositories":{"buster":"2.13.0-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2.11.0-1","repositories":{"stretch":"2.12.0-1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"2.11.0-0+deb8u1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2.11.0-1","repositories":{"sid":"2.13.0-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-2368":{"scope":"remote","description":"Multiple memory corruption vulnerabilities exist in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could result in multiple buffer overflows, potentially resulting in code execution or memory disclosure.","releases":{"buster":{"fixed_version":"2.11.0-1","repositories":{"buster":"2.13.0-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.11.0-1","repositories":{"stretch":"2.12.0-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.11.0-0+deb8u1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.11.0-1","repositories":{"sid":"2.13.0-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-6489":{"scope":"remote","description":"Integer signedness error in the MXit functionality in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (segmentation fault) via a crafted emoticon value, which triggers an integer overflow and a buffer overflow.","releases":{"buster":{"fixed_version":"2.10.8-1","repositories":{"buster":"2.13.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.10.8-1","repositories":{"stretch":"2.12.0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.10.8-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.10.8-1","repositories":{"sid":"2.13.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-1376":{"scope":"remote","description":"Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows.  NOTE: this issue exists because of an incomplete fix for CVE-2008-2927.","releases":{"buster":{"fixed_version":"2.5.6-1","repositories":{"buster":"2.13.0-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.5.6-1","repositories":{"stretch":"2.12.0-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.5.6-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.5.6-1","repositories":{"sid":"2.13.0-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-2369":{"scope":"remote","description":"A NULL pointer dereference vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a denial of service vulnerability. A malicious server can send a packet starting with a NULL byte triggering the vulnerability.","releases":{"buster":{"fixed_version":"2.11.0-1","repositories":{"buster":"2.13.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.11.0-1","repositories":{"stretch":"2.12.0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.11.0-0+deb8u1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.11.0-1","repositories":{"sid":"2.13.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-2528":{"scope":"remote","description":"The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via an X-Status message that lacks the expected end tag for a (1) desc or (2) title element.","releases":{"buster":{"fixed_version":"2.7.2-1","repositories":{"buster":"2.13.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.7.2-1","repositories":{"stretch":"2.12.0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.7.2-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.7.2-1","repositories":{"sid":"2.13.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-6152":{"scope":"remote","description":"The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service (application crash) via crafted byte sequences.","releases":{"buster":{"fixed_version":"2.10.8-1","repositories":{"buster":"2.13.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.10.8-1","repositories":{"stretch":"2.12.0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.10.8-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.10.8-1","repositories":{"sid":"2.13.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-0423":{"debianbug":572946,"scope":"remote","description":"gtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to cause a denial of service (CPU consumption and application hang) by sending many smileys in a (1) IM or (2) chat.","releases":{"buster":{"fixed_version":"2.6.6-1","repositories":{"buster":"2.13.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.6.6-1","repositories":{"stretch":"2.12.0-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.6.6-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.6.6-1","repositories":{"sid":"2.13.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-2927":{"scope":"remote","description":"Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.4.3 and Adium before 1.3 allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, a different vulnerability than CVE-2008-2955.","releases":{"buster":{"fixed_version":"2.4.3-1","repositories":{"buster":"2.13.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.3-1","repositories":{"stretch":"2.12.0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.3-1","repositories":{"jessie":"2.11.0-0+deb8u2","jessie-security":"2.11.0-0+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.3-1","repositories":{"sid":"2.13.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-2835":{"debianbug":431336,"scope":"local","description":"Multiple stack-based buffer overflows in (1) CCE_pinyin.c and (2) xl_pinyin.c in ImmModules/cce/ in unicon-imc2 3.0.4, as used by zhcon and other applications, allow local users to gain privileges via a long HOME environment variable.","releases":{"buster":{"fixed_version":"3.0.4-12","repositories":{"buster":"3.0.4+dfsg1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.0.4-12","repositories":{"stretch":"3.0.4+dfsg1-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.0.4-12","repositories":{"jessie":"3.0.4-14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.0.4-12","repositories":{"sid":"3.0.4+dfsg1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-1000014":{"scope":"remote","description":"Erlang/OTP Rebar3 version 3.7.0 through 3.7.5 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via Victim fetches packages from malicious/compromised mirror. This vulnerability appears to have been fixed in 3.8.0.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.6.4-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.6.4-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.0.0-5"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.6.4-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-0289":{"debianbug":701052,"scope":"remote","description":"Isync 0.4 before 1.0.6, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.","releases":{"buster":{"fixed_version":"1.0.4-2.2","repositories":{"buster":"1.3.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.0.4-2.2","repositories":{"stretch":"1.2.1-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.0.4-2.2","repositories":{"jessie":"1.1.1-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.0.4-2.2","repositories":{"sid":"1.3.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2005-3540":{"scope":"remote","description":"Buffer overflow in petris before 1.0.1 allows remote attackers to execute arbitrary code via unspecified attack vectors.","releases":{"buster":{"fixed_version":"1.0.1-5","repositories":{"buster":"1.0.1-10"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0.1-5","repositories":{"stretch":"1.0.1-10"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.0.1-5","repositories":{"jessie":"1.0.1-8"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0.1-5","repositories":{"sid":"1.0.1-10"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-1812":{"debianbug":702217,"scope":"remote","description":"The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack.","releases":{"buster":{"fixed_version":"2.1.8debian-6","repositories":{"buster":"2.7.0debian-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.1.8debian-6","repositories":{"stretch":"2.7.0debian-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.1.8debian-6","repositories":{"jessie":"2.5.0debian-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.1.8debian-6","repositories":{"sid":"2.7.0debian-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-6291":{"scope":"remote","description":"An issue was discovered in the function expr6 in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem caused by the expr6 function making recursive calls to itself in certain scenarios involving lots of '!' or '+' or '-' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file.","releases":{"buster":{"repositories":{"buster":"2.14-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"2.12.01-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.11.05-1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2.14-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2018-20535":{"debianbug":918270,"scope":"remote","description":"There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during a line-number increment attempt.","releases":{"buster":{"repositories":{"buster":"2.14-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"2.12.01-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.11.05-1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2.14-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2018-20538":{"debianbug":918269,"scope":"remote","description":"There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during certain finishes tests.","releases":{"buster":{"repositories":{"buster":"2.14-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"2.12.01-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.11.05-1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2.14-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2019-7147":{"scope":"remote","description":"A buffer over-read exists in the function crc64ib in crc64.c in nasmlib in Netwide Assembler (NASM) 2.14rc16. A crafted asm input can cause segmentation faults, leading to denial-of-service.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.14-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.12.01-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.11.05-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.14-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-8881":{"scope":"remote","description":"Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read in the function tokenize in asm/preproc.c, related to an unterminated string.","releases":{"buster":{"fixed_version":"2.13.02-0.1","repositories":{"buster":"2.14-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.12.01-1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.11.05-1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.13.02-0.1","repositories":{"sid":"2.14-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-8882":{"debianbug":894846,"scope":"local","description":"Netwide Assembler (NASM) 2.13.02rc2 has a stack-based buffer under-read in the function ieee_shr in asm/float.c via a large shift value.","releases":{"buster":{"fixed_version":"2.14-1","repositories":{"buster":"2.14-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.12.01-1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.11.05-1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.14-1","repositories":{"sid":"2.14-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-8883":{"debianbug":894847,"scope":"local","description":"Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the parse_line function in asm/parser.c via uncontrolled access to nasm_reg_flags.","releases":{"buster":{"fixed_version":"2.14-1","repositories":{"buster":"2.14-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.12.01-1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.11.05-1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.14-1","repositories":{"sid":"2.14-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-17820":{"scope":"remote","description":"In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_list_one_macro in asm/preproc.c that will lead to a remote denial of service attack, related to mishandling of operand-type errors.","releases":{"buster":{"fixed_version":"2.13.02-0.1","repositories":{"buster":"2.14-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.12.01-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.11.05-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.13.02-0.1","repositories":{"sid":"2.14-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-1000886":{"scope":"remote","description":"nasm version 2.14.01rc5, 2.15 contains a Buffer Overflow vulnerability in asm/stdscan.c:130 that can result in Stack-overflow caused by triggering endless macro generation, crash the program. This attack appear to be exploitable via a crafted nasm input file.","releases":{"buster":{"repositories":{"buster":"2.14-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"2.12.01-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.11.05-1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2.14-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2018-19216":{"scope":"remote","description":"Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken at asm/preproc.c.","releases":{"buster":{"fixed_version":"2.13.02-0.1","repositories":{"buster":"2.14-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.12.01-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.11.05-1"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"2.13.02-0.1","repositories":{"sid":"2.14-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-1000667":{"scope":"remote","description":"NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption (crashed) of nasm when handling a crafted file due to function assemble_file(inname, depend_ptr) at asm/nasm.c:482. vulnerability in function assemble_file(inname, depend_ptr) at asm/nasm.c:482. that can result in aborting/crash nasm program. This attack appear to be exploitable via a specially crafted asm file..","releases":{"buster":{"fixed_version":"2.14-1","repositories":{"buster":"2.14-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.12.01-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.11.05-1"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14-1","repositories":{"sid":"2.14-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-19755":{"debianbug":915087,"scope":"remote","description":"There is an illegal address access at asm/preproc.c (function: is_mmacro) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service (out-of-bounds array access) because a certain conversion can result in a negative integer.","releases":{"buster":{"repositories":{"buster":"2.14-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"2.12.01-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.11.05-1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2.14-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2008-2719":{"debianbug":486715,"scope":"remote","description":"Off-by-one error in the ppscan function (preproc.c) in Netwide Assembler (NASM) 2.02 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted file that triggers a stack-based buffer overflow.","releases":{"buster":{"fixed_version":"2.03.01-1","repositories":{"buster":"2.14-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.03.01-1","repositories":{"stretch":"2.12.01-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.03.01-1","repositories":{"jessie":"2.11.05-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.03.01-1","repositories":{"sid":"2.14-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-19215":{"scope":"remote","description":"Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for the special cases of the % and $ and ! characters.","releases":{"buster":{"fixed_version":"2.14-1","repositories":{"buster":"2.14-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.12.01-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.11.05-1"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14-1","repositories":{"sid":"2.14-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-19214":{"scope":"remote","description":"Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insufficient input.","releases":{"buster":{"fixed_version":"2.14-1","repositories":{"buster":"2.14-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.12.01-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.11.05-1"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14-1","repositories":{"sid":"2.14-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-19213":{"scope":"remote","description":"Netwide Assembler (NASM) through 2.14rc16 has memory leaks that may lead to DoS, related to nasm_malloc in nasmlib/malloc.c.","releases":{"buster":{"repositories":{"buster":"2.14-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"2.12.01-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.11.05-1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2.14-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2005-1194":{"debianbug":309049,"scope":"local","description":"Stack-based buffer overflow in the ieee_putascii function for nasm 0.98 and earlier allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2004-1287.","releases":{"buster":{"fixed_version":"0.98.38-1.2","repositories":{"buster":"2.14-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.98.38-1.2","repositories":{"stretch":"2.12.01-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.98.38-1.2","repositories":{"jessie":"2.11.05-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.98.38-1.2","repositories":{"sid":"2.14-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-8343":{"debianbug":922433,"scope":"remote","description":"In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in paste_tokens in asm/preproc.c.","releases":{"buster":{"repositories":{"buster":"2.14-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"2.12.01-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.11.05-1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2.14-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2004-1287":{"debianbug":285889,"scope":"remote","description":"Buffer overflow in the error function in preproc.c for NASM 0.98.38 1.2 allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2005-1194.","releases":{"buster":{"fixed_version":"0.98.38-1.1","repositories":{"buster":"2.14-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.98.38-1.1","repositories":{"stretch":"2.12.01-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.98.38-1.1","repositories":{"jessie":"2.11.05-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.98.38-1.1","repositories":{"sid":"2.14-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-16382":{"debianbug":907866,"scope":"remote","description":"Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in x86/regflags.c.","releases":{"buster":{"fixed_version":"2.14-1","repositories":{"buster":"2.14-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.12.01-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.11.05-1"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14-1","repositories":{"sid":"2.14-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-7177":{"scope":"remote","description":"Buffer overflow in the listing module in Netwide Assembler (NASM) before 2.03.01 has unknown impact and attack vectors, a different vulnerability than CVE-2008-2719.","releases":{"buster":{"fixed_version":"2.03.01-1","repositories":{"buster":"2.14-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.03.01-1","repositories":{"stretch":"2.12.01-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.03.01-1","repositories":{"jessie":"2.11.05-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.03.01-1","repositories":{"sid":"2.14-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-17815":{"scope":"remote","description":"In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in is_mmacro() in asm/preproc.c that will cause a remote denial of service attack, because of a missing check for the relationship between minimum and maximum parameter counts.","releases":{"buster":{"fixed_version":"2.13.02-0.1","repositories":{"buster":"2.14-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.12.01-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.11.05-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.13.02-0.1","repositories":{"sid":"2.14-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-14228":{"debianbug":874731,"scope":"remote","description":"In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function paste_tokens() in preproc.c, aka a NULL pointer dereference. It will lead to remote denial of service.","releases":{"buster":{"fixed_version":"2.13.02-0.1","repositories":{"buster":"2.14-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.12.01-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.11.05-1"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.13.02-0.1","repositories":{"sid":"2.14-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-17816":{"scope":"remote","description":"In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_getline in asm/preproc.c that will cause a remote denial of service attack.","releases":{"buster":{"fixed_version":"2.13.02-0.1","repositories":{"buster":"2.14-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.12.01-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.11.05-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.13.02-0.1","repositories":{"sid":"2.14-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-10016":{"debianbug":895408,"scope":"remote","description":"Netwide Assembler (NASM) 2.14rc0 has a division-by-zero vulnerability in the expr5 function in asm/eval.c via a malformed input file.","releases":{"buster":{"fixed_version":"2.14-1","repositories":{"buster":"2.14-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.12.01-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.11.05-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.14-1","repositories":{"sid":"2.14-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-17817":{"scope":"remote","description":"In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack.","releases":{"buster":{"fixed_version":"2.13.02-0.1","repositories":{"buster":"2.14-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.12.01-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.11.05-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.13.02-0.1","repositories":{"sid":"2.14-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-10686":{"debianbug":867988,"scope":"remote","description":"In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token() function and freed in the detoken() function (called by pp_getline()) - it is used again at multiple positions later that could cause multiple damages. For example, it causes a corrupted double-linked list in detoken(), a double free or corruption in delete_Token(), and an out-of-bounds write in detoken(). It has a high possibility to lead to a remote code execution attack.","releases":{"buster":{"fixed_version":"2.13.02-0.1","repositories":{"buster":"2.14-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.12.01-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.11.05-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.13.02-0.1","repositories":{"sid":"2.14-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-17818":{"scope":"remote","description":"In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service attack, related to a while loop in paste_tokens in asm/preproc.c.","releases":{"buster":{"fixed_version":"2.13.02-0.1","repositories":{"buster":"2.14-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.12.01-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.11.05-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.13.02-0.1","repositories":{"sid":"2.14-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-17819":{"scope":"remote","description":"In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skip_white_ calls are not validated.","releases":{"buster":{"fixed_version":"2.13.02-0.1","repositories":{"buster":"2.14-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.12.01-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.11.05-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.13.02-0.1","repositories":{"sid":"2.14-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-11111":{"debianbug":867988,"scope":"remote","description":"In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.","releases":{"buster":{"fixed_version":"2.13.02-0.1","repositories":{"buster":"2.14-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.12.01-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.11.05-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.13.02-0.1","repositories":{"sid":"2.14-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-16517":{"scope":"remote","description":"asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dereference, which allows the attacker to cause a denial of service via a crafted file.","releases":{"buster":{"fixed_version":"2.14-1","repositories":{"buster":"2.14-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.12.01-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.11.05-1"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14-1","repositories":{"sid":"2.14-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-10316":{"scope":"remote","description":"Netwide Assembler (NASM) 2.14rc0 has an endless while loop in the assemble_file function of asm/nasm.c because of a globallineno integer overflow.","releases":{"buster":{"fixed_version":"2.14-1","repositories":{"buster":"2.14-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.12.01-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.11.05-1"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14-1","repositories":{"sid":"2.14-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-19209":{"scope":"remote","description":"Netwide Assembler (NASM) 2.14rc15 has a NULL pointer dereference in the function find_label in asm/labels.c that will lead to a DoS attack.","releases":{"buster":{"fixed_version":"2.14-1","repositories":{"buster":"2.14-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.12.01-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.11.05-1"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14-1","repositories":{"sid":"2.14-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-16999":{"scope":"remote","description":"Netwide Assembler (NASM) 2.14rc15 has an invalid memory write (segmentation fault) in expand_smacro in preproc.c, which allows attackers to cause a denial of service via a crafted input file.","releases":{"buster":{"fixed_version":"2.14-1","repositories":{"buster":"2.14-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.12.01-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.11.05-1"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.14-1","repositories":{"sid":"2.14-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-6290":{"scope":"remote","description":"An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, bexpr and cexpr in certain scenarios involving lots of '{' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file.","releases":{"buster":{"repositories":{"buster":"2.14-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"2.12.01-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.11.05-1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2.14-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-17810":{"scope":"remote","description":"In Netwide Assembler (NASM) 2.14rc0, there is a \"SEGV on unknown address\" that will cause a remote denial of service attack, because asm/preproc.c mishandles macro calls that have the wrong number of arguments.","releases":{"buster":{"fixed_version":"2.13.02-0.1","repositories":{"buster":"2.14-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.12.01-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.11.05-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.13.02-0.1","repositories":{"sid":"2.14-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-17811":{"scope":"remote","description":"In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to CVE-2017-11111.","releases":{"buster":{"fixed_version":"2.13.02-0.1","repositories":{"buster":"2.14-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.12.01-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.11.05-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.13.02-0.1","repositories":{"sid":"2.14-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-17812":{"scope":"remote","description":"In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read in the function detoken() in asm/preproc.c that will cause a remote denial of service attack.","releases":{"buster":{"fixed_version":"2.13.02-0.1","repositories":{"buster":"2.14-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.12.01-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.11.05-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.13.02-0.1","repositories":{"sid":"2.14-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-10254":{"debianbug":896523,"scope":"remote","description":"Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could leverage this vulnerability to cause a denial of service or possibly have unspecified other impact via a crafted ELF file.","releases":{"buster":{"fixed_version":"2.14-1","repositories":{"buster":"2.14-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.12.01-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.11.05-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.14-1","repositories":{"sid":"2.14-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-17813":{"scope":"remote","description":"In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote denial of service attack, related to mishandling of line-syntax errors.","releases":{"buster":{"fixed_version":"2.13.02-0.1","repositories":{"buster":"2.14-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.12.01-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.11.05-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.13.02-0.1","repositories":{"sid":"2.14-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-17814":{"scope":"remote","description":"In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in do_directive in asm/preproc.c that will cause a remote denial of service attack.","releases":{"buster":{"fixed_version":"2.13.02-0.1","repositories":{"buster":"2.14-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.12.01-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.11.05-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.13.02-0.1","repositories":{"sid":"2.14-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-4606":{"debianbug":651620,"scope":"local","description":"Artsoft Entertainment Rocks'n'Diamonds (aka rocksndiamonds) 3.3.0.1 allows local users to overwrite arbitrary files via a symlink attack on .rocksndiamonds/cache/artworkinfo.cache under a user's home directory.","releases":{"buster":{"fixed_version":"3.3.0.1+dfsg1-2.2","repositories":{"buster":"4.1.1.0+dfsg-1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"3.3.0.1+dfsg1-2.2","repositories":{"stretch":"4.0.0.1+dfsg-1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"3.3.0.1+dfsg1-2.2","repositories":{"jessie":"3.3.0.1+dfsg1-2.2"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"3.3.0.1+dfsg1-2.2","repositories":{"sid":"4.1.1.0+dfsg-1"},"urgency":"low**","status":"resolved"}}}}
{"TEMP-0340079-E5FD8C":{"debianbug":340079,"releases":{"sid":{"fixed_version":"6b-11","repositories":{"sid":"1:6b2-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-3616":{"debianbug":819969,"scope":"remote","description":"The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.","releases":{"sid":{"repositories":{"sid":"1:6b2-3"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2013-6630":{"debianbug":729867,"scope":"remote","description":"The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.","releases":{"sid":{"fixed_version":"6b1-4","repositories":{"sid":"1:6b2-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-15232":{"debianbug":878567,"scope":"remote","description":"libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"1:6b2-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-3005":{"debianbug":373672,"scope":"remote","description":"The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux is built without the -maxmem feature, which could allow context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted JPEG file that exceeds the intended memory limits.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"1:6b2-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-6629":{"debianbug":729867,"scope":"remote","description":"The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.","releases":{"sid":{"fixed_version":"6b1-4","repositories":{"sid":"1:6b2-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2001-1508":{"scope":"local","description":"Buffer overflow in lpstat in SCO OpenServer 5.0 through 5.0.6a allows local users to execute arbitrary code as group bin via a long command line argument.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.8.B-2.1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"3.8.B-2.1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.8.B-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.8.B-2.1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2003-0136":{"scope":"local","description":"psbanner in the LPRng package allows local users to overwrite arbitrary files via a symbolic link attack on the /tmp/before file.","releases":{"buster":{"fixed_version":"3.8.20-4.","repositories":{"buster":"3.8.B-2.1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"3.8.20-4.","repositories":{"stretch":"3.8.B-2.1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"3.8.20-4.","repositories":{"jessie":"3.8.B-2"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"3.8.20-4.","repositories":{"sid":"3.8.B-2.1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2005-1099":{"scope":"remote","description":"Multiple buffer overflows in the HandleChild function in server.c in Greylisting daemon (GLD) 1.3 and 1.4, when GLD is listening on a network interface, allow remote attackers to execute arbitrary code.","releases":{"buster":{"fixed_version":"1.5-1","repositories":{"buster":"1.7-8"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.5-1","repositories":{"stretch":"1.7-8"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.5-1","repositories":{"jessie":"1.7-6"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.5-1","repositories":{"sid":"1.7-8"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2005-1100":{"scope":"remote","description":"Format string vulnerability in the ErrorLog function in cnf.c in Greylisting daemon (GLD) 1.3 and 1.4 allows remote attackers to execute arbitrary code via format string specifiers in data that is passed directly to syslog.","releases":{"buster":{"fixed_version":"1.5-1","repositories":{"buster":"1.7-8"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.5-1","repositories":{"stretch":"1.7-8"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.5-1","repositories":{"jessie":"1.7-6"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.5-1","repositories":{"sid":"1.7-8"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-5745":{"debianbug":724545,"scope":"remote","description":"The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error causes the connection to close during authentication, which allows remote attackers to cause a denial of service (infinite loop, CPU and disk consumption) via multiple crafted requests during authentication.","releases":{"buster":{"fixed_version":"3.10.1-1","repositories":{"buster":"3.22.0-5"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.10.1-1","repositories":{"stretch":"3.22.0-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3.10.1-1","repositories":{"jessie":"3.14.0-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"3.10.1-1","repositories":{"sid":"3.22.0-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-1165":{"scope":"remote","description":"Vino, possibly before 3.2, does not properly document that it opens ports in UPnP routers when the \"Configure network to automatically accept connections\" setting is enabled, which might make it easier for remote attackers to perform further attacks.","releases":{"buster":{"repositories":{"buster":"3.22.0-5"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.22.0-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.14.0-2"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.22.0-5"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2011-1164":{"scope":"remote","description":"Vino before 2.99.4 can connect external networks contrary to the statement in the vino-preferences dialog box, which might make it easier for remote attackers to perform attacks.","releases":{"buster":{"repositories":{"buster":"3.22.0-5"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.22.0-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.14.0-2"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.22.0-5"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2011-0905":{"scope":"remote","description":"The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation.","releases":{"buster":{"fixed_version":"2.28.2-3","repositories":{"buster":"3.22.0-5"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2.28.2-3","repositories":{"stretch":"3.22.0-1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"2.28.2-3","repositories":{"jessie":"3.14.0-2"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2.28.2-3","repositories":{"sid":"3.22.0-5"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2011-0904":{"scope":"remote","description":"The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.","releases":{"buster":{"fixed_version":"2.28.2-3","repositories":{"buster":"3.22.0-5"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2.28.2-3","repositories":{"stretch":"3.22.0-1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"2.28.2-3","repositories":{"jessie":"3.14.0-2"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2.28.2-3","repositories":{"sid":"3.22.0-5"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2012-4429":{"debianbug":687596,"scope":"remote","description":"Vino 2.28, 2.32, 3.4.2, and earlier allows remote attackers to read clipboard activity by listening on TCP port 5900.","releases":{"buster":{"fixed_version":"3.8.1-1","repositories":{"buster":"3.22.0-5"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.8.1-1","repositories":{"stretch":"3.22.0-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3.8.1-1","repositories":{"jessie":"3.14.0-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"3.8.1-1","repositories":{"sid":"3.22.0-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-7414":{"debianbug":859635,"scope":"remote","description":"In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user's preferences, and has enabled the \"Should PGP signed messages be automatically verified when viewed?\" preference. To exploit this vulnerability, an attacker can send a PGP signed email (that is maliciously crafted) to the Horde user, who then must either view or preview it.","releases":{"buster":{"fixed_version":"2.7.5-2","repositories":{"buster":"2.7.12-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.7.5-2","repositories":{"stretch":"2.7.8-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.5.0-5+deb8u1","repositories":{"jessie":"2.5.0-5","jessie-security":"2.5.0-5+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.7.5-2","repositories":{"sid":"2.7.12-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7413":{"debianbug":859635,"scope":"remote","description":"In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed to a maliciously crafted email address.","releases":{"buster":{"fixed_version":"2.7.5-2","repositories":{"buster":"2.7.12-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.7.5-2","repositories":{"stretch":"2.7.8-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.5.0-5+deb8u1","repositories":{"jessie":"2.5.0-5","jessie-security":"2.5.0-5+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.7.5-2","repositories":{"sid":"2.7.12-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-18250":{"scope":"remote","description":"Icinga Web 2 before 2.6.2 allows parameters that break navigation dashlets, as demonstrated by a single '$' character as the Name of a Navigation item.","releases":{"buster":{"fixed_version":"2.6.2-1","repositories":{"buster":"2.6.2-3"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.4.1-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.6.2-1","repositories":{"sid":"2.6.2-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-18249":{"scope":"remote","description":"Icinga Web 2 before 2.6.2 allows injection of PHP ini-file directives via vectors involving environment variables as the channel to send information to the attacker, such as a name=${PATH}_${APACHE_RUN_DIR}_${APACHE_RUN_USER} parameter to /icingaweb2/navigation/add or /icingaweb2/dashboard/new-dashlet.","releases":{"buster":{"fixed_version":"2.6.2-1","repositories":{"buster":"2.6.2-3"},"urgency":"high**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.4.1-1"},"urgency":"high**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.6.2-1","repositories":{"sid":"2.6.2-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-18248":{"scope":"remote","description":"Icinga Web 2 has XSS via the /icingaweb2/monitoring/list/services dir parameter, the /icingaweb2/user/list query string, the /icingaweb2/monitoring/timeline query string, or the /icingaweb2/setup query string.","releases":{"buster":{"fixed_version":"2.6.2-1","repositories":{"buster":"2.6.2-3"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.4.1-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.6.2-1","repositories":{"sid":"2.6.2-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-18247":{"scope":"remote","description":"Icinga Web 2 before 2.6.2 has XSS via the /icingaweb2/navigation/add icon parameter.","releases":{"buster":{"fixed_version":"2.6.2-1","repositories":{"buster":"2.6.2-3"},"urgency":"low**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.4.1-1"},"urgency":"low**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.6.2-1","repositories":{"sid":"2.6.2-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-18246":{"scope":"remote","description":"Icinga Web 2 before 2.6.2 has CSRF via /icingaweb2/config/moduledisable?name=monitoring to disable the monitoring module, or via /icingaweb2/config/moduleenable?name=setup to enable the setup module.","releases":{"buster":{"fixed_version":"2.6.2-1","repositories":{"buster":"2.6.2-3"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.4.1-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.6.2-1","repositories":{"sid":"2.6.2-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-1934":{"debianbug":737062,"scope":"local","description":"tag.py in eyeD3 (aka python-eyed3) 7.0.3, 0.6.18, and earlier for Python allows local users to modify arbitrary files via a symlink attack on a temporary file.","releases":{"buster":{"fixed_version":"0.6.18-3","repositories":{"buster":"0.8.8-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0.6.18-3","repositories":{"stretch":"0.7.10-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"0.6.18-1"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"0.6.18-3","repositories":{"sid":"0.8.8-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-5710":{"debianbug":889685,"scope":"remote","description":"An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function \"strlen\" is getting a \"NULL\" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client.","releases":{"buster":{"fixed_version":"1.16.1-1","repositories":{"buster":"1.17-2"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.16.1-1","repositories":{"sid":"1.17-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-20217":{"debianbug":917387,"scope":"remote","description":"A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.","releases":{"buster":{"fixed_version":"1.16.2-1","repositories":{"buster":"1.17-2"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"1.12.1+dfsg-19+deb8u5","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.16.2-1","repositories":{"sid":"1.17-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2003-0139":{"scope":"remote","description":"Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and \"ticket splicing.\"","releases":{"buster":{"fixed_version":"1.2.7-3","repositories":{"buster":"1.17-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.2.7-3","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.2.7-3","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.2.7-3","repositories":{"sid":"1.17-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2003-0138":{"scope":"remote","description":"Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack.","releases":{"buster":{"fixed_version":"1.2.7-3","repositories":{"buster":"1.17-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.2.7-3","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.2.7-3","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.2.7-3","repositories":{"sid":"1.17-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-3120":{"debianbug":832572,"scope":"remote","description":"The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request.","releases":{"buster":{"fixed_version":"1.14.3+dfsg-1","repositories":{"buster":"1.17-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.14.3+dfsg-1","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.12.1+dfsg-19+deb8u3","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.14.3+dfsg-1","repositories":{"sid":"1.17-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-11368":{"debianbug":869260,"scope":"remote","description":"In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.","releases":{"buster":{"fixed_version":"1.15.1-2","repositories":{"buster":"1.17-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.15-1+deb9u1","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.12.1+dfsg-19+deb8u3","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.15.1-2","repositories":{"sid":"1.17-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7562":{"scope":"remote","description":"An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.17-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.17-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-5972":{"debianbug":454974,"scope":"remote","description":"Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default.c in MIT Kerberos 5 (krb5) 1.5 has unknown impact and remote authenticated attack vectors.  NOTE: the free operations occur in code that stores the krb5kdc master key, and so the attacker must have privileges to store this key.","releases":{"buster":{"fixed_version":"1.6.dfsg.4~beta1-1","repositories":{"buster":"1.17-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.6.dfsg.4~beta1-1","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1.6.dfsg.4~beta1-1","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.6.dfsg.4~beta1-1","repositories":{"sid":"1.17-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-4000":{"scope":"remote","description":"The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the \"modify policy\" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer.","releases":{"buster":{"fixed_version":"1.6.dfsg.1-7","repositories":{"buster":"1.17-2"},"urgency":"high","status":"resolved"},"stretch":{"fixed_version":"1.6.dfsg.1-7","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"high","status":"resolved"},"jessie":{"fixed_version":"1.6.dfsg.1-7","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"high","status":"resolved"},"sid":{"fixed_version":"1.6.dfsg.1-7","repositories":{"sid":"1.17-2"},"urgency":"high","status":"resolved"}}}}
{"CVE-2007-5971":{"debianbug":454974,"scope":"local","description":"Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors.","releases":{"buster":{"fixed_version":"1.6.dfsg.4~beta1-1","repositories":{"buster":"1.17-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.6.dfsg.4~beta1-1","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1.6.dfsg.4~beta1-1","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.6.dfsg.4~beta1-1","repositories":{"sid":"1.17-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-0956":{"scope":"remote","description":"The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882.","releases":{"buster":{"fixed_version":"1.4.4-8","repositories":{"buster":"1.17-2"},"urgency":"high","status":"resolved"},"stretch":{"fixed_version":"1.4.4-8","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"high","status":"resolved"},"jessie":{"fixed_version":"1.4.4-8","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"high","status":"resolved"},"sid":{"fixed_version":"1.4.4-8","repositories":{"sid":"1.17-2"},"urgency":"high","status":"resolved"}}}}
{"CVE-2007-0957":{"scope":"remote","description":"Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers.","releases":{"buster":{"fixed_version":"1.4.4-8","repositories":{"buster":"1.17-2"},"urgency":"high","status":"resolved"},"stretch":{"fixed_version":"1.4.4-8","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"high","status":"resolved"},"jessie":{"fixed_version":"1.4.4-8","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"high","status":"resolved"},"sid":{"fixed_version":"1.4.4-8","repositories":{"sid":"1.17-2"},"urgency":"high","status":"resolved"}}}}
{"CVE-2003-0028":{"scope":"remote","description":"Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.","releases":{"buster":{"fixed_version":"1.3.3-2","repositories":{"buster":"1.17-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.3.3-2","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.3.3-2","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.3.3-2","repositories":{"sid":"1.17-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-5351":{"debianbug":762479,"scope":"remote","description":"The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.","releases":{"buster":{"fixed_version":"1.12.1+dfsg-10","repositories":{"buster":"1.17-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.12.1+dfsg-10","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.12.1+dfsg-10","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.12.1+dfsg-10","repositories":{"sid":"1.17-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-3119":{"debianbug":819468,"scope":"remote","description":"The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.","releases":{"buster":{"fixed_version":"1.14.2+dfsg-1","repositories":{"buster":"1.17-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.14.2+dfsg-1","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.12.1+dfsg-19+deb8u3","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.14.2+dfsg-1","repositories":{"sid":"1.17-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2010-0283":{"scope":"remote","description":"The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request.","releases":{"buster":{"fixed_version":"1.8+dfsg~alpha1-7","repositories":{"buster":"1.17-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.8+dfsg~alpha1-7","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.8+dfsg~alpha1-7","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.8+dfsg~alpha1-7","repositories":{"sid":"1.17-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-5355":{"debianbug":778647,"scope":"remote","description":"MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '\\0' character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c.","releases":{"buster":{"fixed_version":"1.12.1+dfsg-18","repositories":{"buster":"1.17-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.12.1+dfsg-18","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.12.1+dfsg-18","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.12.1+dfsg-18","repositories":{"sid":"1.17-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-5354":{"debianbug":773228,"scope":"remote","description":"plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by creating a database entry for a keyless principal, as demonstrated by a kadmin \"add_principal -nokey\" or \"purgekeys -all\" command.","releases":{"buster":{"fixed_version":"1.12.1+dfsg-16","repositories":{"buster":"1.17-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.12.1+dfsg-16","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.12.1+dfsg-16","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.12.1+dfsg-16","repositories":{"sid":"1.17-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2014-5353":{"debianbug":773226,"scope":"remote","description":"The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy.","releases":{"buster":{"fixed_version":"1.12.1+dfsg-16","repositories":{"buster":"1.17-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.12.1+dfsg-16","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.12.1+dfsg-16","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.12.1+dfsg-16","repositories":{"sid":"1.17-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2014-5352":{"scope":"remote","description":"The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via crafted GSSAPI traffic, as demonstrated by traffic to kadmind.","releases":{"buster":{"fixed_version":"1.12.1+dfsg-17","repositories":{"buster":"1.17-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.12.1+dfsg-17","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.12.1+dfsg-17","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.12.1+dfsg-17","repositories":{"sid":"1.17-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-5729":{"debianbug":891869,"scope":"remote","description":"MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.","releases":{"buster":{"fixed_version":"1.16.1-1","repositories":{"buster":"1.17-2"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"1.12.1+dfsg-19+deb8u5","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.16.1-1","repositories":{"sid":"1.17-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8630":{"debianbug":813127,"scope":"remote","description":"The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.","releases":{"buster":{"fixed_version":"1.13.2+dfsg-5","repositories":{"buster":"1.17-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.13.2+dfsg-5","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.12.1+dfsg-19+deb8u2","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.13.2+dfsg-5","repositories":{"sid":"1.17-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-3295":{"scope":"remote","description":"The prep_reprocess_req function in kdc/do_tgs_req.c in the cross-realm referral implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a ticket request.","releases":{"buster":{"fixed_version":"1.7+dfsg-4","repositories":{"buster":"1.17-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.7+dfsg-4","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.7+dfsg-4","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.7+dfsg-4","repositories":{"sid":"1.17-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2015-8631":{"debianbug":813126,"scope":"remote","description":"Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.","releases":{"buster":{"fixed_version":"1.13.2+dfsg-5","repositories":{"buster":"1.17-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.13.2+dfsg-5","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.12.1+dfsg-19+deb8u2","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.13.2+dfsg-5","repositories":{"sid":"1.17-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-1529":{"debianbug":646367,"scope":"remote","description":"The lookup_lockout_policy function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the db2 (aka Berkeley DB) or LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger certain process_as_req errors.","releases":{"buster":{"fixed_version":"1.10+dfsg~alpha1-1","repositories":{"buster":"1.17-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.10+dfsg~alpha1-1","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.10+dfsg~alpha1-1","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.10+dfsg~alpha1-1","repositories":{"sid":"1.17-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-0629":{"scope":"remote","description":"Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number.","releases":{"buster":{"fixed_version":"1.7+dfsg-1","repositories":{"buster":"1.17-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.7+dfsg-1","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.7+dfsg-1","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.7+dfsg-1","repositories":{"sid":"1.17-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2002-0391":{"scope":"remote","description":"Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.","releases":{"buster":{"fixed_version":"1.2.5-2","repositories":{"buster":"1.17-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.2.5-2","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.2.5-2","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.2.5-2","repositories":{"sid":"1.17-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-1528":{"debianbug":646367,"scope":"remote","description":"The krb5_ldap_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, related to the locked_check_p function.  NOTE: the Berkeley DB vector is covered by CVE-2011-4151.","releases":{"buster":{"fixed_version":"1.10+dfsg~alpha1-1","repositories":{"buster":"1.17-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.10+dfsg~alpha1-1","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.10+dfsg~alpha1-1","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.10+dfsg~alpha1-1","repositories":{"sid":"1.17-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-1527":{"debianbug":646367,"scope":"remote","description":"The kdb_ldap plugin in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a kinit operation with incorrect string case for the realm, related to the is_principal_in_realm, krb5_set_error_message, krb5_ldap_get_principal, and process_as_req functions.","releases":{"buster":{"fixed_version":"1.10+dfsg~alpha1-1","repositories":{"buster":"1.17-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.10+dfsg~alpha1-1","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.10+dfsg~alpha1-1","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.10+dfsg~alpha1-1","repositories":{"sid":"1.17-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-0628":{"debianbug":575740,"scope":"remote","description":"The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid packet that triggers incorrect preparation of an error token.","releases":{"buster":{"fixed_version":"1.8+dfsg-1.1","repositories":{"buster":"1.17-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.8+dfsg-1.1","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.8+dfsg-1.1","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.8+dfsg-1.1","repositories":{"sid":"1.17-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-9423":{"scope":"remote","description":"The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive information from process heap memory by sniffing the network for data in a handle field.","releases":{"buster":{"fixed_version":"1.12.1+dfsg-17","repositories":{"buster":"1.17-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.12.1+dfsg-17","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.12.1+dfsg-17","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.12.1+dfsg-17","repositories":{"sid":"1.17-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-1321":{"debianbug":582261,"scope":"remote","description":"The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing.","releases":{"buster":{"fixed_version":"1.8.1+dfsg-3","repositories":{"buster":"1.17-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.8.1+dfsg-3","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.8.1+dfsg-3","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.8.1+dfsg-3","repositories":{"sid":"1.17-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-9422":{"scope":"remote","description":"The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obtain administrative access by leveraging access to a two-component principal with an initial \"kadmind\" substring, as demonstrated by a \"ka/x\" principal.","releases":{"buster":{"fixed_version":"1.12.1+dfsg-17","repositories":{"buster":"1.17-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.12.1+dfsg-17","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.12.1+dfsg-17","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.12.1+dfsg-17","repositories":{"sid":"1.17-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-1322":{"debianbug":599237,"scope":"remote","description":"The merge_authdata function in kdc_authdata.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remote attackers to cause a denial of service (daemon crash), or possibly obtain sensitive information, spoof authorization, or execute arbitrary code, via a TGS request that triggers an uninitialized pointer dereference, as demonstrated by a request from a Windows Active Directory client.","releases":{"buster":{"fixed_version":"1.8.3+dfsg-2","repositories":{"buster":"1.17-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.8.3+dfsg-2","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.8.3+dfsg-2","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.8.3+dfsg-2","repositories":{"sid":"1.17-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2003-0072":{"scope":"remote","description":"The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (aka \"array overrun\").","releases":{"buster":{"fixed_version":"1.2.7-3","repositories":{"buster":"1.17-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.2.7-3","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.2.7-3","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.2.7-3","repositories":{"sid":"1.17-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-1320":{"debianbug":577490,"scope":"remote","description":"Double free vulnerability in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x before 1.8.2 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a request associated with (1) renewal or (2) validation.","releases":{"buster":{"fixed_version":"1.8.1+dfsg-2","repositories":{"buster":"1.17-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.8.1+dfsg-2","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.8.1+dfsg-2","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.8.1+dfsg-2","repositories":{"sid":"1.17-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-9421":{"scope":"remote","description":"The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via malformed XDR data, as demonstrated by data sent to kadmind.","releases":{"buster":{"fixed_version":"1.12.1+dfsg-17","repositories":{"buster":"1.17-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.12.1+dfsg-17","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.12.1+dfsg-17","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.12.1+dfsg-17","repositories":{"sid":"1.17-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-11462":{"debianbug":873563,"scope":"remote","description":"Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.","releases":{"buster":{"fixed_version":"1.15.2-1","repositories":{"buster":"1.17-2"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue, might lead to behaviour changes","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Minor issue, might lead to behaviour changes","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"1.15.2-1","repositories":{"sid":"1.17-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2006-3083":{"scope":"local","description":"The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.","releases":{"buster":{"fixed_version":"1.4.3-9","repositories":{"buster":"1.17-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.4.3-9","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.4.3-9","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.4.3-9","repositories":{"sid":"1.17-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2006-3084":{"scope":"local","description":"The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges.  NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues.","releases":{"buster":{"fixed_version":"1.4.3-9","repositories":{"buster":"1.17-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.4.3-9","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.4.3-9","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.4.3-9","repositories":{"sid":"1.17-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2010-1323":{"debianbug":605553,"scope":"remote","description":"MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center (KDC), or forge a KRB-SAFE message via certain checksums that (1) are unkeyed or (2) use RC4 keys.","releases":{"buster":{"fixed_version":"1.8.3+dfsg-3","repositories":{"buster":"1.17-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.8.3+dfsg-3","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.8.3+dfsg-3","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.8.3+dfsg-3","repositories":{"sid":"1.17-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2010-1324":{"debianbug":605553,"scope":"remote","description":"MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a KrbFastArmoredReq checksum based on an RC4 key.","releases":{"buster":{"fixed_version":"1.8.3+dfsg-3","repositories":{"buster":"1.17-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.8.3+dfsg-3","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.8.3+dfsg-3","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.8.3+dfsg-3","repositories":{"sid":"1.17-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2004-0971":{"debianbug":278271,"scope":"local","description":"The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.","releases":{"buster":{"repositories":{"buster":"1.17-2"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"1.17-2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2007-5901":{"debianbug":454974,"scope":"local","description":"Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors.  NOTE: this might be the result of a typo in the source code.","releases":{"buster":{"fixed_version":"1.6.dfsg.4~beta1-1","repositories":{"buster":"1.17-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.6.dfsg.4~beta1-1","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1.6.dfsg.4~beta1-1","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.6.dfsg.4~beta1-1","repositories":{"sid":"1.17-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-5902":{"debianbug":454974,"scope":"remote","description":"Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (krb5) allows remote attackers to have an unknown impact via a large length value for a GSS client name in an RPC request.","releases":{"buster":{"fixed_version":"1.6.dfsg.4~beta1-1","repositories":{"buster":"1.17-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.6.dfsg.4~beta1-1","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1.6.dfsg.4~beta1-1","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.6.dfsg.4~beta1-1","repositories":{"sid":"1.17-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-4020":{"debianbug":605553,"scope":"remote","description":"MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte stream-cipher operations.","releases":{"buster":{"fixed_version":"1.8.3+dfsg-3","repositories":{"buster":"1.17-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.8.3+dfsg-3","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.8.3+dfsg-3","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.8.3+dfsg-3","repositories":{"sid":"1.17-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2011-0284":{"debianbug":618517,"scope":"remote","description":"Double free vulnerability in the prepare_error_as function in do_as_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 through 1.9, when the PKINIT feature is enabled, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an e_data field containing typed data.","releases":{"buster":{"fixed_version":"1.8.3+dfsg-6","repositories":{"buster":"1.17-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.8.3+dfsg-6","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.8.3+dfsg-6","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.8.3+dfsg-6","repositories":{"sid":"1.17-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-0285":{"debianbug":622681,"scope":"remote","description":"The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted request that triggers an error condition.","releases":{"buster":{"fixed_version":"1.9.1+dfsg-1","repositories":{"buster":"1.17-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.9.1+dfsg-1","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.9.1+dfsg-1","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.9.1+dfsg-1","repositories":{"sid":"1.17-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-0282":{"scope":"remote","description":"The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name.","releases":{"buster":{"fixed_version":"1.8.3+dfsg-5","repositories":{"buster":"1.17-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.8.3+dfsg-5","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.8.3+dfsg-5","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.8.3+dfsg-5","repositories":{"sid":"1.17-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-0283":{"scope":"remote","description":"The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed request packet that does not trigger a response packet.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.17-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.17-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-1530":{"scope":"remote","description":"The process_tgs_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS request that triggers an error other than the KRB5_KDB_NOENTRY error.","releases":{"buster":{"fixed_version":"1.10+dfsg~alpha1-7","repositories":{"buster":"1.17-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.10+dfsg~alpha1-7","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.10+dfsg~alpha1-7","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.10+dfsg~alpha1-7","repositories":{"sid":"1.17-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2003-0082":{"scope":"remote","description":"The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka \"buffer underrun\").","releases":{"buster":{"fixed_version":"1.3.3-2","repositories":{"buster":"1.17-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.3.3-2","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.3.3-2","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.3.3-2","repositories":{"sid":"1.17-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-0281":{"scope":"remote","description":"The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use of a backslash escape sequence, as demonstrated by a \\n sequence.","releases":{"buster":{"fixed_version":"1.8.3+dfsg-5","repositories":{"buster":"1.17-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.8.3+dfsg-5","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.8.3+dfsg-5","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.8.3+dfsg-5","repositories":{"sid":"1.17-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-4022":{"scope":"remote","description":"The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not properly handle when a worker child process \"exits abnormally,\" which allows remote attackers to cause a denial of service (listening process termination, no new connections, and lack of updates in slave KVC) via unspecified vectors.","releases":{"buster":{"fixed_version":"1.8.3+dfsg-5","repositories":{"buster":"1.17-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.8.3+dfsg-5","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.8.3+dfsg-5","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.8.3+dfsg-5","repositories":{"sid":"1.17-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-5709":{"debianbug":889684,"scope":"remote","description":"An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.","releases":{"buster":{"repositories":{"buster":"1.17-2"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"1.17-2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2010-4021":{"scope":"remote","description":"The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a \"KrbFastReq forgery issue.\"","releases":{"buster":{"fixed_version":"1.8+dfsg~alpha1-1","repositories":{"buster":"1.17-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.8+dfsg~alpha1-1","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.8+dfsg~alpha1-1","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.8+dfsg~alpha1-1","repositories":{"sid":"1.17-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2002-2443":{"debianbug":708267,"scope":"remote","description":"schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.","releases":{"buster":{"fixed_version":"1.10.1+dfsg-6","repositories":{"buster":"1.17-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.10.1+dfsg-6","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.10.1+dfsg-6","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.10.1+dfsg-6","repositories":{"sid":"1.17-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2002-1235":{"scope":"remote","description":"The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1.2.6 and earlier, (2) kadmind in KTH Kerberos 4 (eBones) before 1.2.1, and (3) kadmind in KTH Kerberos 5 (Heimdal) before 0.5.1 when compiled with Kerberos 4 support, does not properly verify the length field of a request, which allows remote attackers to execute arbitrary code via a buffer overflow attack.","releases":{"buster":{"fixed_version":"1.2.6-2","repositories":{"buster":"1.17-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.2.6-2","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.2.6-2","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.2.6-2","repositories":{"sid":"1.17-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-0947":{"scope":"remote","description":"Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors.","releases":{"buster":{"fixed_version":"1.6.dfsg.3~beta1-4","repositories":{"buster":"1.17-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.6.dfsg.3~beta1-4","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.6.dfsg.3~beta1-4","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.6.dfsg.3~beta1-4","repositories":{"sid":"1.17-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2008-0948":{"scope":"remote","description":"Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h does not define the FD_SETSIZE macro, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering a large number of open file descriptors.","releases":{"buster":{"fixed_version":"1.3-1","repositories":{"buster":"1.17-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.3-1","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1.3-1","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.3-1","repositories":{"sid":"1.17-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-3999":{"scope":"remote","description":"Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message.","releases":{"buster":{"fixed_version":"1.6.dfsg.1-7","repositories":{"buster":"1.17-2"},"urgency":"high","status":"resolved"},"stretch":{"fixed_version":"1.6.dfsg.1-7","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"high","status":"resolved"},"jessie":{"fixed_version":"1.6.dfsg.1-7","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"high","status":"resolved"},"sid":{"fixed_version":"1.6.dfsg.1-7","repositories":{"sid":"1.17-2"},"urgency":"high","status":"resolved"}}}}
{"CVE-2007-1216":{"scope":"remote","description":"Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an \"an invalid direction encoding\".","releases":{"buster":{"fixed_version":"1.4.4-8","repositories":{"buster":"1.17-2"},"urgency":"high","status":"resolved"},"stretch":{"fixed_version":"1.4.4-8","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"high","status":"resolved"},"jessie":{"fixed_version":"1.4.4-8","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"high","status":"resolved"},"sid":{"fixed_version":"1.4.4-8","repositories":{"sid":"1.17-2"},"urgency":"high","status":"resolved"}}}}
{"CVE-2003-0058":{"scope":"remote","description":"MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference.","releases":{"buster":{"fixed_version":"1.2.5-1","repositories":{"buster":"1.17-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.2.5-1","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.2.5-1","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.2.5-1","repositories":{"sid":"1.17-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2003-0059":{"scope":"remote","description":"Unknown vulnerability in the chk_trans.c of the libkrb5 library for MIT Kerberos V5 before 1.2.5 allows users from one realm to impersonate users in other realms that have the same inter-realm keys.","releases":{"buster":{"fixed_version":"1.2.5-1","repositories":{"buster":"1.17-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.2.5-1","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.2.5-1","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.2.5-1","repositories":{"sid":"1.17-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-4212":{"scope":"remote","description":"Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.","releases":{"buster":{"fixed_version":"1.8+dfsg~alpha1-1","repositories":{"buster":"1.17-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.8+dfsg~alpha1-1","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.8+dfsg~alpha1-1","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.8+dfsg~alpha1-1","repositories":{"sid":"1.17-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2005-1689":{"scope":"remote","description":"Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions.","releases":{"buster":{"fixed_version":"1.3.6-4","repositories":{"buster":"1.17-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.3.6-4","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.3.6-4","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.3.6-4","repositories":{"sid":"1.17-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2007-5894":{"debianbug":454974,"scope":"remote","description":"** DISPUTED **  The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 (krb5) does not initialize the length variable when auth_type has a certain value, which has unknown impact and remote authenticated attack vectors.  NOTE: the original disclosure misidentifies the conditions under which the uninitialized variable is used.  NOTE: the vendor disputes this issue, stating \" The 'length' variable is only uninitialized if 'auth_type' is neither the 'KERBEROS_V4' nor 'GSSAPI'; this condition cannot occur in the unmodified source code.\"","releases":{"buster":{"fixed_version":"1.6.dfsg.4~beta1-1","repositories":{"buster":"1.17-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.6.dfsg.4~beta1-1","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1.6.dfsg.4~beta1-1","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.6.dfsg.4~beta1-1","repositories":{"sid":"1.17-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-2694":{"debianbug":783557,"scope":"remote","description":"The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.","releases":{"buster":{"fixed_version":"1.12.1+dfsg-20","repositories":{"buster":"1.17-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.12.1+dfsg-20","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.12.1+dfsg-19+deb8u3","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.12.1+dfsg-20","repositories":{"sid":"1.17-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-1174":{"debianbug":318437,"scope":"remote","description":"MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) allows remote attackers to cause a denial of service (application crash) via a certain valid TCP connection that causes a free of unallocated memory.","releases":{"buster":{"fixed_version":"1.3.6-4","repositories":{"buster":"1.17-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.3.6-4","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.3.6-4","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.3.6-4","repositories":{"sid":"1.17-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2005-1175":{"debianbug":318437,"scope":"remote","description":"Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain valid TCP or UDP request.","releases":{"buster":{"fixed_version":"1.3.6-4","repositories":{"buster":"1.17-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.3.6-4","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.3.6-4","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.3.6-4","repositories":{"sid":"1.17-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2011-4862":{"debianbug":654231,"scope":"remote","description":"Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.","releases":{"buster":{"fixed_version":"1.8+dfsg~aa+r23527-1","repositories":{"buster":"1.17-2"},"urgency":"high","status":"resolved"},"stretch":{"fixed_version":"1.8+dfsg~aa+r23527-1","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"high","status":"resolved"},"jessie":{"fixed_version":"1.8+dfsg~aa+r23527-1","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"high","status":"resolved"},"sid":{"fixed_version":"1.8+dfsg~aa+r23527-1","repositories":{"sid":"1.17-2"},"urgency":"high","status":"resolved"}}}}
{"CVE-2017-15088":{"debianbug":871698,"scope":"remote","description":"plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_oneline_ex functions. NOTE: this has security relevance only in use cases outside of the MIT Kerberos distribution, e.g., the use of get_matching_data in KDC certauth plugin code that is specific to Red Hat.","releases":{"buster":{"fixed_version":"1.15.2-2","repositories":{"buster":"1.17-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"1.15.2-2","repositories":{"sid":"1.17-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-4345":{"debianbug":757416,"scope":"remote","description":"Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause a denial of service (buffer overflow) or possibly execute arbitrary code via a series of \"cpw -keepold\" commands.","releases":{"buster":{"fixed_version":"1.12.1+dfsg-7","repositories":{"buster":"1.17-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.12.1+dfsg-7","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.12.1+dfsg-7","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.12.1+dfsg-7","repositories":{"sid":"1.17-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-4344":{"debianbug":755521,"scope":"remote","description":"The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty continuation token at a certain point during a SPNEGO negotiation.","releases":{"buster":{"fixed_version":"1.12.1+dfsg-5","repositories":{"buster":"1.17-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.12.1+dfsg-5","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.12.1+dfsg-5","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.12.1+dfsg-5","repositories":{"sid":"1.17-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-4343":{"debianbug":755520,"scope":"remote","description":"Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from an intended acceptor, but specifies a security mechanism different from the one proposed by the initiator.","releases":{"buster":{"fixed_version":"1.12.1+dfsg-5","repositories":{"buster":"1.17-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.12.1+dfsg-5","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.12.1+dfsg-5","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.12.1+dfsg-5","repositories":{"sid":"1.17-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2003-0060":{"scope":"remote","description":"Format string vulnerabilities in the logging routines for MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in Kerberos principal names.","releases":{"buster":{"fixed_version":"1.2.4","repositories":{"buster":"1.17-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.2.4","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.2.4","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.2.4","repositories":{"sid":"1.17-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-4342":{"debianbug":753625,"scope":"remote","description":"MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session.","releases":{"buster":{"fixed_version":"1.12.1+dfsg-4","repositories":{"buster":"1.17-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.12.1+dfsg-4","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.12.1+dfsg-4","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.12.1+dfsg-4","repositories":{"sid":"1.17-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-4341":{"debianbug":753624,"scope":"remote","description":"MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.","releases":{"buster":{"fixed_version":"1.12.1+dfsg-4","repositories":{"buster":"1.17-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.12.1+dfsg-4","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.12.1+dfsg-4","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.12.1+dfsg-4","repositories":{"sid":"1.17-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-1418":{"debianbug":728845,"scope":"remote","description":"The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.","releases":{"buster":{"fixed_version":"1.11.3+dfsg-3+nmu1","repositories":{"buster":"1.17-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.11.3+dfsg-3+nmu1","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.11.3+dfsg-3+nmu1","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.11.3+dfsg-3+nmu1","repositories":{"sid":"1.17-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2005-0488":{"scope":"remote","description":"Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.","releases":{"buster":{"fixed_version":"1.8.3+dfsg-4","repositories":{"buster":"1.17-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.8.3+dfsg-4","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1.8.3+dfsg-4","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.8.3+dfsg-4","repositories":{"sid":"1.17-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-2698":{"scope":"remote","description":"The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) 1.14 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticated users to cause a denial of service (memory corruption) or possibly have unspecified other impact by interacting with an application that calls the gss_export_sec_context function.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-2696.","releases":{"buster":{"fixed_version":"1.13.2+dfsg-4","repositories":{"buster":"1.17-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.13.2+dfsg-4","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.13.2+dfsg-4","repositories":{"sid":"1.17-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-1415":{"scope":"remote","description":"The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request.","releases":{"buster":{"fixed_version":"1.10.1+dfsg-4","repositories":{"buster":"1.17-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.10.1+dfsg-4","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.10.1+dfsg-4","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.10.1+dfsg-4","repositories":{"sid":"1.17-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-2697":{"debianbug":803088,"scope":"remote","description":"The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\\0' character in a long realm field within a TGS request.","releases":{"buster":{"fixed_version":"1.13.2+dfsg-3","repositories":{"buster":"1.17-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.13.2+dfsg-3","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.12.1+dfsg-19+deb8u1","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.13.2+dfsg-3","repositories":{"sid":"1.17-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-2696":{"debianbug":803084,"scope":"remote","description":"lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call.","releases":{"buster":{"fixed_version":"1.13.2+dfsg-3","repositories":{"buster":"1.17-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.13.2+dfsg-3","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.12.1+dfsg-19+deb8u1","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.13.2+dfsg-3","repositories":{"sid":"1.17-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-1417":{"debianbug":730085,"scope":"remote","description":"do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.11 before 1.11.4, when a single-component realm name is used, allows remote authenticated users to cause a denial of service (daemon crash) via a TGS-REQ request that triggers an attempted cross-realm referral for a host-based service principal.","releases":{"buster":{"fixed_version":"1.11.3+dfsg-3+nmu1","repositories":{"buster":"1.17-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.11.3+dfsg-3+nmu1","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.11.3+dfsg-3+nmu1","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.11.3+dfsg-3+nmu1","repositories":{"sid":"1.17-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-2695":{"debianbug":803083,"scope":"remote","description":"lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call.","releases":{"buster":{"fixed_version":"1.13.2+dfsg-3","repositories":{"buster":"1.17-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.13.2+dfsg-3","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.12.1+dfsg-19+deb8u1","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.13.2+dfsg-3","repositories":{"sid":"1.17-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-1416":{"debianbug":704775,"scope":"remote","description":"The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request.","releases":{"buster":{"fixed_version":"1.10.1+dfsg-5","repositories":{"buster":"1.17-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.10.1+dfsg-5","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.10.1+dfsg-5","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.10.1+dfsg-5","repositories":{"sid":"1.17-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-5730":{"debianbug":891869,"scope":"remote","description":"MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a \"linkdn\" and \"containerdn\" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.","releases":{"buster":{"fixed_version":"1.16.1-1","repositories":{"buster":"1.17-2"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"1.12.1+dfsg-19+deb8u5","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.16.1-1","repositories":{"sid":"1.17-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-1012":{"debianbug":670918,"scope":"remote","description":"server/server_stubs.c in the kadmin protocol implementation in MIT Kerberos 5 (aka krb5) 1.10 before 1.10.1 does not properly restrict access to (1) SET_STRING and (2) GET_STRINGS operations, which might allow remote authenticated administrators to modify or read string attributes by leveraging the global list privilege.","releases":{"buster":{"fixed_version":"1.10.1+dfsg-1","repositories":{"buster":"1.17-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.10.1+dfsg-1","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.10.1+dfsg-1","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.10.1+dfsg-1","repositories":{"sid":"1.17-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-1013":{"debianbug":687647,"scope":"remote","description":"The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x, and 1.10.x before 1.10.2 allows remote authenticated administrators to cause a denial of service (NULL pointer dereference and daemon crash) via a KRB5_KDB_DISALLOW_ALL_TIX create request that lacks a password.","releases":{"buster":{"fixed_version":"1.10.1+dfsg-3","repositories":{"buster":"1.17-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.10.1+dfsg-3","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.10.1+dfsg-3","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.10.1+dfsg-3","repositories":{"sid":"1.17-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2004-0523":{"scope":"remote","description":"Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root.","releases":{"buster":{"fixed_version":"1.3.3-2","repositories":{"buster":"1.17-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.3.3-2","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.3.3-2","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.3.3-2","repositories":{"sid":"1.17-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-1014":{"debianbug":683429,"scope":"remote","description":"The process_as_req function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x before 1.10.3 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a malformed AS-REQ request.","releases":{"buster":{"fixed_version":"1.10.1+dfsg-2","repositories":{"buster":"1.17-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.10.1+dfsg-2","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.10.1+dfsg-2","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.10.1+dfsg-2","repositories":{"sid":"1.17-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2004-0644":{"scope":"remote","description":"The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (krb5) 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service (infinite loop) via a certain BER encoding.","releases":{"buster":{"fixed_version":"1.3.4-3","repositories":{"buster":"1.17-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.3.4-3","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.3.4-3","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.3.4-3","repositories":{"sid":"1.17-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-1015":{"debianbug":683429,"scope":"remote","description":"The kdc_handle_protected_negotiation function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x before 1.9.5, and 1.10.x before 1.10.3 attempts to calculate a checksum before verifying that the key type is appropriate for a checksum, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free, heap memory corruption, and daemon crash) via a crafted AS-REQ request.","releases":{"buster":{"fixed_version":"1.10.1+dfsg-2","repositories":{"buster":"1.17-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.10.1+dfsg-2","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.10.1+dfsg-2","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.10.1+dfsg-2","repositories":{"sid":"1.17-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2004-0643":{"scope":"local","description":"Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code.","releases":{"buster":{"fixed_version":"1.3.4-3","repositories":{"buster":"1.17-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.3.4-3","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.3.4-3","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.3.4-3","repositories":{"sid":"1.17-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8629":{"debianbug":813296,"scope":"remote","description":"The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.","releases":{"buster":{"fixed_version":"1.13.2+dfsg-5","repositories":{"buster":"1.17-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.13.2+dfsg-5","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.12.1+dfsg-19+deb8u2","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.13.2+dfsg-5","repositories":{"sid":"1.17-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2012-1016":{"debianbug":702633,"scope":"remote","description":"The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted Draft 9 request.","releases":{"buster":{"fixed_version":"1.10.1+dfsg-4+nmu1","repositories":{"buster":"1.17-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.10.1+dfsg-4+nmu1","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.10.1+dfsg-4+nmu1","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.10.1+dfsg-4+nmu1","repositories":{"sid":"1.17-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2004-0642":{"scope":"remote","description":"Double free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code.","releases":{"buster":{"fixed_version":"1.3.4-3","repositories":{"buster":"1.17-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.3.4-3","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.3.4-3","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.3.4-3","repositories":{"sid":"1.17-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-4151":{"debianbug":646367,"scope":"remote","description":"The krb5_db2_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4, when the db2 (aka Berkeley DB) back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, a different vulnerability than CVE-2011-1528.","releases":{"buster":{"fixed_version":"1.10+dfsg~alpha1-1","repositories":{"buster":"1.17-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.10+dfsg~alpha1-1","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.10+dfsg~alpha1-1","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.10+dfsg~alpha1-1","repositories":{"sid":"1.17-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-2443":{"debianbug":430787,"scope":"remote","description":"Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value.","releases":{"buster":{"fixed_version":"1.6.dfsg.1-5","repositories":{"buster":"1.17-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.6.dfsg.1-5","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.6.dfsg.1-5","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.6.dfsg.1-5","repositories":{"sid":"1.17-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2007-4743":{"debianbug":441209,"scope":"remote","description":"The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check the buffer length in some environments and architectures, which might allow remote attackers to conduct a buffer overflow attack.","releases":{"buster":{"fixed_version":"1.6.dfsg.1-7","repositories":{"buster":"1.17-2"},"urgency":"high","status":"resolved"},"stretch":{"fixed_version":"1.6.dfsg.1-7","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"high","status":"resolved"},"jessie":{"fixed_version":"1.6.dfsg.1-7","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"high","status":"resolved"},"sid":{"fixed_version":"1.6.dfsg.1-7","repositories":{"sid":"1.17-2"},"urgency":"high","status":"resolved"}}}}
{"CVE-2007-2442":{"debianbug":430787,"scope":"remote","description":"The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.","releases":{"buster":{"fixed_version":"1.6.dfsg.1-5","repositories":{"buster":"1.17-2"},"urgency":"high","status":"resolved"},"stretch":{"fixed_version":"1.6.dfsg.1-5","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"high","status":"resolved"},"jessie":{"fixed_version":"1.6.dfsg.1-5","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"high","status":"resolved"},"sid":{"fixed_version":"1.6.dfsg.1-5","repositories":{"sid":"1.17-2"},"urgency":"high","status":"resolved"}}}}
{"CVE-2004-0772":{"scope":"remote","description":"Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code.","releases":{"buster":{"fixed_version":"1.3.4-3","repositories":{"buster":"1.17-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.3.4-3","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.3.4-3","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.3.4-3","repositories":{"sid":"1.17-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2004-1189":{"scope":"local","description":"The add_to_history function in svr_principal.c in libkadm5srv for MIT Kerberos 5 (krb5) up to 1.3.5, when performing a password change, does not properly track the password policy's history count and the maximum number of keys, which can cause an array index out-of-bounds error and may allow authenticated users to execute arbitrary code via a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"1.3.6-1","repositories":{"buster":"1.17-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.3.6-1","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.3.6-1","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.3.6-1","repositories":{"sid":"1.17-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-2798":{"debianbug":430785,"scope":"remote","description":"Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal.","releases":{"buster":{"fixed_version":"1.6.dfsg.1-5","repositories":{"buster":"1.17-2"},"urgency":"high","status":"resolved"},"stretch":{"fixed_version":"1.6.dfsg.1-5","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"high","status":"resolved"},"jessie":{"fixed_version":"1.6.dfsg.1-5","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"high","status":"resolved"},"sid":{"fixed_version":"1.6.dfsg.1-5","repositories":{"sid":"1.17-2"},"urgency":"high","status":"resolved"}}}}
{"CVE-2009-0844":{"scope":"remote","description":"The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read.","releases":{"buster":{"fixed_version":"1.6.dfsg.4~beta1-13","repositories":{"buster":"1.17-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.6.dfsg.4~beta1-13","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.6.dfsg.4~beta1-13","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.6.dfsg.4~beta1-13","repositories":{"sid":"1.17-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-0847":{"scope":"remote","description":"The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic.","releases":{"buster":{"fixed_version":"1.6.dfsg.4~beta1-13","repositories":{"buster":"1.17-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.6.dfsg.4~beta1-13","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.6.dfsg.4~beta1-13","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.6.dfsg.4~beta1-13","repositories":{"sid":"1.17-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-0846":{"scope":"remote","description":"The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.","releases":{"buster":{"fixed_version":"1.6.dfsg.4~beta1-13","repositories":{"buster":"1.17-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.6.dfsg.4~beta1-13","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.6.dfsg.4~beta1-13","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.6.dfsg.4~beta1-13","repositories":{"sid":"1.17-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-0062":{"scope":"remote","description":"KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.","releases":{"buster":{"fixed_version":"1.6.dfsg.3~beta1-4","repositories":{"buster":"1.17-2"},"urgency":"high","status":"resolved"},"stretch":{"fixed_version":"1.6.dfsg.3~beta1-4","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"high","status":"resolved"},"jessie":{"fixed_version":"1.6.dfsg.3~beta1-4","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"high","status":"resolved"},"sid":{"fixed_version":"1.6.dfsg.3~beta1-4","repositories":{"sid":"1.17-2"},"urgency":"high","status":"resolved"}}}}
{"CVE-2009-0845":{"scope":"remote","description":"The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token.","releases":{"buster":{"fixed_version":"1.6.dfsg.4~beta1-13","repositories":{"buster":"1.17-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.6.dfsg.4~beta1-13","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.6.dfsg.4~beta1-13","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.6.dfsg.4~beta1-13","repositories":{"sid":"1.17-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-0063":{"scope":"remote","description":"The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka \"Uninitialized stack values.\"","releases":{"buster":{"fixed_version":"1.6.dfsg.3~beta1-4","repositories":{"buster":"1.17-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.6.dfsg.3~beta1-4","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.6.dfsg.3~beta1-4","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.6.dfsg.3~beta1-4","repositories":{"sid":"1.17-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2003-0041":{"scope":"remote","description":"Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.17-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.17-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-6144":{"scope":"remote","description":"The \"mechglue\" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, allows remote attackers to cause a denial of service (crash) via unspecified vectors that cause mechglue to free uninitialized pointers.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.17-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.17-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-6143":{"scope":"remote","description":"The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.","releases":{"buster":{"fixed_version":"1.4.4-6","repositories":{"buster":"1.17-2"},"urgency":"high","status":"resolved"},"stretch":{"fixed_version":"1.4.4-6","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"high","status":"resolved"},"jessie":{"fixed_version":"1.4.4-6","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"high","status":"resolved"},"sid":{"fixed_version":"1.4.4-6","repositories":{"sid":"1.17-2"},"urgency":"high","status":"resolved"}}}}
{"CVE-2005-0468":{"debianbug":306141,"scope":"remote","description":"Heap-based buffer overflow in the env_opt_add function in telnet.c for various BSD-based Telnet clients allows remote attackers to execute arbitrary code via responses that contain a large number of characters that require escaping, which consumers more memory than allocated.","releases":{"buster":{"fixed_version":"1.3.6-2","repositories":{"buster":"1.17-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.3.6-2","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.3.6-2","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.3.6-2","repositories":{"sid":"1.17-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2005-0469":{"debianbug":302036,"scope":"remote","description":"Buffer overflow in the slc_add_reply function in various BSD-based Telnet clients, when handling LINEMODE suboptions, allows remote attackers to execute arbitrary code via a reply with a large number of Set Local Character (SLC) commands.","releases":{"buster":{"fixed_version":"1.3.6-2","repositories":{"buster":"1.17-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.3.6-2","repositories":{"stretch":"1.15-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.3.6-2","repositories":{"jessie":"1.12.1+dfsg-19+deb8u4","jessie-security":"1.12.1+dfsg-19+deb8u5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.3.6-2","repositories":{"sid":"1.17-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-2246":{"debianbug":587205,"scope":"remote","description":"feh before 1.8, when the --wget-timestamp option is enabled, might allow remote attackers to execute arbitrary commands via shell metacharacters in a URL.","releases":{"buster":{"fixed_version":"1.8-1","repositories":{"buster":"3.1.3-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.8-1","repositories":{"stretch":"2.18-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.8-1","repositories":{"jessie":"2.12-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.8-1","repositories":{"sid":"3.1.3-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-7875":{"debianbug":860367,"scope":"remote","description":"In wallpaper.c in feh before v2.18.3, if a malicious client pretends to be the E17 window manager, it is possible to trigger an out-of-boundary heap write while receiving an IPC message. An integer overflow leads to a buffer overflow and/or a double free.","releases":{"buster":{"fixed_version":"2.18-2","repositories":{"buster":"3.1.3-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.18-2","repositories":{"stretch":"2.18-2"},"urgency":"low","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.12-1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.18-2","repositories":{"sid":"3.1.3-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-0702":{"debianbug":612035,"scope":"local","description":"The feh_unique_filename function in utils.c in feh before 1.11.2 might allow local users to overwrite arbitrary files via a symlink attack on a /tmp/feh_ temporary file.","releases":{"buster":{"fixed_version":"1.12-1","repositories":{"buster":"3.1.3-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.12-1","repositories":{"stretch":"2.18-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.12-1","repositories":{"jessie":"2.12-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.12-1","repositories":{"sid":"3.1.3-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-1031":{"scope":"local","description":"The feh_unique_filename function in utils.c in feh 1.11.2 and earlier might allow local users to create arbitrary files via a symlink attack on a /tmp/feh_ temporary file, a different vulnerability than CVE-2011-0702.","releases":{"buster":{"fixed_version":"1.12-1","repositories":{"buster":"3.1.3-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.12-1","repositories":{"stretch":"2.18-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.12-1","repositories":{"jessie":"2.12-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.12-1","repositories":{"sid":"3.1.3-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2019-7153":{"debianbug":920853,"scope":"remote","description":"A NULL pointer dereference was discovered in wasm::WasmBinaryBuilder::processFunctions() in wasm/wasm-binary.cpp (when calling wasm::WasmBinaryBuilder::getFunctionIndexName) in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt.","releases":{"buster":{"fixed_version":"66-1","repositories":{"buster":"68-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"66-1","repositories":{"sid":"68-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-7154":{"debianbug":920853,"scope":"remote","description":"The main function in tools/wasm2js.cpp in Binaryen 1.38.22 has a heap-based buffer overflow because Emscripten is misused, triggering an error in cashew::JSPrinter::printAst() in emscripten-optimizer/simple_ast.h. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm2js.","releases":{"buster":{"fixed_version":"66-1","repositories":{"buster":"68-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"66-1","repositories":{"sid":"68-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-7662":{"scope":"remote","description":"An assertion failure was discovered in wasm::WasmBinaryBuilder::getType() in wasm-binary.cpp in Binaryen 1.38.22. This allows remote attackers to cause a denial of service (failed assertion and crash) via a crafted wasm file.","releases":{"buster":{"fixed_version":"66-1","repositories":{"buster":"68-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"66-1","repositories":{"sid":"68-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2019-7704":{"scope":"remote","description":"wasm::WasmBinaryBuilder::readUserSection in wasm-binary.cpp in Binaryen 1.38.22 triggers an attempt at excessive memory allocation, as demonstrated by wasm-merge and wasm-opt.","releases":{"buster":{"fixed_version":"64-1","repositories":{"buster":"68-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"64-1","repositories":{"sid":"68-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-7151":{"debianbug":920853,"scope":"remote","description":"A NULL pointer dereference was discovered in wasm::Module::getFunctionOrNull in wasm/wasm.cpp in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt.","releases":{"buster":{"fixed_version":"66-1","repositories":{"buster":"68-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"66-1","repositories":{"sid":"68-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-7152":{"debianbug":920853,"scope":"remote","description":"A heap-based buffer over-read was discovered in wasm::WasmBinaryBuilder::processFunctions() in wasm/wasm-binary.cpp (when calling wasm::WasmBinaryBuilder::getFunctionIndexName) in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt.","releases":{"buster":{"fixed_version":"66-1","repositories":{"buster":"68-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"66-1","repositories":{"sid":"68-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-7700":{"scope":"remote","description":"A heap-based buffer over-read was discovered in wasm::WasmBinaryBuilder::visitCall in wasm-binary.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-merge.","releases":{"buster":{"fixed_version":"64-1","repositories":{"buster":"68-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"64-1","repositories":{"sid":"68-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-7701":{"scope":"remote","description":"A heap-based buffer over-read was discovered in wasm::SExpressionParser::skipWhitespace() in wasm-s-parser.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm2js.","releases":{"buster":{"fixed_version":"64-1","repositories":{"buster":"68-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"64-1","repositories":{"sid":"68-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-7702":{"scope":"remote","description":"A NULL pointer dereference was discovered in wasm::SExpressionWasmBuilder::parseExpression in wasm-s-parser.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as.","releases":{"buster":{"fixed_version":"64-1","repositories":{"buster":"68-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"64-1","repositories":{"sid":"68-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-7703":{"scope":"remote","description":"In Binaryen 1.38.22, there is a use-after-free problem in wasm::WasmBinaryBuilder::visitCall in wasm-binary.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service via a wasm file, as demonstrated by wasm-merge.","releases":{"buster":{"fixed_version":"64-1","repositories":{"buster":"68-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"64-1","repositories":{"sid":"68-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-6514":{"scope":"remote","description":"In Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, Puppet Agent 5.5.x prior to 5.5.2, Facter on Windows is vulnerable to a DLL preloading attack, which could lead to a privilege escalation.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.11.0-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.4.6-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.2.0-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.11.0-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-1426":{"debianbug":778265,"scope":"local","description":"Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.","releases":{"buster":{"fixed_version":"2.4.4-1","repositories":{"buster":"3.11.0-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2.4.4-1","repositories":{"stretch":"2.4.6-1"},"urgency":"low**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.2.0-1"},"urgency":"low**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.4.4-1","repositories":{"sid":"3.11.0-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2014-3248":{"scope":"local","description":"Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.","releases":{"buster":{"fixed_version":"2.0.1-1","repositories":{"buster":"3.11.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.0.1-1","repositories":{"stretch":"2.4.6-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.0.1-1","repositories":{"jessie":"2.2.0-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.0.1-1","repositories":{"sid":"3.11.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2004-0640":{"scope":"remote","description":"Format string vulnerability in the SSL_set_verify function in telnetd.c for SSLtelnet daemon (SSLtelnetd) 0.13 allows remote attackers to execute arbitrary code.","releases":{"stretch":{"fixed_version":"0.17.24+0.1-2","repositories":{"stretch":"0.17.41+0.2-3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.17.24+0.1-2","repositories":{"jessie":"0.17.24+0.1-24"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.17.24+0.1-2","repositories":{"sid":"0.17.41+0.2-3.2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2004-0911":{"scope":"remote","description":"telnetd for netkit 0.17 and earlier, and possibly other versions, on Debian GNU/Linux allows remote attackers to cause a denial of service (free of an invalid pointer), a different vulnerability than CVE-2001-0554.","releases":{"stretch":{"fixed_version":"0.17.24+0.1-4","repositories":{"stretch":"0.17.41+0.2-3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.17.24+0.1-4","repositories":{"jessie":"0.17.24+0.1-24"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.17.24+0.1-4","repositories":{"sid":"0.17.41+0.2-3.2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2004-0998":{"scope":"remote","description":"Format string vulnerability in telnetd-ssl 0.17 and earlier allows remote attackers to execute arbitrary code.","releases":{"stretch":{"fixed_version":"0.17.24+0.1-6","repositories":{"stretch":"0.17.41+0.2-3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.17.24+0.1-6","repositories":{"jessie":"0.17.24+0.1-24"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.17.24+0.1-6","repositories":{"sid":"0.17.41+0.2-3.2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2005-0469":{"debianbug":302036,"scope":"remote","description":"Buffer overflow in the slc_add_reply function in various BSD-based Telnet clients, when handling LINEMODE suboptions, allows remote attackers to execute arbitrary code via a reply with a large number of Set Local Character (SLC) commands.","releases":{"stretch":{"fixed_version":"0.17.24+0.1-7.1","repositories":{"stretch":"0.17.41+0.2-3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.17.24+0.1-7.1","repositories":{"jessie":"0.17.24+0.1-24"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.17.24+0.1-7.1","repositories":{"sid":"0.17.41+0.2-3.2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-1770":{"debianbug":700158,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in views_view.php in Ganglia Web 3.5.7 allows remote attackers to inject arbitrary web script or HTML via the view_name parameter.","releases":{"buster":{"fixed_version":"3.5.8-3","repositories":{"buster":"3.6.1-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.5.8-3","repositories":{"stretch":"3.6.1-3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.5.8-3","repositories":{"jessie":"3.6.1-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.5.8-3","repositories":{"sid":"3.6.1-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-6816":{"debianbug":798213,"scope":"remote","description":"ganglia-web before 3.7.1 allows remote attackers to bypass authentication.","releases":{"buster":{"repositories":{"buster":"3.6.1-3"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.6.1-3"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.6.1-1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.6.1-3"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2013-0275":{"debianbug":700158,"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in Ganglia Web before 3.5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.","releases":{"buster":{"fixed_version":"3.5.8-3","repositories":{"buster":"3.6.1-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.5.8-3","repositories":{"stretch":"3.6.1-3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.5.8-3","repositories":{"jessie":"3.6.1-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.5.8-3","repositories":{"sid":"3.6.1-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-6395":{"debianbug":730507,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in header.php in Ganglia Web 3.5.8 and 3.5.10 allows remote attackers to inject arbitrary web script or HTML via the host_regex parameter to the default URI, which is processed by get_context.php.","releases":{"buster":{"repositories":{"buster":"3.6.1-3"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.6.1-3"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.6.1-1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.6.1-3"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2004-1485":{"scope":"remote","description":"Buffer overflow in the TFTP client in InetUtils 1.4.2 allows remote malicious DNS servers to execute arbitrary code via a large DNS response that is handled by the gethostbyname function.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.2+20150808-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"5.2+20150808-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"5.2+20140608-3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.2+20150808-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-2199":{"scope":"remote","description":"Buffer overflow in tftp-hpa before 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the utimeout option.","releases":{"buster":{"fixed_version":"5.1-1","repositories":{"buster":"5.2+20150808-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"5.1-1","repositories":{"stretch":"5.2+20150808-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"5.1-1","repositories":{"jessie":"5.2+20140608-3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"5.1-1","repositories":{"sid":"5.2+20150808-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-2944":{"scope":"remote","description":"Buffer overflow in the addchar function in common/parseconf.c in upsd in Network UPS Tools (NUT) before 2.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (electric-power outage) via a long string containing non-printable characters.","releases":{"buster":{"fixed_version":"2.6.4-1","repositories":{"buster":"2.7.4-8"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.6.4-1","repositories":{"stretch":"2.7.4-5"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.6.4-1","repositories":{"jessie":"2.7.2-4"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.6.4-1","repositories":{"sid":"2.7.4-8"},"urgency":"high**","status":"resolved"}}}}
{"TEMP-0777706-EB0F2E":{"debianbug":777706,"releases":{"buster":{"fixed_version":"2.7.2-2","repositories":{"buster":"2.7.4-8"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.7.2-2","repositories":{"stretch":"2.7.4-5"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.7.2-2","repositories":{"jessie":"2.7.2-4"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.7.2-2","repositories":{"sid":"2.7.4-8"},"urgency":"low","status":"resolved"}}}}
{"CVE-2005-1824":{"scope":"remote","description":"The sql_escape_string function in auth/sql.c for the mailutils SQL authentication module does not properly quote the \"\\\" (backslash) character, which is used as an escape character and makes the module vulnerable to SQL injection attacks.","releases":{"buster":{"fixed_version":"1:0.6.1-2","repositories":{"buster":"1:3.5-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:0.6.1-2","repositories":{"stretch":"1:3.1.1-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:0.6.1-2","repositories":{"jessie":"1:2.99.98-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:0.6.1-2","repositories":{"sid":"1:3.5-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2004-0984":{"scope":"local","description":"Unknown vulnerability in the dotlock implementation in mailutils before 1:0.5-4 on Debian GNU/Linux allows attackers to gain privileges.","releases":{"buster":{"fixed_version":"1:0.5-4","repositories":{"buster":"1:3.5-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:0.5-4","repositories":{"stretch":"1:3.1.1-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:0.5-4","repositories":{"jessie":"1:2.99.98-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:0.5-4","repositories":{"sid":"1:3.5-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2005-1520":{"scope":"remote","description":"Buffer overflow in the header_get_field_name function in header.c for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a crafted e-mail.","releases":{"buster":{"fixed_version":"1:0.6.1-3","repositories":{"buster":"1:3.5-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:0.6.1-3","repositories":{"stretch":"1:3.1.1-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:0.6.1-3","repositories":{"jessie":"1:2.99.98-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:0.6.1-3","repositories":{"sid":"1:3.5-3"},"urgency":"high**","status":"resolved"}}}}
{"TEMP-0000000-050E10":{"releases":{"buster":{"fixed_version":"1:0.6.1-2","repositories":{"buster":"1:3.5-3"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"1:0.6.1-2","repositories":{"stretch":"1:3.1.1-1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"1:0.6.1-2","repositories":{"jessie":"1:2.99.98-2"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"1:0.6.1-2","repositories":{"sid":"1:3.5-3"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2005-1521":{"scope":"remote","description":"Integer overflow in the fetch_io function of the imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a partial message request with a large value in the END parameter, which leads to a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"1:0.6.1-3","repositories":{"buster":"1:3.5-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:0.6.1-3","repositories":{"stretch":"1:3.1.1-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:0.6.1-3","repositories":{"jessie":"1:2.99.98-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:0.6.1-3","repositories":{"sid":"1:3.5-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2005-1522":{"scope":"remote","description":"The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows authenticated remote users to cause a denial of service (CPU consumption) via a large range value in the FETCH command.","releases":{"buster":{"fixed_version":"1:0.6.1-3","repositories":{"buster":"1:3.5-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:0.6.1-3","repositories":{"stretch":"1:3.1.1-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:0.6.1-3","repositories":{"jessie":"1:2.99.98-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:0.6.1-3","repositories":{"sid":"1:3.5-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-1523":{"scope":"remote","description":"Format string vulnerability in imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via format string specifiers in the command tag for IMAP commands.","releases":{"buster":{"fixed_version":"1:0.6.1-3","repositories":{"buster":"1:3.5-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:0.6.1-3","repositories":{"stretch":"1:3.1.1-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:0.6.1-3","repositories":{"jessie":"1:2.99.98-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:0.6.1-3","repositories":{"sid":"1:3.5-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2005-2878":{"debianbug":327424,"scope":"remote","description":"Format string vulnerability in search.c in the imap4d server in GNU Mailutils 0.6 allows remote authenticated users to execute arbitrary code via format string specifiers in the SEARCH command.","releases":{"buster":{"fixed_version":"1:0.6.90-3","repositories":{"buster":"1:3.5-3"},"urgency":"high","status":"resolved"},"stretch":{"fixed_version":"1:0.6.90-3","repositories":{"stretch":"1:3.1.1-1"},"urgency":"high","status":"resolved"},"jessie":{"fixed_version":"1:0.6.90-3","repositories":{"jessie":"1:2.99.98-2"},"urgency":"high","status":"resolved"},"sid":{"fixed_version":"1:0.6.90-3","repositories":{"sid":"1:3.5-3"},"urgency":"high","status":"resolved"}}}}
{"CVE-2013-1064":{"debianbug":724837,"scope":"local","description":"apt-xapian-index before 0.45ubuntu2.1, 0.44ubuntu7.1, and 0.44ubuntu5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.","releases":{"buster":{"fixed_version":"0.47","repositories":{"buster":"0.49"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.47","repositories":{"stretch":"0.49"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.47","repositories":{"jessie":"0.47+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.47","repositories":{"sid":"0.49"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-3393":{"debianbug":598418,"scope":"local","description":"magics-config in Magics++ 2.10.0 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.","releases":{"buster":{"fixed_version":"2.10.0.dfsg-5.1","repositories":{"buster":"3.3.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.10.0.dfsg-5.1","repositories":{"stretch":"2.30.0-5"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.10.0.dfsg-5.1","repositories":{"jessie":"2.22.7.dfsg.1-4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.10.0.dfsg-5.1","repositories":{"sid":"3.3.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-4942":{"debianbug":496433,"scope":"local","description":"audiolink in audiolink 0.05 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/audiolink.db.tmp and (2) /tmp/audiolink.tb.tmp temporary files.","releases":{"buster":{"fixed_version":"0.05-1.1","repositories":{"buster":"0.05-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.05-1.1","repositories":{"stretch":"0.05-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.05-1.1","repositories":{"jessie":"0.05-1.2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.05-1.1","repositories":{"sid":"0.05-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-2156":{"debianbug":646523,"scope":"remote","description":"Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.","releases":{"stretch":{"fixed_version":"3.9.9.Final-1","repositories":{"stretch":"3.9.9.Final-1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.9.0.Final-1"},"urgency":"medium**","nodsa_reason":"","status":"open"}}}}
{"CVE-2018-1063":{"scope":"local","description":"Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11.","releases":{"buster":{"fixed_version":"2.7-1","repositories":{"buster":"2.8-1"},"urgency":"low**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.6-3"},"urgency":"low**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.3-1"},"urgency":"low**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.7-1","repositories":{"sid":"2.8-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-7545":{"debianbug":838599,"scope":"local","description":"SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.","releases":{"buster":{"fixed_version":"2.5-3","repositories":{"buster":"2.8-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.5-3","repositories":{"stretch":"2.6-3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.3-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.5-3","repositories":{"sid":"2.8-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-3215":{"scope":"local","description":"seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value, which makes it easier for local users to gain privileges by leveraging a program that mistakenly expected that it could permanently drop privileges.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.8-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.6-3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.3-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.8-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-1869":{"debianbug":763899,"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters (aka loaderInfo.parameters).","releases":{"buster":{"repositories":{"buster":"8.0.184.15484+dfsg2-3"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"8.0.184.15484+dfsg2-3"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"8.0.184.15484+dfsg2-3"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2013-1808":{"debianbug":706725,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard before 1.0.8, as used in em-shorty, RepRapCalculator, Fulcrum, Django, aCMS, and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter.  NOTE: this is might be the same vulnerability as CVE-2013-1463. If so, it is likely that CVE-2013-1463 will be REJECTed.","releases":{"buster":{"repositories":{"buster":"8.0.184.15484+dfsg2-3"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"8.0.184.15484+dfsg2-3"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"8.0.184.15484+dfsg2-3"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2012-6550":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via \"the clipText returned from the flash object,\" a different vulnerability than CVE-2013-1808.","releases":{"buster":{"repositories":{"buster":"8.0.184.15484+dfsg2-3"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"8.0.184.15484+dfsg2-3"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"8.0.184.15484+dfsg2-3"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2012-0869":{"debianbug":660621,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in fup in Frams' Fast File EXchange (F*EX, aka fex) before 20120215 allows remote attackers to inject arbitrary web script or HTML via the id parameter.","releases":{"buster":{"fixed_version":"20120215-1","repositories":{"buster":"20160919-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"20120215-1","repositories":{"stretch":"20160919-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"20120215-1","repositories":{"sid":"20160919-1"},"urgency":"low","status":"resolved"}}}}
{"TEMP-0773751-AD275E":{"debianbug":773751,"releases":{"buster":{"fixed_version":"20150120-1","repositories":{"buster":"20160919-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"20150120-1","repositories":{"stretch":"20160919-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"20150120-1","repositories":{"sid":"20160919-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-1409":{"scope":"remote","description":"Frams's Fast File EXchange (F*EX, aka fex) 20100208, and possibly other versions before 20110610, allows remote attackers to bypass authentication and upload arbitrary files via a request that lacks an authentication ID.","releases":{"buster":{"fixed_version":"20110610-1","repositories":{"buster":"20160919-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"20110610-1","repositories":{"stretch":"20160919-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"20110610-1","repositories":{"sid":"20160919-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-3877":{"scope":"remote","description":"Incomplete blacklist vulnerability in Frams' Fast File EXchange (F*EX, aka fex) before fex-20140530 allows remote attackers to conduct cross-site scripting (XSS) attacks via the addto parameter to fup.","releases":{"buster":{"fixed_version":"20140530-1","repositories":{"buster":"20160919-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"20140530-1","repositories":{"stretch":"20160919-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"20140530-1","repositories":{"sid":"20160919-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-3875":{"releases":{"buster":{"fixed_version":"20140530-1","repositories":{"buster":"20160919-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"20140530-1","repositories":{"stretch":"20160919-1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"20140530-1","repositories":{"sid":"20160919-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2012-1293":{"debianbug":660621,"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in fup in Frams' Fast File EXchange (F*EX, aka fex) before 20111129-2 allow remote attackers to inject arbitrary web script or HTML via the (1) to or (2) from parameters.","releases":{"buster":{"fixed_version":"20120215-1","repositories":{"buster":"20160919-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"20120215-1","repositories":{"stretch":"20160919-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"20120215-1","repositories":{"sid":"20160919-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-3876":{"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in Frams' Fast File EXchange (F*EX, aka fex) before fex-20140530 allow remote attackers to inject arbitrary web script or HTML via the (1) akey parameter to rup or (2) disclaimer or (3) gm parameter to fuc.","releases":{"buster":{"fixed_version":"20140530-1","repositories":{"buster":"20160919-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"20140530-1","repositories":{"stretch":"20160919-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"20140530-1","repositories":{"sid":"20160919-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-1330":{"scope":"remote","description":"unattended-upgrades before 0.86.1 does not properly authenticate packages when the (1) force-confold or (2) force-confnew dpkg options are enabled in the DPkg::Options::* apt configuration, which allows remote man-in-the-middle attackers to upload and execute arbitrary packages via unspecified vectors.","releases":{"buster":{"fixed_version":"0.86.1","repositories":{"buster":"1.11"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.86.1","repositories":{"stretch":"0.93.1+nmu1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.83.3.2+deb8u1","repositories":{"jessie":"0.83.3.2+deb8u1","jessie-security":"0.83.3.2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.86.1","repositories":{"sid":"1.11"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-4601":{"debianbug":405342,"scope":"remote","description":"A regression error in tcp-wrappers 7.6.dbs-10 and 7.6.dbs-11 might allow remote attackers to bypass intended access restrictions when a service uses libwrap but does not specify server connection information.","releases":{"buster":{"fixed_version":"7.6.dbs-12","repositories":{"buster":"7.6.q-28"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"7.6.dbs-12","repositories":{"stretch":"7.6.q-26"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"7.6.dbs-12","repositories":{"jessie":"7.6.q-25"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"7.6.dbs-12","repositories":{"sid":"7.6.q-28"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2015-0272":{"scope":"remote","description":"GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215.","releases":{"buster":{"fixed_version":"1.0.4-1","repositories":{"buster":"1.14.6-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.4-1","repositories":{"stretch":"1.6.2-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Will be fixed on the kernel side","repositories":{"jessie":"0.9.10.0-7"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.0.4-1","repositories":{"sid":"1.14.6-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-2176":{"debianbug":631520,"scope":"local","description":"GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors.","releases":{"buster":{"fixed_version":"0.9.0-1","repositories":{"buster":"1.14.6-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.9.0-1","repositories":{"stretch":"1.6.2-3+deb9u2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.9.0-1","repositories":{"jessie":"0.9.10.0-7"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.9.0-1","repositories":{"sid":"1.14.6-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2006-7246":{"releases":{"buster":{"fixed_version":"0.9.4.0-1","repositories":{"buster":"1.14.6-2"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"0.9.4.0-1","repositories":{"stretch":"1.6.2-3+deb9u2"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"0.9.4.0-1","repositories":{"jessie":"0.9.10.0-7"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"0.9.4.0-1","repositories":{"sid":"1.14.6-2"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2012-2736":{"debianbug":655972,"releases":{"buster":{"fixed_version":"0.9.4.0-1","repositories":{"buster":"1.14.6-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.9.4.0-1","repositories":{"stretch":"1.6.2-3+deb9u2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.9.4.0-1","repositories":{"jessie":"0.9.10.0-7"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.9.4.0-1","repositories":{"sid":"1.14.6-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-1000135":{"debianbug":895658,"scope":"remote","description":"GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure (CWE-200) vulnerability in DNS resolver that can result in Private DNS queries leaked to local network's DNS servers, while on VPN. This vulnerability appears to have been fixed in Some Ubuntu 16.04 packages were fixed, but later updates removed the fix. cf. https://bugs.launchpad.net/ubuntu/+bug/1754671 an upstream fix does not appear to be available at this time.","releases":{"buster":{"fixed_version":"1.12.0-2","repositories":{"buster":"1.14.6-2"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.6.2-3+deb9u2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.10.0-7"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.12.0-2","repositories":{"sid":"1.14.6-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-4145":{"debianbug":563371,"scope":"local","description":"nm-connection-editor in NetworkManager (NM) 0.7.x exports connection objects over D-Bus upon actions in the connection editor GUI, which allows local users to obtain sensitive information by reading D-Bus signals, as demonstrated by using dbus-monitor to discover the password for the WiFi network.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.14.6-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.6.2-3+deb9u2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.9.10.0-7"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.14.6-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-4144":{"debianbug":560067,"scope":"remote","description":"NetworkManager (NM) 0.7.2 does not ensure that the configured Certification Authority (CA) certificate file for a (1) WPA Enterprise or (2) 802.1x network remains present upon a connection attempt, which might allow remote attackers to obtain sensitive information or cause a denial of service (connectivity disruption) by spoofing the identity of a wireless network.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.14.6-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.6.2-3+deb9u2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.9.10.0-7"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.14.6-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-0365":{"debianbug":519801,"scope":"local","description":"nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect deny setting, which allows local users to discover (1) network connection passwords and (2) pre-shared keys via calls to the GetSecrets method in the dbus request handler.","releases":{"buster":{"fixed_version":"0.6.5-1","repositories":{"buster":"1.14.6-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"0.6.5-1","repositories":{"stretch":"1.6.2-3+deb9u2"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"0.6.5-1","repositories":{"jessie":"0.9.10.0-7"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"0.6.5-1","repositories":{"sid":"1.14.6-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2015-2924":{"debianbug":783295,"scope":"remote","description":"The receive_ra function in rdisc/nm-lndp-rdisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in NetworkManager 1.x allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message, a similar issue to CVE-2015-2922.","releases":{"buster":{"fixed_version":"1.0.2-1","repositories":{"buster":"1.14.6-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.0.2-1","repositories":{"stretch":"1.6.2-3+deb9u2"},"urgency":"low**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.10.0-7"},"urgency":"low**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.0.2-1","repositories":{"sid":"1.14.6-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-0764":{"debianbug":820354,"scope":"local","description":"Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows local users to obtain sensitive connection information by reading temporary files during ifcfg and keyfile changes.","releases":{"buster":{"fixed_version":"1.1.91-1","repositories":{"buster":"1.14.6-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.1.91-1","repositories":{"stretch":"1.6.2-3+deb9u2"},"urgency":"low**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.10.0-7"},"urgency":"low**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.1.91-1","repositories":{"sid":"1.14.6-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-15688":{"debianbug":912008,"scope":"remote","description":"A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.","releases":{"buster":{"fixed_version":"1.14.4-2","repositories":{"buster":"1.14.6-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.6.2-3+deb9u2","repositories":{"stretch":"1.6.2-3+deb9u2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.9.10.0-7"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.14.4-2","repositories":{"sid":"1.14.6-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-1322":{"scope":"local","description":"Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before 0.9.8.8-0ubuntu7.1 allows local users to change the modem device configuration or read arbitrary files via a .. (dot dot) in the file name in a request to read modem device contexts (com.canonical.NMOfono.ReadImsiContexts).","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.14.6-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.6.2-3+deb9u2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.9.10.0-7"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.14.6-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-1096":{"debianbug":684259,"releases":{"buster":{"nodsa":"Minor issue","repositories":{"buster":"1.14.6-2"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.6.2-3+deb9u2"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.10.0-7"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"sid":{"repositories":{"sid":"1.14.6-2"},"urgency":"low","status":"open"}}}}
{"CVE-2017-18359":{"scope":"remote","description":"PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote attackers to cause a denial of service via crafted ST_AsX3D function input, as demonstrated by an abnormal server termination for \"SELECT ST_AsX3D('LINESTRING EMPTY');\" because empty geometries are mishandled.","releases":{"buster":{"fixed_version":"2.3.3+dfsg-1","repositories":{"buster":"2.5.1+dfsg-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.3.1+dfsg-2"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"2.1.4+dfsg-3+deb8u1","repositories":{"jessie":"2.1.4+dfsg-3","jessie-security":"2.1.4+dfsg-3+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.3.3+dfsg-1","repositories":{"sid":"2.5.1+dfsg-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2006-4245":{"debianbug":385253,"releases":{"buster":{"fixed_version":"0.6.2-2","repositories":{"buster":"0.9.0-1.1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"0.6.2-2","repositories":{"stretch":"0.9.0-1.1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"0.6.2-2","repositories":{"jessie":"0.9.0-1.1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"0.6.2-2","repositories":{"sid":"0.9.0-1.1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"TEMP-0000000-1A4150":{"releases":{"buster":{"fixed_version":"0.6.2-2","repositories":{"buster":"0.9.0-1.1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"0.6.2-2","repositories":{"stretch":"0.9.0-1.1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"0.6.2-2","repositories":{"jessie":"0.9.0-1.1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"0.6.2-2","repositories":{"sid":"0.9.0-1.1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2005-1857":{"scope":"remote","description":"Format string vulnerability in simpleproxy before 3.4 allows remote malicious HTTP proxies to execute arbitrary code via format string specifiers in a reply.","releases":{"buster":{"fixed_version":"3.2-4","repositories":{"buster":"3.5-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"3.2-4","repositories":{"stretch":"3.5-1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"3.2-4","repositories":{"jessie":"3.4-7"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"3.2-4","repositories":{"sid":"3.5-1"},"urgency":"medium","status":"resolved"}}}}
{"TEMP-0496462-B3176F":{"debianbug":496462,"releases":{"buster":{"fixed_version":"1.81.6-4","repositories":{"buster":"1.81.6-15"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.81.6-4","repositories":{"stretch":"1.81.6-13"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.81.6-4","repositories":{"jessie":"1.81.6-11"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.81.6-4","repositories":{"sid":"1.81.6-15"},"urgency":"low","status":"resolved"}}}}
{"CVE-2001-1562":{"scope":"local","description":"Format string vulnerability in nvi before 1.79 allows local users to gain privileges via format string specifiers in a filename.","releases":{"buster":{"fixed_version":"1.79-16a.1","repositories":{"buster":"1.81.6-15"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.79-16a.1","repositories":{"stretch":"1.81.6-13"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.79-16a.1","repositories":{"jessie":"1.81.6-11"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.79-16a.1","repositories":{"sid":"1.81.6-15"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-2305":{"debianbug":778389,"scope":"remote","description":"Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"1.81.6-13","repositories":{"buster":"1.81.6-15"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.81.6-13","repositories":{"stretch":"1.81.6-13"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"1.81.6-11"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"1.81.6-13","repositories":{"sid":"1.81.6-15"},"urgency":"unimportant","status":"resolved"}}}}
{"TEMP-0298114-36C546":{"debianbug":298114,"releases":{"buster":{"fixed_version":"1.79-22","repositories":{"buster":"1.81.6-15"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.79-22","repositories":{"stretch":"1.81.6-13"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.79-22","repositories":{"jessie":"1.81.6-11"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.79-22","repositories":{"sid":"1.81.6-15"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2017-16023":{"scope":"remote","description":"Decamelize is used to convert a dash/dot/underscore/space separated string to camelCase. Decamelize 1.1.0 through 1.1.1 uses regular expressions to evaluate a string and takes unescaped separator values, which can be used to create a denial of service attack.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.2.0-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.2.0-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.2.0-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-4114":{"debianbug":650706,"scope":"local","description":"The par_mktmpdir function in the PAR::Packer module before 1.012 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program.  NOTE: a similar vulnerability was reported for PAR, but this has been assigned a different CVE identifier.","releases":{"buster":{"fixed_version":"1.012-1","repositories":{"buster":"1.047-1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.012-1","repositories":{"stretch":"1.036-1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.012-1","repositories":{"jessie":"1.022-1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.012-1","repositories":{"sid":"1.047-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2015-2305":{"debianbug":778389,"scope":"remote","description":"Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.0b.1-32"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.0b.1-31"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.0b.1-29"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.0b.1-32"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-4866":{"debianbug":504977,"scope":"remote","description":"Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 before r14715, as used by MPlayer, allow context-dependent attackers to have an unknown impact via vectors related to execution of DTS generation code with a delay greater than MAX_REORDER_DELAY.","releases":{"buster":{"fixed_version":"1.0.0-1","repositories":{"buster":"1.3.4+dfsg0-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0.0-1","repositories":{"stretch":"1.3.4-2.2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.0.0-1","repositories":{"jessie":"1.3.4-2.1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0.0-1","repositories":{"sid":"1.3.4+dfsg0-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-4867":{"debianbug":504977,"scope":"remote","description":"Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as used by MPlayer, allows context-dependent attackers to have an unknown impact via vectors related to an incorrect DCA_MAX_FRAME_SIZE value.","releases":{"buster":{"fixed_version":"1.0.0-1","repositories":{"buster":"1.3.4+dfsg0-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0.0-1","repositories":{"stretch":"1.3.4-2.2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.0.0-1","repositories":{"jessie":"1.3.4-2.1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0.0-1","repositories":{"sid":"1.3.4+dfsg0-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-4868":{"scope":"remote","description":"Unspecified vulnerability in the avcodec_close function in libavcodec/utils.c in FFmpeg 0.4.9 before r14787, as used by MPlayer, has unknown impact and attack vectors, related to a free \"on random pointers.\"","releases":{"buster":{"fixed_version":"1.0.0-1","repositories":{"buster":"1.3.4+dfsg0-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0.0-1","repositories":{"stretch":"1.3.4-2.2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.0.0-1","repositories":{"jessie":"1.3.4-2.1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0.0-1","repositories":{"sid":"1.3.4+dfsg0-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-4869":{"debianbug":504977,"scope":"remote","description":"FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers to cause a denial of service (memory consumption) via unknown vectors, aka a \"Tcp/udp memory leak.\"","releases":{"buster":{"fixed_version":"1.0.0-1","repositories":{"buster":"1.3.4+dfsg0-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0.0-1","repositories":{"stretch":"1.3.4-2.2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.0.0-1","repositories":{"jessie":"1.3.4-2.1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0.0-1","repositories":{"sid":"1.3.4+dfsg0-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-1253":{"debianbug":848132,"scope":"remote","description":"The most package in Debian wheezy before 5.0.0a-2.2, in Debian jessie before 5.0.0a-2.3+deb8u1, and in Debian unstable before 5.0.0a-3 allows remote attackers to execute arbitrary commands via shell metacharacters in the name of an LZMA-compressed file.","releases":{"buster":{"fixed_version":"5.0.0a-3","repositories":{"buster":"5.0.0a-4"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"5.0.0a-3","repositories":{"stretch":"5.0.0a-4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"5.0.0a-2.3+deb8u1","repositories":{"jessie":"5.0.0a-2.3+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"5.0.0a-3","repositories":{"sid":"5.0.0a-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-6369":{"debianbug":858641,"scope":"remote","description":"Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a 'system' entrypoint from fbudf.so.","releases":{"buster":{"fixed_version":"3.0.1.32609.ds4-14","repositories":{"buster":"3.0.5.33100.ds4-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.0.1.32609.ds4-14","repositories":{"stretch":"3.0.1.32609.ds4-14"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.0.1.32609.ds4-14","repositories":{"sid":"3.0.5.33100.ds4-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-11509":{"scope":"remote","description":"An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement.","releases":{"buster":{"fixed_version":"3.0.3.32900.ds4-3","repositories":{"buster":"3.0.5.33100.ds4-2"},"urgency":"high**","status":"resolved"},"stretch":{"nodsa":"Minor issue, can be fixed along in a future update","repositories":{"stretch":"3.0.1.32609.ds4-14"},"urgency":"high**","nodsa_reason":"postponed","status":"open"},"sid":{"fixed_version":"3.0.3.32900.ds4-3","repositories":{"sid":"3.0.5.33100.ds4-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-7208":{"scope":"local","description":"GParted before 0.15.0 allows local users to execute arbitrary commands with root privileges via shell metacharacters in a crafted filesystem label.","releases":{"buster":{"fixed_version":"0.16.1-1","repositories":{"buster":"0.32.0-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.16.1-1","repositories":{"stretch":"0.25.0-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.16.1-1","repositories":{"jessie":"0.19.0-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.16.1-1","repositories":{"sid":"0.32.0-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-2739":{"debianbug":426103,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in xajax before 0.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","releases":{"buster":{"fixed_version":"0.2.5-1","repositories":{"buster":"0.5-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.2.5-1","repositories":{"jessie":"0.5-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.2.5-1","repositories":{"sid":"0.5-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-2740":{"debianbug":426103,"scope":"remote","description":"Unspecified vulnerability in xajax before 0.2.5 has unknown impact and attack vectors, not related to XSS.","releases":{"buster":{"fixed_version":"0.2.5-1","repositories":{"buster":"0.5-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0.2.5-1","repositories":{"jessie":"0.5-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0.2.5-1","repositories":{"sid":"0.5-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-5827":{"debianbug":448873,"scope":"local","description":"iSCSI Enterprise Target (iscsitarget) 0.4.15 uses weak permissions for /etc/ietd.conf, which allows local users to obtain passwords.","releases":{"jessie":{"fixed_version":"0.4.15-5","repositories":{"jessie":"1.4.20.3+svn502-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2010-2221":{"scope":"remote","description":"Multiple buffer overflows in the iSNS implementation in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) before 1.0.6, (2) iSCSI Enterprise Target (aka iscsitarget or IET) 1.4.20.1 and earlier, and (3) Generic SCSI Target Subsystem for Linux (aka SCST or iscsi-scst) 1.0.1.1 and earlier allow remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via (a) a long iSCSI Name string in an SCN message or (b) an invalid PDU.","releases":{"jessie":{"fixed_version":"1.4.20.1-1","repositories":{"jessie":"1.4.20.3+svn502-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-0743":{"debianbug":574935,"scope":"remote","description":"Multiple format string vulnerabilities in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) 1.0.3, 0.9.5, and earlier and (2) iSCSI Enterprise Target (aka iscsitarget) 0.4.16 allow remote attackers to cause a denial of service (tgtd daemon crash) or possibly have unspecified other impact via vectors that involve the isns_attr_query and qry_rsp_handle functions, and are related to (a) client appearance and (b) client disappearance messages.","releases":{"jessie":{"fixed_version":"0.4.17+svn229-1.4","repositories":{"jessie":"1.4.20.3+svn502-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2008-5005":{"scope":"remote","description":"Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail program; and (b) remote attackers to execute arbitrary code by sending e-mail to a destination mailbox name composed of a username and '+' character followed by a long string, processed by the tmail or possibly dmail program.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.21+dfsg1-1.1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.20+dfsg1-7"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.11+dfsg1-3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.21+dfsg1-1.1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2005-1066":{"scope":"local","description":"Race condition in rpdump in Pine 4.62 and earlier allows local users to overwrite arbitrary files via a symlink attack.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.21+dfsg1-1.1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.20+dfsg1-7"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.11+dfsg1-3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.21+dfsg1-1.1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2002-1903":{"scope":"remote","description":"Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: and X-Sender: headers, which could allow remote attackers to obtain sensitive information.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.21+dfsg1-1.1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.20+dfsg1-7"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.11+dfsg1-3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.21+dfsg1-1.1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-5514":{"debianbug":510918,"scope":"remote","description":"Off-by-one error in the rfc822_output_char function in the RFC822BUFFER routines in the University of Washington (UW) c-client library, as used by the UW IMAP toolkit before imap-2007e and other applications, allows context-dependent attackers to cause a denial of service (crash) via an e-mail message that triggers a buffer overflow.","releases":{"buster":{"fixed_version":"2.02-3.1","repositories":{"buster":"2.21+dfsg1-1.1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.02-3.1","repositories":{"stretch":"2.20+dfsg1-7"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.02-3.1","repositories":{"jessie":"2.11+dfsg1-3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.02-3.1","repositories":{"sid":"2.21+dfsg1-1.1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2003-0720":{"scope":"remote","description":"Buffer overflow in PINE before 4.58 allows remote attackers to execute arbitrary code via a malformed message/external-body MIME type.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.21+dfsg1-1.1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.20+dfsg1-7"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.11+dfsg1-3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.21+dfsg1-1.1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-2305":{"debianbug":778389,"scope":"remote","description":"Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.21+dfsg1-1.1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.20+dfsg1-7"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.11+dfsg1-3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.21+dfsg1-1.1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2003-0721":{"scope":"remote","description":"Integer signedness error in rfc2231_get_param from strings.c in PINE before 4.58 allows remote attackers to execute arbitrary code via an email that causes an out-of-bounds array access using a negative number.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.21+dfsg1-1.1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.20+dfsg1-7"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.11+dfsg1-3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.21+dfsg1-1.1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2003-0297":{"scope":"remote","description":"c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows remote malicious IMAP servers to cause a denial of service (crash) and possibly execute arbitrary code via certain large (1) literal and (2) mailbox size values that cause either integer signedness errors or integer overflow errors.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.21+dfsg1-1.1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.20+dfsg1-7"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.11+dfsg1-3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.21+dfsg1-1.1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2005-2933":{"debianbug":332215,"scope":"remote","description":"Buffer overflow in the mail_valid_net_parse_work function in mail.c for Washington's IMAP Server (UW-IMAP) before imap-2004g allows remote attackers to execute arbitrary code via a mailbox name containing a single double-quote (\") character without a closing quote, which causes bytes after the double-quote to be copied into a buffer indefinitely.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.21+dfsg1-1.1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.20+dfsg1-7"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.11+dfsg1-3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.21+dfsg1-1.1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-8378":{"debianbug":791858,"scope":"remote","description":"In KeePassX before 0.4.4, a cleartext copy of password data is created upon a cancel of an XML export action. This allows context-dependent attackers to obtain sensitive information by reading the .xml dotfile.","releases":{"buster":{"fixed_version":"0.4.3+dfsg-1","repositories":{"buster":"2.0.3-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.4.3+dfsg-1","repositories":{"stretch":"2.0.3-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.4.3+dfsg-0.1+deb8u1","repositories":{"jessie":"0.4.3+dfsg-0.1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.4.3+dfsg-1","repositories":{"sid":"2.0.3-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-2465":{"debianbug":368207,"scope":"remote","description":"Buffer overflow in MP3Info 0.8.4 allows attackers to execute arbitrary code via a long command line argument.  NOTE: if mp3info is not installed setuid or setgid in any reasonable context, then this issue might not be a vulnerability.","releases":{"buster":{"fixed_version":"0.8.4-9.1","repositories":{"buster":"0.8.5a-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.8.4-9.1","repositories":{"stretch":"0.8.5a-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.8.4-9.1","repositories":{"jessie":"0.8.5a-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.8.4-9.1","repositories":{"sid":"0.8.5a-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-8856":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name.","releases":{"buster":{"fixed_version":"1.9.1-1","repositories":{"buster":"1.9.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"1.4.0-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1.4.0-1"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"1.9.1-1","repositories":{"sid":"1.9.1-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-6792":{"debianbug":527952,"scope":"remote","description":"system-tools-backends before 2.6.0-1ubuntu1.1 in Ubuntu 8.10, as used by \"Users and Groups\" in GNOME System Tools, hashes account passwords with 3DES and consequently limits effective password lengths to eight characters, which makes it easier for context-dependent attackers to successfully conduct brute-force password attacks.","releases":{"buster":{"fixed_version":"2.6.0-6.1","repositories":{"buster":"2.10.2-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.6.0-6.1","repositories":{"stretch":"2.10.2-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.6.0-6.1","repositories":{"jessie":"2.10.2-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.6.0-6.1","repositories":{"sid":"2.10.2-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-6459":{"debianbug":733209,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in the will_paginate gem before 3.0.5 for Ruby allows remote attackers to inject arbitrary web script or HTML via vectors involving generated pagination links.","releases":{"buster":{"fixed_version":"3.0.5-1","repositories":{"buster":"3.1.6-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.0.5-1","repositories":{"stretch":"3.1.5-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3.0.5-1","repositories":{"jessie":"3.0.5-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"3.0.5-1","repositories":{"sid":"3.1.6-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-1000838":{"scope":"remote","description":"autopsy version <= 4.9.0 contains a XML External Entity (XXE) vulnerability in CaseMetadata XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Specially crafted CaseMetadata.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.24-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.24-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.24-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.24-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-0898":{"scope":"remote","description":"Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector (IV) of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael.","releases":{"buster":{"fixed_version":"2.17-1","repositories":{"buster":"2.33-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2.17-1","repositories":{"stretch":"2.33-1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"2.17-1","repositories":{"jessie":"2.33-1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2.17-1","repositories":{"sid":"2.33-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2011-1951":{"scope":"remote","description":"lib/logmatcher.c in Balabit syslog-ng before 3.2.4, when the global flag is set and when using PCRE 8.12 and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via a message that does not match a regular expression.","releases":{"buster":{"fixed_version":"3.2.4-1","repositories":{"buster":"3.19.1-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.2.4-1","repositories":{"stretch":"3.8.1-10"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3.2.4-1","repositories":{"jessie":"3.5.6-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"3.2.4-1","repositories":{"sid":"3.19.1-4"},"urgency":"low","status":"resolved"}}}}
{"TEMP-0000000-0999A8":{"releases":{"buster":{"fixed_version":"2.0rc1-2","repositories":{"buster":"3.19.1-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.0rc1-2","repositories":{"stretch":"3.8.1-10"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.0rc1-2","repositories":{"jessie":"3.5.6-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.0rc1-2","repositories":{"sid":"3.19.1-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2002-1200":{"scope":"remote","description":"Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when using template filenames or output, does not properly track the size of a buffer when constant characters are encountered during macro expansion, which allows remote attackers to cause a denial of service and possibly execute arbitrary code.","releases":{"buster":{"fixed_version":"1.5.21-1","repositories":{"buster":"3.19.1-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.5.21-1","repositories":{"stretch":"3.8.1-10"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.5.21-1","repositories":{"jessie":"3.5.6-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.5.21-1","repositories":{"sid":"3.19.1-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-6437":{"debianbug":457334,"scope":"remote","description":"Balabit syslog-ng 2.0.x before 2.0.6 and 2.1.x before 2.1.8 allows remote attackers to cause a denial of service (crash) via a message with a timestamp that does not contain a trailing space, which triggers a NULL pointer dereference.","releases":{"buster":{"fixed_version":"2.0.6-1","repositories":{"buster":"3.19.1-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.0.6-1","repositories":{"stretch":"3.8.1-10"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.0.6-1","repositories":{"jessie":"3.5.6-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.0.6-1","repositories":{"sid":"3.19.1-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-0343":{"debianbug":608491,"scope":"local","description":"Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files.","releases":{"buster":{"fixed_version":"3.1.3-2","repositories":{"buster":"3.19.1-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.1.3-2","repositories":{"stretch":"3.8.1-10"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.1.3-2","repositories":{"jessie":"3.5.6-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.1.3-2","repositories":{"sid":"3.19.1-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-5110":{"debianbug":505791,"scope":"remote","description":"syslog-ng does not call chdir when it calls chroot, which might allow attackers to escape the intended jail.  NOTE: this is only a vulnerability when a separate vulnerability is present.","releases":{"buster":{"fixed_version":"2.0.9-4.1","repositories":{"buster":"3.19.1-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.0.9-4.1","repositories":{"stretch":"3.8.1-10"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.0.9-4.1","repositories":{"jessie":"3.5.6-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.0.9-4.1","repositories":{"sid":"3.19.1-4"},"urgency":"unimportant","status":"resolved"}}}}
{"TEMP-0000000-7D3048":{"releases":{"buster":{"fixed_version":"1.6.5-2.1","repositories":{"buster":"3.19.1-3"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"1.6.5-2.1","repositories":{"stretch":"3.8.1-10"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"1.6.5-2.1","repositories":{"jessie":"3.5.6-2"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"1.6.5-2.1","repositories":{"sid":"3.19.1-4"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2005-2660":{"scope":"local","description":"apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.","releases":{"buster":{"fixed_version":"0.12.5-3","repositories":{"buster":"0.18.4-1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"0.12.5-3","repositories":{"stretch":"0.12.6-18"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"0.12.5-3","repositories":{"jessie":"0.12.6-16"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"0.12.5-3","repositories":{"sid":"0.18.4-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2010-3364":{"debianbug":598296,"scope":"local","description":"The vips-7.22 script in VIPS 7.22.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.","releases":{"buster":{"fixed_version":"7.14.5-2","repositories":{"buster":"8.7.4-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"7.14.5-2","repositories":{"stretch":"8.4.5-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"7.14.5-2","repositories":{"jessie":"7.40.6-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"7.14.5-2","repositories":{"sid":"8.7.4-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-6976":{"scope":"remote","description":"libvips before 8.7.4 generates output images from uninitialized memory locations when processing corrupted input image data because iofuncs/memory.c does not zero out allocated memory. This can result in leaking raw process memory contents through the output image.","releases":{"buster":{"fixed_version":"8.7.4-1","repositories":{"buster":"8.7.4-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"8.4.5-1+deb9u1","repositories":{"stretch":"8.4.5-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor Issue","repositories":{"jessie":"7.40.6-2"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"8.7.4-1","repositories":{"sid":"8.7.4-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-7998":{"debianbug":892589,"scope":"remote","description":"In libvips before 8.6.3, a NULL function pointer dereference vulnerability was found in the vips_region_generate function in region.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file. This occurs because of a race condition involving a failed delayed load and other worker threads.","releases":{"buster":{"fixed_version":"8.4.5-2","repositories":{"buster":"8.7.4-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"8.4.5-1+deb9u1","repositories":{"stretch":"8.4.5-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"7.40.6-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"8.4.5-2","repositories":{"sid":"8.7.4-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2004-0156":{"scope":"remote","description":"Format string vulnerabilities in the (1) die or (2) log_event functions for ssmtp before 2.50.6 allow remote mail relays to cause a denial of service and possibly execute arbitrary code.","releases":{"stretch":{"fixed_version":"2.60.7","repositories":{"stretch":"2.64-8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.60.7","repositories":{"jessie":"2.64-8"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.60.7","repositories":{"sid":"2.64-8"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0369542-32FFCA":{"debianbug":369542,"releases":{"stretch":{"fixed_version":"2.61-10.1","repositories":{"stretch":"2.64-8"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.61-10.1","repositories":{"jessie":"2.64-8"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.61-10.1","repositories":{"sid":"2.64-8"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-7258":{"debianbug":591515,"scope":"local","description":"** DISPUTED **  The standardise function in Anibal Monsalve Salazar sSMTP 2.61 and 2.62 allows local users to cause a denial of service (application exit) via an e-mail message containing a long line that begins with a . (dot) character.  NOTE: CVE disputes this issue because it is solely a usability problem for senders of messages with certain long lines, and has no security impact.","releases":{"stretch":{"repositories":{"stretch":"2.64-8"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.64-8"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2.64-8"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2004-0423":{"scope":"local","description":"The log_event function in ssmtp 2.50.6 and earlier allows local users to overwrite arbitrary files via a symlink attack on the ssmtp.log temporary log file.","releases":{"stretch":{"repositories":{"stretch":"2.64-8"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.64-8"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2.64-8"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2008-3962":{"debianbug":498366,"scope":"remote","description":"The from_format function in ssmtp.c in ssmtp 2.61 and 2.62, in certain configurations, uses uninitialized memory for the From: field of an e-mail message, which might allow remote attackers to obtain sensitive information (memory contents) in opportunistic circumstances by reading a message.","releases":{"stretch":{"fixed_version":"2.62-1.1","repositories":{"stretch":"2.64-8"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.62-1.1","repositories":{"jessie":"2.64-8"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.62-1.1","repositories":{"sid":"2.64-8"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-5271":{"debianbug":633964,"releases":{"buster":{"fixed_version":"1.1.6-1","repositories":{"buster":"2.0.1-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.1.6-1","repositories":{"stretch":"1.1.16-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.1.6-1","repositories":{"sid":"2.0.1-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-1867":{"scope":"remote","description":"Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an acl command.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.0.1-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.1.16-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.0.1-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-16877":{"debianbug":927714,"scope":"local","description":"A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.","releases":{"buster":{"fixed_version":"2.0.1-3","repositories":{"buster":"2.0.1-4"},"urgency":"medium**","status":"resolved"},"stretch":{"repositories":{"stretch":"1.1.16-1"},"urgency":"medium**","status":"open"},"sid":{"fixed_version":"2.0.1-3","repositories":{"sid":"2.0.1-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-0281":{"debianbug":700923,"scope":"remote","description":"Pacemaker 1.1.10, when remote Cluster Information Base (CIB) configuration or resource management is enabled, does not limit the duration of connections to the blocking sockets, which allows remote attackers to cause a denial of service (connection blocking).","releases":{"buster":{"fixed_version":"1.1.10-1","repositories":{"buster":"2.0.1-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.1.10-1","repositories":{"stretch":"1.1.16-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.1.10-1","repositories":{"sid":"2.0.1-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-16878":{"debianbug":927714,"scope":"local","description":"A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS","releases":{"buster":{"fixed_version":"2.0.1-3","repositories":{"buster":"2.0.1-4"},"urgency":"low**","status":"resolved"},"stretch":{"repositories":{"stretch":"1.1.16-1"},"urgency":"low**","status":"open"},"sid":{"fixed_version":"2.0.1-3","repositories":{"sid":"2.0.1-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-7797":{"scope":"remote","description":"Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.","releases":{"buster":{"fixed_version":"1.1.15~rc3-1","repositories":{"buster":"2.0.1-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.1.15~rc3-1","repositories":{"stretch":"1.1.16-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.1.15~rc3-1","repositories":{"sid":"2.0.1-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-7035":{"debianbug":843041,"scope":"local","description":"An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine.","releases":{"buster":{"fixed_version":"1.1.15-3","repositories":{"buster":"2.0.1-4"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.1.15-3","repositories":{"stretch":"1.1.16-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.1.15-3","repositories":{"sid":"2.0.1-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2019-3885":{"debianbug":927714,"scope":"remote","description":"A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs.","releases":{"buster":{"fixed_version":"2.0.1-3","repositories":{"buster":"2.0.1-4"},"urgency":"medium**","status":"resolved"},"stretch":{"repositories":{"stretch":"1.1.16-1"},"urgency":"medium**","status":"open"},"sid":{"fixed_version":"2.0.1-3","repositories":{"sid":"2.0.1-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-0027":{"debianbug":734746,"scope":"local","description":"The play_wave_from_socket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav.  NOTE: some of these details are obtained from third party information.","releases":{"buster":{"fixed_version":"1.4-release-8","repositories":{"buster":"2.1-release-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.4-release-8","repositories":{"stretch":"2.0.0-release-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.4-release-8","repositories":{"jessie":"1.4-release-12"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.4-release-8","repositories":{"sid":"2.1-release-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-2518":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the \"SQLite\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement.","releases":{"buster":{"fixed_version":"3.15.2-1","repositories":{"buster":"3.27.2-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.15.2-1","repositories":{"stretch":"3.16.2-5+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.8.7.1-1+deb8u4","repositories":{"jessie":"3.8.7.1-1+deb8u2","jessie-security":"3.8.7.1-1+deb8u4"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.15.2-1","repositories":{"sid":"3.27.2-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-2519":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the \"SQLite\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted SQL statement.","releases":{"buster":{"fixed_version":"3.16.0-1","repositories":{"buster":"3.27.2-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.16.0-1","repositories":{"stretch":"3.16.2-5+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.8.7.1-1+deb8u4","repositories":{"jessie":"3.8.7.1-1+deb8u2","jessie-security":"3.8.7.1-1+deb8u4"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.16.0-1","repositories":{"sid":"3.27.2-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-20346":{"scope":"remote","description":"SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.","releases":{"buster":{"fixed_version":"3.25.3-1","repositories":{"buster":"3.27.2-2"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"3.16.2-5+deb9u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"3.8.7.1-1+deb8u3","repositories":{"jessie":"3.8.7.1-1+deb8u2","jessie-security":"3.8.7.1-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.25.3-1","repositories":{"sid":"3.27.2-2"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0566326-9A899F":{"debianbug":566326,"releases":{"buster":{"fixed_version":"3.6.21-1","repositories":{"buster":"3.27.2-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.6.21-1","repositories":{"stretch":"3.16.2-5+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3.6.21-1","repositories":{"jessie":"3.8.7.1-1+deb8u2","jessie-security":"3.8.7.1-1+deb8u4"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"3.6.21-1","repositories":{"sid":"3.27.2-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-20505":{"scope":"remote","description":"SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).","releases":{"buster":{"fixed_version":"3.25.3-1","repositories":{"buster":"3.27.2-2"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"3.16.2-5+deb9u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.8.7.1-1+deb8u2","jessie-security":"3.8.7.1-1+deb8u4"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3.25.3-1","repositories":{"sid":"3.27.2-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-7443":{"scope":"remote","description":"Buffer overflow in the skip-scan optimization in SQLite 3.8.2 allows remote attackers to cause a denial of service (crash) via crafted SQL statements.","releases":{"buster":{"fixed_version":"3.8.3-1","repositories":{"buster":"3.27.2-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.8.3-1","repositories":{"stretch":"3.16.2-5+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.8.3-1","repositories":{"jessie":"3.8.7.1-1+deb8u2","jessie-security":"3.8.7.1-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.8.3-1","repositories":{"sid":"3.27.2-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-15286":{"debianbug":878680,"scope":"remote","description":"SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never initialized.","releases":{"buster":{"fixed_version":"3.20.1-2","repositories":{"buster":"3.27.2-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"3.16.2-5+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.8.7.1-1+deb8u2","jessie-security":"3.8.7.1-1+deb8u4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"3.20.1-2","repositories":{"sid":"3.27.2-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2019-9936":{"debianbug":925289,"scope":"remote","description":"In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.","releases":{"buster":{"fixed_version":"3.27.2-2","repositories":{"buster":"3.27.2-2"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"3.16.2-5+deb9u1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.8.7.1-1+deb8u2","jessie-security":"3.8.7.1-1+deb8u4"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3.27.2-2","repositories":{"sid":"3.27.2-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-2513":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the \"SQLite\" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SQL statement.","releases":{"buster":{"fixed_version":"3.15.2-1","repositories":{"buster":"3.27.2-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.15.2-1","repositories":{"stretch":"3.16.2-5+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.8.7.1-1+deb8u2","jessie-security":"3.8.7.1-1+deb8u4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"3.15.2-1","repositories":{"sid":"3.27.2-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2019-5018":{"debianbug":928770,"scope":"remote","description":"An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this vulnerability.","releases":{"buster":{"repositories":{"buster":"3.27.2-2"},"urgency":"medium**","status":"open"},"stretch":{"fixed_version":"0","repositories":{"stretch":"3.16.2-5+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.8.7.1-1+deb8u2","jessie-security":"3.8.7.1-1+deb8u4"},"urgency":"unimportant","status":"resolved"},"sid":{"repositories":{"sid":"3.27.2-2"},"urgency":"medium**","status":"open"}}}}
{"CVE-2016-6153":{"scope":"local","description":"os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.","releases":{"buster":{"fixed_version":"3.13.0-1","repositories":{"buster":"3.27.2-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.13.0-1","repositories":{"stretch":"3.16.2-5+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.8.7.1-1+deb8u2","repositories":{"jessie":"3.8.7.1-1+deb8u2","jessie-security":"3.8.7.1-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.13.0-1","repositories":{"sid":"3.27.2-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-13685":{"debianbug":873762,"scope":"remote","description":"The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file.","releases":{"buster":{"fixed_version":"3.20.1-1","repositories":{"buster":"3.27.2-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"3.16.2-5+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.8.7.1-1+deb8u2","jessie-security":"3.8.7.1-1+deb8u4"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"3.20.1-1","repositories":{"sid":"3.27.2-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-9937":{"debianbug":925290,"scope":"remote","description":"In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.","releases":{"buster":{"fixed_version":"3.27.2-2","repositories":{"buster":"3.27.2-2"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"3.16.2-5+deb9u1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.8.7.1-1+deb8u2","jessie-security":"3.8.7.1-1+deb8u4"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3.27.2-2","repositories":{"sid":"3.27.2-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-2520":{"scope":"remote","description":"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the \"SQLite\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement.","releases":{"buster":{"fixed_version":"3.16.2-1","repositories":{"buster":"3.27.2-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.16.2-1","repositories":{"stretch":"3.16.2-5+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.8.7.1-1+deb8u4","repositories":{"jessie":"3.8.7.1-1+deb8u2","jessie-security":"3.8.7.1-1+deb8u4"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.16.2-1","repositories":{"sid":"3.27.2-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-10989":{"debianbug":867618,"scope":"remote","description":"The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.","releases":{"buster":{"fixed_version":"3.19.3-3","repositories":{"buster":"3.27.2-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.16.2-5+deb9u1","repositories":{"stretch":"3.16.2-5+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.8.7.1-1+deb8u4","repositories":{"jessie":"3.8.7.1-1+deb8u2","jessie-security":"3.8.7.1-1+deb8u4"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.19.3-3","repositories":{"sid":"3.27.2-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-8740":{"debianbug":893195,"scope":"remote","description":"In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.","releases":{"buster":{"fixed_version":"3.22.0-2","repositories":{"buster":"3.27.2-2"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"3.16.2-5+deb9u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"3.8.7.1-1+deb8u4","repositories":{"jessie":"3.8.7.1-1+deb8u2","jessie-security":"3.8.7.1-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.22.0-2","repositories":{"sid":"3.27.2-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-3416":{"debianbug":783968,"scope":"remote","description":"The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.","releases":{"buster":{"fixed_version":"3.8.9-1","repositories":{"buster":"3.27.2-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.8.9-1","repositories":{"stretch":"3.16.2-5+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.8.7.1-1+deb8u1","repositories":{"jessie":"3.8.7.1-1+deb8u2","jessie-security":"3.8.7.1-1+deb8u4"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.8.9-1","repositories":{"sid":"3.27.2-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-20506":{"scope":"remote","description":"SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a \"merge\" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.","releases":{"buster":{"fixed_version":"3.25.3-1","repositories":{"buster":"3.27.2-2"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"3.16.2-5+deb9u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.8.7.1-1+deb8u2","jessie-security":"3.8.7.1-1+deb8u4"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3.25.3-1","repositories":{"sid":"3.27.2-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-3415":{"debianbug":783968,"scope":"remote","description":"The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.","releases":{"buster":{"fixed_version":"3.8.9-1","repositories":{"buster":"3.27.2-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.8.9-1","repositories":{"stretch":"3.16.2-5+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.8.7.1-1+deb8u1","repositories":{"jessie":"3.8.7.1-1+deb8u2","jessie-security":"3.8.7.1-1+deb8u4"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.8.9-1","repositories":{"sid":"3.27.2-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-3414":{"debianbug":783968,"scope":"remote","description":"SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE\"\"\"\"\"\"\"\" at the end of a SELECT statement.","releases":{"buster":{"fixed_version":"3.8.9-1","repositories":{"buster":"3.27.2-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.8.9-1","repositories":{"stretch":"3.16.2-5+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.8.7.1-1+deb8u1","repositories":{"jessie":"3.8.7.1-1+deb8u2","jessie-security":"3.8.7.1-1+deb8u4"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.8.9-1","repositories":{"sid":"3.27.2-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2004-0421":{"scope":"remote","description":"The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message.","releases":{"jessie":{"fixed_version":"1.0.15-5","repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-3328":{"scope":"remote","description":"The png_handle_cHRM function in pngrutil.c in libpng 1.5.4, when color-correction support is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed PNG image containing a cHRM chunk associated with a certain zero value.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-3048":{"debianbug":667475,"scope":"remote","description":"The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.","releases":{"jessie":{"fixed_version":"1.2.49-1","repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-3045":{"debianbug":665208,"scope":"remote","description":"Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.","releases":{"jessie":{"fixed_version":"1.2.47-2","repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"high","status":"resolved"}}}}
{"CVE-2008-1382":{"debianbug":476669,"scope":"remote","description":"libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length \"unknown\" chunks, which trigger an access of uninitialized memory.","releases":{"jessie":{"fixed_version":"1.2.26-1","repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-3964":{"debianbug":501109,"scope":"remote","description":"Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0beta34, allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a PNG image with crafted zTXt chunks, related to (1) the png_push_read_zTXt function in pngread.c, and possibly related to (2) pngtest.c.","releases":{"jessie":{"fixed_version":"1.2.27-2","repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-14048":{"scope":"remote","description":"An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image.","releases":{"jessie":{"repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2011-0408":{"scope":"remote","description":"pngrtran.c in libpng 1.5.x before 1.5.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted palette-based PNG image that triggers a buffer overflow, related to the png_do_expand_palette function, the png_do_rgb_to_gray function, and an integer underflow.  NOTE: some of these details are obtained from third party information.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-8126":{"debianbug":805113,"scope":"remote","description":"Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.","releases":{"jessie":{"fixed_version":"1.2.50-2+deb8u1","repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-5063":{"scope":"remote","description":"Memory leak in the embedded_profile_len function in pngwutil.c in libpng before 1.2.39beta5 allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length.  NOTE: this is due to an incomplete fix for CVE-2006-7244.","releases":{"jessie":{"fixed_version":"1.2.39-1","repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-5907":{"debianbug":512665,"scope":"remote","description":"The png_check_keyword function in pngwutil.c in libpng before 1.0.42, and 1.2.x before 1.2.34, might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords, related to an implicit cast of the '\\0' character constant to a NULL pointer.  NOTE: some sources incorrectly report this as a double free vulnerability.","releases":{"jessie":{"fixed_version":"1.2.35-1","repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2004-0597":{"scope":"remote","description":"Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.","releases":{"jessie":{"fixed_version":"1.0.15-6","repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-3425":{"debianbug":668082,"scope":"remote","description":"The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image.","releases":{"jessie":{"fixed_version":"1.2.49-1","repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2004-0599":{"scope":"remote","description":"Multiple integer overflows in the (1) png_read_png in pngread.c or (2) png_handle_sPLT functions in pngrutil.c or (3) progressive display image reading capability in libpng 1.2.5 and earlier allow remote attackers to cause a denial of service (application crash) via a malformed PNG image.","releases":{"jessie":{"fixed_version":"1.0.15-6","repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2004-0598":{"scope":"remote","description":"The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote attackers to cause a denial of service (application crash) via a certain PNG image that triggers a null dereference.","releases":{"jessie":{"fixed_version":"1.0.15-6","repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-7244":{"scope":"remote","description":"Memory leak in pngwutil.c in libpng 1.2.13beta1, and other versions before 1.2.15beta3, allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length.","releases":{"jessie":{"fixed_version":"1.2.39-1","repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-7354":{"scope":"remote","description":"Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-7353":{"scope":"remote","description":"Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-3334":{"debianbug":377298,"scope":"remote","description":"Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to \"chunk error processing,\" possibly involving the \"chunk_name\".","releases":{"jessie":{"fixed_version":"1.2.8rel-5.2","repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-5793":{"debianbug":398706,"scope":"remote","description":"The sPLT chunk handling code (png_set_sPLT function in pngset.c) in libpng 1.0.6 through 1.2.12 uses a sizeof operator on the wrong data type, which allows context-dependent attackers to cause a denial of service (crash) via malformed sPLT chunks that trigger an out-of-bounds read.","releases":{"jessie":{"fixed_version":"1.2.13-0","repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2002-0728":{"scope":"remote","description":"Buffer overflow in the progressive reader for libpng 1.2.x before 1.2.4, and 1.0.x before 1.0.14, allows attackers to cause a denial of service (crash) via a PNG data stream that has more IDAT data than indicated by the IHDR chunk.","releases":{"jessie":{"fixed_version":"1.0.12-4","repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8472":{"debianbug":807112,"scope":"remote","description":"Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.","releases":{"jessie":{"fixed_version":"1.2.50-2+deb8u2","repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-0205":{"debianbug":572308,"scope":"remote","description":"The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a \"decompression bomb\" attack.","releases":{"jessie":{"fixed_version":"1.2.43-1","repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-7981":{"debianbug":803078,"scope":"remote","description":"The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.","releases":{"jessie":{"fixed_version":"1.2.50-2+deb8u1","repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-2042":{"debianbug":533676,"scope":"remote","description":"libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via \"out-of-bounds pixels\" in the file.","releases":{"jessie":{"fixed_version":"1.2.37-1","repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-2445":{"scope":"remote","description":"The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value.","releases":{"jessie":{"fixed_version":"1.2.15~beta5-2","repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-6218":{"scope":"remote","description":"Memory leak in the png_handle_tEXt function in pngrutil.c in libpng before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file.","releases":{"jessie":{"fixed_version":"1.2.33-1","repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-3026":{"debianbug":660026,"scope":"remote","description":"Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.","releases":{"jessie":{"fixed_version":"1.2.46-5","repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"high","status":"resolved"}}}}
{"CVE-2011-2692":{"debianbug":633871,"scope":"remote","description":"The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.","releases":{"jessie":{"fixed_version":"1.2.46-1","repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2004-0768":{"scope":"remote","description":"libpng 1.2.5 and earlier does not properly calculate certain buffer offsets, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.","releases":{"jessie":{"fixed_version":"1.0.15-6","repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-2691":{"debianbug":633871,"scope":"remote","description":"The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image.","releases":{"jessie":{"fixed_version":"1.2.46-1","repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-0333":{"scope":"remote","description":"The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-10087":{"debianbug":849799,"scope":"remote","description":"The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.","releases":{"jessie":{"fixed_version":"1.2.50-2+deb8u3","repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-3464":{"scope":"remote","description":"Off-by-one error in the png_formatted_warning function in pngerror.c in libpng 1.5.4 through 1.5.7 might allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors, which trigger a stack-based buffer overflow.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-6954":{"scope":"remote","description":"The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-2690":{"debianbug":633871,"scope":"remote","description":"Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image.","releases":{"jessie":{"fixed_version":"1.2.46-1","repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"high","status":"resolved"}}}}
{"CVE-2015-8540":{"debianbug":807694,"scope":"remote","description":"Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.","releases":{"jessie":{"fixed_version":"1.2.50-2+deb8u2","repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2002-1363":{"scope":"remote","description":"Portable Network Graphics (PNG) library libpng 1.2.5 and earlier does not correctly calculate offsets, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a buffer overflow attack on the row buffers.","releases":{"jessie":{"fixed_version":"1.0.12-7","repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-1205":{"debianbug":587670,"scope":"remote","description":"Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.","releases":{"jessie":{"fixed_version":"1.2.44-1","repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-2501":{"debianbug":632786,"scope":"remote","description":"The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data.  NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources.","releases":{"jessie":{"fixed_version":"1.2.44-3","repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-6129":{"scope":"remote","description":"** DISPUTED ** png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated \"I don't think it is libpng's job to free this buffer.\"","releases":{"jessie":{"repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2014-9495":{"debianbug":773823,"scope":"remote","description":"Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a \"very wide interlaced\" PNG image.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-0481":{"debianbug":352902,"scope":"remote","description":"Heap-based buffer overflow in the alpha strip capability in libpng 1.2.7 allows context-dependent attackers to cause a denial of service (crash) when the png_do_strip_filler function is used to strip alpha channels out of the image.","releases":{"jessie":{"fixed_version":"1.2.8rel-3","repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-5268":{"scope":"remote","description":"pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical instead of bitwise operations and (2) incorrect comparisons, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG image.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-5269":{"debianbug":446308,"scope":"remote","description":"Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT (png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read operations.","releases":{"jessie":{"fixed_version":"1.2.15~beta5-3","repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-0973":{"debianbug":773823,"scope":"remote","description":"Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2002-0660":{"scope":"remote","description":"Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 1.2.1-1.1.woody.2 on Debian GNU/Linux 3.0, and other operating systems, may allow attackers to cause a denial of service and possibly execute arbitrary code, a different vulnerability than CVE-2002-0728.","releases":{"jessie":{"fixed_version":"1.0.12-4","repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-0040":{"debianbug":516256,"scope":"remote","description":"The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.","releases":{"jessie":{"fixed_version":"1.2.35-1","repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-2249":{"debianbug":587670,"scope":"remote","description":"Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.","releases":{"jessie":{"fixed_version":"1.2.44-1","repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-14550":{"releases":{"jessie":{"repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2007-5266":{"scope":"remote","description":"Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.0.29 beta1 and 1.2.x before 1.2.21 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image that prevents a name field from being NULL terminated.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-5267":{"scope":"remote","description":"Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image, due to an incorrect fix for CVE-2007-5266.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1.2.50-2+deb8u3","jessie-security":"1.2.50-2+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"TEMP-0000000-1541B5":{"releases":{"buster":{"fixed_version":"2:1.2492-4","repositories":{"buster":"2:1.24992-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"2:1.2492-4","repositories":{"stretch":"2:1.2499-1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"2:1.2492-4","repositories":{"jessie":"2:1.2492-4"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"2:1.2492-4","repositories":{"sid":"2:1.24992-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2013-2124":{"debianbug":710290,"scope":"remote","description":"Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before 1.20.7, 1.21.x, 1.22.0, and 1.23.0 allows remote attackers to cause a denial of service (crash) via empty guest files.","releases":{"buster":{"fixed_version":"1:1.20.8-1","repositories":{"buster":"1:1.40.2-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.20.8-1","repositories":{"stretch":"1:1.34.6-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:1.20.8-1","repositories":{"jessie":"1:1.28.1-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.20.8-1","repositories":{"sid":"1:1.40.2-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-4127":{"scope":"local","description":"The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl calls, which allows local users to bypass intended restrictions on disk read and write operations by sending a SCSI command to (1) a partition block device or (2) an LVM volume.","releases":{"buster":{"fixed_version":"1:1.14.8-1","repositories":{"buster":"1:1.40.2-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.14.8-1","repositories":{"stretch":"1:1.34.6-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:1.14.8-1","repositories":{"jessie":"1:1.28.1-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.14.8-1","repositories":{"sid":"1:1.40.2-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-4419":{"scope":"remote","description":"The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of /tmp/.guestfish-$UID/ when creating a temporary socket file in this directory, which allows local users to write to the socket and execute arbitrary commands by creating /tmp/.guestfish-$UID/ in advance.","releases":{"buster":{"fixed_version":"1:1.22.7-1","repositories":{"buster":"1:1.40.2-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.22.7-1","repositories":{"stretch":"1:1.34.6-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:1.22.7-1","repositories":{"jessie":"1:1.28.1-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.22.7-1","repositories":{"sid":"1:1.40.2-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-2690":{"scope":"local","description":"virt-edit in libguestfs before 1.18.0 does not preserve the permissions from the original file and saves the new file with world-readable permissions when editing, which might allow local guest users to obtain sensitive information.","releases":{"buster":{"fixed_version":"1:1.18.0-1","repositories":{"buster":"1:1.40.2-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1:1.18.0-1","repositories":{"stretch":"1:1.34.6-2"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1:1.18.0-1","repositories":{"jessie":"1:1.28.1-1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1:1.18.0-1","repositories":{"sid":"1:1.40.2-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2004-1113":{"scope":"remote","description":"SQL injection vulnerability in SQLgrey Postfix greylisting service before 1.2.0 allows remote attackers to execute arbitrary SQL commands via the (1) sender or (2) recipient e-mail addresses.","releases":{"buster":{"fixed_version":"1.2.0","repositories":{"buster":"1:1.8.0-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.2.0","repositories":{"stretch":"1:1.8.0-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.2.0","repositories":{"jessie":"1:1.8.0-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.2.0","repositories":{"sid":"1:1.8.0-1"},"urgency":"high**","status":"resolved"}}}}
{"TEMP-0607494-376E2E":{"debianbug":607494,"releases":{"buster":{"fixed_version":"0.6.7-3","repositories":{"buster":"0.6.7-4"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"0.6.7-3","repositories":{"stretch":"0.6.7-3.1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"0.6.7-3","repositories":{"jessie":"0.6.7-3"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"0.6.7-3","repositories":{"sid":"0.6.7-5"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2013-7398":{"scope":"remote","description":"main/java/com/ning/http/client/AsyncHttpClientConfig.java in Async Http Client (aka AHC or async-http-client) before 1.9.0 does not require a hostname match during verification of X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.6.0-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.6.5-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.6.5-3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.6.0-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-14063":{"scope":"remote","description":"Async Http Client (aka async-http-client) before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified in cURL (CVE-2016-8624) and Oracle Java 8 java.net.URL.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.6.0-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.6.5-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.6.5-3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.6.0-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-7397":{"scope":"remote","description":"Async Http Client (aka AHC or async-http-client) before 1.9.0 skips X.509 certificate verification unless both a keyStore location and a trustStore location are explicitly set, which allows man-in-the-middle attackers to spoof HTTPS servers by presenting an arbitrary certificate during use of a typical AHC configuration, as demonstrated by a configuration that does not send client certificates.","releases":{"buster":{"fixed_version":"1.6.5-3","repositories":{"buster":"2.6.0-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.6.5-3","repositories":{"stretch":"1.6.5-4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.6.5-3","repositories":{"jessie":"1.6.5-3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.6.5-3","repositories":{"sid":"2.6.0-1"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0000000-07A77D":{"releases":{"buster":{"repositories":{"buster":"1.0.12-0.1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"1.0.12-0.1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1.0.11-1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"1.0.12-0.1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2015-8980":{"debianbug":851770,"releases":{"buster":{"fixed_version":"1.0.12-0.1","repositories":{"buster":"1.0.12-0.1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"1.0.12-0.1","repositories":{"stretch":"1.0.12-0.1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.0.11-1"},"urgency":"not yet assigned","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.0.12-0.1","repositories":{"sid":"1.0.12-0.1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2016-6175":{"debianbug":851771,"scope":"remote","description":"Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary PHP code via a crafted plural forms header.","releases":{"buster":{"nodsa":"Minor issue","repositories":{"buster":"1.0.12-0.1"},"urgency":"high**","nodsa_reason":"","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.0.12-0.1"},"urgency":"high**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.0.11-1"},"urgency":"high**","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"1.0.12-0.1"},"urgency":"high**","status":"open"}}}}
{"CVE-2015-4155":{"debianbug":787954,"scope":"local","description":"GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) --cat, (4) --fifo, or (5) --compress, allows local users to write to arbitrary files via a symlink attack on a temporary file.","releases":{"buster":{"fixed_version":"20161222-1","repositories":{"buster":"20161222-1.1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"20161222-1","repositories":{"stretch":"20161222-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"20130922-1"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"20161222-1","repositories":{"sid":"20161222-1.1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-4156":{"debianbug":787954,"scope":"local","description":"GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file.","releases":{"buster":{"fixed_version":"20161222-1","repositories":{"buster":"20161222-1.1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"20161222-1","repositories":{"stretch":"20161222-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"20130922-1"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"20161222-1","repositories":{"sid":"20161222-1.1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-8921":{"debianbug":862689,"scope":"remote","description":"In FlightGear before 2017.2.1, the FGCommand interface allows overwriting any file the user has write access to, but not with arbitrary data: only with the contents of a FlightGear flightplan (XML). A resource such as a malicious third-party aircraft could exploit this to damage files belonging to the user. Both this issue and CVE-2016-9956 are directory traversal vulnerabilities in Autopilot/route_mgr.cxx - this one exists because of an incomplete fix for CVE-2016-9956.","releases":{"buster":{"fixed_version":"1:2016.4.4+dfsg-3","repositories":{"buster":"1:2018.3.2+dfsg-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:2016.4.4+dfsg-3","repositories":{"stretch":"1:2016.4.4+dfsg-3+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.0.0-5+deb8u2","repositories":{"jessie":"3.0.0-5+deb8u3","jessie-security":"3.0.0-5+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:2016.4.4+dfsg-3","repositories":{"sid":"1:2018.3.2+dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-13709":{"debianbug":873439,"scope":"remote","description":"In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger subsystem allows one to overwrite any file via a resource that affects the contents of the global Property Tree.","releases":{"buster":{"fixed_version":"1:2017.2.1+dfsg-4","repositories":{"buster":"1:2018.3.2+dfsg-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:2016.4.4+dfsg-3+deb9u1","repositories":{"stretch":"1:2016.4.4+dfsg-3+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.0.0-5+deb8u3","repositories":{"jessie":"3.0.0-5+deb8u3","jessie-security":"3.0.0-5+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:2017.2.1+dfsg-4","repositories":{"sid":"1:2018.3.2+dfsg-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-9956":{"debianbug":848114,"scope":"remote","description":"The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script.","releases":{"buster":{"fixed_version":"1:2016.4.3+dfsg-1","repositories":{"buster":"1:2018.3.2+dfsg-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:2016.4.3+dfsg-1","repositories":{"stretch":"1:2016.4.4+dfsg-3+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.0.0-5+deb8u1","repositories":{"jessie":"3.0.0-5+deb8u3","jessie-security":"3.0.0-5+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:2016.4.3+dfsg-1","repositories":{"sid":"1:2018.3.2+dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-2090":{"debianbug":669024,"scope":"remote","description":"Multiple format string vulnerabilities in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in certain data chunk values in an aircraft xml model to (1) fgfs/flightgear/src/Cockpit/panel.cxx or (2) fgfs/flightgear/src/Network/generic.cxx, or (3) a scene graph model to simgear/simgear/scene/model/SGText.cxx.","releases":{"buster":{"fixed_version":"2.6.0-1.1","repositories":{"buster":"1:2018.3.2+dfsg-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.6.0-1.1","repositories":{"stretch":"1:2016.4.4+dfsg-3+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.6.0-1.1","repositories":{"jessie":"3.0.0-5+deb8u3","jessie-security":"3.0.0-5+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.6.0-1.1","repositories":{"sid":"1:2018.3.2+dfsg-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-2091":{"debianbug":669024,"scope":"remote","description":"Multiple buffer overflows in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long string in a rotor tag of an aircraft xml model to the Rotor::getValueforFGSet function in src/FDM/YASim/Rotor.cpp or (2) a crafted UDP packet to the SGSocketUDP::read function in simgear/simgear/simgear/io/sg_socket_udp.cxx.","releases":{"buster":{"fixed_version":"2.6.0-1.1","repositories":{"buster":"1:2018.3.2+dfsg-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.6.0-1.1","repositories":{"stretch":"1:2016.4.4+dfsg-3+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.6.0-1.1","repositories":{"jessie":"3.0.0-5+deb8u3","jessie-security":"3.0.0-5+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.6.0-1.1","repositories":{"sid":"1:2018.3.2+dfsg-2"},"urgency":"unimportant","status":"resolved"}}}}
{"TEMP-0780712-D0DD02":{"debianbug":780712,"releases":{"buster":{"fixed_version":"3.0.0-5","repositories":{"buster":"1:2018.3.2+dfsg-2"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"3.0.0-5","repositories":{"stretch":"1:2016.4.4+dfsg-3+deb9u1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"3.0.0-5","repositories":{"jessie":"3.0.0-5+deb8u3","jessie-security":"3.0.0-5+deb8u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"3.0.0-5","repositories":{"sid":"1:2018.3.2+dfsg-2"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2007-1444":{"debianbug":413658,"scope":"local","description":"netserver in netperf 2.4.3 allows local users to overwrite arbitrary files via a symlink attack on /tmp/netperf.debug.","releases":{"stretch":{"fixed_version":"2.4.3-8","repositories":{"stretch":"2.6.0-2.1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.4.3-8","repositories":{"jessie":"2.6.0-2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.4.3-8","repositories":{"sid":"2.6.0-2.1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2019-0816":{"debianbug":926043,"scope":"local","description":"A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic for some Linux images that use cloud-init, aka 'Azure SSH Keypairs Security Feature Bypass Vulnerability'.","releases":{"buster":{"fixed_version":"18.3-6","repositories":{"buster":"18.3-6"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Doesn't affect default provisioning for Azure, only limited use cases","repositories":{"stretch":"0.7.9-2"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.7.6~bzr976-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"18.3-6","repositories":{"sid":"18.3-6"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-6639":{"releases":{"buster":{"fixed_version":"0.7.1-1","repositories":{"buster":"18.3-6"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"0.7.1-1","repositories":{"stretch":"0.7.9-2"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"0.7.1-1","repositories":{"jessie":"0.7.6~bzr976-2"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"0.7.1-1","repositories":{"sid":"18.3-6"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-1000221":{"scope":"remote","description":"pkgconf version 1.5.0 to 1.5.2 contains a Buffer Overflow vulnerability in dequote() that can result in dequote() function returns 1-byte allocation if initial length is 0, leading to buffer overflow. This attack appear to be exploitable via specially crafted .pc file. This vulnerability appears to have been fixed in 1.5.3.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.6.0-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"0.9.12-6"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.9.7-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.6.0-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-4350":{"debianbug":650009,"releases":{"buster":{"fixed_version":"1.91-2","repositories":{"buster":"2.0.6+dfsg-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"1.91-2","repositories":{"stretch":"2.0.4+dfsg-1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"1.91-2","repositories":{"jessie":"1.98-4+deb8u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"1.91-2","repositories":{"sid":"2.0.6+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2009-0751":{"scope":"remote","description":"Yaws before 1.80 allows remote attackers to cause a denial of service (memory consumption and crash) via a request with a large number of headers.","releases":{"buster":{"fixed_version":"1.80-1","repositories":{"buster":"2.0.6+dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.80-1","repositories":{"stretch":"2.0.4+dfsg-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.80-1","repositories":{"jessie":"1.98-4+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.80-1","repositories":{"sid":"2.0.6+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-1000108":{"debianbug":832433,"releases":{"buster":{"fixed_version":"2.0.3-2","repositories":{"buster":"2.0.6+dfsg-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"2.0.3-2","repositories":{"stretch":"2.0.4+dfsg-1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"1.98-4+deb8u1","repositories":{"jessie":"1.98-4+deb8u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"2.0.3-2","repositories":{"sid":"2.0.6+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2009-4495":{"scope":"remote","description":"Yaws 1.85 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.","releases":{"buster":{"repositories":{"buster":"2.0.6+dfsg-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"2.0.4+dfsg-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1.98-4+deb8u1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2.0.6+dfsg-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-10974":{"scope":"remote","description":"Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the initial /%5C sequence was apparently not discussed in earlier research on this product.","releases":{"buster":{"fixed_version":"1.91-2","repositories":{"buster":"2.0.6+dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.91-2","repositories":{"stretch":"2.0.4+dfsg-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.91-2","repositories":{"jessie":"1.98-4+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.91-2","repositories":{"sid":"2.0.6+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-4181":{"scope":"remote","description":"Directory traversal vulnerability in Yaws 1.89 allows remote attackers to read arbitrary files via ..\\ (dot dot backslash) and other sequences.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.0.6+dfsg-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.0.4+dfsg-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.98-4+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.0.6+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2005-2008":{"scope":"remote","description":"Yaws Webserver 1.55 and earlier allows remote attackers to obtain the source code for yaws scripts via a request to a yaw script with a trailing %00 (null).","releases":{"buster":{"fixed_version":"1.56-1","repositories":{"buster":"2.0.6+dfsg-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.56-1","repositories":{"stretch":"2.0.4+dfsg-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.56-1","repositories":{"jessie":"1.98-4+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.56-1","repositories":{"sid":"2.0.6+dfsg-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-5025":{"debianbug":653966,"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in the wiki application in Yaws 1.88 allow remote attackers to inject arbitrary web script or HTML via (1) the tag parameter to editTag.yaws, (2) the index parameter to showOldPage.yaws, (3) the node parameter to allRefsToMe.yaws, or (4) the text parameter to editPage.yaws.","releases":{"buster":{"fixed_version":"1.92-1","repositories":{"buster":"2.0.6+dfsg-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.92-1","repositories":{"stretch":"2.0.4+dfsg-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.92-1","repositories":{"jessie":"1.98-4+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.92-1","repositories":{"sid":"2.0.6+dfsg-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-4191":{"debianbug":496431,"scope":"local","description":"extract-table.pl in Emacspeak 26 and 28 allows local users to overwrite arbitrary files via a symlink attack on the extract-table.csv temporary file.","releases":{"buster":{"fixed_version":"28.0-2","repositories":{"buster":"49.0+dfsg-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"28.0-2","repositories":{"stretch":"45.0+dfsg-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"28.0-2","repositories":{"jessie":"40.0+dfsg-3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"28.0-2","repositories":{"sid":"49.0+dfsg-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-2529":{"scope":"remote","description":"Unspecified vulnerability in ping.c in iputils 20020927, 20070202, 20071127, and 20100214 on Mandriva Linux allows remote attackers to cause a denial of service (hang) via a crafted echo response.","releases":{"buster":{"fixed_version":"3:20100418-2","repositories":{"buster":"3:20180629-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3:20100418-2","repositories":{"stretch":"3:20161105-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3:20100418-2","repositories":{"jessie":"3:20121221-5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3:20100418-2","repositories":{"sid":"3:20180629-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-1431":{"debianbug":652378,"scope":"remote","description":"The STARTTLS implementation in qmail-smtpd.c in qmail-smtpd in the netqmail-1.06-tls patch for netqmail 1.06 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack, a similar issue to CVE-2011-0411.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.06-6"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.06-6"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.06-5"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.06-6"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-2001":{"scope":"remote","description":"Buffer overflow in X.org libXxf86vm 1.1.2 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XF86VidModeGetGammaRamp function.","releases":{"buster":{"fixed_version":"1:1.1.2-1+deb7u1","repositories":{"buster":"1:1.1.4-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.1.2-1+deb7u1","repositories":{"stretch":"1:1.1.4-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:1.1.2-1+deb7u1","repositories":{"jessie":"1:1.1.3-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.1.2-1+deb7u1","repositories":{"sid":"1:1.1.4-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-4987":{"debianbug":496383,"scope":"local","description":"xastir 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/ldconfig.tmp, (b) /tmp/ldconf.tmp, and (c) /tmp/ld.so.conf temporary files, related to the (1) get-maptools.sh and (2) get_shapelib.sh scripts.","releases":{"buster":{"fixed_version":"1.9.2-1.1","repositories":{"buster":"2.1.0-5"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.9.2-1.1","repositories":{"stretch":"2.0.8-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.9.2-1.1","repositories":{"jessie":"2.0.4-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.9.2-1.1","repositories":{"sid":"2.1.0-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-4974":{"debianbug":443386,"scope":"remote","description":"Heap-based buffer overflow in the flac_buffer_copy function in libsndfile 1.0.17 and earlier might allow remote attackers to execute arbitrary code via a FLAC file with crafted PCM data containing a block with a size that exceeds the previous block size.","releases":{"buster":{"fixed_version":"1:2.1-1.1","repositories":{"buster":"1:5.12.0-3"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1:2.1-1.1","repositories":{"stretch":"1:5.5.0~dfsg-1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1:2.1-1.1","repositories":{"jessie":"1:2.8.16+git20131003+dfsg1-1~deb8u1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1:2.1-1.1","repositories":{"sid":"1:5.12.0-3"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2010-3349":{"debianbug":598282,"scope":"local","description":"Ardour 2.8.11 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.","releases":{"buster":{"fixed_version":"1:2.8.11-2","repositories":{"buster":"1:5.12.0-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:2.8.11-2","repositories":{"stretch":"1:5.5.0~dfsg-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:2.8.11-2","repositories":{"jessie":"1:2.8.16+git20131003+dfsg1-1~deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:2.8.11-2","repositories":{"sid":"1:5.12.0-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-7032":{"debianbug":840014,"scope":"remote","description":"webcheckout in myrepos through 1.20171231 does not sanitize URLs that are passed to git clone, allowing a malicious website operator or a MitM attacker to take advantage of it for arbitrary code execution, as demonstrated by an \"ext::sh -c\" attack or an option injection attack.","releases":{"buster":{"fixed_version":"1.20180726","repositories":{"buster":"1.20180726"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.20160123"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.20141024"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.20180726","repositories":{"sid":"1.20180726"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-18355":{"scope":"remote","description":"Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.","releases":{"buster":{"fixed_version":"71.0.3578.80-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"71.0.3578.80-1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"71.0.3578.80-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-18354":{"scope":"remote","description":"Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page.","releases":{"buster":{"fixed_version":"71.0.3578.80-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"71.0.3578.80-1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"71.0.3578.80-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-18353":{"scope":"remote","description":"Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page.","releases":{"buster":{"fixed_version":"71.0.3578.80-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"71.0.3578.80-1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"71.0.3578.80-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-18352":{"scope":"remote","description":"Service works could inappropriately gain access to cross origin audio in Media in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass same origin policy for audio content via a crafted HTML page.","releases":{"buster":{"fixed_version":"71.0.3578.80-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"71.0.3578.80-1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"71.0.3578.80-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-18351":{"scope":"remote","description":"Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page.","releases":{"buster":{"fixed_version":"71.0.3578.80-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"71.0.3578.80-1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"71.0.3578.80-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-18350":{"scope":"remote","description":"Incorrect handling of CSP enforcement during navigations in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass content security policy via a crafted HTML page.","releases":{"buster":{"fixed_version":"71.0.3578.80-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"71.0.3578.80-1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"71.0.3578.80-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-18349":{"scope":"remote","description":"Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prior to 71.0.3578.80 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension.","releases":{"buster":{"fixed_version":"71.0.3578.80-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"71.0.3578.80-1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"71.0.3578.80-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-18348":{"scope":"remote","description":"Incorrect handling of bidirectional domain names with RTL characters in Omnibox in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.","releases":{"buster":{"fixed_version":"71.0.3578.80-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"71.0.3578.80-1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"71.0.3578.80-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-18347":{"scope":"remote","description":"Incorrect handling of failed navigations with invalid URLs in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to trick a user into executing javascript in an arbitrary origin via a crafted HTML page.","releases":{"buster":{"fixed_version":"71.0.3578.80-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"71.0.3578.80-1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"71.0.3578.80-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-18346":{"scope":"remote","description":"Incorrect handling of alert box display in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to present confusing browser UI via a crafted HTML page.","releases":{"buster":{"fixed_version":"71.0.3578.80-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"71.0.3578.80-1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"71.0.3578.80-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-18345":{"scope":"remote","description":"Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker who had compromised the renderer process to bypass site isolation protections via a crafted HTML page.","releases":{"buster":{"fixed_version":"71.0.3578.80-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"71.0.3578.80-1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"71.0.3578.80-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-5754":{"scope":"remote","description":"Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker running or able to cause use of a proxy server to obtain cleartext of transport encryption via malicious network proxy.","releases":{"buster":{"fixed_version":"72.0.3626.81-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"72.0.3626.96-1~deb9u1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"72.0.3626.81-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-5755":{"scope":"remote","description":"Incorrect handling of negative zero in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page.","releases":{"buster":{"fixed_version":"72.0.3626.81-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"72.0.3626.96-1~deb9u1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"72.0.3626.81-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-5756":{"scope":"remote","description":"Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.","releases":{"buster":{"fixed_version":"72.0.3626.81-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"72.0.3626.96-1~deb9u1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"72.0.3626.81-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-5757":{"scope":"remote","description":"An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.","releases":{"buster":{"fixed_version":"72.0.3626.81-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"72.0.3626.96-1~deb9u1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"72.0.3626.81-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-5758":{"scope":"remote","description":"Incorrect object lifecycle management in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","releases":{"buster":{"fixed_version":"72.0.3626.81-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"72.0.3626.96-1~deb9u1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"72.0.3626.81-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-5759":{"scope":"remote","description":"Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.","releases":{"buster":{"fixed_version":"72.0.3626.81-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"72.0.3626.96-1~deb9u1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"72.0.3626.81-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-18359":{"scope":"remote","description":"Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.","releases":{"buster":{"fixed_version":"71.0.3578.80-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"71.0.3578.80-1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"71.0.3578.80-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-18358":{"scope":"remote","description":"Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file.","releases":{"buster":{"fixed_version":"71.0.3578.80-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"71.0.3578.80-1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"71.0.3578.80-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-18357":{"scope":"remote","description":"Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.","releases":{"buster":{"fixed_version":"71.0.3578.80-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"71.0.3578.80-1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"71.0.3578.80-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-18356":{"debianbug":818180,"scope":"remote","description":"An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","releases":{"buster":{"fixed_version":"71.0.3578.80-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"71.0.3578.80-1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"71.0.3578.80-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-17481":{"scope":"remote","description":"Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.","releases":{"buster":{"fixed_version":"71.0.3578.80-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"72.0.3626.96-1~deb9u1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"71.0.3578.80-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-17480":{"scope":"remote","description":"Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.","releases":{"buster":{"fixed_version":"71.0.3578.80-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"71.0.3578.80-1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"71.0.3578.80-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-5764":{"scope":"remote","description":"Incorrect pointer management in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","releases":{"buster":{"fixed_version":"72.0.3626.81-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"72.0.3626.96-1~deb9u1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"72.0.3626.81-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-5765":{"scope":"remote","description":"An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted Intent.","releases":{"buster":{"fixed_version":"72.0.3626.81-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"72.0.3626.96-1~deb9u1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"72.0.3626.81-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-5766":{"scope":"remote","description":"Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page.","releases":{"buster":{"fixed_version":"72.0.3626.81-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"72.0.3626.96-1~deb9u1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"72.0.3626.81-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-5800":{"releases":{"buster":{"fixed_version":"73.0.3683.75-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"73.0.3683.75-1~deb9u1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"73.0.3683.75-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-5767":{"scope":"remote","description":"Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web APIs via a crafted APK.","releases":{"buster":{"fixed_version":"72.0.3626.81-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"72.0.3626.96-1~deb9u1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"72.0.3626.81-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-5760":{"scope":"remote","description":"Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","releases":{"buster":{"fixed_version":"72.0.3626.81-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"72.0.3626.96-1~deb9u1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"72.0.3626.81-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-5761":{"scope":"remote","description":"Incorrect object lifecycle management in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"73.0.3683.75-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"74.0.3729.108-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-5762":{"scope":"remote","description":"Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.","releases":{"buster":{"fixed_version":"72.0.3626.81-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"72.0.3626.96-1~deb9u1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"72.0.3626.81-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-5763":{"scope":"remote","description":"Failure to check error conditions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","releases":{"buster":{"fixed_version":"72.0.3626.81-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"72.0.3626.96-1~deb9u1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"72.0.3626.81-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-5805":{"releases":{"buster":{"repositories":{"buster":"73.0.3683.75-1"},"urgency":"not yet assigned","status":"open"},"stretch":{"repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"not yet assigned","status":"open"},"sid":{"fixed_version":"74.0.3729.108-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-5806":{"releases":{"buster":{"repositories":{"buster":"73.0.3683.75-1"},"urgency":"not yet assigned","status":"open"},"stretch":{"repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"not yet assigned","status":"open"},"sid":{"fixed_version":"74.0.3729.108-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-5807":{"releases":{"buster":{"repositories":{"buster":"73.0.3683.75-1"},"urgency":"not yet assigned","status":"open"},"stretch":{"repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"not yet assigned","status":"open"},"sid":{"fixed_version":"74.0.3729.108-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-5808":{"releases":{"buster":{"repositories":{"buster":"73.0.3683.75-1"},"urgency":"not yet assigned","status":"open"},"stretch":{"repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"not yet assigned","status":"open"},"sid":{"fixed_version":"74.0.3729.108-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-5801":{"releases":{"buster":{"fixed_version":"0","repositories":{"buster":"73.0.3683.75-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"74.0.3729.108-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-5768":{"scope":"remote","description":"DevTools API not correctly gating on extension capability in DevTools in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension.","releases":{"buster":{"fixed_version":"72.0.3626.81-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"72.0.3626.96-1~deb9u1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"72.0.3626.81-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-5802":{"releases":{"buster":{"fixed_version":"73.0.3683.75-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"73.0.3683.75-1~deb9u1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"73.0.3683.75-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-5769":{"scope":"remote","description":"Incorrect handling of invalid end character position when front rendering in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","releases":{"buster":{"fixed_version":"72.0.3626.81-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"72.0.3626.96-1~deb9u1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"72.0.3626.81-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-5803":{"releases":{"buster":{"fixed_version":"73.0.3683.75-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"73.0.3683.75-1~deb9u1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"73.0.3683.75-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-5804":{"releases":{"buster":{"fixed_version":"0","repositories":{"buster":"73.0.3683.75-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"74.0.3729.108-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-5809":{"releases":{"buster":{"repositories":{"buster":"73.0.3683.75-1"},"urgency":"not yet assigned","status":"open"},"stretch":{"repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"not yet assigned","status":"open"},"sid":{"fixed_version":"74.0.3729.108-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-18344":{"scope":"remote","description":"Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker with control of an installed extension to access files on the local file system via a crafted Chrome Extension.","releases":{"buster":{"fixed_version":"71.0.3578.80-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"71.0.3578.80-1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"71.0.3578.80-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-18343":{"scope":"remote","description":"Incorrect handing of paths leading to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","releases":{"buster":{"fixed_version":"71.0.3578.80-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"71.0.3578.80-1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"71.0.3578.80-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-18342":{"scope":"remote","description":"Execution of user supplied Javascript during object deserialization can update object length leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.","releases":{"buster":{"fixed_version":"71.0.3578.80-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"71.0.3578.80-1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"71.0.3578.80-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-5770":{"scope":"remote","description":"Insufficient input validation in WebGL in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.","releases":{"buster":{"fixed_version":"72.0.3626.81-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"72.0.3626.96-1~deb9u1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"72.0.3626.81-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-18341":{"scope":"remote","description":"An integer overflow leading to a heap buffer overflow in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","releases":{"buster":{"fixed_version":"71.0.3578.80-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"71.0.3578.80-1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"71.0.3578.80-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-18340":{"scope":"remote","description":"Incorrect object lifecycle in MediaRecorder in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","releases":{"buster":{"fixed_version":"71.0.3578.80-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"71.0.3578.80-1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"71.0.3578.80-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-5775":{"scope":"remote","description":"Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.","releases":{"buster":{"fixed_version":"72.0.3626.81-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"72.0.3626.96-1~deb9u1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"72.0.3626.81-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-5776":{"scope":"remote","description":"Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.","releases":{"buster":{"fixed_version":"72.0.3626.81-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"72.0.3626.96-1~deb9u1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"72.0.3626.81-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-5777":{"scope":"remote","description":"Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.","releases":{"buster":{"fixed_version":"72.0.3626.81-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"72.0.3626.96-1~deb9u1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"72.0.3626.81-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-5810":{"releases":{"buster":{"repositories":{"buster":"73.0.3683.75-1"},"urgency":"not yet assigned","status":"open"},"stretch":{"repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"not yet assigned","status":"open"},"sid":{"fixed_version":"74.0.3729.108-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-5778":{"scope":"remote","description":"A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension.","releases":{"buster":{"fixed_version":"72.0.3626.81-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"72.0.3626.96-1~deb9u1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"72.0.3626.81-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-5811":{"releases":{"buster":{"repositories":{"buster":"73.0.3683.75-1"},"urgency":"not yet assigned","status":"open"},"stretch":{"repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"not yet assigned","status":"open"},"sid":{"fixed_version":"74.0.3729.108-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-5771":{"scope":"remote","description":"An incorrect JIT of GLSL shaders in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code via a crafted HTML page.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"73.0.3683.75-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"74.0.3729.108-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-5772":{"scope":"remote","description":"Sharing of objects over calls into JavaScript runtime in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.","releases":{"buster":{"fixed_version":"72.0.3626.81-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"72.0.3626.96-1~deb9u1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"72.0.3626.81-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-5773":{"scope":"remote","description":"Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.","releases":{"buster":{"fixed_version":"72.0.3626.81-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"72.0.3626.96-1~deb9u1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"72.0.3626.81-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-5774":{"scope":"remote","description":"Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81 allowed an attacker who convinced a user to download a .desktop file to execute arbitrary code via a downloaded .desktop file.","releases":{"buster":{"fixed_version":"72.0.3626.81-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"72.0.3626.96-1~deb9u1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"72.0.3626.81-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-5816":{"releases":{"buster":{"fixed_version":"0","repositories":{"buster":"73.0.3683.75-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"74.0.3729.108-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-5817":{"releases":{"buster":{"fixed_version":"0","repositories":{"buster":"73.0.3683.75-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"74.0.3729.108-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-5818":{"releases":{"buster":{"repositories":{"buster":"73.0.3683.75-1"},"urgency":"not yet assigned","status":"open"},"stretch":{"repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"not yet assigned","status":"open"},"sid":{"fixed_version":"74.0.3729.108-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-5819":{"releases":{"buster":{"repositories":{"buster":"73.0.3683.75-1"},"urgency":"not yet assigned","status":"open"},"stretch":{"repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"not yet assigned","status":"open"},"sid":{"fixed_version":"74.0.3729.108-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-5779":{"scope":"remote","description":"Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.","releases":{"buster":{"fixed_version":"72.0.3626.81-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"72.0.3626.96-1~deb9u1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"72.0.3626.81-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-5812":{"releases":{"buster":{"fixed_version":"0","repositories":{"buster":"73.0.3683.75-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"74.0.3729.108-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-5813":{"releases":{"buster":{"repositories":{"buster":"73.0.3683.75-1"},"urgency":"not yet assigned","status":"open"},"stretch":{"repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"not yet assigned","status":"open"},"sid":{"fixed_version":"74.0.3729.108-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-5814":{"releases":{"buster":{"repositories":{"buster":"73.0.3683.75-1"},"urgency":"not yet assigned","status":"open"},"stretch":{"repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"not yet assigned","status":"open"},"sid":{"fixed_version":"74.0.3729.108-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-5815":{"releases":{"buster":{"repositories":{"buster":"73.0.3683.75-1"},"urgency":"not yet assigned","status":"open"},"stretch":{"repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"not yet assigned","status":"open"},"sid":{"fixed_version":"74.0.3729.108-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-18339":{"scope":"remote","description":"Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","releases":{"buster":{"fixed_version":"71.0.3578.80-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"71.0.3578.80-1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"71.0.3578.80-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-18338":{"scope":"remote","description":"Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","releases":{"buster":{"fixed_version":"71.0.3578.80-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"71.0.3578.80-1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"71.0.3578.80-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-18337":{"scope":"remote","description":"Incorrect handling of stylesheets leading to a use after free in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","releases":{"buster":{"fixed_version":"71.0.3578.80-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"71.0.3578.80-1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"71.0.3578.80-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-18336":{"scope":"remote","description":"Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.","releases":{"buster":{"fixed_version":"71.0.3578.80-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"71.0.3578.80-1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"71.0.3578.80-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-18335":{"debianbug":818180,"scope":"remote","description":"Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","releases":{"buster":{"fixed_version":"71.0.3578.80-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"71.0.3578.80-1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"71.0.3578.80-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-5780":{"scope":"local","description":"Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events.","releases":{"buster":{"fixed_version":"72.0.3626.81-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"72.0.3626.96-1~deb9u1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"72.0.3626.81-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-5781":{"scope":"remote","description":"Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.","releases":{"buster":{"fixed_version":"72.0.3626.81-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"72.0.3626.96-1~deb9u1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"72.0.3626.81-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-5786":{"releases":{"buster":{"fixed_version":"72.0.3626.121-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"72.0.3626.122-1~deb9u1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"72.0.3626.121-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-20073":{"releases":{"buster":{"nodsa":"Wait until fixed upstream","repositories":{"buster":"73.0.3683.75-1"},"urgency":"low","nodsa_reason":"postponed","status":"open"},"stretch":{"nodsa":"Wait until fixed upstream","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"low","nodsa_reason":"postponed","status":"open"},"sid":{"repositories":{"sid":"74.0.3729.108-1"},"urgency":"low","status":"open"}}}}
{"CVE-2019-5787":{"releases":{"buster":{"fixed_version":"73.0.3683.75-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"73.0.3683.75-1~deb9u1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"73.0.3683.75-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-5820":{"releases":{"buster":{"repositories":{"buster":"73.0.3683.75-1"},"urgency":"not yet assigned","status":"open"},"stretch":{"repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"not yet assigned","status":"open"},"sid":{"fixed_version":"74.0.3729.108-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-5788":{"releases":{"buster":{"fixed_version":"73.0.3683.75-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"73.0.3683.75-1~deb9u1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"73.0.3683.75-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-5821":{"releases":{"buster":{"repositories":{"buster":"73.0.3683.75-1"},"urgency":"not yet assigned","status":"open"},"stretch":{"repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"not yet assigned","status":"open"},"sid":{"fixed_version":"74.0.3729.108-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-5789":{"releases":{"buster":{"fixed_version":"73.0.3683.75-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"73.0.3683.75-1~deb9u1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"73.0.3683.75-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-5822":{"releases":{"buster":{"repositories":{"buster":"73.0.3683.75-1"},"urgency":"not yet assigned","status":"open"},"stretch":{"repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"not yet assigned","status":"open"},"sid":{"fixed_version":"74.0.3729.108-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-5782":{"scope":"remote","description":"Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.","releases":{"buster":{"fixed_version":"72.0.3626.81-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"72.0.3626.96-1~deb9u1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"72.0.3626.81-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-5783":{"scope":"remote","description":"Missing URI encoding of untrusted input in DevTools in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform a Dangling Markup Injection attack via a crafted HTML page.","releases":{"buster":{"fixed_version":"72.0.3626.81-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"72.0.3626.96-1~deb9u1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"72.0.3626.81-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-5784":{"releases":{"buster":{"fixed_version":"72.0.3626.109-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"72.0.3626.96-1~deb9u1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"72.0.3626.109-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-5827":{"releases":{"buster":{"repositories":{"buster":"73.0.3683.75-1"},"urgency":"not yet assigned","status":"open"},"stretch":{"repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"not yet assigned","status":"open"},"sid":{"repositories":{"sid":"74.0.3729.108-1"},"urgency":"not yet assigned","status":"open"}}}}
{"CVE-2019-5823":{"releases":{"buster":{"repositories":{"buster":"73.0.3683.75-1"},"urgency":"not yet assigned","status":"open"},"stretch":{"repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"not yet assigned","status":"open"},"sid":{"fixed_version":"74.0.3729.108-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-5824":{"releases":{"buster":{"repositories":{"buster":"73.0.3683.75-1"},"urgency":"not yet assigned","status":"open"},"stretch":{"repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"not yet assigned","status":"open"},"sid":{"repositories":{"sid":"74.0.3729.108-1"},"urgency":"not yet assigned","status":"open"}}}}
{"CVE-2019-5825":{"releases":{"buster":{"repositories":{"buster":"73.0.3683.75-1"},"urgency":"not yet assigned","status":"open"},"stretch":{"repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"not yet assigned","status":"open"},"sid":{"repositories":{"sid":"74.0.3729.108-1"},"urgency":"not yet assigned","status":"open"}}}}
{"CVE-2019-5826":{"releases":{"buster":{"repositories":{"buster":"73.0.3683.75-1"},"urgency":"not yet assigned","status":"open"},"stretch":{"repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"not yet assigned","status":"open"},"sid":{"repositories":{"sid":"74.0.3729.108-1"},"urgency":"not yet assigned","status":"open"}}}}
{"CVE-2019-5790":{"releases":{"buster":{"fixed_version":"73.0.3683.75-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"73.0.3683.75-1~deb9u1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"73.0.3683.75-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-20069":{"scope":"remote","description":"Failure to prevent navigation to top frame to data URLs in Navigation in Google Chrome on iOS prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"73.0.3683.75-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"74.0.3729.108-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-5791":{"releases":{"buster":{"fixed_version":"73.0.3683.75-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"73.0.3683.75-1~deb9u1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"73.0.3683.75-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-5792":{"releases":{"buster":{"fixed_version":"73.0.3683.75-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"73.0.3683.75-1~deb9u1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"73.0.3683.75-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-20346":{"scope":"remote","description":"SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.","releases":{"buster":{"fixed_version":"71.0.3578.80-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"71.0.3578.80-1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"71.0.3578.80-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-5797":{"releases":{"buster":{"fixed_version":"73.0.3683.75-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"73.0.3683.75-1~deb9u1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"73.0.3683.75-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-5798":{"releases":{"buster":{"fixed_version":"73.0.3683.75-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"73.0.3683.75-1~deb9u1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"73.0.3683.75-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-5799":{"releases":{"buster":{"fixed_version":"73.0.3683.75-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"73.0.3683.75-1~deb9u1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"73.0.3683.75-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-20066":{"scope":"remote","description":"Incorrect object lifecycle in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","releases":{"buster":{"fixed_version":"71.0.3578.80-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"71.0.3578.80-1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"71.0.3578.80-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-5793":{"releases":{"buster":{"fixed_version":"73.0.3683.75-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"73.0.3683.75-1~deb9u1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"73.0.3683.75-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-5794":{"releases":{"buster":{"fixed_version":"73.0.3683.75-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"73.0.3683.75-1~deb9u1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"73.0.3683.75-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-20065":{"scope":"remote","description":"Handling of URI action in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to initiate potentially unsafe navigations without a user gesture via a crafted PDF file.","releases":{"buster":{"fixed_version":"71.0.3578.80-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"71.0.3578.80-1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"71.0.3578.80-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-5795":{"releases":{"buster":{"fixed_version":"73.0.3683.75-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"73.0.3683.75-1~deb9u1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"73.0.3683.75-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-20068":{"scope":"remote","description":"Incorrect handling of 304 status codes in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page.","releases":{"buster":{"fixed_version":"71.0.3578.80-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"71.0.3578.80-1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"71.0.3578.80-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-5796":{"releases":{"buster":{"fixed_version":"73.0.3683.75-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"73.0.3683.75-1~deb9u1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"73.0.3683.75-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-20067":{"scope":"remote","description":"A renderer initiated back navigation was incorrectly allowed to cancel a browser initiated one in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page.","releases":{"buster":{"fixed_version":"71.0.3578.80-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"71.0.3578.80-1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"71.0.3578.80-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-20070":{"scope":"remote","description":"Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.","releases":{"buster":{"fixed_version":"71.0.3578.80-1","repositories":{"buster":"73.0.3683.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"71.0.3578.80-1","repositories":{"stretch-security":"73.0.3683.75-1~deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"71.0.3578.80-1","repositories":{"sid":"74.0.3729.108-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2003-0031":{"scope":"remote","description":"Multiple buffer overflows in libmcrypt before 2.5.5 allow attackers to cause a denial of service (crash).","releases":{"buster":{"fixed_version":"2.5.5-1","repositories":{"buster":"2.5.8-3.4"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.5.5-1","repositories":{"stretch":"2.5.8-3.3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.5.5-1","repositories":{"jessie":"2.5.8-3.3"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.5.5-1","repositories":{"sid":"2.5.8-3.4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-3736":{"debianbug":559797,"scope":"local","description":"ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.5.8-3.4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.5.8-3.3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.5.8-3.3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.5.8-3.4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2003-0032":{"scope":"remote","description":"Memory leak in libmcrypt before 2.5.5 allows attackers to cause a denial of service (memory exhaustion) via a large number of requests to the application, which causes libmcrypt to dynamically load algorithms via libtool.","releases":{"buster":{"fixed_version":"2.5.5-1","repositories":{"buster":"2.5.8-3.4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.5.5-1","repositories":{"stretch":"2.5.8-3.3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.5.5-1","repositories":{"jessie":"2.5.8-3.3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.5.5-1","repositories":{"sid":"2.5.8-3.4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-3137":{"debianbug":746322,"scope":"remote","description":"Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; (semi-colon) and a Content-Type that would not be accepted, as demonstrated in YouCompleteMe to execute arbitrary code.","releases":{"buster":{"fixed_version":"0.12.6-1","repositories":{"buster":"0.12.15-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.12.6-1","repositories":{"stretch":"0.12.13-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.12.6-1","repositories":{"jessie":"0.12.7-1+deb8u2","jessie-security":"0.12.7-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.12.6-1","repositories":{"sid":"0.12.15-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9964":{"debianbug":848392,"scope":"remote","description":"redirect() in bottle.py in bottle 0.12.10 doesn't filter a \"\\r\\n\" sequence, which leads to a CRLF attack, as demonstrated by a redirect(\"233\\r\\nSet-Cookie: name=salt\") call.","releases":{"buster":{"fixed_version":"0.12.11-1","repositories":{"buster":"0.12.15-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.12.11-1","repositories":{"stretch":"0.12.13-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.12.7-1+deb8u1","repositories":{"jessie":"0.12.7-1+deb8u2","jessie-security":"0.12.7-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.12.11-1","repositories":{"sid":"0.12.15-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-3124":{"scope":"remote","description":"Buffer overflow in the HTTP header parsing in Streamripper before 1.61.26 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted HTTP headers.","releases":{"buster":{"fixed_version":"1.61.25-2","repositories":{"buster":"1.64.6-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.61.25-2","repositories":{"stretch":"1.64.6-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.61.25-2","repositories":{"jessie":"1.64.6-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.61.25-2","repositories":{"sid":"1.64.6-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-4337":{"scope":"remote","description":"Multiple buffer overflows in the httplib_parse_sc_header function in lib/http.c in Streamripper before 1.62.2 allow remote attackers to execute arbitrary code via long (1) Location and (2) Server HTTP headers, a different vulnerability than CVE-2006-3124.","releases":{"buster":{"fixed_version":"1.62.2-1","repositories":{"buster":"1.64.6-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.62.2-1","repositories":{"stretch":"1.64.6-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.62.2-1","repositories":{"jessie":"1.64.6-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.62.2-1","repositories":{"sid":"1.64.6-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-4829":{"debianbug":506377,"scope":"remote","description":"Multiple buffer overflows in lib/http.c in Streamripper 1.63.5 allow remote attackers to execute arbitrary code via (1) a long \"Zwitterion v\" HTTP header, related to the http_parse_sc_header function; (2) a crafted pls playlist with a long entry, related to the http_get_pls function; or (3) a crafted m3u playlist with a long File entry, related to the http_get_m3u function.","releases":{"buster":{"fixed_version":"1.63.5-2","repositories":{"buster":"1.64.6-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.63.5-2","repositories":{"stretch":"1.64.6-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.63.5-2","repositories":{"jessie":"1.64.6-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.63.5-2","repositories":{"sid":"1.64.6-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-2910":{"debianbug":638198,"releases":{"buster":{"fixed_version":"0.0.8-13.2","repositories":{"buster":"0.0.10-rc4-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.0.8-13.2","repositories":{"stretch":"0.0.10-rc4-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.0.8-13.2","repositories":{"jessie":"0.0.10-rc2+cvs20120204-4"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.0.8-13.2","repositories":{"sid":"0.0.10-rc4-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2005-0016":{"scope":"local","description":"Buffer overflow in the exported_display function in xatitv in gatos before 0.0.5 allows local users to execute arbitrary code.","releases":{"buster":{"fixed_version":"0.0.5-15","repositories":{"buster":"0.0.5-19"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.0.5-15","repositories":{"stretch":"0.0.5-19"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.0.5-15","repositories":{"jessie":"0.0.5-19"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.0.5-15","repositories":{"sid":"0.0.5-19"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2004-0395":{"scope":"local","description":"The xatitv program in the gatos package does not properly drop root privileges when the configuration file does not exist, which allows local users to execute arbitrary commands via shell metacharacters in a system call.","releases":{"buster":{"fixed_version":"0.0.5-12","repositories":{"buster":"0.0.5-19"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.0.5-12","repositories":{"stretch":"0.0.5-19"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.0.5-12","repositories":{"jessie":"0.0.5-19"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.0.5-12","repositories":{"sid":"0.0.5-19"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-1441":{"scope":"remote","description":"econvert in ExactImage 0.8.9 and earlier does not properly initialize the setjmp variable, which allows context-dependent users to cause a denial of service (crash) via a crafted image file.","releases":{"buster":{"fixed_version":"0.8.9-2","repositories":{"buster":"1.0.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.8.9-2","repositories":{"stretch":"0.9.1-16"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.8.9-2","repositories":{"jessie":"0.8.9-7+deb8u2","jessie-security":"0.8.9-7+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.8.9-2","repositories":{"sid":"1.0.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8366":{"debianbug":806809,"releases":{"buster":{"fixed_version":"0.9.1-13","repositories":{"buster":"1.0.2-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"0.9.1-13","repositories":{"stretch":"0.9.1-16"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"0.8.9-7+deb8u2","repositories":{"jessie":"0.8.9-7+deb8u2","jessie-security":"0.8.9-7+deb8u3"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"0.9.1-13","repositories":{"sid":"1.0.2-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2015-8367":{"debianbug":806809,"releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.0.2-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"0.9.1-16"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.8.9-7+deb8u2","jessie-security":"0.8.9-7+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.0.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-3885":{"debianbug":785019,"scope":"remote","description":"Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.","releases":{"buster":{"fixed_version":"0.9.1-5","repositories":{"buster":"1.0.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.9.1-5","repositories":{"stretch":"0.9.1-16"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.8.9-7+deb8u1","repositories":{"jessie":"0.8.9-7+deb8u2","jessie-security":"0.8.9-7+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.9.1-5","repositories":{"sid":"1.0.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-1438":{"debianbug":721231,"scope":"remote","description":"Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in libraw, ufraw, shotwell, and other products, allows context-dependent attackers to cause a denial of service via a crafted photo file that triggers a (1) divide-by-zero, (2) infinite loop, or (3) NULL pointer dereference.","releases":{"buster":{"fixed_version":"0.8.9-1","repositories":{"buster":"1.0.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.8.9-1","repositories":{"stretch":"0.9.1-16"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.8.9-1","repositories":{"jessie":"0.8.9-7+deb8u2","jessie-security":"0.8.9-7+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.8.9-1","repositories":{"sid":"1.0.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-12197":{"debianbug":879001,"scope":"remote","description":"It was found that libpam4j up to and including 1.8 did not properly validate user accounts when authenticating. A user with a valid password for a disabled account would be able to bypass security restrictions and possibly access sensitive information.","releases":{"stretch":{"fixed_version":"1.4-2+deb9u1","repositories":{"stretch-security":"1.4-2+deb9u1","stretch":"1.4-2+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.4-2+deb8u1","repositories":{"jessie":"1.4-2+deb8u1","jessie-security":"1.4-2+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-9765":{"scope":"remote","description":"Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, as used on Axis cameras and other devices, allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via a large XML document, aka Devil's Ivy. NOTE: the large document would be blocked by many common web-server configurations on general-purpose computers.","releases":{"buster":{"fixed_version":"1.0.1+git20150806.c6bd9bd-2","repositories":{"buster":"1.0.1+git20150806.c6bd9bd-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.1+git20150806.c6bd9bd-2","repositories":{"sid":"1.0.1+git20150806.c6bd9bd-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-7659":{"scope":"remote","description":"Genivia gSOAP 2.7.x and 2.8.x before 2.8.75 allows attackers to cause a denial of service (application abort) or possibly have unspecified other impact if a server application is built with the -DWITH_COOKIES flag. This affects the C/C++ libgsoapck/libgsoapck++ and libgsoapssl/libgsoapssl++ libraries, as these are built with that flag.","releases":{"buster":{"fixed_version":"1.0.1+git20150806.c6bd9bd-2","repositories":{"buster":"1.0.1+git20150806.c6bd9bd-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.1+git20150806.c6bd9bd-2","repositories":{"sid":"1.0.1+git20150806.c6bd9bd-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-1759":{"scope":"local","description":"Race condition in shtool 2.0.1 and earlier allows local users to modify or create arbitrary files via a symlink attack on temporary files after they have been created, a different vulnerability than CVE-2005-1751.","releases":{"buster":{"fixed_version":"1.0.3-6","repositories":{"buster":"1.2.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.0.3-6","repositories":{"stretch":"1.2.0-3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1.0.3-6","repositories":{"jessie":"1.1.2-3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.0.3-6","repositories":{"sid":"1.2.1-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2005-1751":{"debianbug":311206,"scope":"local","description":"Race condition in shtool 2.0.1 and earlier allows local users to create or modify arbitrary files via a symlink attack on the .shtool.$$ temporary file, a different vulnerability than CVE-2005-1759.","releases":{"buster":{"fixed_version":"1.0.3-6","repositories":{"buster":"1.2.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.0.3-6","repositories":{"stretch":"1.2.0-3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1.0.3-6","repositories":{"jessie":"1.1.2-3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.0.3-6","repositories":{"sid":"1.2.1-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-2942":{"scope":"remote","description":"The mysql-ocaml bindings 1.0.4 for MySQL do not properly support the mysql_real_escape_string function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.","releases":{"buster":{"fixed_version":"1.0.4-7","repositories":{"buster":"1.2.1-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.0.4-7","repositories":{"stretch":"1.2.0-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.0.4-7","repositories":{"jessie":"1.1.2-3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.0.4-7","repositories":{"sid":"1.2.1-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-19543":{"scope":"remote","description":"An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c.","releases":{"jessie":{"nodsa":"Code appears to work correctly but wait for more information","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"medium**","nodsa_reason":"postponed","status":"open"}}}}
{"CVE-2016-8692":{"debianbug":841111,"scope":"remote","description":"The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command.","releases":{"jessie":{"fixed_version":"1.900.1-debian1-2.4+deb8u2","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-19542":{"scope":"remote","description":"An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service.","releases":{"jessie":{"fixed_version":"1.900.1-debian1-2.4+deb8u5","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9583":{"scope":"remote","description":"An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.","releases":{"jessie":{"repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-8693":{"debianbug":841110,"scope":"remote","description":"Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command.","releases":{"jessie":{"fixed_version":"1.900.1-debian1-2.4+deb8u2","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-19541":{"scope":"remote","description":"An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jas_image_depalettize in libjasper/base/jas_image.c.","releases":{"jessie":{"fixed_version":"1.900.1-debian1-2.4+deb8u5","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-8690":{"debianbug":841112,"scope":"remote","description":"The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command.","releases":{"jessie":{"fixed_version":"1.900.1-debian1-2.4+deb8u4","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-19540":{"scope":"remote","description":"An issue was discovered in JasPer 2.0.14. There is a heap-based buffer overflow of size 1 in the function jas_icctxtdesc_input in libjasper/base/jas_icc.c.","releases":{"jessie":{"fixed_version":"1.900.1-debian1-2.4+deb8u5","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9262":{"scope":"remote","description":"Multiple integer overflows in the (1) jas_realloc function in base/jas_malloc.c and (2) mem_resize function in base/jas_stream.c in JasPer before 1.900.22 allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-8691":{"debianbug":841111,"scope":"remote","description":"The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command.","releases":{"jessie":{"fixed_version":"1.900.1-debian1-2.4+deb8u2","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-3520":{"debianbug":501021,"scope":"remote","description":"Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation.","releases":{"jessie":{"fixed_version":"1.900.1-5.1","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2008-3521":{"debianbug":501021,"scope":"local","description":"Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX temporary file, which causes Jasper to exit.  NOTE: this was originally reported as a symlink issue, but this was incorrect.  NOTE: some vendors dispute the severity of this issue, but it satisfies CVE's requirements for inclusion.","releases":{"jessie":{"fixed_version":"1.900.1-5.1","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-3522":{"debianbug":501021,"scope":"remote","description":"Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf.","releases":{"jessie":{"fixed_version":"1.900.1-5.1","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2017-5504":{"scope":"remote","description":"The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.","releases":{"jessie":{"repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-5505":{"scope":"remote","description":"The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.","releases":{"jessie":{"repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-8654":{"scope":"remote","description":"A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected.","releases":{"jessie":{"fixed_version":"1.900.1-debian1-2.4+deb8u2","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-20570":{"scope":"remote","description":"jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read.","releases":{"jessie":{"fixed_version":"1.900.1-debian1-2.4+deb8u5","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5502":{"scope":"remote","description":"libjasper/jp2/jp2_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.","releases":{"jessie":{"repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-5503":{"scope":"remote","description":"The dec_clnpass function in libjasper/jpc/jpc_t1dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via a crafted image.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-1000050":{"scope":"remote","description":"JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service.","releases":{"jessie":{"repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-9389":{"scope":"remote","description":"The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.900.14 allow remote attackers to cause a denial of service (assertion failure).","releases":{"jessie":{"repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-9388":{"scope":"remote","description":"The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.","releases":{"jessie":{"repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-9387":{"scope":"remote","description":"Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.13 allows remote attackers to have unspecified impact via a crafted file, which triggers an assertion failure.","releases":{"jessie":{"repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2014-8158":{"debianbug":775970,"scope":"remote","description":"Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image.","releases":{"jessie":{"fixed_version":"1.900.1-debian1-2.4","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-8157":{"debianbug":775970,"scope":"remote","description":"Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow.","releases":{"jessie":{"fixed_version":"1.900.1-debian1-2.4","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-1867":{"debianbug":811023,"scope":"remote","description":"The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.","releases":{"jessie":{"nodsa":"Minor issue","fixed_version":"1.900.1-debian1-2.4+deb8u2","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"medium**","nodsa_reason":"","status":"resolved"}}}}
{"CVE-2017-5500":{"scope":"remote","description":"libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.","releases":{"jessie":{"repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-5501":{"scope":"remote","description":"Integer overflow in libjasper/jpc/jpc_tsfb.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file.","releases":{"jessie":{"repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-2116":{"debianbug":816626,"scope":"remote","description":"Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file.","releases":{"jessie":{"fixed_version":"1.900.1-debian1-2.4+deb8u1","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-19539":{"scope":"remote","description":"An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service.","releases":{"jessie":{"fixed_version":"1.900.1-debian1-2.4+deb8u5","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-13749":{"scope":"remote","description":"There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12 that will lead to a remote denial of service attack.","releases":{"jessie":{"repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-9782":{"scope":"remote","description":"JasPer 2.0.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jp2_decode function in libjasper/jp2/jp2_dec.c.","releases":{"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"medium**","nodsa_reason":"","status":"open"}}}}
{"CVE-2017-13747":{"scope":"remote","description":"There is a reachable assertion abort in the function jpc_floorlog2() in jpc/jpc_math.c in JasPer 2.0.12 that will lead to a remote denial of service attack.","releases":{"jessie":{"repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2018-19139":{"scope":"remote","description":"An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c.","releases":{"jessie":{"nodsa":"can be fixed later","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"low","nodsa_reason":"postponed","status":"open"}}}}
{"CVE-2017-13748":{"scope":"remote","description":"There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_string.c, that will lead to a remote denial of service attack.","releases":{"jessie":{"fixed_version":"1.900.1-debian1-2.4+deb8u4","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-13745":{"scope":"remote","description":"There is a reachable assertion abort in the function jpc_dec_process_sot() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack by triggering an unexpected jpc_ppmstabtostreams return value, a different vulnerability than CVE-2018-9154.","releases":{"jessie":{"repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-13746":{"scope":"remote","description":"There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1297 in JasPer 2.0.12 that will lead to a remote denial of service attack.","releases":{"jessie":{"repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2015-5203":{"debianbug":796107,"scope":"remote","description":"Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.","releases":{"jessie":{"fixed_version":"1.900.1-debian1-2.4+deb8u4","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-8887":{"scope":"remote","description":"The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference).","releases":{"jessie":{"repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-8885":{"scope":"remote","description":"The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-8886":{"scope":"remote","description":"The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure.","releases":{"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"low","nodsa_reason":"","status":"open"}}}}
{"CVE-2016-8883":{"scope":"remote","description":"The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.","releases":{"jessie":{"repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-8884":{"scope":"remote","description":"The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-8882":{"scope":"remote","description":"The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.","releases":{"jessie":{"fixed_version":"1.900.1-debian1-2.4+deb8u2","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-1577":{"debianbug":816625,"scope":"remote","description":"Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than CVE-2014-8137.","releases":{"jessie":{"fixed_version":"1.900.1-debian1-2.4+deb8u1","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8751":{"releases":{"jessie":{"fixed_version":"1.900.1-5.1","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2017-14229":{"scope":"remote","description":"There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_dec.c of Jasper 2.0.13. It will lead to a remote denial of service attack.","releases":{"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"}}}}
{"CVE-2016-9560":{"scope":"remote","description":"Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image.","releases":{"jessie":{"fixed_version":"1.900.1-debian1-2.4+deb8u2","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-2721":{"debianbug":413033,"scope":"remote","description":"The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert.","releases":{"jessie":{"fixed_version":"1.900.1-6","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2016-10249":{"scope":"remote","description":"Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.12 allows remote attackers to have unspecified impact via a crafted image file, which triggers a heap-based buffer overflow.","releases":{"jessie":{"fixed_version":"1.900.1-debian1-2.4+deb8u3","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-4516":{"debianbug":652649,"scope":"remote","description":"Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker segment in a JPEG2000 file.","releases":{"jessie":{"fixed_version":"1.900.1-13","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-10248":{"scope":"remote","description":"The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) via vectors involving an empty sequence.","releases":{"jessie":{"repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2011-4517":{"debianbug":652649,"scope":"remote","description":"The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file.","releases":{"jessie":{"fixed_version":"1.900.1-13","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9600":{"scope":"remote","description":"JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash.","releases":{"jessie":{"repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-10250":{"scope":"remote","description":"The jp2_colr_destroy function in jp2_cod.c in JasPer before 1.900.13 allows remote attackers to cause a denial of service (NULL pointer dereference) by leveraging incorrect cleanup of JP2 box data on error. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8887.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-6850":{"scope":"remote","description":"The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.","releases":{"jessie":{"repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2014-9029":{"debianbug":772036,"scope":"remote","description":"Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow.","releases":{"jessie":{"fixed_version":"1.900.1-debian1-2.2","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-8138":{"debianbug":773463,"scope":"remote","description":"Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 file.","releases":{"jessie":{"fixed_version":"1.900.1-debian1-2.3","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-8137":{"debianbug":773463,"scope":"remote","description":"Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file.","releases":{"jessie":{"fixed_version":"1.900.1-debian1-2.3","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-9252":{"scope":"remote","description":"JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c.","releases":{"jessie":{"repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2018-9055":{"scope":"remote","description":"JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_firstone in libjasper/jpc/jpc_math.c.","releases":{"jessie":{"repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-6851":{"scope":"remote","description":"The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows remote attackers to cause a denial of service (invalid read) via a crafted image.","releases":{"jessie":{"repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-6852":{"scope":"remote","description":"Heap-based buffer overflow in the jpc_dec_decodepkt function in jpc_t2dec.c in JasPer 2.0.10 allows remote attackers to have unspecified impact via a crafted image.","releases":{"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"medium**","nodsa_reason":"","status":"open"}}}}
{"CVE-2016-9397":{"scope":"remote","description":"The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.","releases":{"jessie":{"repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-9396":{"scope":"remote","description":"The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service (JPC_COX_RFT assertion failure) via unspecified vectors.","releases":{"jessie":{"repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-9395":{"scope":"remote","description":"The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.","releases":{"jessie":{"repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2018-20622":{"scope":"remote","description":"JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when \"--output-format jp2\" is used.","releases":{"jessie":{"fixed_version":"1.900.1-debian1-2.4+deb8u5","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9394":{"scope":"remote","description":"The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.","releases":{"jessie":{"repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-9393":{"scope":"remote","description":"The jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.","releases":{"jessie":{"repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-9591":{"scope":"remote","description":"JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer.","releases":{"jessie":{"fixed_version":"1.900.1-debian1-2.4+deb8u3","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9392":{"scope":"remote","description":"The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.","releases":{"jessie":{"repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-9391":{"scope":"remote","description":"The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 allows remote attackers to cause a denial of service (assertion failure) via a very large integer.","releases":{"jessie":{"repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-9390":{"scope":"remote","description":"The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.","releases":{"jessie":{"repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-14132":{"scope":"remote","description":"JasPer 2.0.13 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jas_image_ishomosamp function in libjasper/base/jas_image.c.","releases":{"jessie":{"fixed_version":"1.900.1-debian1-2.4+deb8u4","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9557":{"scope":"remote","description":"Integer overflow in jas_image.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (application crash) via a crafted file.","releases":{"jessie":{"nodsa":"There is no application crash unless jasper is built with ASAN","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"medium**","nodsa_reason":"","status":"open"}}}}
{"CVE-2016-2089":{"debianbug":812978,"scope":"remote","description":"The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image.","releases":{"jessie":{"fixed_version":"1.900.1-debian1-2.4+deb8u1","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9399":{"scope":"remote","description":"The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.","releases":{"jessie":{"repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-9398":{"scope":"remote","description":"The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.","releases":{"jessie":{"repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-10251":{"scope":"remote","description":"Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows remote attackers to have unspecified impact via a crafted file, which triggers use of an uninitialized value.","releases":{"jessie":{"fixed_version":"1.900.1-debian1-2.4+deb8u3","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-20584":{"scope":"remote","description":"JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format.","releases":{"jessie":{"fixed_version":"1.900.1-debian1-2.4+deb8u5","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-13752":{"scope":"remote","description":"There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack.","releases":{"jessie":{"repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-13750":{"scope":"remote","description":"There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1296 in JasPer 2.0.12 that will lead to a remote denial of service attack.","releases":{"jessie":{"repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-13751":{"scope":"remote","description":"There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack.","releases":{"jessie":{"repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-5498":{"scope":"remote","description":"libjasper/include/jasper/jas_math.h in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.","releases":{"jessie":{"repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-5499":{"scope":"remote","description":"Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file.","releases":{"jessie":{"repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2015-5221":{"debianbug":796253,"scope":"remote","description":"Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.","releases":{"jessie":{"fixed_version":"1.900.1-debian1-2.4+deb8u4","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-18873":{"scope":"remote","description":"An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c.","releases":{"jessie":{"fixed_version":"1.900.1-debian1-2.4+deb8u5","repositories":{"jessie":"1.900.1-debian1-2.4+deb8u3","jessie-security":"1.900.1-debian1-2.4+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-3576":{"scope":"remote","description":"Buffer overflow in the TruncateString function in src/gfx.cpp in OpenTTD before 0.6.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted string.  NOTE: some of these details are obtained from third party information.","releases":{"buster":{"fixed_version":"0.6.2-1","repositories":{"buster":"1.8.0-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.6.2-1","repositories":{"stretch":"1.6.1-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.6.2-1","repositories":{"jessie":"1.4.4-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.6.2-1","repositories":{"sid":"1.9.1-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-3436":{"debianbug":683258,"scope":"remote","description":"OpenTTD 0.6.0 through 1.2.1 does not properly validate requests to clear a water tile, which allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a certain sequence of steps related to \"the water/coast aspect of tiles which also have railtracks on one half.\"","releases":{"buster":{"fixed_version":"1.2.1-2","repositories":{"buster":"1.8.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.2.1-2","repositories":{"stretch":"1.6.1-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.2.1-2","repositories":{"jessie":"1.4.4-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.2.1-2","repositories":{"sid":"1.9.1-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-3577":{"scope":"local","description":"Buffer overflow in src/openttd.cpp in OpenTTD before 0.6.2 allows local users to execute arbitrary code via a large filename supplied to the \"-g\" parameter in the ttd_main function.  NOTE: it is unlikely that this issue would cross privilege boundaries in typical environments.","releases":{"buster":{"fixed_version":"0.6.2-1","repositories":{"buster":"1.8.0-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0.6.2-1","repositories":{"stretch":"1.6.1-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0.6.2-1","repositories":{"jessie":"1.4.4-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0.6.2-1","repositories":{"sid":"1.9.1-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-3341":{"scope":"remote","description":"Multiple off-by-one errors in order_cmd.cpp in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted CMD_INSERT_ORDER command.","releases":{"buster":{"fixed_version":"1.1.3-1","repositories":{"buster":"1.8.0-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.1.3-1","repositories":{"stretch":"1.6.1-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.1.3-1","repositories":{"jessie":"1.4.4-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.1.3-1","repositories":{"sid":"1.9.1-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-3342":{"scope":"remote","description":"Multiple buffer overflows in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors related to (1) NAME, (2) PLYR, (3) CHTS, or (4) AIPL (aka AI config) chunk loading from a savegame.","releases":{"buster":{"fixed_version":"1.1.3-1","repositories":{"buster":"1.8.0-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.1.3-1","repositories":{"stretch":"1.6.1-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.1.3-1","repositories":{"jessie":"1.4.4-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.1.3-1","repositories":{"sid":"1.9.1-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-3343":{"scope":"local","description":"Multiple buffer overflows in OpenTTD before 1.1.3 allow local users to cause a denial of service (daemon crash) or possibly gain privileges via (1) a crafted BMP file with RLE compression or (2) crafted dimensions in a BMP file.","releases":{"buster":{"fixed_version":"1.1.3-1","repositories":{"buster":"1.8.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.1.3-1","repositories":{"stretch":"1.6.1-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.1.3-1","repositories":{"jessie":"1.4.4-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.1.3-1","repositories":{"sid":"1.9.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-4168":{"debianbug":603752,"scope":"remote","description":"Multiple use-after-free vulnerabilities in OpenTTD 1.0.x before 1.0.5 allow (1) remote attackers to cause a denial of service (invalid write and daemon crash) by abruptly disconnecting during transmission of the map from the server, related to network/network_server.cpp; (2) remote attackers to cause a denial of service (invalid read and daemon crash) by abruptly disconnecting, related to network/network_server.cpp; and (3) remote servers to cause a denial of service (invalid read and application crash) by forcing a disconnection during the join process, related to network/network.cpp.","releases":{"buster":{"fixed_version":"1.0.4-3","repositories":{"buster":"1.8.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.4-3","repositories":{"stretch":"1.6.1-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.4-3","repositories":{"jessie":"1.4.4-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.4-3","repositories":{"sid":"1.9.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-4007":{"scope":"remote","description":"Unspecified vulnerability in the NormaliseTrainConsist function in src/train_cmd.cpp in OpenTTD before 0.7.5-RC1 allows remote attackers to cause a denial of service (daemon crash) via certain game actions involving a wagon and a dual-headed engine.","releases":{"buster":{"fixed_version":"0.7.5-1","repositories":{"buster":"1.8.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.7.5-1","repositories":{"stretch":"1.6.1-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.7.5-1","repositories":{"jessie":"1.4.4-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.7.5-1","repositories":{"sid":"1.9.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-6411":{"scope":"remote","description":"The HandleCrashedAircraft function in aircraft_cmd.cpp in OpenTTD 0.3.6 through 1.3.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) by crashing an aircraft outside of the map.","releases":{"buster":{"fixed_version":"1.3.3-1","repositories":{"buster":"1.8.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.3.3-1","repositories":{"stretch":"1.6.1-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.3.3-1","repositories":{"jessie":"1.4.4-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.3.3-1","repositories":{"sid":"1.9.1-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-0049":{"releases":{"buster":{"fixed_version":"1.1.5-1","repositories":{"buster":"1.8.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.1.5-1","repositories":{"stretch":"1.6.1-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.1.5-1","repositories":{"jessie":"1.4.4-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.1.5-1","repositories":{"sid":"1.9.1-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-3547":{"debianbug":493714,"scope":"remote","description":"Buffer overflow in the server in OpenTTD 0.6.1 and earlier allows remote authenticated users to cause a denial of service (persistent game disruption) or possibly execute arbitrary code via vectors involving many long names for \"companies and clients.\"","releases":{"buster":{"fixed_version":"0.6.2-1","repositories":{"buster":"1.8.0-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"0.6.2-1","repositories":{"stretch":"1.6.1-1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"0.6.2-1","repositories":{"jessie":"1.4.4-2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"0.6.2-1","repositories":{"sid":"1.9.1-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2010-0406":{"scope":"remote","description":"OpenTTD before 1.0.1 allows remote attackers to cause a denial of service (file-descriptor exhaustion and daemon crash) by performing incomplete downloads of the map.","releases":{"buster":{"fixed_version":"1.0.1-1","repositories":{"buster":"1.8.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.1-1","repositories":{"stretch":"1.6.1-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1-1","repositories":{"jessie":"1.4.4-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.1-1","repositories":{"sid":"1.9.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-0401":{"scope":"remote","description":"OpenTTD before 1.0.1 accepts a company password for authentication in response to a request for the server password, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (daemon crash) by sending a company password packet.","releases":{"buster":{"fixed_version":"1.0.1-1","repositories":{"buster":"1.8.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.1-1","repositories":{"stretch":"1.6.1-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1-1","repositories":{"jessie":"1.4.4-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.1-1","repositories":{"sid":"1.9.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-0402":{"scope":"remote","description":"OpenTTD before 1.0.1 does not properly validate index values of certain items, which allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted in-game command.","releases":{"buster":{"fixed_version":"1.0.1-1","repositories":{"buster":"1.8.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.1-1","repositories":{"stretch":"1.6.1-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1-1","repositories":{"jessie":"1.4.4-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.1-1","repositories":{"sid":"1.9.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-2534":{"scope":"remote","description":"The NetworkSyncCommandQueue function in network/network_command.cpp in OpenTTD before 1.0.3 does not properly clear a pointer in a linked list, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted request, related to the client command queue.","releases":{"buster":{"fixed_version":"1.0.3-1","repositories":{"buster":"1.8.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.3-1","repositories":{"stretch":"1.6.1-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.3-1","repositories":{"jessie":"1.4.4-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.3-1","repositories":{"sid":"1.9.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-2096":{"debianbug":309196,"scope":"remote","description":"zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.","releases":{"buster":{"fixed_version":"1.7.8-2","repositories":{"buster":"1.8.5-2.1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.7.8-2","repositories":{"stretch":"1.8.5-2.1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.7.8-2","repositories":{"jessie":"1.8.5-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.7.8-2","repositories":{"sid":"1.8.5-2.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-5370":{"debianbug":509336,"scope":"local","description":"pvpgn-support-installer in pvpgn 1.8.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pvpgn-support-1.0.tar.gz temporary file.","releases":{"buster":{"fixed_version":"1.8.1-2","repositories":{"buster":"1.8.5-2.1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.8.1-2","repositories":{"stretch":"1.8.5-2.1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.8.1-2","repositories":{"jessie":"1.8.5-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.8.1-2","repositories":{"sid":"1.8.5-2.1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2004-2705":{"scope":"remote","description":"Unspecified vulnerability in Player vs. Player Gaming Network (PvPGN) before 1.6.4 allows remote attackers to obtain attributes of arbitrary accounts, including the password hash, via certain statsreq packets.","releases":{"buster":{"fixed_version":"1.6.4+20040826-1","repositories":{"buster":"1.8.5-2.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.6.4+20040826-1","repositories":{"stretch":"1.8.5-2.1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.6.4+20040826-1","repositories":{"jessie":"1.8.5-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.6.4+20040826-1","repositories":{"sid":"1.8.5-2.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-5158":{"scope":"remote","description":"Puppet Enterprise (PE) before 2.6.1 does not properly invalidate sessions when the session secret has changed, which allows remote authenticated users to retain access via unspecified vectors.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.5.10-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.8.2-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.5.10-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-6501":{"scope":"remote","description":"Open redirect vulnerability in the Console in Puppet Enterprise before 2015.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the string parameter.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.5.10-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.8.2-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.5.10-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-3848":{"scope":"remote","description":"Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x before 2.7.4 allows remote attackers to write X.509 Certificate Signing Request (CSR) to arbitrary locations via (1) a double-encoded key parameter in the URI in 2.7.x, (2) the CN in the Subject of a CSR in 2.6 and 0.25.","releases":{"buster":{"fixed_version":"2.7.3-2","repositories":{"buster":"5.5.10-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.7.3-2","repositories":{"stretch":"4.8.2-5"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.7.3-2","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.7.3-2","repositories":{"sid":"5.5.10-2"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0000000-B4B71F":{"releases":{"buster":{"fixed_version":"2.7.3-3","repositories":{"buster":"5.5.10-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.7.3-3","repositories":{"stretch":"4.8.2-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.7.3-3","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.7.3-3","repositories":{"sid":"5.5.10-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-4073":{"debianbug":714541,"scope":"remote","description":"The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.5.10-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.8.2-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.5.10-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-4955":{"scope":"remote","description":"Open redirect vulnerability in the login page in Puppet Enterprise before 3.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the service parameter.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.5.10-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.8.2-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.5.10-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-1906":{"scope":"local","description":"Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or install arbitrary packages via a symlink attack on a temporary file in /tmp.","releases":{"buster":{"fixed_version":"2.7.13-1","repositories":{"buster":"5.5.10-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2.7.13-1","repositories":{"stretch":"4.8.2-5"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"2.7.13-1","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2.7.13-1","repositories":{"sid":"5.5.10-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2013-1640":{"scope":"remote","description":"The (1) template and (2) inline_template functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users to execute arbitrary code via a crafted catalog request.","releases":{"buster":{"fixed_version":"2.7.18-3","repositories":{"buster":"5.5.10-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.7.18-3","repositories":{"stretch":"4.8.2-5"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.7.18-3","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.7.18-3","repositories":{"sid":"5.5.10-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-3564":{"debianbug":551073,"scope":"local","description":"puppetmasterd in puppet 0.24.6 does not reset supplementary groups when it switches to a different user, which might allow local users to access restricted files.","releases":{"buster":{"fixed_version":"0.25.1-3","repositories":{"buster":"5.5.10-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.25.1-3","repositories":{"stretch":"4.8.2-5"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.25.1-3","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.25.1-3","repositories":{"sid":"5.5.10-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-4958":{"scope":"local","description":"Puppet Enterprise before 3.0.1 does not use a session timeout, which makes it easier for attackers to gain privileges by leveraging an unattended workstation.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.5.10-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.8.2-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.5.10-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-4959":{"scope":"local","description":"Puppet Enterprise before 3.0.1 uses HTTP responses that contain sensitive information without the \"no-cache\" setting, which might allow local users to obtain sensitive information such as (1) host name, (2) MAC address, and (3) SSH keys via the web browser cache.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.5.10-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.8.2-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.5.10-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-4956":{"scope":"local","description":"Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, installs modules with weak permissions if those permissions were used when the modules were originally built, which might allow local users to read or modify those modules depending on the original permissions.","releases":{"buster":{"fixed_version":"3.2.4-1","repositories":{"buster":"5.5.10-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"3.2.4-1","repositories":{"stretch":"4.8.2-5"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"3.2.4-1","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"3.2.4-1","repositories":{"sid":"5.5.10-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2012-6120":{"scope":"local","description":"Red Hat OpenStack Essex and Folsom creates the /var/log/puppet directory with world-readable permissions, which allows local users to obtain sensitive information such as Puppet log files.","releases":{"buster":{"fixed_version":"2.6.4-2","repositories":{"buster":"5.5.10-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2.6.4-2","repositories":{"stretch":"4.8.2-5"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"2.6.4-2","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2.6.4-2","repositories":{"sid":"5.5.10-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2012-3865":{"scope":"remote","description":"Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. (dot dot) in a node name.","releases":{"buster":{"fixed_version":"2.7.18-1","repositories":{"buster":"5.5.10-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2.7.18-1","repositories":{"stretch":"4.8.2-5"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"2.7.18-1","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2.7.18-1","repositories":{"sid":"5.5.10-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2012-3864":{"scope":"remote","description":"Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request.","releases":{"buster":{"fixed_version":"2.7.18-1","repositories":{"buster":"5.5.10-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.7.18-1","repositories":{"stretch":"4.8.2-5"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.7.18-1","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.7.18-1","repositories":{"sid":"5.5.10-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-3867":{"scope":"remote","description":"lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences.","releases":{"buster":{"fixed_version":"2.7.18-1","repositories":{"buster":"5.5.10-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.7.18-1","repositories":{"stretch":"4.8.2-5"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.7.18-1","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.7.18-1","repositories":{"sid":"5.5.10-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-3866":{"scope":"local","description":"lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for last_run_report.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file.","releases":{"buster":{"fixed_version":"2.7.18-1","repositories":{"buster":"5.5.10-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2.7.18-1","repositories":{"stretch":"4.8.2-5"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"2.7.18-1","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2.7.18-1","repositories":{"sid":"5.5.10-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2013-1653":{"scope":"remote","description":"Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when listening for incoming connections is enabled and allowing access to the \"run\" REST endpoint is allowed, allows remote authenticated users to execute arbitrary code via a crafted HTTP request.","releases":{"buster":{"fixed_version":"2.7.18-3","repositories":{"buster":"5.5.10-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.7.18-3","repositories":{"stretch":"4.8.2-5"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.7.18-3","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.7.18-3","repositories":{"sid":"5.5.10-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-4965":{"scope":"remote","description":"Puppet Enterprise before 3.1.0 does not properly restrict the number of authentication attempts by a console account, which makes it easier for remote attackers to bypass intended access restrictions via a brute-force attack.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.5.10-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.8.2-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.5.10-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-4966":{"scope":"remote","description":"The master external node classification script in Puppet Enterprise before 3.2.0 does not verify the identity of consoles, which allows remote attackers to create arbitrary classifications on the master by spoofing a console.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.5.10-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.8.2-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.5.10-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-1652":{"scope":"remote","description":"Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users with a valid certificate and private key to read arbitrary catalogs or poison the master's cache via unspecified vectors.","releases":{"buster":{"fixed_version":"2.7.18-3","repositories":{"buster":"5.5.10-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.7.18-3","repositories":{"stretch":"4.8.2-5"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.7.18-3","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.7.18-3","repositories":{"sid":"5.5.10-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-3250":{"scope":"remote","description":"The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4.","releases":{"buster":{"fixed_version":"3.7.0-1","repositories":{"buster":"5.5.10-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.7.0-1","repositories":{"stretch":"4.8.2-5"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3.7.0-1","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"3.7.0-1","repositories":{"sid":"5.5.10-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-4963":{"scope":"remote","description":"Multiple cross-site request forgery (CSRF) vulnerabilities in Puppet Enterprise (PE) before 3.0.1 allow remote attackers to hijack the authentication of users for requests that deleting a (1) report, (2) group, or (3) class or possibly have other unspecified impact.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.5.10-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.8.2-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.5.10-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-1655":{"scope":"remote","description":"Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to \"serialized attributes.\"","releases":{"buster":{"fixed_version":"2.7.18-3","repositories":{"buster":"5.5.10-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.7.18-3","repositories":{"stretch":"4.8.2-5"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.7.18-3","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.7.18-3","repositories":{"sid":"5.5.10-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-4964":{"scope":"remote","description":"Puppet Enterprise before 3.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.5.10-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.8.2-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.5.10-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-1654":{"scope":"remote","description":"Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet Enterprise 2.7.x before 2.7.2, does not properly negotiate the SSL protocol between client and master, which allows remote attackers to conduct SSLv2 downgrade attacks against SSLv3 sessions via unspecified vectors.","releases":{"buster":{"fixed_version":"2.7.18-3","repositories":{"buster":"5.5.10-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.7.18-3","repositories":{"stretch":"4.8.2-5"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.7.18-3","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.7.18-3","repositories":{"sid":"5.5.10-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-11749":{"scope":"remote","description":"When users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are sent via plaintext to the LDAP server. This affects Puppet Enterprise 2018.1.3, 2017.3.9, and 2016.4.14, and is fixed in Puppet Enterprise 2018.1.4, 2017.3.10, and 2016.4.15. It scored an 8.5 CVSS score.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.5.10-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.8.2-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.5.10-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-4961":{"scope":"remote","description":"Puppet Enterprise before 3.0.1 includes version information for the Apache and Phusion Passenger products in its HTTP response headers, which allows remote attackers to obtain sensitive information.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.5.10-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.8.2-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.5.10-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-4962":{"scope":"remote","description":"The reset password page in Puppet Enterprise before 3.0.1 does not force entry of the current password, which allows attackers to modify user passwords by leveraging session hijacking, an unattended workstation, or other vectors.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.5.10-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.8.2-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.5.10-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-2785":{"scope":"remote","description":"Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.5.10-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.8.2-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.5.10-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-2786":{"scope":"remote","description":"The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 and Puppet Agent 1.3.x before 1.3.6 does not properly validate server certificates, which might allow remote attackers to spoof brokers and execute arbitrary commands via a crafted certificate.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.5.10-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.8.2-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.5.10-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-4761":{"scope":"remote","description":"Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service.  NOTE: this vulnerability can only be exploited utilizing unspecified \"local file system access\" to the Puppet Master.","releases":{"buster":{"fixed_version":"3.2.4-1","repositories":{"buster":"5.5.10-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.2.4-1","repositories":{"stretch":"4.8.2-5"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3.2.4-1","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"3.2.4-1","repositories":{"sid":"5.5.10-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-9355":{"scope":"remote","description":"Puppet Enterprise before 3.7.1 allows remote authenticated users to obtain licensing and certificate signing request information by leveraging access to an unspecified API endpoint.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.5.10-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.8.2-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.5.10-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-2787":{"scope":"remote","description":"The Puppet Communications Protocol in Puppet Enterprise 2015.3.x before 2015.3.3 does not properly validate certificates for the broker node, which allows remote non-whitelisted hosts to prevent runs from triggering via unspecified vectors.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.5.10-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.8.2-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.5.10-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-4762":{"scope":"remote","description":"Puppet Enterprise before 3.0.1 does not sufficiently invalidate a session when a user logs out, which might allow remote attackers to hijack sessions by obtaining an old session ID.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.5.10-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.8.2-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.5.10-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-4969":{"scope":"local","description":"Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.","releases":{"buster":{"fixed_version":"3.4.1-1","repositories":{"buster":"5.5.10-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"3.4.1-1","repositories":{"stretch":"4.8.2-5"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"3.4.1-1","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"3.4.1-1","repositories":{"sid":"5.5.10-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2013-4967":{"scope":"remote","description":"Puppet Enterprise before 3.0.1 allows remote attackers to obtain the database password via vectors related to how the password is \"seeded as a console parameter,\" External Node Classifiers, and the lack of access control for /nodes.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.5.10-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.8.2-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.5.10-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-4968":{"releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.5.10-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.8.2-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.5.10-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-1053":{"scope":"local","description":"The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups.","releases":{"buster":{"fixed_version":"2.7.11-1","repositories":{"buster":"5.5.10-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.7.11-1","repositories":{"stretch":"4.8.2-5"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.7.11-1","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.7.11-1","repositories":{"sid":"5.5.10-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-3869":{"scope":"local","description":"Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file.","releases":{"buster":{"fixed_version":"2.7.3-3","repositories":{"buster":"5.5.10-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.7.3-3","repositories":{"stretch":"4.8.2-5"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.7.3-3","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.7.3-3","repositories":{"sid":"5.5.10-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-1054":{"scope":"local","description":"Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k5login.","releases":{"buster":{"fixed_version":"2.7.11-1","repositories":{"buster":"5.5.10-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.7.11-1","repositories":{"stretch":"4.8.2-5"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.7.11-1","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.7.11-1","repositories":{"sid":"5.5.10-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-2274":{"scope":"remote","description":"Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary code on the puppet master, or an agent with puppet kick enabled, via a crafted request for a report.","releases":{"buster":{"fixed_version":"2.7-1","repositories":{"buster":"5.5.10-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.7-1","repositories":{"stretch":"4.8.2-5"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.7-1","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.7-1","repositories":{"sid":"5.5.10-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9686":{"scope":"remote","description":"The Puppet Communications Protocol (PCP) Broker incorrectly validates message header sizes. An attacker could use this to crash the PCP Broker, preventing commands from being sent to agents. This is resolved in Puppet Enterprise 2016.4.3 and 2016.5.2.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.5.10-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.8.2-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.5.10-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-3248":{"scope":"local","description":"Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.","releases":{"buster":{"fixed_version":"3.7.0-1","repositories":{"buster":"5.5.10-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.7.0-1","repositories":{"stretch":"4.8.2-5"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3.7.0-1","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"3.7.0-1","repositories":{"sid":"5.5.10-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-3249":{"scope":"remote","description":"Puppet Enterprise 2.8.x before 2.8.7 allows remote attackers to obtain sensitive information via vectors involving hiding and unhiding nodes.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.5.10-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.8.2-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.5.10-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2293":{"scope":"remote","description":"Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped with an MCollective configuration that allowed the package plugin to install or remove arbitrary packages on all managed agents. This release adds default configuration to not allow these actions. Customers who rely on this functionality can change this policy.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.5.10-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.8.2-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.5.10-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2294":{"scope":"remote","description":"Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 failed to mark MCollective server private keys as sensitive (a feature added in Puppet 4.6), so key values could be logged and stored in PuppetDB. These releases use the sensitive data type to ensure this won't happen anymore.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.5.10-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.8.2-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.5.10-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-0156":{"scope":"local","description":"Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or (4) /tmp/puppetdoc.aux temporary file.","releases":{"buster":{"fixed_version":"0.25.4-2","repositories":{"buster":"5.5.10-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"0.25.4-2","repositories":{"stretch":"4.8.2-5"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"0.25.4-2","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"0.25.4-2","repositories":{"sid":"5.5.10-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-2295":{"debianbug":863212,"scope":"remote","description":"Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code execution. This change constrains the format of data on the wire to PSON or safely decoded YAML.","releases":{"buster":{"fixed_version":"4.8.2-5","repositories":{"buster":"5.5.10-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.2-5","repositories":{"stretch":"4.8.2-5"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.7.2-4+deb8u1","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.8.2-5","repositories":{"sid":"5.5.10-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-2296":{"scope":"remote","description":"In Puppet Enterprise 2017.1.x and 2017.2.1, using specially formatted strings with certain formatting characters as Classifier node group names or RBAC role display names causes errors, effectively causing a DOS to the service. This was resolved in Puppet Enterprise 2017.2.2.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.5.10-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.8.2-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.5.10-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-3567":{"debianbug":712745,"scope":"remote","description":"Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.","releases":{"buster":{"fixed_version":"3.2.2-1","repositories":{"buster":"5.5.10-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.2.2-1","repositories":{"stretch":"4.8.2-5"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.2.2-1","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.2.2-1","repositories":{"sid":"5.5.10-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-2297":{"scope":"remote","description":"Puppet Enterprise versions prior to 2016.4.5 and 2017.2.1 did not correctly authenticate users before returning labeled RBAC access tokens. This issue has been fixed in Puppet Enterprise 2016.4.5 and 2017.2.1. This only affects users with labeled tokens, which is not the default for tokens.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.5.10-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.8.2-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.5.10-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-10690":{"scope":"remote","description":"In previous versions of Puppet Agent it was possible for the agent to retrieve facts from an environment that it was not classified to retrieve from. This was resolved in Puppet Agent 5.3.4, included in Puppet Enterprise 2017.3.4","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.5.10-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.8.2-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.5.10-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-2275":{"scope":"remote","description":"The default configuration for puppet masters 0.25.0 and later in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, allows remote authenticated nodes to submit reports for other nodes via unspecified vectors.","releases":{"buster":{"fixed_version":"2.7.18-3","repositories":{"buster":"5.5.10-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.7.18-3","repositories":{"stretch":"4.8.2-5"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.7.18-3","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.7.18-3","repositories":{"sid":"5.5.10-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-4971":{"scope":"remote","description":"Puppet Enterprise before 3.2.0 does not properly restrict access to node endpoints in the console, which allows remote attackers to obtain sensitive information via unspecified vectors.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.5.10-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.8.2-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.5.10-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-7331":{"scope":"remote","description":"The mcollective-puppet-agent plugin before 1.11.1 for Puppet allows remote attackers to execute arbitrary code via vectors involving the --server argument.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.5.10-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.8.2-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.5.10-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-4100":{"scope":"remote","description":"Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a \"Certificate Authority Reverse Proxy Vulnerability.\"","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.5.10-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.8.2-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.5.10-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-6513":{"scope":"remote","description":"Puppet Enterprise 2016.4.x prior to 2016.4.12, Puppet Enterprise 2017.3.x prior to 2017.3.7, Puppet Enterprise 2018.1.x prior to 2018.1.1, Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2, were vulnerable to an attack where an unprivileged user on Windows agents could write custom facts that can escalate privileges on the next puppet run. This was possible through the loading of shared libraries from untrusted paths.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.5.10-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.8.2-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.5.10-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-6512":{"scope":"remote","description":"The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when upgrading pe-razor-server. Affected releases are Puppet Enterprise: 2018.1.x versions prior to 2018.1.1 and razor-server and pe-razor-server prior to 1.9.0.0.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.5.10-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.8.2-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.5.10-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-6511":{"scope":"remote","description":"A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Puppet Enterprise Console. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.5.10-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.8.2-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.5.10-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-7328":{"scope":"local","description":"Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world-readable permissions for the private key of the Certification Authority (CA) certificate during the initial installation and configuration, which might allow local users to obtain sensitive information via unspecified vectors.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.5.10-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.8.2-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.5.10-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-6510":{"scope":"remote","description":"A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Orchestrator. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.5.10-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.8.2-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.5.10-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-0528":{"scope":"remote","description":"Puppet 2.6.0 through 2.6.3 does not properly restrict access to node resources, which allows remote authenticated Puppet nodes to read or modify the resources of other nodes via unspecified vectors.","releases":{"buster":{"fixed_version":"2.6.2-3","repositories":{"buster":"5.5.10-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.6.2-3","repositories":{"stretch":"4.8.2-5"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.6.2-3","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.6.2-3","repositories":{"sid":"5.5.10-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-3872":{"scope":"remote","description":"Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise (PE) Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an agent certificate, adds the Puppet master's certdnsnames values to the X.509 Subject Alternative Name field of the certificate, which allows remote attackers to spoof a Puppet master via a man-in-the-middle (MITM) attack against an agent that uses an alternate DNS name for the master, aka \"AltNames Vulnerability.\"","releases":{"buster":{"fixed_version":"2.7.6-1","repositories":{"buster":"5.5.10-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2.7.6-1","repositories":{"stretch":"4.8.2-5"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"2.7.6-1","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2.7.6-1","repositories":{"sid":"5.5.10-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2012-1986":{"scope":"remote","description":"Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction with a crafted REST request for a file in a filebucket.","releases":{"buster":{"fixed_version":"2.7.13-1","repositories":{"buster":"5.5.10-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2.7.13-1","repositories":{"stretch":"4.8.2-5"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"2.7.13-1","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2.7.13-1","repositories":{"sid":"5.5.10-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2012-1987":{"scope":"remote","description":"Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use \"a marshaled form of a Puppet::FileBucket::File object\" to write to arbitrary file locations.","releases":{"buster":{"fixed_version":"2.7.13-1","repositories":{"buster":"5.5.10-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2.7.13-1","repositories":{"stretch":"4.8.2-5"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"2.7.13-1","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2.7.13-1","repositories":{"sid":"5.5.10-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2012-1988":{"scope":"remote","description":"Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pathname contains shell metacharacters, then performing a filebucket request.","releases":{"buster":{"fixed_version":"2.7.13-1","repositories":{"buster":"5.5.10-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.7.13-1","repositories":{"stretch":"4.8.2-5"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.7.13-1","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.7.13-1","repositories":{"sid":"5.5.10-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-1989":{"scope":"local","description":"telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log).","releases":{"buster":{"fixed_version":"2.7.13-1","repositories":{"buster":"5.5.10-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2.7.13-1","repositories":{"stretch":"4.8.2-5"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"2.7.13-1","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2.7.13-1","repositories":{"sid":"5.5.10-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2012-3408":{"scope":"remote","description":"lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote attackers to spoof an agent by acquiring a previously used IP address.","releases":{"buster":{"fixed_version":"2.7.18-1","repositories":{"buster":"5.5.10-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.7.18-1","repositories":{"stretch":"4.8.2-5"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.7.18-1","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.7.18-1","repositories":{"sid":"5.5.10-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-3870":{"scope":"local","description":"Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file.","releases":{"buster":{"fixed_version":"2.7.3-3","repositories":{"buster":"5.5.10-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.7.3-3","repositories":{"stretch":"4.8.2-5"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.7.3-3","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.7.3-3","repositories":{"sid":"5.5.10-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-3871":{"scope":"local","description":"Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files.","releases":{"buster":{"fixed_version":"2.7.3-3","repositories":{"buster":"5.5.10-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.7.3-3","repositories":{"stretch":"4.8.2-5"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.7.3-3","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.7.3-3","repositories":{"sid":"5.5.10-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5715":{"scope":"remote","description":"Open redirect vulnerability in the Console in Puppet Enterprise 2015.x and 2016.x before 2016.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the redirect parameter.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6501.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.5.10-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.8.2-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.5.10-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-1399":{"scope":"remote","description":"Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) node request management, (2) live management, and (3) user administration components in the console in Puppet Enterprise (PE) before 2.7.1 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.5.10-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.8.2-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.5.10-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-5714":{"scope":"remote","description":"Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow remote attackers to bypass a host whitelist protection mechanism and execute arbitrary code on Puppet nodes via vectors related to command validation, aka \"Puppet Execution Protocol (PXP) Command Whitelist Validation Vulnerability.\"","releases":{"buster":{"fixed_version":"4.8.0-1","repositories":{"buster":"5.5.10-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.0-1","repositories":{"stretch":"4.8.2-5"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"4.8.0-1","repositories":{"sid":"5.5.10-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5716":{"scope":"remote","description":"The console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 includes unsafe string reads that potentially allows for remote code execution on the console node.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.5.10-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.8.2-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.5.10-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-5713":{"scope":"remote","description":"Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables through to Puppet runs. This could allow unauthorized code to be loaded. This bug was first introduced in Puppet Agent 1.3.0.","releases":{"buster":{"fixed_version":"4.7.0-1","repositories":{"buster":"5.5.10-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.7.0-1","repositories":{"stretch":"4.8.2-5"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"4.7.0-1","repositories":{"sid":"5.5.10-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-1398":{"scope":"remote","description":"The pe_mcollective module in Puppet Enterprise (PE) before 2.7.1 does not properly restrict access to a catalog of private SSL keys, which allows remote authenticated users to obtain sensitive information and gain privileges by leveraging root access to a node, related to the master role.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.5.10-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.8.2-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.5.10-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-6516":{"scope":"remote","description":"On Windows only, with a specifically crafted configuration file an attacker could get Puppet PE client tools (aka pe-client-tools) 16.4.x prior to 16.4.6, 17.3.x prior to 17.3.6, and 18.1.x prior to 18.1.2 to load arbitrary code with privilege escalation.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.5.10-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.8.2-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.5.10-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-10689":{"debianbug":890412,"scope":"local","description":"In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability.","releases":{"buster":{"fixed_version":"5.4.0-1","repositories":{"buster":"5.5.10-2"},"urgency":"low**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"4.8.2-5"},"urgency":"low**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"low**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"5.4.0-1","repositories":{"sid":"5.5.10-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-6515":{"scope":"remote","description":"Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2 on Windows only, with a specially crafted configuration file an attacker could get pxp-agent to load arbitrary code with privilege escalation.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.5.10-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.8.2-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.7.2-4+deb8u1","jessie-security":"3.7.2-4+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.5.10-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-1000044":{"scope":"remote","description":"gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly when updating framebuffer which may lead to memory corruption when rendering","releases":{"buster":{"fixed_version":"0.4.3-1","repositories":{"buster":"0.9.0-1.1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.4.3-1","repositories":{"stretch":"0.6.0-3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.4.3-1","repositories":{"jessie":"0.5.3-1.3"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.4.3-1","repositories":{"sid":"0.9.0-1.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-5885":{"debianbug":854450,"scope":"remote","description":"Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow.","releases":{"buster":{"fixed_version":"0.6.0-3","repositories":{"buster":"0.9.0-1.1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.6.0-3","repositories":{"stretch":"0.6.0-3"},"urgency":"high**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.5.3-1.3"},"urgency":"high**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.6.0-3","repositories":{"sid":"0.9.0-1.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-5884":{"debianbug":854450,"scope":"remote","description":"gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile.","releases":{"buster":{"fixed_version":"0.6.0-3","repositories":{"buster":"0.9.0-1.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.6.0-3","repositories":{"stretch":"0.6.0-3"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.5.3-1.3"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.6.0-3","repositories":{"sid":"0.9.0-1.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-2322":{"scope":"remote","description":"Absolute path traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a full pathname for a file within a .jar archive, a related issue to CVE-2010-0831.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-3619.","releases":{"buster":{"fixed_version":"2:0.98-3","repositories":{"buster":"2:0.98-6"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2:0.98-3","repositories":{"stretch":"2:0.98-6"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2:0.98-3","repositories":{"jessie":"2:0.98-5"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2:0.98-3","repositories":{"sid":"2:0.98-6"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-0831":{"scope":"remote","description":"Directory traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in a non-initial pathname component in a filename within a .jar archive, a related issue to CVE-2005-1080.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-3619.","releases":{"buster":{"fixed_version":"2:0.98-3","repositories":{"buster":"2:0.98-6"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2:0.98-3","repositories":{"stretch":"2:0.98-6"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2:0.98-3","repositories":{"jessie":"2:0.98-5"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2:0.98-3","repositories":{"sid":"2:0.98-6"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-2831":{"debianbug":781806,"scope":"local","description":"Buffer overflow in das_watchdog 0.9.0 allows local users to execute arbitrary code with root privileges via a large string in the XAUTHORITY environment variable.","releases":{"buster":{"fixed_version":"0.9.0-3.1","repositories":{"buster":"0.9.0-3.2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.9.0-3.1","repositories":{"stretch":"0.9.0-3.2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.9.0-3.1","repositories":{"jessie":"0.9.0-3.2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.9.0-3.1","repositories":{"sid":"0.9.0-3.2"},"urgency":"high**","status":"resolved"}}}}
{"TEMP-0000000-79CB2C":{"releases":{"jessie":{"fixed_version":"3.5.3-1","repositories":{"jessie":"3.6-rzb2752+dfsg-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-4438":{"debianbug":407337,"scope":"remote","description":"Session fixation vulnerability in Ampache before 3.3.3.5 allows remote attackers to hijack web sessions via unspecified vectors.","releases":{"jessie":{"fixed_version":"3.3.3.5-dfsg-1","repositories":{"jessie":"3.6-rzb2752+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-3929":{"debianbug":496369,"scope":"local","description":"gather-messages.sh in Ampache 3.4.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/filelist temporary file.","releases":{"jessie":{"fixed_version":"3.4.1-2","repositories":{"jessie":"3.6-rzb2752+dfsg-5"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-4437":{"debianbug":407337,"scope":"remote","description":"SQL injection vulnerability in albums.php in Ampache before 3.3.3.5 allows remote attackers to execute arbitrary SQL commands via the match parameter.  NOTE: some details are obtained from third party information.","releases":{"jessie":{"fixed_version":"3.3.3.5-dfsg-1","repositories":{"jessie":"3.6-rzb2752+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-4796":{"debianbug":504168,"scope":"remote","description":"The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs.","releases":{"jessie":{"fixed_version":"3.4.1-2","repositories":{"jessie":"3.6-rzb2752+dfsg-5"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-3440":{"debianbug":591995,"releases":{"buster":{"fixed_version":"2.0.11-1","repositories":{"buster":"2.0.11-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.0.11-1","repositories":{"stretch":"2.0.11-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.0.11-1","repositories":{"jessie":"2.0.11-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.0.11-1","repositories":{"sid":"2.0.11-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2006-3467":{"debianbug":379920,"scope":"remote","description":"Integer overflow in FreeType before 2.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PCF file, as demonstrated by the Red Hat bad1.pcf test file, due to a partial fix of CVE-2006-1861.","releases":{"buster":{"fixed_version":"2.2.1-5","repositories":{"buster":"2.9.1-3"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.2.1-5","repositories":{"stretch":"2.6.3-3.2"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.2.1-5","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.2.1-5","repositories":{"sid":"2.9.1-3"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2012-5670":{"debianbug":696691,"scope":"remote","description":"The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) via vectors related to BDF fonts and an ENCODING field with a negative value.","releases":{"buster":{"fixed_version":"2.4.9-1.1","repositories":{"buster":"2.9.1-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.9-1.1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.9-1.1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.9-1.1","repositories":{"sid":"2.9.1-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-0226":{"debianbug":635871,"scope":"remote","description":"Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.","releases":{"buster":{"fixed_version":"2.4.6-1","repositories":{"buster":"2.9.1-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.4.6-1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.4.6-1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.4.6-1","repositories":{"sid":"2.9.1-3"},"urgency":"high**","status":"resolved"}}}}
{"TEMP-0773084-4AB1FB":{"debianbug":773084,"releases":{"buster":{"fixed_version":"2.6-1","repositories":{"buster":"2.9.1-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.6-1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.6-1","repositories":{"sid":"2.9.1-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-0747":{"scope":"remote","description":"Integer underflow in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a font file with an odd number of blue values, which causes the underflow when decrementing by 2 in a context that assumes an even number of values.","releases":{"buster":{"fixed_version":"2.2.1-1","repositories":{"buster":"2.9.1-3"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.2.1-1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.2.1-1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.2.1-1","repositories":{"sid":"2.9.1-3"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2007-3506":{"debianbug":432013,"scope":"remote","description":"The ft_bitmap_assure_buffer function in src/base/ftbimap.c in FreeType 2.3.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors involving bitmap fonts, related to a \"memory buffer overwrite bug.\"","releases":{"buster":{"fixed_version":"2.3.4","repositories":{"buster":"2.9.1-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.3.4","repositories":{"stretch":"2.6.3-3.2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.3.4","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.3.4","repositories":{"sid":"2.9.1-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-1126":{"debianbug":662864,"scope":"remote","description":"FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted property data in a BDF font.","releases":{"buster":{"fixed_version":"2.4.9-1","repositories":{"buster":"2.9.1-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.4.9-1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.4.9-1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.4.9-1","repositories":{"sid":"2.9.1-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-3256":{"debianbug":646120,"scope":"remote","description":"FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability than CVE-2011-0226.","releases":{"buster":{"fixed_version":"2.4.7-1","repositories":{"buster":"2.9.1-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.7-1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.7-1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.7-1","repositories":{"sid":"2.9.1-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-1127":{"debianbug":662864,"scope":"remote","description":"FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font.","releases":{"buster":{"fixed_version":"2.4.9-1","repositories":{"buster":"2.9.1-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.4.9-1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.4.9-1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.4.9-1","repositories":{"sid":"2.9.1-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-1128":{"debianbug":662864,"scope":"remote","description":"FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and memory corruption) or possibly execute arbitrary code via a crafted TrueType font.","releases":{"buster":{"fixed_version":"2.4.9-1","repositories":{"buster":"2.9.1-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.4.9-1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.4.9-1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.4.9-1","repositories":{"sid":"2.9.1-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7858":{"scope":"remote","description":"FreeType 2 before 2017-03-07 has an out-of-bounds write related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.9.1-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.6.3-3.2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.9.1-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-1129":{"debianbug":662864,"scope":"remote","description":"FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted SFNT string in a Type 42 font.","releases":{"buster":{"fixed_version":"2.4.9-1","repositories":{"buster":"2.9.1-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.4.9-1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.4.9-1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.4.9-1","repositories":{"sid":"2.9.1-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7857":{"scope":"remote","description":"FreeType 2 before 2017-03-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.9.1-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.6.3-3.2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.9.1-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-0946":{"debianbug":524925,"scope":"remote","description":"Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.","releases":{"buster":{"fixed_version":"2.3.9-4.1","repositories":{"buster":"2.9.1-3"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.3.9-4.1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.3.9-4.1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.3.9-4.1","repositories":{"sid":"2.9.1-3"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2014-9675":{"debianbug":777656,"scope":"remote","description":"bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font.","releases":{"buster":{"fixed_version":"2.5.2-3","repositories":{"buster":"2.9.1-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.5.2-3","repositories":{"stretch":"2.6.3-3.2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.5.2-3","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.5.2-3","repositories":{"sid":"2.9.1-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-3311":{"scope":"remote","description":"Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a heap-based buffer overflow, related to an \"input stream position error\" issue, a different vulnerability than CVE-2010-1797.","releases":{"buster":{"fixed_version":"2.4.0-1","repositories":{"buster":"2.9.1-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.4.0-1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.4.0-1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.4.0-1","repositories":{"sid":"2.9.1-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-2541":{"scope":"remote","description":"Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.","releases":{"buster":{"fixed_version":"2.4.2-1","repositories":{"buster":"2.9.1-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.4.2-1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.4.2-1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.4.2-1","repositories":{"sid":"2.9.1-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-2241":{"debianbug":741299,"scope":"remote","description":"The (1) cf2_initLocalRegionBuffer and (2) cf2_initGlobalRegionBuffer functions in cff/cf2ft.c in FreeType before 2.5.3 do not properly check if a subroutine exists, which allows remote attackers to cause a denial of service (assertion failure), as demonstrated by a crafted ttf file.","releases":{"buster":{"fixed_version":"2.5.2-1.1","repositories":{"buster":"2.9.1-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.5.2-1.1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.5.2-1.1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.5.2-1.1","repositories":{"sid":"2.9.1-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-9672":{"debianbug":777656,"scope":"remote","description":"Array index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information from process memory via a crafted FOND resource in a Mac font file.","releases":{"buster":{"fixed_version":"2.5.2-3","repositories":{"buster":"2.9.1-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.5.2-3","repositories":{"stretch":"2.6.3-3.2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.5.2-3","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.5.2-3","repositories":{"sid":"2.9.1-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-9671":{"debianbug":777656,"scope":"remote","description":"Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented.","releases":{"buster":{"fixed_version":"2.5.2-3","repositories":{"buster":"2.9.1-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.5.2-3","repositories":{"stretch":"2.6.3-3.2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.5.2-3","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.5.2-3","repositories":{"sid":"2.9.1-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-9674":{"debianbug":777656,"scope":"remote","description":"The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.","releases":{"buster":{"fixed_version":"2.5.2-3","repositories":{"buster":"2.9.1-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.5.2-3","repositories":{"stretch":"2.6.3-3.2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.5.2-3","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.5.2-3","repositories":{"sid":"2.9.1-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-2240":{"debianbug":741299,"scope":"remote","description":"Stack-based buffer overflow in the cf2_hintmap_build function in cff/cf2hints.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of stem hints in a font file.","releases":{"buster":{"fixed_version":"2.5.2-1.1","repositories":{"buster":"2.9.1-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.5.2-1.1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.5.2-1.1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.5.2-1.1","repositories":{"sid":"2.9.1-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-9673":{"debianbug":777656,"scope":"remote","description":"Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.","releases":{"buster":{"fixed_version":"2.5.2-3","repositories":{"buster":"2.9.1-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.5.2-3","repositories":{"stretch":"2.6.3-3.2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.5.2-3","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.5.2-3","repositories":{"sid":"2.9.1-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-8105":{"debianbug":861220,"scope":"remote","description":"FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c.","releases":{"buster":{"fixed_version":"2.6.3-3.2","repositories":{"buster":"2.9.1-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.6.3-3.2","repositories":{"stretch":"2.6.3-3.2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.5.2-3+deb8u2","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.6.3-3.2","repositories":{"sid":"2.9.1-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-9670":{"debianbug":777656,"scope":"remote","description":"Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row.","releases":{"buster":{"fixed_version":"2.5.2-3","repositories":{"buster":"2.9.1-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.5.2-3","repositories":{"stretch":"2.6.3-3.2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.5.2-3","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.5.2-3","repositories":{"sid":"2.9.1-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-2500":{"scope":"remote","description":"Integer overflow in the gray_render_span function in smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.","releases":{"buster":{"fixed_version":"2.4.0-1","repositories":{"buster":"2.9.1-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.0-1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.0-1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.0-1","repositories":{"sid":"2.9.1-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-1130":{"debianbug":662864,"scope":"remote","description":"FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted property data in a PCF font.","releases":{"buster":{"fixed_version":"2.4.9-1","repositories":{"buster":"2.9.1-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.4.9-1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.4.9-1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.4.9-1","repositories":{"sid":"2.9.1-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-1131":{"debianbug":662864,"scope":"remote","description":"FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, on 64-bit platforms allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors related to the cell table of a font.","releases":{"buster":{"fixed_version":"2.4.9-1","repositories":{"buster":"2.9.1-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.4.9-1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.4.9-1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.4.9-1","repositories":{"sid":"2.9.1-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-6942":{"debianbug":890450,"scope":"remote","description":"An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file.","releases":{"buster":{"fixed_version":"2.9.1-3","repositories":{"buster":"2.9.1-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.6.3-3.2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.9.1-3","repositories":{"sid":"2.9.1-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-1132":{"debianbug":662864,"scope":"remote","description":"FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted dictionary data in a Type 1 font.","releases":{"buster":{"fixed_version":"2.4.9-1","repositories":{"buster":"2.9.1-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.4.9-1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.4.9-1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.4.9-1","repositories":{"sid":"2.9.1-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-1133":{"debianbug":662864,"scope":"remote","description":"FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font.","releases":{"buster":{"fixed_version":"2.4.9-1","repositories":{"buster":"2.9.1-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.4.9-1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.4.9-1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.4.9-1","repositories":{"sid":"2.9.1-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-1134":{"debianbug":662864,"scope":"remote","description":"FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted private-dictionary data in a Type 1 font.","releases":{"buster":{"fixed_version":"2.4.9-1","repositories":{"buster":"2.9.1-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.4.9-1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.4.9-1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.4.9-1","repositories":{"sid":"2.9.1-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-2808":{"scope":"remote","description":"Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font.","releases":{"buster":{"fixed_version":"2.4.2-1","repositories":{"buster":"2.9.1-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.2-1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.2-1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.2-1","repositories":{"sid":"2.9.1-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-10328":{"scope":"remote","description":"FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run function in cff/cffparse.c.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.9.1-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.6.3-3.2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.9.1-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-2807":{"scope":"remote","description":"FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.","releases":{"buster":{"fixed_version":"2.4.2-1","repositories":{"buster":"2.9.1-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.2-1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.2-1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.2-1","repositories":{"sid":"2.9.1-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-1135":{"debianbug":662864,"scope":"remote","description":"FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the NPUSHB and NPUSHW instructions in a TrueType font.","releases":{"buster":{"fixed_version":"2.4.9-1","repositories":{"buster":"2.9.1-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.4.9-1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.4.9-1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.4.9-1","repositories":{"sid":"2.9.1-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-2806":{"scope":"remote","description":"Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"2.4.2-1","repositories":{"buster":"2.9.1-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.2-1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.2-1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.2-1","repositories":{"sid":"2.9.1-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-1136":{"debianbug":662864,"scope":"remote","description":"FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font that lacks an ENCODING field.","releases":{"buster":{"fixed_version":"2.4.9-1","repositories":{"buster":"2.9.1-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.4.9-1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.4.9-1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.4.9-1","repositories":{"sid":"2.9.1-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-1137":{"debianbug":662864,"scope":"remote","description":"FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted header in a BDF font.","releases":{"buster":{"fixed_version":"2.4.9-1","repositories":{"buster":"2.9.1-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.4.9-1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.4.9-1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.4.9-1","repositories":{"sid":"2.9.1-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-2805":{"scope":"remote","description":"The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.","releases":{"buster":{"fixed_version":"2.4.2-1","repositories":{"buster":"2.9.1-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.2-1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.2-1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.2-1","repositories":{"sid":"2.9.1-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-1138":{"debianbug":662864,"scope":"remote","description":"FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the MIRP instruction in a TrueType font.","releases":{"buster":{"fixed_version":"2.4.9-1","repositories":{"buster":"2.9.1-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.4.9-1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.4.9-1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.4.9-1","repositories":{"sid":"2.9.1-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-1139":{"debianbug":662864,"scope":"remote","description":"Array index error in FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid stack read operation and memory corruption) or possibly execute arbitrary code via crafted glyph data in a BDF font.","releases":{"buster":{"fixed_version":"2.4.9-1","repositories":{"buster":"2.9.1-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.4.9-1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.4.9-1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.4.9-1","repositories":{"sid":"2.9.1-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-10244":{"debianbug":856971,"scope":"remote","description":"The parse_charstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted file.","releases":{"buster":{"fixed_version":"2.6.3-3.1","repositories":{"buster":"2.9.1-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.6.3-3.1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.5.2-3+deb8u2","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.6.3-3.1","repositories":{"sid":"2.9.1-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-9746":{"debianbug":798619,"scope":"remote","description":"The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse_font_matrix function in cid/cidload.c, (3) t42_parse_font_matrix function in type42/t42parse.c, and (4) ps_parser_load_field function in psaux/psobjs.c in FreeType before 2.5.4 do not check return values, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted font.","releases":{"buster":{"fixed_version":"2.6-1","repositories":{"buster":"2.9.1-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.6-1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.5.2-3+deb8u1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.6-1","repositories":{"sid":"2.9.1-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-9669":{"debianbug":777656,"scope":"remote","description":"Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table.","releases":{"buster":{"fixed_version":"2.5.2-3","repositories":{"buster":"2.9.1-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.5.2-3","repositories":{"stretch":"2.6.3-3.2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.5.2-3","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.5.2-3","repositories":{"sid":"2.9.1-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-9745":{"debianbug":798620,"scope":"remote","description":"The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (infinite loop) via a \"broken number-with-base\" in a Postscript stream, as demonstrated by 8#garbage.","releases":{"buster":{"fixed_version":"2.6-1","repositories":{"buster":"2.9.1-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.6-1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.5.2-3+deb8u1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.6-1","repositories":{"sid":"2.9.1-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-1861":{"scope":"remote","description":"Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c.  NOTE: item 4 was originally identified by CVE-2006-2493.","releases":{"buster":{"fixed_version":"2.2.1-1","repositories":{"buster":"2.9.1-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.2.1-1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.2.1-1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.2.1-1","repositories":{"sid":"2.9.1-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-9668":{"debianbug":777656,"scope":"remote","description":"The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting length values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Web Open Font Format (WOFF) file.","releases":{"buster":{"fixed_version":"2.5.2-3","repositories":{"buster":"2.9.1-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.5.2-3","repositories":{"stretch":"2.6.3-3.2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.5.2-3","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.5.2-3","repositories":{"sid":"2.9.1-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-9747":{"debianbug":798619,"scope":"remote","description":"The t42_parse_encoding function in type42/t42parse.c in FreeType before 2.5.4 does not properly update the current position for immediates-only mode, which allows remote attackers to cause a denial of service (infinite loop) via a Type42 font.","releases":{"buster":{"fixed_version":"2.6-1","repositories":{"buster":"2.9.1-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.6-1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.5.2-3+deb8u1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.6-1","repositories":{"sid":"2.9.1-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-2499":{"scope":"remote","description":"Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LaserWriter PS font file with an embedded PFB fragment.","releases":{"buster":{"fixed_version":"2.4.0-1","repositories":{"buster":"2.9.1-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.0-1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.0-1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.0-1","repositories":{"sid":"2.9.1-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-9665":{"debianbug":777656,"scope":"remote","description":"The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and pitch values of PNG data, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact by embedding a PNG file in a .ttf font file.","releases":{"buster":{"fixed_version":"2.5.2-3","repositories":{"buster":"2.9.1-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.5.2-3","repositories":{"stretch":"2.6.3-3.2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.5.2-3","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.5.2-3","repositories":{"sid":"2.9.1-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-2498":{"scope":"remote","description":"The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted font file that triggers an invalid free operation.","releases":{"buster":{"fixed_version":"2.4.0-1","repositories":{"buster":"2.9.1-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.0-1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.0-1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.0-1","repositories":{"sid":"2.9.1-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-9664":{"debianbug":777656,"scope":"remote","description":"FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c.","releases":{"buster":{"fixed_version":"2.5.2-3","repositories":{"buster":"2.9.1-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.5.2-3","repositories":{"stretch":"2.6.3-3.2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.5.2-3","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.5.2-3","repositories":{"sid":"2.9.1-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-2497":{"scope":"remote","description":"Integer underflow in glyph handling in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.","releases":{"buster":{"fixed_version":"2.4.0-1","repositories":{"buster":"2.9.1-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.0-1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.0-1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.0-1","repositories":{"sid":"2.9.1-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-9667":{"debianbug":777656,"scope":"remote","description":"sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table.","releases":{"buster":{"fixed_version":"2.5.2-3","repositories":{"buster":"2.9.1-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.5.2-3","repositories":{"stretch":"2.6.3-3.2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.5.2-3","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.5.2-3","repositories":{"sid":"2.9.1-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-9666":{"debianbug":777656,"scope":"remote","description":"The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted embedded bitmap.","releases":{"buster":{"fixed_version":"2.5.2-3","repositories":{"buster":"2.9.1-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.5.2-3","repositories":{"stretch":"2.6.3-3.2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.5.2-3","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.5.2-3","repositories":{"sid":"2.9.1-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-9661":{"debianbug":777656,"scope":"remote","description":"type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font.","releases":{"buster":{"fixed_version":"2.5.2-3","repositories":{"buster":"2.9.1-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.5.2-3","repositories":{"stretch":"2.6.3-3.2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.5.2-3","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.5.2-3","repositories":{"sid":"2.9.1-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-9660":{"debianbug":777656,"scope":"remote","description":"The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font.","releases":{"buster":{"fixed_version":"2.5.2-3","repositories":{"buster":"2.9.1-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.5.2-3","repositories":{"stretch":"2.6.3-3.2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.5.2-3","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.5.2-3","repositories":{"sid":"2.9.1-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-9663":{"debianbug":777656,"scope":"remote","description":"The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table.","releases":{"buster":{"fixed_version":"2.5.2-3","repositories":{"buster":"2.9.1-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.5.2-3","repositories":{"stretch":"2.6.3-3.2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.5.2-3","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.5.2-3","repositories":{"sid":"2.9.1-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7864":{"scope":"remote","description":"FreeType 2 before 2017-02-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tt_size_reset function in truetype/ttobjs.c.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.9.1-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.6.3-3.2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.9.1-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-9662":{"debianbug":777656,"scope":"remote","description":"cff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted OTF font.","releases":{"buster":{"fixed_version":"2.5.2-3","repositories":{"buster":"2.9.1-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.5.2-3","repositories":{"stretch":"2.6.3-3.2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.5.2-3","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.5.2-3","repositories":{"sid":"2.9.1-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-1351":{"debianbug":426771,"scope":"remote","description":"Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.","releases":{"buster":{"fixed_version":"2.3.5-1","repositories":{"buster":"2.9.1-3"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.3.5-1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.3.5-1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.3.5-1","repositories":{"sid":"2.9.1-3"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2008-1808":{"debianbug":485841,"scope":"remote","description":"Multiple off-by-one errors in FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via (1) a crafted table in a Printer Font Binary (PFB) file or (2) a crafted SHC instruction in a TrueType Font (TTF) file, which triggers a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"2.3.6-1","repositories":{"buster":"2.9.1-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.3.6-1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.3.6-1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.3.6-1","repositories":{"sid":"2.9.1-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-1807":{"debianbug":485841,"scope":"remote","description":"FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via an invalid \"number of axes\" field in a Printer Font Binary (PFB) file, which triggers a free of arbitrary memory locations, leading to memory corruption.","releases":{"buster":{"fixed_version":"2.3.6-1","repositories":{"buster":"2.9.1-3"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.3.6-1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.3.6-1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.3.6-1","repositories":{"sid":"2.9.1-3"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2008-1806":{"debianbug":485841,"scope":"remote","description":"Integer overflow in FreeType2 before 2.3.6 allows context-dependent attackers to execute arbitrary code via a crafted set of 16-bit length values within the Private dictionary table in a Printer Font Binary (PFB) file, which triggers a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"2.3.6-1","repositories":{"buster":"2.9.1-3"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.3.6-1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.3.6-1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.3.6-1","repositories":{"sid":"2.9.1-3"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2012-1141":{"debianbug":662864,"scope":"remote","description":"FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted ASCII string in a BDF font.","releases":{"buster":{"fixed_version":"2.4.9-1","repositories":{"buster":"2.9.1-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.4.9-1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.4.9-1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.4.9-1","repositories":{"sid":"2.9.1-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-1142":{"debianbug":662864,"scope":"remote","description":"FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph-outline data in a font.","releases":{"buster":{"fixed_version":"2.4.9-1","repositories":{"buster":"2.9.1-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.4.9-1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.4.9-1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.4.9-1","repositories":{"sid":"2.9.1-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-1143":{"debianbug":662864,"scope":"remote","description":"FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted font.","releases":{"buster":{"fixed_version":"2.4.9-1","repositories":{"buster":"2.9.1-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.4.9-1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.4.9-1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.4.9-1","repositories":{"sid":"2.9.1-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-1144":{"debianbug":662864,"scope":"remote","description":"FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via a crafted TrueType font.","releases":{"buster":{"fixed_version":"2.4.9-1","repositories":{"buster":"2.9.1-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.4.9-1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.4.9-1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.4.9-1","repositories":{"sid":"2.9.1-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-2754":{"debianbug":425625,"scope":"remote","description":"Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow.","releases":{"buster":{"fixed_version":"2.2.1-6","repositories":{"buster":"2.9.1-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.2.1-6","repositories":{"stretch":"2.6.3-3.2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.2.1-6","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.2.1-6","repositories":{"sid":"2.9.1-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-5668":{"debianbug":696691,"scope":"remote","description":"FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to BDF fonts and the improper handling of an \"allocation error\" in the bdf_free_font function.","releases":{"buster":{"fixed_version":"2.4.9-1.1","repositories":{"buster":"2.9.1-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.4.9-1.1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.4.9-1.1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.4.9-1.1","repositories":{"sid":"2.9.1-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-5669":{"debianbug":696691,"scope":"remote","description":"The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to BDF fonts and an incorrect calculation that triggers an out-of-bounds read.","releases":{"buster":{"fixed_version":"2.4.9-1.1","repositories":{"buster":"2.9.1-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.4.9-1.1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.4.9-1.1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.4.9-1.1","repositories":{"sid":"2.9.1-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-3439":{"debianbug":649122,"scope":"remote","description":"FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document.","releases":{"buster":{"fixed_version":"2.4.8-1","repositories":{"buster":"2.9.1-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.4.8-1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.4.8-1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.4.8-1","repositories":{"sid":"2.9.1-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-2519":{"scope":"remote","description":"Heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted length value in a POST fragment header in a font file.","releases":{"buster":{"fixed_version":"2.4.0-1","repositories":{"buster":"2.9.1-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.0-1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.0-1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.0-1","repositories":{"sid":"2.9.1-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-9658":{"debianbug":777656,"scope":"remote","description":"The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.","releases":{"buster":{"fixed_version":"2.5.2-3","repositories":{"buster":"2.9.1-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.5.2-3","repositories":{"stretch":"2.6.3-3.2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.5.2-3","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.5.2-3","repositories":{"sid":"2.9.1-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-9657":{"debianbug":777656,"scope":"remote","description":"The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.","releases":{"buster":{"fixed_version":"2.5.2-3","repositories":{"buster":"2.9.1-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.5.2-3","repositories":{"stretch":"2.6.3-3.2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.5.2-3","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.5.2-3","repositories":{"sid":"2.9.1-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-9659":{"debianbug":777656,"scope":"remote","description":"cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted OpenType font.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2240.","releases":{"buster":{"fixed_version":"2.5.2-3","repositories":{"buster":"2.9.1-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.5.2-3","repositories":{"stretch":"2.6.3-3.2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.5.2-3","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.5.2-3","repositories":{"sid":"2.9.1-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-2661":{"scope":"remote","description":"ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a crafted font file that triggers a null dereference.","releases":{"buster":{"fixed_version":"2.2.1-1","repositories":{"buster":"2.9.1-3"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.2.1-1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.2.1-1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.2.1-1","repositories":{"sid":"2.9.1-3"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2010-2520":{"scope":"remote","description":"Heap-based buffer overflow in the Ins_IUP function in truetype/ttinterp.c in FreeType before 2.4.0, when TrueType bytecode support is enabled, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.","releases":{"buster":{"fixed_version":"2.4.0-1","repositories":{"buster":"2.9.1-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.0-1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.0-1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.0-1","repositories":{"sid":"2.9.1-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-9656":{"debianbug":777656,"scope":"remote","description":"The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font.","releases":{"buster":{"fixed_version":"2.5.2-3","repositories":{"buster":"2.9.1-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.5.2-3","repositories":{"stretch":"2.6.3-3.2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.5.2-3","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.5.2-3","repositories":{"sid":"2.9.1-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-3054":{"scope":"remote","description":"Unspecified vulnerability in FreeType 2.3.9, and other versions before 2.4.2, allows remote attackers to cause a denial of service via vectors involving nested Standard Encoding Accented Character (aka seac) calls, related to psaux.h, cffgload.c, cffgload.h, and t1decode.c.","releases":{"buster":{"fixed_version":"2.4.2-1","repositories":{"buster":"2.9.1-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.4.2-1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.4.2-1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.4.2-1","repositories":{"sid":"2.9.1-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-3053":{"scope":"remote","description":"bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string.","releases":{"buster":{"fixed_version":"2.4.2-1","repositories":{"buster":"2.9.1-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.2-1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.2-1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.2-1","repositories":{"sid":"2.9.1-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-2527":{"scope":"remote","description":"Multiple buffer overflows in demo programs in FreeType before 2.4.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.","releases":{"buster":{"fixed_version":"2.4.0-1","repositories":{"buster":"2.9.1-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.0-1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.0-1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.0-1","repositories":{"sid":"2.9.1-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-3814":{"debianbug":602221,"scope":"remote","description":"Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in FreeType 2.4.3 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SHZ bytecode instruction, related to TrueType opcodes, as demonstrated by a PDF document with a crafted embedded font.","releases":{"buster":{"fixed_version":"2.4.2-2.1","repositories":{"buster":"2.9.1-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.2-2.1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.2-2.1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.2-2.1","repositories":{"sid":"2.9.1-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-8287":{"debianbug":861308,"scope":"remote","description":"FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c.","releases":{"buster":{"fixed_version":"2.6.3-3.2","repositories":{"buster":"2.9.1-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.6.3-3.2","repositories":{"stretch":"2.6.3-3.2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.5.2-3+deb8u2","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.6.3-3.2","repositories":{"sid":"2.9.1-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-3855":{"debianbug":602221,"scope":"remote","description":"Buffer overflow in the ft_var_readpackedpoints function in truetype/ttgxvar.c in FreeType 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TrueType GX font.","releases":{"buster":{"fixed_version":"2.4.2-2.1","repositories":{"buster":"2.9.1-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.2-2.1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.2-2.1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.2-2.1","repositories":{"sid":"2.9.1-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-1140":{"debianbug":662864,"scope":"remote","description":"FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted PostScript font object.","releases":{"buster":{"fixed_version":"2.4.9-1","repositories":{"buster":"2.9.1-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.4.9-1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.4.9-1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.4.9-1","repositories":{"sid":"2.9.1-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-1797":{"scope":"remote","description":"Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information.","releases":{"buster":{"fixed_version":"2.4.2-1","repositories":{"buster":"2.9.1-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.4.2-1","repositories":{"stretch":"2.6.3-3.2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.4.2-1","repositories":{"jessie":"2.5.2-3+deb8u2","jessie-security":"2.5.2-3+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.4.2-1","repositories":{"sid":"2.9.1-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-5269":{"debianbug":886675,"scope":"remote","description":"In OpenCV 3.3.1, an assertion failure happens in cv::RBaseStream::setPos in modules/imgcodecs/src/bitstrm.cpp because of an incorrect integer cast.","releases":{"buster":{"fixed_version":"3.2.0+dfsg-6","repositories":{"buster":"3.2.0+dfsg-6"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.4.9.1+dfsg1-2"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"jessie":{"fixed_version":"2.4.9.1+dfsg-1+deb8u2","repositories":{"jessie":"2.4.9.1+dfsg-1+deb8u1","jessie-security":"2.4.9.1+dfsg-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.2.0+dfsg-6","repositories":{"sid":"3.2.0+dfsg-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-5268":{"debianbug":886674,"scope":"remote","description":"In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000.cpp when parsing a crafted image file.","releases":{"buster":{"fixed_version":"3.2.0+dfsg-6","repositories":{"buster":"3.2.0+dfsg-6"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.4.9.1+dfsg1-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"2.4.9.1+dfsg-1+deb8u2","repositories":{"jessie":"2.4.9.1+dfsg-1+deb8u1","jessie-security":"2.4.9.1+dfsg-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.2.0+dfsg-6","repositories":{"sid":"3.2.0+dfsg-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-17760":{"debianbug":885843,"scope":"remote","description":"OpenCV 3.3.1 has a Buffer Overflow in the cv::PxMDecoder::readData function in grfmt_pxm.cpp, because an incorrect size value is used.","releases":{"buster":{"fixed_version":"3.2.0+dfsg-6","repositories":{"buster":"3.2.0+dfsg-6"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.4.9.1+dfsg1-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"2.4.9.1+dfsg-1+deb8u2","repositories":{"jessie":"2.4.9.1+dfsg-1+deb8u1","jessie-security":"2.4.9.1+dfsg-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.2.0+dfsg-6","repositories":{"sid":"3.2.0+dfsg-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-12599":{"debianbug":872044,"scope":"remote","description":"OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the function icvCvt_BGRA2BGR_8u_C4C3R when reading an image file by using cv::imread.","releases":{"buster":{"fixed_version":"3.2.0+dfsg-6","repositories":{"buster":"3.2.0+dfsg-6"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.4.9.1+dfsg1-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"2.4.9.1+dfsg-1+deb8u2","repositories":{"jessie":"2.4.9.1+dfsg-1+deb8u1","jessie-security":"2.4.9.1+dfsg-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.2.0+dfsg-6","repositories":{"sid":"3.2.0+dfsg-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-12863":{"debianbug":875344,"scope":"remote","description":"In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function PxMDecoder::readData has an integer overflow when calculate src_pitch. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier.","releases":{"buster":{"fixed_version":"3.2.0+dfsg-6","repositories":{"buster":"3.2.0+dfsg-6"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.4.9.1+dfsg1-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"2.4.9.1+dfsg-1+deb8u2","repositories":{"jessie":"2.4.9.1+dfsg-1+deb8u1","jessie-security":"2.4.9.1+dfsg-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.2.0+dfsg-6","repositories":{"sid":"3.2.0+dfsg-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-1000450":{"debianbug":886282,"scope":"remote","description":"In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the input length, which can lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier.","releases":{"buster":{"fixed_version":"3.2.0+dfsg-6","repositories":{"buster":"3.2.0+dfsg-6"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.4.9.1+dfsg1-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"2.4.9.1+dfsg-1+deb8u2","repositories":{"jessie":"2.4.9.1+dfsg-1+deb8u1","jessie-security":"2.4.9.1+dfsg-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.2.0+dfsg-6","repositories":{"sid":"3.2.0+dfsg-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-12600":{"debianbug":872045,"scope":"remote","description":"OpenCV (Open Source Computer Vision Library) through 3.3 has a denial of service (CPU consumption) issue, as demonstrated by the 11-opencv-dos-cpu-exhaust test case.","releases":{"buster":{"fixed_version":"3.2.0+dfsg-6","repositories":{"buster":"3.2.0+dfsg-6"},"urgency":"high**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.4.9.1+dfsg1-2"},"urgency":"high**","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.4.9.1+dfsg-1+deb8u1","jessie-security":"2.4.9.1+dfsg-1+deb8u2"},"urgency":"high**","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"3.2.0+dfsg-6","repositories":{"sid":"3.2.0+dfsg-6"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-12864":{"debianbug":875345,"scope":"remote","description":"In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did not checkout the input length, which lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier.","releases":{"buster":{"fixed_version":"3.2.0+dfsg-6","repositories":{"buster":"3.2.0+dfsg-6"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.4.9.1+dfsg1-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"2.4.9.1+dfsg-1+deb8u2","repositories":{"jessie":"2.4.9.1+dfsg-1+deb8u1","jessie-security":"2.4.9.1+dfsg-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.2.0+dfsg-6","repositories":{"sid":"3.2.0+dfsg-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-12597":{"debianbug":872044,"scope":"remote","description":"OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread.","releases":{"buster":{"fixed_version":"3.2.0+dfsg-6","repositories":{"buster":"3.2.0+dfsg-6"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.4.9.1+dfsg1-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"2.4.9.1+dfsg-1+deb8u2","repositories":{"jessie":"2.4.9.1+dfsg-1+deb8u1","jessie-security":"2.4.9.1+dfsg-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.2.0+dfsg-6","repositories":{"sid":"3.2.0+dfsg-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-12598":{"debianbug":872044,"scope":"remote","description":"OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the cv::RBaseStream::readBlock function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the 8-opencv-invalid-read-fread test case.","releases":{"buster":{"fixed_version":"3.2.0+dfsg-6","repositories":{"buster":"3.2.0+dfsg-6"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.4.9.1+dfsg1-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"2.4.9.1+dfsg-1+deb8u2","repositories":{"jessie":"2.4.9.1+dfsg-1+deb8u1","jessie-security":"2.4.9.1+dfsg-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.2.0+dfsg-6","repositories":{"sid":"3.2.0+dfsg-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-12862":{"debianbug":875342,"scope":"remote","description":"In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer AutoBuffer _src is small than expected, which will cause copy buffer overflow later. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier.","releases":{"buster":{"fixed_version":"3.2.0+dfsg-6","repositories":{"buster":"3.2.0+dfsg-6"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.4.9.1+dfsg1-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"2.4.9.1+dfsg-1+deb8u2","repositories":{"jessie":"2.4.9.1+dfsg-1+deb8u1","jessie-security":"2.4.9.1+dfsg-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.2.0+dfsg-6","repositories":{"sid":"3.2.0+dfsg-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-14136":{"scope":"remote","description":"OpenCV (Open Source Computer Vision Library) 3.3 has an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12597.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.2.0+dfsg-6"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.4.9.1+dfsg1-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.4.9.1+dfsg-1+deb8u1","jessie-security":"2.4.9.1+dfsg-1+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.2.0+dfsg-6"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-12605":{"debianbug":872044,"scope":"remote","description":"OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the FillColorRow8 function in utils.cpp when reading an image file by using cv::imread.","releases":{"buster":{"fixed_version":"3.2.0+dfsg-6","repositories":{"buster":"3.2.0+dfsg-6"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.4.9.1+dfsg1-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"2.4.9.1+dfsg-1+deb8u2","repositories":{"jessie":"2.4.9.1+dfsg-1+deb8u1","jessie-security":"2.4.9.1+dfsg-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.2.0+dfsg-6","repositories":{"sid":"3.2.0+dfsg-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-1517":{"debianbug":872043,"scope":"remote","description":"OpenCV 3.0.0 allows remote attackers to cause a denial of service (segfault) via vectors involving corrupt chunks.","releases":{"buster":{"fixed_version":"3.2.0+dfsg-6","repositories":{"buster":"3.2.0+dfsg-6"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.4.9.1+dfsg1-2"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.4.9.1+dfsg-1+deb8u1","jessie-security":"2.4.9.1+dfsg-1+deb8u2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3.2.0+dfsg-6","repositories":{"sid":"3.2.0+dfsg-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-12606":{"debianbug":872044,"scope":"remote","description":"OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the function FillColorRow4 in utils.cpp when reading an image file by using cv::imread.","releases":{"buster":{"fixed_version":"3.2.0+dfsg-6","repositories":{"buster":"3.2.0+dfsg-6"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.4.9.1+dfsg1-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"2.4.9.1+dfsg-1+deb8u2","repositories":{"jessie":"2.4.9.1+dfsg-1+deb8u1","jessie-security":"2.4.9.1+dfsg-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.2.0+dfsg-6","repositories":{"sid":"3.2.0+dfsg-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-1516":{"debianbug":872043,"scope":"remote","description":"OpenCV 3.0.0 has a double free issue that allows attackers to execute arbitrary code.","releases":{"buster":{"fixed_version":"3.2.0+dfsg-6","repositories":{"buster":"3.2.0+dfsg-6"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.4.9.1+dfsg1-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"2.4.9.1+dfsg-1+deb8u2","repositories":{"jessie":"2.4.9.1+dfsg-1+deb8u1","jessie-security":"2.4.9.1+dfsg-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.2.0+dfsg-6","repositories":{"sid":"3.2.0+dfsg-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-12603":{"debianbug":872044,"scope":"remote","description":"OpenCV (Open Source Computer Vision Library) through 3.3 has an invalid write in the cv::RLByteStream::getBytes function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the 2-opencv-heapoverflow-fseek test case.","releases":{"buster":{"fixed_version":"3.2.0+dfsg-6","repositories":{"buster":"3.2.0+dfsg-6"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.4.9.1+dfsg1-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"2.4.9.1+dfsg-1+deb8u2","repositories":{"jessie":"2.4.9.1+dfsg-1+deb8u1","jessie-security":"2.4.9.1+dfsg-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.2.0+dfsg-6","repositories":{"sid":"3.2.0+dfsg-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-18009":{"debianbug":924884,"scope":"remote","description":"In OpenCV 3.3.1, a heap-based buffer over-read exists in the function cv::HdrDecoder::checkSignature in modules/imgcodecs/src/grfmt_hdr.cpp.","releases":{"buster":{"nodsa":"Minor issue","repositories":{"buster":"3.2.0+dfsg-6"},"urgency":"low","nodsa_reason":"","status":"open"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.4.9.1+dfsg1-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.4.9.1+dfsg-1+deb8u1","jessie-security":"2.4.9.1+dfsg-1+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"repositories":{"sid":"3.2.0+dfsg-6"},"urgency":"low","status":"open"}}}}
{"CVE-2017-12604":{"debianbug":872044,"scope":"remote","description":"OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the FillUniColor function in utils.cpp when reading an image file by using cv::imread.","releases":{"buster":{"fixed_version":"3.2.0+dfsg-6","repositories":{"buster":"3.2.0+dfsg-6"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.4.9.1+dfsg1-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"2.4.9.1+dfsg-1+deb8u2","repositories":{"jessie":"2.4.9.1+dfsg-1+deb8u1","jessie-security":"2.4.9.1+dfsg-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.2.0+dfsg-6","repositories":{"sid":"3.2.0+dfsg-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-12601":{"debianbug":872044,"scope":"remote","description":"OpenCV (Open Source Computer Vision Library) through 3.3 has a buffer overflow in the cv::BmpDecoder::readData function in modules/imgcodecs/src/grfmt_bmp.cpp when reading an image file by using cv::imread, as demonstrated by the 4-buf-overflow-readData-memcpy test case.","releases":{"buster":{"fixed_version":"3.2.0+dfsg-6","repositories":{"buster":"3.2.0+dfsg-6"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.4.9.1+dfsg1-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"2.4.9.1+dfsg-1+deb8u2","repositories":{"jessie":"2.4.9.1+dfsg-1+deb8u1","jessie-security":"2.4.9.1+dfsg-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.2.0+dfsg-6","repositories":{"sid":"3.2.0+dfsg-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-12602":{"debianbug":872045,"scope":"remote","description":"OpenCV (Open Source Computer Vision Library) through 3.3 has a denial of service (memory consumption) issue, as demonstrated by the 10-opencv-dos-memory-exhaust test case.","releases":{"buster":{"fixed_version":"3.2.0+dfsg-6","repositories":{"buster":"3.2.0+dfsg-6"},"urgency":"high**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.4.9.1+dfsg1-2"},"urgency":"high**","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.4.9.1+dfsg-1+deb8u1","jessie-security":"2.4.9.1+dfsg-1+deb8u2"},"urgency":"high**","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"3.2.0+dfsg-6","repositories":{"sid":"3.2.0+dfsg-6"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-5018":{"debianbug":550978,"scope":"remote","description":"Stack-based buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to execute arbitrary code via a long command-line argument, as demonstrated by a CGI program that launches gif2png.","releases":{"buster":{"fixed_version":"2.5.2-1","repositories":{"buster":"2.5.8-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.5.2-1","repositories":{"stretch":"2.5.8-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.5.2-1","repositories":{"jessie":"2.5.8-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.5.2-1","repositories":{"sid":"2.5.8-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-4695":{"debianbug":610479,"scope":"remote","description":"A certain Fedora patch for gif2png.c in gif2png 2.5.1 and 2.5.2, as distributed in gif2png-2.5.1-1200.fc12 on Fedora 12 and gif2png_2.5.2-1 on Debian GNU/Linux, truncates a GIF pathname specified on the command line, which might allow remote attackers to create PNG files in unintended directories via a crafted command-line argument, as demonstrated by a CGI program that launches gif2png, a different vulnerability than CVE-2009-5018.","releases":{"buster":{"fixed_version":"2.5.4-2","repositories":{"buster":"2.5.8-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.5.4-2","repositories":{"stretch":"2.5.8-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.5.4-2","repositories":{"jessie":"2.5.8-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.5.4-2","repositories":{"sid":"2.5.8-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-4694":{"debianbug":610479,"scope":"remote","description":"Buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to cause a denial of service (application crash) or have unspecified other impact via a GIF file that contains many images, leading to long extensions such as .p100 for PNG output files, as demonstrated by a CGI program that launches gif2png, a different vulnerability than CVE-2009-5018.","releases":{"buster":{"fixed_version":"2.5.4-2","repositories":{"buster":"2.5.8-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.5.4-2","repositories":{"stretch":"2.5.8-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.5.4-2","repositories":{"jessie":"2.5.8-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.5.4-2","repositories":{"sid":"2.5.8-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-4008":{"scope":"remote","description":"Unbound before 1.4.4 does not send responses for signed zones after mishandling an unspecified query, which allows remote attackers to cause a denial of service (DNSSEC outage) via a crafted query.","releases":{"buster":{"fixed_version":"1.4.4-1","repositories":{"buster":"1.9.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.4.4-1","repositories":{"stretch":"1.6.0-3+deb9u2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.4.4-1","repositories":{"jessie":"1.4.22-3+deb8u3","jessie-security":"1.4.22-3+deb8u4"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.4.4-1","repositories":{"sid":"1.9.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-15105":{"debianbug":887733,"scope":"remote","description":"A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof.","releases":{"buster":{"fixed_version":"1.7.1-1","repositories":{"buster":"1.9.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.6.0-3+deb9u2","repositories":{"stretch":"1.6.0-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.4.22-3+deb8u4","repositories":{"jessie":"1.4.22-3+deb8u3","jessie-security":"1.4.22-3+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.7.1-1","repositories":{"sid":"1.9.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-1922":{"scope":"remote","description":"daemon/worker.c in Unbound 1.x before 1.4.10, when debugging functionality and the interface-automatic option are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DNS request that triggers improper error handling.","releases":{"buster":{"fixed_version":"1.4.10-1","repositories":{"buster":"1.9.0-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.4.10-1","repositories":{"stretch":"1.6.0-3+deb9u2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1.4.10-1","repositories":{"jessie":"1.4.22-3+deb8u3","jessie-security":"1.4.22-3+deb8u4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.4.10-1","repositories":{"sid":"1.9.0-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-4869":{"scope":"remote","description":"validator/val_nsec3.c in Unbound before 1.4.13p2 does not properly perform proof processing for NSEC3-signed zones, which allows remote DNS servers to cause a denial of service (daemon crash) via a malformed response that lacks expected NSEC3 records, a different vulnerability than CVE-2011-4528.","releases":{"buster":{"fixed_version":"1.4.14-1","repositories":{"buster":"1.9.0-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.4.14-1","repositories":{"stretch":"1.6.0-3+deb9u2"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.4.14-1","repositories":{"jessie":"1.4.22-3+deb8u3","jessie-security":"1.4.22-3+deb8u4"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.4.14-1","repositories":{"sid":"1.9.0-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2011-4528":{"scope":"remote","description":"Unbound before 1.4.13p2 attempts to free unallocated memory during processing of duplicate CNAME records in a signed zone, which allows remote DNS servers to cause a denial of service (daemon crash) via a crafted response.","releases":{"buster":{"fixed_version":"1.4.14-1","repositories":{"buster":"1.9.0-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.4.14-1","repositories":{"stretch":"1.6.0-3+deb9u2"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.4.14-1","repositories":{"jessie":"1.4.22-3+deb8u3","jessie-security":"1.4.22-3+deb8u4"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.4.14-1","repositories":{"sid":"1.9.0-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2010-0969":{"scope":"remote","description":"Unbound before 1.4.3 does not properly align structures on 64-bit platforms, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.","releases":{"buster":{"fixed_version":"1.4.3-1","repositories":{"buster":"1.9.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.4.3-1","repositories":{"stretch":"1.6.0-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.4.3-1","repositories":{"jessie":"1.4.22-3+deb8u3","jessie-security":"1.4.22-3+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.4.3-1","repositories":{"sid":"1.9.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-3602":{"scope":"remote","description":"Unbound before 1.3.4 does not properly verify signatures for NSEC3 records, which allows remote attackers to cause secure delegations to be downgraded via DNS spoofing or other DNS-related attacks in conjunction with crafted delegation responses.","releases":{"buster":{"fixed_version":"1.3.4-1","repositories":{"buster":"1.9.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.3.4-1","repositories":{"stretch":"1.6.0-3+deb9u2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.3.4-1","repositories":{"jessie":"1.4.22-3+deb8u3","jessie-security":"1.4.22-3+deb8u4"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.3.4-1","repositories":{"sid":"1.9.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-8602":{"debianbug":772622,"scope":"remote","description":"iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals.","releases":{"buster":{"fixed_version":"1.4.22-3","repositories":{"buster":"1.9.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.4.22-3","repositories":{"stretch":"1.6.0-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.4.22-3","repositories":{"jessie":"1.4.22-3+deb8u3","jessie-security":"1.4.22-3+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.4.22-3","repositories":{"sid":"1.9.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2003-0779":{"scope":"remote","description":"SQL injection vulnerability in the Call Detail Record (CDR) logging functionality for Asterisk allows remote attackers to execute arbitrary SQL via a CallerID string.","releases":{"buster":{"fixed_version":"0.7.0","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.7.0","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.7.0","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.7.0","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-17281":{"debianbug":909554,"scope":"remote","description":"There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket.","releases":{"buster":{"fixed_version":"1:13.23.1~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:13.14.1~dfsg-2+deb9u4","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:11.13.1~dfsg-2+deb8u6","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:13.23.1~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-3727":{"scope":"remote","description":"Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error messages depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames via multiple crafted REGISTER messages with inconsistent usernames in the URI in the To header and the Digest in the Authorization header.","releases":{"buster":{"fixed_version":"1:1.6.2.0~rc6-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.6.2.0~rc6-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:1.6.2.0~rc6-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.6.2.0~rc6-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-3723":{"debianbug":552756,"releases":{"buster":{"fixed_version":"1:1.6.2.0~rc3-2","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1:1.6.2.0~rc3-2","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1:1.6.2.0~rc3-2","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1:1.6.2.0~rc3-2","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2011-1147":{"debianbug":614580,"scope":"remote","description":"Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type and (2) udptl_rx_packet functions in main/udptl.c in Asterisk Open Source 1.4.x before 1.4.39.2, 1.6.1.x before 1.6.1.22, 1.6.2.x before 1.6.2.16.2, and 1.8 before 1.8.2.4; Business Edition C.x.x before C.3.6.3; AsteriskNOW 1.5; and s800i (Asterisk Appliance), when T.38 support is enabled, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDPTL packet.","releases":{"buster":{"fixed_version":"1:1.8.3.3-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.8.3.3-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:1.8.3.3-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.8.3.3-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-6610":{"debianbug":762164,"scope":"remote","description":"Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dialplan application.","releases":{"buster":{"fixed_version":"1:11.12.1~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1:11.12.1~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1:11.12.1~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1:11.12.1~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2006-5445":{"debianbug":395080,"scope":"remote","description":"Unspecified vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk 1.2.x before 1.2.13 and 1.4.x before 1.4.0-beta3 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of \"a real pvt structure\" that uses more resources than necessary.","releases":{"buster":{"fixed_version":"1:1.2.13~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1:1.2.13~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1:1.2.13~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1:1.2.13~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2016-2316":{"scope":"remote","description":"chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of service (file descriptor consumption) via vectors related to large retransmit timeout values.","releases":{"buster":{"fixed_version":"1:13.7.2~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:13.7.2~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:11.13.1~dfsg-2+deb8u1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:13.7.2~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-5444":{"debianbug":394025,"scope":"remote","description":"Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"1:1.2.13~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1:1.2.13~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1:1.2.13~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1:1.2.13~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2008-2119":{"scope":"remote","description":"Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedanticsipchecking) is enabled, allows remote attackers to cause a denial of service (daemon crash) via a SIP INVITE message that lacks a From header, related to invocations of the ast_uri_decode function, and improper handling of (1) an empty const string and (2) a NULL pointer.","releases":{"buster":{"fixed_version":"1.4","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.4","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.4","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.4","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-5641":{"debianbug":721220,"scope":"remote","description":"The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.17.x through 1.8.22.x, 1.8.23.x before 1.8.23.1, and 11.x before 11.5.1 and Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an ACK with SDP to a previously terminated channel.  NOTE: some of these details are obtained from third party information.","releases":{"buster":{"fixed_version":"1:11.5.1~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:11.5.1~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:11.5.1~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:11.5.1~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-5642":{"debianbug":721220,"scope":"remote","description":"The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.3-digiumphones allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an invalid SDP that defines a media description before the connection description in a SIP request.","releases":{"buster":{"fixed_version":"1:11.5.1~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:11.5.1~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:11.5.1~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:11.5.1~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-4521":{"scope":"remote","description":"Asterisk Open Source 1.4.5 through 1.4.11, when configured to use an IMAP voicemail storage backend, allows remote attackers to cause a denial of service via an e-mail with an \"invalid/corrupted\" MIME body, which triggers a crash when the recipient listens to voicemail.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-3863":{"scope":"remote","description":"channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses.","releases":{"buster":{"fixed_version":"1:1.8.13.1~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.8.13.1~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:1.8.13.1~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.8.13.1~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-2529":{"debianbug":631446,"scope":"remote","description":"chan_sip.c in the SIP channel driver in Asterisk Open Source 1.6.x before 1.6.2.18.1 and 1.8.x before 1.8.4.3 does not properly handle '\\0' characters in SIP packets, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted packet.","releases":{"buster":{"fixed_version":"1:1.8.4.3-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.8.4.3-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:1.8.4.3-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.8.4.3-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-6609":{"scope":"remote","description":"The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-2414":{"debianbug":670180,"scope":"remote","description":"main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4 does not properly enforce System class authorization requirements, which allows remote authenticated users to execute arbitrary commands via (1) the originate action in the MixMonitor application, (2) the SHELL and EVAL functions in the GetVar manager action, or (3) the SHELL and EVAL functions in the Status manager action.","releases":{"buster":{"fixed_version":"1:1.8.11.1~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.8.11.1~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:1.8.11.1~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.8.11.1~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7617":{"debianbug":859910,"scope":"remote","description":"Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI Monitor action.","releases":{"buster":{"fixed_version":"1:13.14.1~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:13.14.1~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:13.14.1~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-2415":{"debianbug":670180,"scope":"remote","description":"Heap-based buffer overflow in chan_skinny.c in the Skinny channel driver in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 allows remote authenticated users to cause a denial of service or possibly have unspecified other impact via a series of KEYPAD_BUTTON_MESSAGE events.","releases":{"buster":{"fixed_version":"1:1.8.11.1~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.8.11.1~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:1.8.11.1~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.8.11.1~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-2416":{"debianbug":670180,"scope":"remote","description":"chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.11.1 and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4, when the trustrpid option is enabled, allows remote authenticated users to cause a denial of service (daemon crash) by sending a SIP UPDATE message that triggers a connected-line update attempt without an associated channel.","releases":{"buster":{"fixed_version":"1:1.8.11.1~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.8.11.1~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:1.8.11.1~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.8.11.1~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-7550":{"debianbug":838833,"releases":{"buster":{"fixed_version":"1:13.11.2~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"1:13.11.2~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:13.11.2~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2016-7551":{"debianbug":838832,"scope":"remote","description":"chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service (port exhaustion).","releases":{"buster":{"fixed_version":"1:13.11.2~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:13.11.2~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:11.13.1~dfsg-2+deb8u1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:13.11.2~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-4345":{"debianbug":385060,"scope":"remote","description":"Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in Asterisk 1.0 through 1.2.10 allows remote attackers to execute arbitrary code via a crafted audit endpoint (AUEP) response.","releases":{"buster":{"fixed_version":"1:1.2.11.dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1:1.2.11.dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1:1.2.11.dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1:1.2.11.dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2010-0441":{"scope":"remote","description":"Asterisk Open Source 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, and 1.6.2.x before 1.6.2.2, and Business Edition C.3 before C.3.3.2, allows remote attackers to cause a denial of service (daemon crash) via an SIP T.38 negotiation with an SDP FaxMaxDatagram field that is (1) missing, (2) modified to contain a negative number, or (3) modified to contain a large number.","releases":{"buster":{"fixed_version":"1:1.6.2.2-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.6.2.2-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:1.6.2.2-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.6.2.2-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-4346":{"debianbug":385060,"scope":"remote","description":"Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to (1) execute code via format string specifiers or (2) overwrite files via directory traversals involving unspecified vectors, as demonstrated by the CALLERIDNAME variable.","releases":{"buster":{"fixed_version":"1:1.2.11.dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1:1.2.11.dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1:1.2.11.dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1:1.2.11.dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2013-2264":{"debianbug":704114,"scope":"remote","description":"The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by (1) reading HTTP status codes, (2) reading additional text in a 403 (aka Forbidden) response, or (3) observing whether certain retransmissions occur.","releases":{"buster":{"fixed_version":"1:1.8.13.1~dfsg-2","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:1.8.13.1~dfsg-2","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:1.8.13.1~dfsg-2","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:1.8.13.1~dfsg-2","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-2293":{"scope":"remote","description":"Multiple stack-based buffer overflows in the process_sdp function in chan_sip.c of the SIP channel T.38 SDP parser in Asterisk before 1.4.3 allow remote attackers to execute arbitrary code via a long (1) T38FaxRateManagement or (2) T38FaxUdpEC SDP parameter in an SIP message, as demonstrated using SIP INVITE.","releases":{"buster":{"fixed_version":"1:1.4.3~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"high","status":"resolved"},"stretch":{"fixed_version":"1:1.4.3~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"high","status":"resolved"},"jessie":{"fixed_version":"1:1.4.3~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"high","status":"resolved"},"sid":{"fixed_version":"1:1.4.3~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"high","status":"resolved"}}}}
{"CVE-2008-1897":{"scope":"remote","description":"The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x before 1.4.19.1; Business Edition A.x.x, B.x.x before B.2.5.2, and C.x.x before C.1.8.1; AsteriskNOW before 1.0.3; Appliance Developer Kit 0.x.x; and s800i before 1.1.0.3, when configured to allow unauthenticated calls, does not verify that an ACK response contains a call number matching the server's reply to a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed ACK response that does not complete a 3-way handshake.  NOTE: this issue exists because of an incomplete fix for CVE-2008-1923.","releases":{"buster":{"fixed_version":"1:1.4.19.1~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1:1.4.19.1~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1:1.4.19.1~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1:1.4.19.1~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2017-9358":{"debianbug":863906,"scope":"remote","description":"A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop).","releases":{"buster":{"fixed_version":"1:13.14.1~dfsg-2","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:13.14.1~dfsg-2","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:13.14.1~dfsg-2","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-14100":{"debianbug":873908,"scope":"remote","description":"In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The app_minivm module has an \"externnotify\" program configuration option that is executed by the MinivmNotify dialplan application. The application uses the caller-id name and number as part of a built string passed to the OS shell for interpretation and execution. Since the caller-id name and number can come from an untrusted source, a crafted caller-id name or number allows an arbitrary shell command injection.","releases":{"buster":{"fixed_version":"1:13.17.1~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:13.14.1~dfsg-2+deb9u1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:11.13.1~dfsg-2+deb8u3","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:13.17.1~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-2297":{"debianbug":419820,"scope":"remote","description":"The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x before 1.4.3 does not properly parse SIP UDP packets that do not contain a valid response code, which allows remote attackers to cause a denial of service (crash).","releases":{"buster":{"fixed_version":"1:1.4.2~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1:1.4.2~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1:1.4.2~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1:1.4.2~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2007-2294":{"scope":"remote","description":"The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (crash) by using MD5 authentication to authenticate a user that does not have a password defined in manager.conf, resulting in a NULL pointer dereference.","releases":{"buster":{"fixed_version":"1:1.4.3~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:1.4.3~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:1.4.3~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:1.4.3~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2005-3559":{"debianbug":338116,"scope":"remote","description":"Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a .. (dot dot) in the folder parameter.","releases":{"buster":{"fixed_version":"1:1.2.7.1.dfsg-2","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1:1.2.7.1.dfsg-2","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1:1.2.7.1.dfsg-2","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1:1.2.7.1.dfsg-2","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2010-0685":{"scope":"remote","description":"The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg.  NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available.","releases":{"buster":{"fixed_version":"1:1.6.2.6-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.6.2.6-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:1.6.2.6-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.6.2.6-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-2216":{"debianbug":629130,"scope":"remote","description":"reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.2 does not initialize certain strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed Contact header.","releases":{"buster":{"fixed_version":"1:1.8.4.2-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.8.4.2-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:1.8.4.2-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.8.4.2-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-17850":{"debianbug":885072,"scope":"remote","description":"An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel driver was used, Asterisk would crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled, a user would have to first be authorized before reaching the crash point.","releases":{"buster":{"fixed_version":"1:13.18.5~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:13.18.5~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-4598":{"debianbug":651552,"scope":"remote","description":"The handle_request_info function in channels/chan_sip.c in Asterisk Open Source 1.6.2.x before 1.6.2.21 and 1.8.x before 1.8.7.2, when automon is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted sequence of SIP requests.","releases":{"buster":{"fixed_version":"1:1.8.8.0~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.8.8.0~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:1.8.8.0~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.8.8.0~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-3389":{"debianbug":645881,"scope":"remote","description":"The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.","releases":{"buster":{"fixed_version":"1:13.7.2~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:13.7.2~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:11.13.1~dfsg-2+deb8u1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:13.7.2~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-7220":{"debianbug":555217,"scope":"remote","description":"Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make \"cross-site ajax requests\" via unknown vectors.","releases":{"buster":{"fixed_version":"1:1.6.2.0~rc3-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:1.6.2.0~rc3-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:1.6.2.0~rc3-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:1.6.2.0~rc3-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-2947":{"debianbug":675204,"scope":"remote","description":"chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold.","releases":{"buster":{"fixed_version":"1:1.8.13.0~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1:1.8.13.0~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1:1.8.13.0~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1:1.8.13.0~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2012-2948":{"debianbug":675210,"scope":"remote","description":"chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode.","releases":{"buster":{"fixed_version":"1:1.8.13.0~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.8.13.0~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:1.8.13.0~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.8.13.0~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-3264":{"scope":"remote","description":"The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request.","releases":{"buster":{"fixed_version":"1:1.4.21.2~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:1.4.21.2~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:1.4.21.2~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:1.4.21.2~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-4597":{"debianbug":651552,"scope":"remote","description":"The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests.","releases":{"buster":{"fixed_version":"1:1.8.8.0~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.8.8.0~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:1.8.8.0~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.8.8.0~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-3263":{"scope":"remote","description":"The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (call-number exhaustion and CPU consumption) by quickly sending a large number of IAX2 (IAX) POKE requests.","releases":{"buster":{"fixed_version":"1:1.4.21.2~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:1.4.21.2~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:1.4.21.2~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:1.4.21.2~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-1923":{"scope":"remote","description":"The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends \"early audio\" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message.","releases":{"buster":{"fixed_version":"1:1.4.19.1~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1:1.4.19.1~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1:1.4.19.1~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1:1.4.19.1~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2009-0871":{"scope":"remote","description":"The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4.23.1; 1.6.0 before 1.6.0.6; 1.6.1 before 1.6.1.0-rc2; and Asterisk Business Edition C.2.3, with the pedantic option enabled, allows remote authenticated users to cause a denial of service (crash) via a SIP INVITE request without any headers, which triggers a NULL pointer dereference in the (1) sip_uri_headers_cmp and (2) sip_uri_params_cmp functions.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-0885":{"debianbug":656596,"scope":"remote","description":"chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the res_srtp module is used and media support is improperly configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted SDP message with a crypto attribute and a (1) video or (2) text media type, as demonstrated by CSipSimple.","releases":{"buster":{"fixed_version":"1:1.8.8.2~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.8.8.2~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:1.8.8.2~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.8.8.2~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-2651":{"debianbug":539473,"scope":"remote","description":"main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote attackers to cause a denial of service (crash) via an RTP text frame without a certain delimiter, which triggers a NULL pointer dereference and the subsequent calculation of an invalid pointer.","releases":{"buster":{"fixed_version":"1:1.6.2.0~dfsg~rc1-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:1.6.2.0~dfsg~rc1-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:1.6.2.0~dfsg~rc1-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:1.6.2.0~dfsg~rc1-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-5358":{"scope":"remote","description":"Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow (1) remote attackers to execute arbitrary code via a long combination of Content-type and Content-description headers, or (2) local users to execute arbitrary code via a long combination of astspooldir, voicemail context, and voicemail mailbox fields.  NOTE: vector 2 requires write access to Asterisk configuration files.","releases":{"buster":{"fixed_version":"1:1.4.13~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1:1.4.13~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1:1.4.13~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1:1.4.13~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2007-2488":{"scope":"remote","description":"The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss of transmitted data, and possibly obtain sensitive information (memory contents) or cause a denial of service (application crash), by sending a frame that lacks a 0 byte.","releases":{"buster":{"fixed_version":"1:1.4.5~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:1.4.5~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:1.4.5~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:1.4.5~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-5558":{"debianbug":509686,"scope":"remote","description":"Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service (crash) via authentication attempts involving (1) an unknown user or (2) a user using hostname matching.","releases":{"buster":{"fixed_version":"1:1.4.0~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.4.0~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:1.4.0~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.4.0~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-1306":{"scope":"remote","description":"Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference.","releases":{"buster":{"fixed_version":"1:1.2.16~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1:1.2.16~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1:1.2.16~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1:1.2.16~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2019-7251":{"debianbug":923690,"scope":"remote","description":"An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 and earlier allows remote authenticated users to crash Asterisk via a specially crafted SDP protocol violation.","releases":{"buster":{"fixed_version":"1:16.2.1~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:16.2.1~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-4737":{"debianbug":680470,"scope":"remote","description":"channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials.","releases":{"buster":{"fixed_version":"1:1.8.13.1~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.8.13.1~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:1.8.13.1~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.8.13.1~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2003-0761":{"scope":"remote","description":"Buffer overflow in the get_msg_text of chan_sip.c in the Session Initiation Protocol (SIP) protocol implementation for Asterisk releases before August 15, 2003, allows remote attackers to execute arbitrary code via certain (1) MESSAGE or (2) INFO requests.","releases":{"buster":{"fixed_version":"0.5.0","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.5.0","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.5.0","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.5.0","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-7284":{"debianbug":891227,"scope":"remote","description":"A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed, despite having a fixed limit of 32. If more than 32 Accept headers were present, the code would write outside of its memory and cause a crash.","releases":{"buster":{"fixed_version":"1:13.20.0~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:13.14.1~dfsg-2+deb9u4","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:13.20.0~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-7285":{"scope":"remote","description":"A NULL pointer access issue was discovered in Asterisk 15.x through 15.2.1. The RTP support in Asterisk maintains its own registry of dynamic codecs and desired payload numbers. While an SDP negotiation may result in a codec using a different payload number, these desired ones are still stored internally. When an RTP packet was received, this registry would be consulted if the payload number was not found in the negotiated SDP. This registry was incorrectly consulted for all packets, even those which are dynamic. If the payload number resulted in a codec of a different type than the RTP stream (for example, the payload number resulted in a video codec but the stream carried audio), a crash could occur if no stream of that type had been negotiated. This was due to the code incorrectly assuming that a stream of that type would always exist.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-9374":{"debianbug":773230,"scope":"remote","description":"Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service (crash) by sending a zero length frame after a non-zero length frame.","releases":{"buster":{"fixed_version":"1:13.1.0~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:13.1.0~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:11.13.1~dfsg-2","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:13.1.0~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-7286":{"debianbug":891228,"scope":"remote","description":"An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a number of SIP INVITE messages on a TCP or TLS connection and then suddenly closing the connection.","releases":{"buster":{"fixed_version":"1:13.20.0~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:13.14.1~dfsg-2+deb9u4","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:13.20.0~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-7287":{"scope":"remote","description":"An issue was discovered in res_http_websocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled (default is disabled), WebSocket payloads of size 0 are mishandled (with a busy loop).","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-3008":{"debianbug":782411,"scope":"remote","description":"Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, and 13.x before 13.3.2 and Certified Asterisk 1.8.28 before 1.8.28-cert5, 11.6 before 11.6-cert11, and 13.1 before 13.1-cert2, when registering a SIP TLS device, does not properly handle a null byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.","releases":{"buster":{"fixed_version":"1:13.7.2~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:13.7.2~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:11.13.1~dfsg-2+deb8u1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:13.7.2~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-6430":{"debianbug":457063,"scope":"remote","description":"Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations (\"realtime\") and host-based authentication, does not check the IP address when the username is correct and there is no password, which allows remote attackers to bypass authentication using a valid username.","releases":{"buster":{"fixed_version":"1:1.4.16.2~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:1.4.16.2~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:1.4.16.2~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:1.4.16.2~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-1183":{"debianbug":664411,"scope":"remote","description":"Stack-based buffer overflow in the milliwatt_generate function in the Miliwatt application in Asterisk 1.4.x before 1.4.44, 1.6.x before 1.6.2.23, 1.8.x before 1.8.10.1, and 10.x before 10.2.1, when the o option is used and the internal_timing option is off, allows remote attackers to cause a denial of service (application crash) via a large number of samples in an audio packet.","releases":{"buster":{"fixed_version":"1:1.8.10.0~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.8.10.0~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:1.8.10.0~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.8.10.0~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-1184":{"debianbug":664411,"scope":"remote","description":"Stack-based buffer overflow in the ast_parse_digest function in main/utils.c in Asterisk 1.8.x before 1.8.10.1 and 10.x before 10.2.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in an HTTP Digest Authentication header.","releases":{"buster":{"fixed_version":"1:1.8.10.0~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:1.8.10.0~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:1.8.10.0~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:1.8.10.0~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-14603":{"debianbug":876328,"scope":"remote","description":"In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the \"nat\" and \"symmetric_rtp\" options allow redirecting where Asterisk sends the next RTCP report.","releases":{"buster":{"fixed_version":"1:13.17.2~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:13.14.1~dfsg-2+deb9u2","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:11.13.1~dfsg-2+deb8u4","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:13.17.2~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-1507":{"scope":"remote","description":"Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 do not restrict the number of unauthenticated sessions to certain interfaces, which allows remote attackers to cause a denial of service (file descriptor exhaustion and disk space exhaustion) via a series of TCP connections.","releases":{"buster":{"fixed_version":"1:1.8.3.3-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.8.3.3-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:1.8.3.3-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.8.3.3-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-3812":{"debianbug":680470,"scope":"remote","description":"Double free vulnerability in apps/app_voicemail.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones allows remote authenticated users to cause a denial of service (daemon crash) by establishing multiple voicemail sessions and accessing both the Urgent mailbox and the INBOX mailbox.","releases":{"buster":{"fixed_version":"1:1.8.13.1~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.8.13.1~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:1.8.13.1~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.8.13.1~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2232":{"scope":"remote","description":"Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3 allow remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a zero length error correcting redundancy packet for a UDPTL FAX packet that is lost.","releases":{"buster":{"fixed_version":"1:13.7.2~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:13.7.2~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:11.13.1~dfsg-2+deb8u1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:13.7.2~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-7100":{"debianbug":732355,"scope":"remote","description":"Buffer overflow in the unpacksms16 function in apps/app_sms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before 10.12.4-digiumphones; and Certified Asterisk 1.8.x before 1.8.15-cert4 and 11.x before 11.2-cert3 allows remote attackers to cause a denial of service (daemon crash) via a 16-bit SMS message with an odd number of bytes, which triggers an infinite loop.","releases":{"buster":{"fixed_version":"1:11.7.0~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:11.7.0~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:11.7.0~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:11.7.0~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-0495":{"debianbug":610487,"scope":"remote","description":"Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function.","releases":{"buster":{"fixed_version":"1:1.6.2.9-2+squeeze1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.6.2.9-2+squeeze1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:1.6.2.9-2+squeeze1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.6.2.9-2+squeeze1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-2898":{"debianbug":380054,"scope":"remote","description":"The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 and 1.0.x before 1.0.11 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via truncated IAX 2 (IAX2) video frames, which bypasses a length check and leads to a buffer overflow involving negative length check.  NOTE: the vendor advisory claims that only a DoS is possible, but the original researcher is reliable.","releases":{"buster":{"fixed_version":"1:1.2.10.dfsg-2","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:1.2.10.dfsg-2","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:1.2.10.dfsg-2","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:1.2.10.dfsg-2","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-0095":{"debianbug":458952,"scope":"remote","description":"The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference.","releases":{"buster":{"fixed_version":"1:1.4.17~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1:1.4.17~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1:1.4.17~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1:1.4.17~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2007-4280":{"scope":"remote","description":"The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population.","releases":{"buster":{"fixed_version":"1:1.4.10~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1:1.4.10~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1:1.4.10~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1:1.4.10~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-12227":{"debianbug":902954,"scope":"remote","description":"An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. When endpoint specific ACL rules block a SIP request, they respond with a 403 forbidden. However, if an endpoint is not identified, then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot be bypassed to gain access to the disclosed endpoints.","releases":{"buster":{"fixed_version":"1:13.22.0~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:13.14.1~dfsg-2+deb9u4","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:13.22.0~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-12228":{"scope":"remote","description":"An issue was discovered in Asterisk Open Source 15.x before 15.4.1. When connected to Asterisk via TCP/TLS, if the client abruptly disconnects, or sends a specially crafted message, then Asterisk gets caught in an infinite loop while trying to read the data stream. This renders the system unusable.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-17664":{"debianbug":884345,"scope":"remote","description":"A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack.","releases":{"buster":{"fixed_version":"1:13.18.5~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:13.14.1~dfsg-2+deb9u3","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:13.18.5~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-4055":{"debianbug":559103,"scope":"remote","description":"rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before 1.4.27.1, 1.6.0.x before 1.6.0.19, and 1.6.1.x before 1.6.1.11; Business Edition B.x.x before B.2.5.13, C.2.x.x before C.2.4.6, and C.3.x.x before C.3.2.3; and s800i 1.3.x before 1.3.0.6 allows remote attackers to cause a denial of service (daemon crash) via an RTP comfort noise payload with a long data length.","releases":{"buster":{"fixed_version":"1:1.6.2.0~rc7-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.6.2.0~rc7-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:1.6.2.0~rc7-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.6.2.0~rc7-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-2383":{"debianbug":555217,"scope":"remote","description":"The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka \"JavaScript Hijacking.\"","releases":{"buster":{"fixed_version":"1:1.6.2.0~rc3-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:1.6.2.0~rc3-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:1.6.2.0~rc3-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:1.6.2.0~rc3-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-1224":{"debianbug":576560,"scope":"remote","description":"main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation \"/0\" is used in permit= and deny= configuration rules, which causes an improper arithmetic shift and might allow remote attackers to bypass ACL rules and access services from unauthorized hosts.","releases":{"buster":{"fixed_version":"1:1.6.2.6-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:1.6.2.6-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:1.6.2.6-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:1.6.2.6-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-19278":{"scope":"remote","description":"Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed length.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-1599":{"scope":"remote","description":"manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 does not properly check for the system privilege, which allows remote authenticated users to execute arbitrary commands via an Originate action that has an Async header in conjunction with an Application header.","releases":{"buster":{"fixed_version":"1:1.8.3.3-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:1.8.3.3-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:1.8.3.3-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:1.8.3.3-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-2726":{"debianbug":541441,"scope":"remote","description":"The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which allows remote attackers to cause a denial of service (stack memory consumption) via SIP packets containing large sequences of ASCII decimal characters, as demonstrated via vectors related to (1) the CSeq value in a SIP header, (2) large Content-Length value, and (3) SDP.","releases":{"buster":{"fixed_version":"1:1.6.2.0~dfsg~rc1-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:1.6.2.0~dfsg~rc1-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:1.6.2.0~dfsg~rc1-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:1.6.2.0~dfsg~rc1-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-2289":{"scope":"remote","description":"res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Open Source 12.x before 12.1.0 allows remote authenticated users to cause a denial of service (crash) via a SUBSCRIBE request without any Accept headers, which triggers an invalid pointer dereference.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-1333":{"scope":"remote","description":"Format string vulnerability in Asterisk Open Source 1.6.x before 1.6.0-beta6 might allow remote attackers to execute arbitrary code via logging messages that are not properly handled by (1) the ast_verbose logging API call, or (2) the astman_append function.","releases":{"buster":{"fixed_version":"1:1.4.18.1~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1:1.4.18.1~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1:1.4.18.1~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1:1.4.18.1~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2008-1332":{"scope":"remote","description":"Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header.","releases":{"buster":{"fixed_version":"1:1.4.18.1~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1:1.4.18.1~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1:1.4.18.1~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1:1.4.18.1~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2014-2287":{"debianbug":741313,"scope":"remote","description":"channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause a denial of service (channel and file descriptor consumption) via an INVITE request with a (1) Session-Expires or (2) Min-SE header with a malformed or invalid value.","releases":{"buster":{"fixed_version":"1:11.8.1~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1:11.8.1~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1:11.8.1~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1:11.8.1~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2014-2288":{"scope":"remote","description":"The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, when qualify_frequency \"is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request,\" allows remote attackers to cause a denial of service (crash) via a PJSIP endpoint that does not have an associated outgoing request.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-4063":{"debianbug":647252,"scope":"remote","description":"chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.7.1 and 10.x before 10.0.0-rc1 does not properly initialize variables during request parsing, which allows remote authenticated users to cause a denial of service (daemon crash) via a malformed request.","releases":{"buster":{"fixed_version":"1:1.8.7.1~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.8.7.1~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:1.8.7.1~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.8.7.1~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9938":{"debianbug":847668,"scope":"remote","description":"An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chan_sip channel driver has a liberal definition for whitespace when attempting to strip the content between a SIP header name and a colon character. Rather than following RFC 3261 and stripping only spaces and horizontal tabs, Asterisk treats any non-printable ASCII character as if it were whitespace. This means that headers such as Contact\\x01: will be seen as a valid Contact header. This mostly does not pose a problem until Asterisk is placed in tandem with an authenticating SIP proxy. In such a case, a crafty combination of valid and invalid To headers can cause a proxy to allow an INVITE request into Asterisk without authentication since it believes the request is an in-dialog request. However, because of the bug described above, the request will look like an out-of-dialog request to Asterisk. Asterisk will then process the request as a new call. The result is that Asterisk can process calls from unvetted sources without any authentication. If you do not use a proxy for authentication, then this issue does not affect you. If your proxy is dialog-aware (meaning that the proxy keeps track of what dialogs are currently valid), then this issue does not affect you. If you use chan_pjsip instead of chan_sip, then this issue does not affect you.","releases":{"buster":{"fixed_version":"1:13.13.1~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:13.13.1~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:11.13.1~dfsg-2+deb8u2","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:13.13.1~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9937":{"scope":"remote","description":"An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x before 13.13.1 and 14.x before 14.2.1. If an SDP offer or answer is received with the Opus codec and with the format parameters separated using a space the code responsible for parsing will recursively call itself until it crashes. This occurs as the code does not properly handle spaces separating the parameters. This does NOT require the endpoint to have Opus configured in Asterisk. This also does not require the endpoint to be authenticated. If guest is enabled for chan_sip or anonymous in chan_pjsip an SDP offer or answer is still processed and the crash occurs.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-2286":{"debianbug":741313,"scope":"remote","description":"main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers.","releases":{"buster":{"fixed_version":"1:11.8.1~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:11.8.1~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:11.8.1~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:11.8.1~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-6170":{"scope":"remote","description":"SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments.","releases":{"buster":{"fixed_version":"1:1.4.15~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1:1.4.15~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1:1.4.15~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1:1.4.15~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2007-6171":{"scope":"remote","description":"SQL injection vulnerability in the Postgres Realtime Engine (res_config_pgsql) in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 allows remote attackers to execute arbitrary SQL commands via unknown vectors.","releases":{"buster":{"fixed_version":"1:1.4.15~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1:1.4.15~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1:1.4.15~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1:1.4.15~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2007-1561":{"debianbug":415466,"scope":"remote","description":"The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP INVITE message with an SDP containing one valid and one invalid IP address.","releases":{"buster":{"fixed_version":"1:1.4.2~dfsg-5","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1:1.4.2~dfsg-5","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1:1.4.2~dfsg-5","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1:1.4.2~dfsg-5","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2012-2186":{"debianbug":680470,"scope":"remote","description":"Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action.","releases":{"buster":{"fixed_version":"1:1.8.13.1~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:1.8.13.1~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:1.8.13.1~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:1.8.13.1~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-2536":{"debianbug":632029,"scope":"remote","description":"chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk Business Edition C.3.x before C.3.7.3, disregards the alwaysauthreject option and generates different responses for invalid SIP requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests.","releases":{"buster":{"fixed_version":"1:1.8.4.4~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.8.4.4~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:1.8.4.4~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.8.4.4~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-2535":{"debianbug":631448,"scope":"remote","description":"chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x before 1.4.41.1, 1.6.2.x before 1.6.2.18.1, and 1.8.x before 1.8.4.3, and Asterisk Business Edition C.3 before C.3.7.3, accesses a memory address contained in an option control frame, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted frame.","releases":{"buster":{"fixed_version":"1:1.8.4.3-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.8.4.3-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:1.8.4.3-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.8.4.3-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-3553":{"scope":"remote","description":"chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open Source 10.x before 10.5.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by sending a Station Key Pad Button message and closing a connection in off-hook mode, a related issue to CVE-2012-2948.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-5976":{"debianbug":697230,"scope":"remote","description":"Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial of service (daemon crash) via TCP data using the (1) SIP, (2) HTTP, or (3) XMPP protocol.","releases":{"buster":{"fixed_version":"1:1.8.13.1~dfsg-2","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.8.13.1~dfsg-2","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:1.8.13.1~dfsg-2","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.8.13.1~dfsg-2","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-5977":{"debianbug":697230,"scope":"remote","description":"Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones, when anonymous calls are enabled, allow remote attackers to cause a denial of service (resource consumption) by making anonymous calls from multiple sources and consequently adding many entries to the device state cache.","releases":{"buster":{"fixed_version":"1:1.8.13.1~dfsg-2","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.8.13.1~dfsg-2","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:1.8.13.1~dfsg-2","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.8.13.1~dfsg-2","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-1827":{"debianbug":364195,"scope":"remote","description":"Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and earlier allows remote attackers to execute arbitrary code via a length value that passes a length check as a negative number, but triggers a buffer overflow when it is used as an unsigned length.","releases":{"buster":{"fixed_version":"1:1.2.7.1.dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1:1.2.7.1.dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1:1.2.7.1.dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1:1.2.7.1.dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium","status":"resolved"}}}}
{"TEMP-0000000-964ED9":{"releases":{"buster":{"fixed_version":"1:13.8.2~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"1:13.8.2~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:13.8.2~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2008-1289":{"scope":"remote","description":"Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6.1, AsteriskNOW 1.0.x before 1.0.2, Appliance Developer Kit before 1.4 revision 109386, and s800i 1.1.x before 1.1.0.2 allow remote attackers to (1) write a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c; or (2) write certain integers to an arbitrary memory location via a large number of RTP payloads, related to the process_sdp function in channels/chan_sip.c.","releases":{"buster":{"fixed_version":"1:1.4.18.1~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1:1.4.18.1~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1:1.4.18.1~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1:1.4.18.1~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2014-8418":{"debianbug":771463,"scope":"remote","description":"The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protocol, as demonstrated by the AMI protocol.","releases":{"buster":{"fixed_version":"1:13.1.0~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:13.1.0~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:11.13.1~dfsg-2","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:13.1.0~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-17090":{"debianbug":883342,"scope":"remote","description":"An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind.","releases":{"buster":{"fixed_version":"1:13.18.3~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:13.14.1~dfsg-2+deb9u3","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:11.13.1~dfsg-2+deb8u5","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:13.18.3~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-8415":{"scope":"remote","description":"Race condition in the chan_pjsip channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 allows remote attackers to cause a denial of service (assertion failure and crash) via a cancel request for a SIP session with a queued action to (1) answer a session or (2) send ringing.","releases":{"buster":{"fixed_version":"1:13.1.0~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:13.1.0~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:13.1.0~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-8414":{"debianbug":771463,"scope":"remote","description":"ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service (channel hang and memory consumption) by causing transitions to be delayed, which triggers a state change from hung up to waiting for media.","releases":{"buster":{"fixed_version":"1:13.1.0~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:13.1.0~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:11.13.1~dfsg-2","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:13.1.0~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-8417":{"debianbug":771463,"scope":"remote","description":"ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to (1) gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or (2) execute arbitrary system commands via a crafted ConfbridgeStartRecord AMI action.","releases":{"buster":{"fixed_version":"1:13.1.0~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:13.1.0~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:11.13.1~dfsg-2","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:13.1.0~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-8416":{"scope":"remote","description":"Use-after-free vulnerability in the PJSIP channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1, when using the res_pjsip_refer module, allows remote attackers to cause a denial of service (crash) via an in-dialog INVITE with Replaces message, which triggers the channel to be hung up.","releases":{"buster":{"fixed_version":"1:13.1.0~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:13.1.0~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:13.1.0~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-8413":{"scope":"remote","description":"The res_pjsip_acl module in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 does not properly create and load ACLs defined in pjsip.conf at startup, which allows remote attackers to bypass intended PJSIP ACL rules.","releases":{"buster":{"fixed_version":"1:13.1.0~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:13.1.0~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:13.1.0~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-8412":{"debianbug":771463,"scope":"remote","description":"The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1, 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8.28 before 1.8.28-cert3 and 11.6 before 11.6-cert8 allows remote attackers to bypass the ACL restrictions via a packet with a source IP that does not share the address family as the first ACL entry.","releases":{"buster":{"fixed_version":"1:13.1.0~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:13.1.0~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:11.13.1~dfsg-2","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:13.1.0~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-1558":{"debianbug":780601,"scope":"remote","description":"Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using the PJSIP channel driver, does not properly reclaim RTP ports, which allows remote authenticated users to cause a denial of service (file descriptor consumption) via an SDP offer containing only incompatible codecs.","releases":{"buster":{"fixed_version":"1:13.1.0~dfsg-1.1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1:13.1.0~dfsg-1.1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:13.1.0~dfsg-1.1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2008-3903":{"debianbug":522528,"scope":"remote","description":"Asterisk Open Source 1.2.x before 1.2.32, 1.4.x before 1.4.24.1, and 1.6.0.x before 1.6.0.8; Asterisk Business Edition A.x.x, B.x.x before B.2.5.8, C.1.x.x before C.1.10.5, and C.2.x.x before C.2.3.3; s800i 1.3.x before 1.3.0.2; and Trixbox PBX 2.6.1, when Digest authentication and authalwaysreject are enabled, generates different responses depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames.","releases":{"buster":{"fixed_version":"1:1.6.1.0~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:1.6.1.0~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:1.6.1.0~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:1.6.1.0~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-4103":{"scope":"remote","description":"The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2.23, 1.4.x before 1.4.9, and Asterisk Appliance Developer Kit before 0.6.0, when configured to allow unauthenticated calls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of calls that do not complete a 3-way handshake, which causes an ast_channel to be allocated but not released.","releases":{"buster":{"fixed_version":"1:1.4.9~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:1.4.9~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:1.4.9~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:1.4.9~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-1595":{"scope":"remote","description":"The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a certain form.","releases":{"buster":{"fixed_version":"1:1.4.0~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:1.4.0~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:1.4.0~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:1.4.0~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-1390":{"scope":"remote","description":"The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses.","releases":{"buster":{"fixed_version":"1:1.4.19.1~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:1.4.19.1~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:1.4.19.1~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:1.4.19.1~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-3765":{"debianbug":433681,"scope":"remote","description":"The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted STUN length attribute in a STUN packet sent on an RTP port.","releases":{"buster":{"fixed_version":"1:1.4.8~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.4.8~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:1.4.8~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.4.8~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-2666":{"scope":"remote","description":"The default configuration of the SIP channel driver in Asterisk Open Source 1.4.x through 1.4.41.2 and 1.6.2.x through 1.6.2.18.2 does not enable the alwaysauthreject option, which allows remote attackers to enumerate account names by making a series of invalid SIP requests and observing the differences in the responses for different usernames, a different vulnerability than CVE-2011-2536.","releases":{"buster":{"fixed_version":"1:1.8.3.3-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.8.3.3-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:1.8.3.3-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.8.3.3-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-16671":{"debianbug":881257,"scope":"remote","description":"A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. NOTE: this is different from CVE-2017-7617, which was only about the Party A buffer.","releases":{"buster":{"fixed_version":"1:13.18.1~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:13.14.1~dfsg-2+deb9u3","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:13.18.1~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-16672":{"debianbug":881256,"scope":"remote","description":"An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed. Eventually Asterisk can run out of memory and crash.","releases":{"buster":{"fixed_version":"1:13.18.1~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:13.14.1~dfsg-2+deb9u3","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:13.18.1~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-14099":{"debianbug":873907,"scope":"remote","description":"In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure (media takeover in the RTP stack) is possible with careful timing by an attacker. The \"strictrtp\" option in rtp.conf enables a feature of the RTP stack that learns the source address of media for a session and drops any packets that do not originate from the expected address. This option is enabled by default in Asterisk 11 and above. The \"nat\" and \"rtp_symmetric\" options (for chan_sip and chan_pjsip, respectively) enable symmetric RTP support in the RTP stack. This uses the source address of incoming media as the target address of any sent media. This option is not enabled by default, but is commonly enabled to handle devices behind NAT. A change was made to the strict RTP support in the RTP stack to better tolerate late media when a reinvite occurs. When combined with the symmetric RTP support, this introduced an avenue where media could be hijacked. Instead of only learning a new address when expected, the new code allowed a new source address to be learned at all times. If a flood of RTP traffic was received, the strict RTP support would allow the new address to provide media, and (with symmetric RTP enabled) outgoing traffic would be sent to this new address, allowing the media to be hijacked. Provided the attacker continued to send traffic, they would continue to receive traffic as well.","releases":{"buster":{"fixed_version":"1:13.17.1~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:13.14.1~dfsg-2+deb9u1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:11.13.1~dfsg-2+deb8u3","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:13.17.1~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-14098":{"debianbug":873909,"scope":"remote","description":"In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash.","releases":{"buster":{"fixed_version":"1:13.17.1~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:13.17.1~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-1175":{"scope":"remote","description":"tcptls.c in the TCP/TLS server in Asterisk Open Source 1.6.1.x before 1.6.1.23, 1.6.2.x before 1.6.2.17.1, and 1.8.x before 1.8.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by establishing many short TCP sessions to services that use a certain TLS API.","releases":{"buster":{"fixed_version":"1:1.8.3.3-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.8.3.3-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:1.8.3.3-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.8.3.3-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-1174":{"scope":"remote","description":"manager.c in Asterisk Open Source 1.6.1.x before 1.6.1.24, 1.6.2.x before 1.6.2.17.2, and 1.8.x before 1.8.3.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a series of manager sessions involving invalid data.","releases":{"buster":{"fixed_version":"1:1.8.3.3-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.8.3.3-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:1.8.3.3-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.8.3.3-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-4048":{"scope":"remote","description":"The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service (deadlock) by terminating a subscription request before it is complete, which triggers a SIP transaction timeout.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-4047":{"scope":"remote","description":"Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6 and 11.6 before 11.6-cert3 allows remote attackers to cause a denial of service (connection consumption) via a large number of (1) inactive or (2) incomplete HTTP connections.","releases":{"buster":{"fixed_version":"1:11.10.2~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:11.10.2~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:11.10.2~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:11.10.2~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-2665":{"debianbug":631445,"scope":"remote","description":"reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.3 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a SIP packet with a Contact header that lacks a < (less than) character.","releases":{"buster":{"fixed_version":"1:1.8.4.3-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.8.4.3-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:1.8.4.3-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.8.4.3-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-2081":{"debianbug":315532,"scope":"remote","description":"Stack-based buffer overflow in the function that parses commands in Asterisk 1.0.7, when the 'write = command' option is enabled, allows remote attackers to execute arbitrary code via a command that has two double quotes followed by a tab character.","releases":{"buster":{"fixed_version":"1:1.0.9.dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1:1.0.9.dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1:1.0.9.dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:1.0.9.dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-2686":{"debianbug":704114,"scope":"remote","description":"main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones does not properly restrict Content-Length values, which allows remote attackers to conduct stack-consumption attacks and cause a denial of service (daemon crash) via a crafted HTTP POST request.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-5976.","releases":{"buster":{"fixed_version":"1:1.8.13.1~dfsg-2","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.8.13.1~dfsg-2","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:1.8.13.1~dfsg-2","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.8.13.1~dfsg-2","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-2346":{"debianbug":539473,"scope":"remote","description":"The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows remote attackers to cause a denial of service (call-number exhaustion) by initiating many IAX2 message exchanges, a related issue to CVE-2008-3263.","releases":{"buster":{"fixed_version":"1:1.6.2.0~dfsg~beta3-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:1.6.2.0~dfsg~beta3-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:1.6.2.0~dfsg~beta3-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:1.6.2.0~dfsg~beta3-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-0041":{"debianbug":513413,"scope":"remote","description":"IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.","releases":{"buster":{"fixed_version":"1:1.6.1.0~dfsg~rc3-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:1.6.1.0~dfsg~rc3-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:1.6.1.0~dfsg~rc3-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:1.6.1.0~dfsg~rc3-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-4046":{"scope":"remote","description":"Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action.","releases":{"buster":{"fixed_version":"1:11.10.2~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:11.10.2~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:11.10.2~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:11.10.2~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-4045":{"scope":"remote","description":"The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3.1, when sub_min_expiry is set to zero, allows remote attackers to cause a denial of service (assertion failure and crash) via an unsubscribe request when not subscribed to the device.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-2685":{"scope":"remote","description":"Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk Open Source 11.x before 11.2.2 allows remote attackers to execute arbitrary code via a long sprop-parameter-sets H.264 media attribute in a SIP Session Description Protocol (SDP) header.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-3764":{"scope":"remote","description":"The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a certain data length value in a crafted packet, which results in an \"overly large memcpy.\"","releases":{"buster":{"fixed_version":"1:1.4.8~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.4.8~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:1.4.8~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.4.8~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-3763":{"scope":"remote","description":"The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted (1) LAGRQ or (2) LAGRP frame that contains information elements of IAX frames, which results in a NULL pointer dereference when Asterisk does not properly set an associated variable.","releases":{"buster":{"fixed_version":"1:1.4.8~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.4.8~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:1.4.8~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.4.8~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-3762":{"scope":"remote","description":"Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame.","releases":{"buster":{"fixed_version":"1:1.4.8~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"high","status":"resolved"},"stretch":{"fixed_version":"1:1.4.8~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"high","status":"resolved"},"jessie":{"fixed_version":"1:1.4.8~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"high","status":"resolved"},"sid":{"fixed_version":"1:1.4.8~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"high","status":"resolved"}}}}
{"CVE-2007-4455":{"scope":"remote","description":"The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before 1.4.11, AsteriskNOW before beta7, Asterisk Appliance Developer Kit 0.x before 0.8.0, and s800i (Asterisk Appliance) 1.x before 1.0.3 allows remote attackers to cause a denial of service (memory exhaustion) via a SIP dialog that causes a large number of history entries to be created.","releases":{"buster":{"fixed_version":"1:1.4.11~dfsg-1","repositories":{"buster":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.4.11~dfsg-1","repositories":{"stretch-security":"1:13.14.1~dfsg-2+deb9u4","stretch":"1:13.14.1~dfsg-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:1.4.11~dfsg-1","repositories":{"jessie":"1:11.13.1~dfsg-2+deb8u5","jessie-security":"1:11.13.1~dfsg-2+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.4.11~dfsg-1","repositories":{"sid":"1:16.2.1~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-3441":{"scope":"remote","description":"The database creation script (module/idoutils/db/scripts/create_mysqldb.sh) in Icinga 1.7.1 grants access to all databases to the icinga user, which allows icinga users to access other databases via unspecified vectors.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.14.2+ds-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.13.4-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.11.6-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.14.2+ds-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-1523":{"debianbug":629127,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter.","releases":{"buster":{"fixed_version":"1.4.1-1","repositories":{"buster":"1.14.2+ds-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.4.1-1","repositories":{"stretch":"1.13.4-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.4.1-1","repositories":{"jessie":"1.11.6-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.4.1-1","repositories":{"sid":"1.14.2+ds-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-1878":{"debianbug":823721,"scope":"remote","description":"Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service (segmentation fault) via a long message to cmd.cgi.","releases":{"buster":{"fixed_version":"1.10.3-1","repositories":{"buster":"1.14.2+ds-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.10.3-1","repositories":{"stretch":"1.13.4-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.10.3-1","repositories":{"jessie":"1.11.6-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.10.3-1","repositories":{"sid":"1.14.2+ds-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-16882":{"scope":"local","description":"Icinga Core through 1.14.0 initially executes bin/icinga as root but supports configuration options in which this file is owned by a non-root account (and similarly can have etc/icinga.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account, a related issue to CVE-2017-14312. This also affects bin/icingastats, bin/ido2db, and bin/log2ido.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.14.2+ds-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.13.4-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.11.6-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.14.2+ds-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-2386":{"scope":"remote","description":"Multiple off-by-one errors in Icinga, possibly 1.10.2 and earlier, allow remote attackers to cause a denial of service (crash) via unspecified vectors to the (1) display_nav_table, (2) print_export_link, (3) page_num_selector, or (4) page_limit_selector function in cgi/cgiutils.c or (5) status_page_num_selector function in cgi/status.c, which triggers a stack-based buffer overflow.","releases":{"buster":{"fixed_version":"1.11.0-1","repositories":{"buster":"1.14.2+ds-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.11.0-1","repositories":{"stretch":"1.13.4-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.11.0-1","repositories":{"jessie":"1.11.6-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.11.0-1","repositories":{"sid":"1.14.2+ds-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9566":{"scope":"local","description":"base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file.  NOTE: this can be leveraged by remote attackers using CVE-2016-9565.","releases":{"buster":{"fixed_version":"1.13.4-1","repositories":{"buster":"1.14.2+ds-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.13.4-1","repositories":{"stretch":"1.13.4-2"},"urgency":"high**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.11.6-1"},"urgency":"high**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.13.4-1","repositories":{"sid":"1.14.2+ds-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-2477":{"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in Icinga before 1.4.1, when escape_html_tags is disabled, allow remote attackers to inject arbitrary web script or HTML via a JavaScript expression, as demonstrated by the onload attribute of a BODY element located after a check-host-alive! sequence, a different vulnerability than CVE-2011-2179.","releases":{"buster":{"fixed_version":"1.4.1-1","repositories":{"buster":"1.14.2+ds-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.4.1-1","repositories":{"stretch":"1.13.4-2"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.4.1-1","repositories":{"jessie":"1.11.6-1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.4.1-1","repositories":{"sid":"1.14.2+ds-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2011-2179":{"debianbug":629127,"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action.","releases":{"buster":{"fixed_version":"1.4.1-1","repositories":{"buster":"1.14.2+ds-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.4.1-1","repositories":{"stretch":"1.13.4-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.4.1-1","repositories":{"jessie":"1.11.6-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.4.1-1","repositories":{"sid":"1.14.2+ds-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-6209":{"debianbug":831698,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in Nagios.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.14.2+ds-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.13.4-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.11.6-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.14.2+ds-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-7108":{"debianbug":771466,"scope":"remote","description":"Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read.","releases":{"buster":{"fixed_version":"1.10.2-1","repositories":{"buster":"1.14.2+ds-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.10.2-1","repositories":{"stretch":"1.13.4-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.10.2-1","repositories":{"jessie":"1.11.6-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.10.2-1","repositories":{"sid":"1.14.2+ds-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-7107":{"scope":"remote","description":"Cross-site request forgery (CSRF) vulnerability in cmd.cgi in Icinga 1.8.5, 1.9.4, 1.10.2, and earlier allows remote attackers to hijack the authentication of users for unspecified commands via unspecified vectors, as demonstrated by bypassing authentication requirements for CVE-2013-7106.","releases":{"buster":{"fixed_version":"1.10.2-1","repositories":{"buster":"1.14.2+ds-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.10.2-1","repositories":{"stretch":"1.13.4-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.10.2-1","repositories":{"jessie":"1.11.6-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.10.2-1","repositories":{"sid":"1.14.2+ds-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-7106":{"scope":"remote","description":"Multiple stack-based buffer overflows in Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long string to the (1) display_nav_table, (2) page_limit_selector, (3) print_export_link, or (4) page_num_selector function in cgi/cgiutils.c; (5) status_page_num_selector function in cgi/status.c; or (6) display_command_expansion function in cgi/config.c.  NOTE: this can be exploited without authentication by leveraging CVE-2013-7107.","releases":{"buster":{"fixed_version":"1.10.2-1","repositories":{"buster":"1.14.2+ds-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.10.2-1","repositories":{"stretch":"1.13.4-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.10.2-1","repositories":{"jessie":"1.11.6-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.10.2-1","repositories":{"sid":"1.14.2+ds-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8010":{"debianbug":803432,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi.","releases":{"buster":{"fixed_version":"1.13.3-3","repositories":{"buster":"1.14.2+ds-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.13.3-3","repositories":{"stretch":"1.13.4-2"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.11.6-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.13.3-3","repositories":{"sid":"1.14.2+ds-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-6096":{"debianbug":697930,"scope":"remote","description":"Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long (1) host_name variable (host parameter) or (2) svc_description variable.","releases":{"buster":{"fixed_version":"1.7.1-5","repositories":{"buster":"1.14.2+ds-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.7.1-5","repositories":{"stretch":"1.13.4-2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.7.1-5","repositories":{"jessie":"1.11.6-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.7.1-5","repositories":{"sid":"1.14.2+ds-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-5147":{"scope":"remote","description":"Stack-based buffer overflow in the header_anchor function in the HTML renderer in Redcarpet before 3.3.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.4.0-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"3.3.4-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.1.2-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.4.0-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-9036":{"debianbug":849212,"scope":"remote","description":"An exploitable incorrect return value vulnerability exists in the mp_check function of Tarantool's Msgpuck library 1.0.3. A specially crafted packet can cause the mp_check function to incorrectly return success when trying to check if decoding a map16 packet will read outside the bounds of a buffer, resulting in a denial of service vulnerability.","releases":{"buster":{"fixed_version":"1.0.3-1.1","repositories":{"buster":"1.0.3-1.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.3-1.1","repositories":{"stretch":"1.0.3-1.1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.3-1.1","repositories":{"sid":"1.0.3-1.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-3216":{"debianbug":489988,"scope":"local","description":"The save function in br/prefmanager.d in projectl 1.001 creates a projectL.prf file in the current working directory, which allows local users to overwrite arbitrary files via a symlink attack.","releases":{"buster":{"fixed_version":"1.001.dfsg1-2","repositories":{"buster":"1.001.dfsg1-9"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.001.dfsg1-2","repositories":{"stretch":"1.001.dfsg1-8"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.001.dfsg1-2","repositories":{"jessie":"1.001.dfsg1-7"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.001.dfsg1-2","repositories":{"sid":"1.001.dfsg1-9"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-0785":{"debianbug":655553,"releases":{"jessie":{"fixed_version":"1.25-1","repositories":{"jessie":"1.29-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2015-8026":{"scope":"remote","description":"Heap-based buffer overflow in the verify_vbr_checksum function in exfatfsck in exfat-utils before 1.2.1 allows remote attackers to cause a denial of service (infinite loop) or possibly execute arbitrary code via a crafted filesystem.","releases":{"buster":{"fixed_version":"1.2.1-1","repositories":{"buster":"1.3.0-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.2.1-1","repositories":{"stretch":"1.2.5-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.1.0-2+deb8u1","repositories":{"jessie":"1.1.0-2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.2.1-1","repositories":{"sid":"1.3.0-1"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0000000-EA2D06":{"releases":{"buster":{"fixed_version":"1.2.1-1","repositories":{"buster":"1.3.0-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"1.2.1-1","repositories":{"stretch":"1.2.5-2"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"1.1.0-2+deb8u1","repositories":{"jessie":"1.1.0-2+deb8u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"1.2.1-1","repositories":{"sid":"1.3.0-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2012-3534":{"debianbug":685969,"scope":"remote","description":"GNU Gatekeeper before 3.1 does not limit the number of connections to the status port, which allows remote attackers to cause a denial of service (connection and thread consumption) via a large number of connections.","releases":{"stretch":{"fixed_version":"2:3.0.2-3","repositories":{"stretch":"2:3.6-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2:3.0.2-3","repositories":{"jessie":"2:3.6-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-5711":{"debianbug":887485,"scope":"remote","description":"gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx.","releases":{"buster":{"fixed_version":"2.2.5-4.1","repositories":{"buster":"2.2.5-5.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.2.4-2+deb9u3","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.1.0-5+deb8u12","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.2.5-4.1","repositories":{"sid":"2.2.5-5.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-3996":{"debianbug":443456,"scope":"remote","description":"Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function.","releases":{"buster":{"fixed_version":"2.0.35.dfsg-1","repositories":{"buster":"2.2.5-5.1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.0.35.dfsg-1","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.0.35.dfsg-1","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.0.35.dfsg-1","repositories":{"sid":"2.2.5-5.1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2004-0941":{"scope":"remote","description":"Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function, a different set of vulnerabilities than CVE-2004-0990.","releases":{"buster":{"fixed_version":"2.0.33-1.1","repositories":{"buster":"2.2.5-5.1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.0.33-1.1","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.0.33-1.1","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.0.33-1.1","repositories":{"sid":"2.2.5-5.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-7127":{"scope":"remote","description":"The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by providing different signs for the second and third arguments.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.2.5-5.1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.2.5-5.1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-7568":{"debianbug":839659,"scope":"remote","description":"Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls.","releases":{"buster":{"fixed_version":"2.2.3-87-gd0fec80-1","repositories":{"buster":"2.2.5-5.1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.2.3-87-gd0fec80-1","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.1.0-5+deb8u7","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.2.3-87-gd0fec80-1","repositories":{"sid":"2.2.5-5.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-7126":{"scope":"remote","description":"The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of service (select_colors allocation error and out-of-bounds write) or possibly have unspecified other impact via a large value in the third argument.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.2.5-5.1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.2.5-5.1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-2497":{"debianbug":744719,"scope":"remote","description":"The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.","releases":{"buster":{"fixed_version":"2.1.0-4","repositories":{"buster":"2.2.5-5.1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.1.0-4","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.1.0-4","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.1.0-4","repositories":{"sid":"2.2.5-5.1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2019-6977":{"debianbug":920645,"scope":"remote","description":"gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.","releases":{"buster":{"fixed_version":"2.2.5-5.1","repositories":{"buster":"2.2.5-5.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.2.4-2+deb9u4","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.1.0-5+deb8u12","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.2.5-5.1","repositories":{"sid":"2.2.5-5.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-5120":{"scope":"remote","description":"gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.2.5-5.1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.2.5-5.1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-1000222":{"debianbug":906886,"scope":"remote","description":"Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerability appears to have been fixed in after commit ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5.","releases":{"buster":{"fixed_version":"2.2.5-4.1","repositories":{"buster":"2.2.5-5.1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.2.4-2+deb9u3","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.1.0-5+deb8u12","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.2.5-4.1","repositories":{"sid":"2.2.5-5.1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2019-6978":{"debianbug":920728,"scope":"remote","description":"The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.","releases":{"buster":{"fixed_version":"2.2.5-5.1","repositories":{"buster":"2.2.5-5.1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.2.4-2+deb9u4","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.1.0-5+deb8u12","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.2.5-5.1","repositories":{"sid":"2.2.5-5.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-6912":{"scope":"remote","description":"Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values.","releases":{"buster":{"fixed_version":"2.2.4-1","repositories":{"buster":"2.2.5-5.1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.2.4-1","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.1.0-5+deb8u9","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.2.4-1","repositories":{"sid":"2.2.5-5.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-6911":{"debianbug":840806,"scope":"remote","description":"The dynamicGetbuf function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image.","releases":{"buster":{"fixed_version":"2.2.3-87-gd0fec80-2","repositories":{"buster":"2.2.5-5.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.2.3-87-gd0fec80-2","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.1.0-5+deb8u7","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.2.3-87-gd0fec80-2","repositories":{"sid":"2.2.5-5.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-3473":{"scope":"remote","description":"The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure.","releases":{"buster":{"fixed_version":"2.0.35.dfsg-1","repositories":{"buster":"2.2.5-5.1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.0.35.dfsg-1","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.0.35.dfsg-1","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.0.35.dfsg-1","repositories":{"sid":"2.2.5-5.1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-3472":{"scope":"remote","description":"Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified attack vectors and impact.","releases":{"buster":{"fixed_version":"2.0.35.dfsg-1","repositories":{"buster":"2.2.5-5.1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.0.35.dfsg-1","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.0.35.dfsg-1","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.0.35.dfsg-1","repositories":{"sid":"2.2.5-5.1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-3478":{"scope":"remote","description":"Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support.","releases":{"buster":{"fixed_version":"2.0.35.dfsg-1","repositories":{"buster":"2.2.5-5.1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.0.35.dfsg-1","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.0.35.dfsg-1","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.0.35.dfsg-1","repositories":{"sid":"2.2.5-5.1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-3477":{"debianbug":601525,"scope":"remote","description":"The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allow attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value.","releases":{"buster":{"fixed_version":"2.0.35.dfsg-1","repositories":{"buster":"2.2.5-5.1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.0.35.dfsg-1","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.0.35.dfsg-1","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.0.35.dfsg-1","repositories":{"sid":"2.2.5-5.1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-3476":{"debianbug":601525,"scope":"remote","description":"Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault.","releases":{"buster":{"fixed_version":"2.0.35.dfsg-1","repositories":{"buster":"2.2.5-5.1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.0.35.dfsg-1","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.0.35.dfsg-1","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.0.35.dfsg-1","repositories":{"sid":"2.2.5-5.1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-3475":{"scope":"remote","description":"The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map.","releases":{"buster":{"fixed_version":"2.0.35.dfsg-1","repositories":{"buster":"2.2.5-5.1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.0.35.dfsg-1","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.0.35.dfsg-1","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.0.35.dfsg-1","repositories":{"sid":"2.2.5-5.1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-5498":{"scope":"remote","description":"Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.2.5-5.1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.2.5-5.1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-8877":{"scope":"remote","description":"The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function.","releases":{"buster":{"fixed_version":"2.2.1-1","repositories":{"buster":"2.2.5-5.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.2.1-1","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.1.0-5+deb8u3","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.2.1-1","repositories":{"sid":"2.2.5-5.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2004-0990":{"scope":"remote","description":"Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941.","releases":{"buster":{"fixed_version":"2.0.30-1","repositories":{"buster":"2.2.5-5.1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.0.30-1","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.0.30-1","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.0.30-1","repositories":{"sid":"2.2.5-5.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-9933":{"debianbug":849038,"scope":"remote","description":"Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.","releases":{"buster":{"fixed_version":"2.2.2-29-g3c2b605-1","repositories":{"buster":"2.2.5-5.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.2.2-29-g3c2b605-1","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.1.0-5+deb8u8","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.2.2-29-g3c2b605-1","repositories":{"sid":"2.2.5-5.1"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0601525-BEBB65":{"debianbug":601525,"releases":{"buster":{"fixed_version":"2.0.35.dfsg-3","repositories":{"buster":"2.2.5-5.1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"2.0.35.dfsg-3","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"2.0.35.dfsg-3","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"2.0.35.dfsg-3","repositories":{"sid":"2.2.5-5.1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2016-3074":{"debianbug":822242,"scope":"remote","description":"Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"2.1.1-4.1","repositories":{"buster":"2.2.5-5.1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.1.1-4.1","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.1.0-5+deb8u1","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.1.1-4.1","repositories":{"sid":"2.2.5-5.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-6905":{"scope":"remote","description":"The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image.","releases":{"buster":{"fixed_version":"2.2.2-29-g3c2b605-1","repositories":{"buster":"2.2.5-5.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.2.2-29-g3c2b605-1","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.1.0-5+deb8u4","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.2.2-29-g3c2b605-1","repositories":{"sid":"2.2.5-5.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7890":{"debianbug":869263,"scope":"remote","description":"The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.","releases":{"buster":{"fixed_version":"2.2.5-1","repositories":{"buster":"2.2.5-5.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.2.4-2+deb9u1","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.1.0-5+deb8u10","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.2.5-1","repositories":{"sid":"2.2.5-5.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6362":{"scope":"remote","description":"Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors.","releases":{"buster":{"fixed_version":"2.2.5-1","repositories":{"buster":"2.2.5-5.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.2.4-2+deb9u2","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.1.0-5+deb8u11","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.2.5-1","repositories":{"sid":"2.2.5-5.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-6906":{"scope":"remote","description":"The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file, related to the decompression buffer.","releases":{"buster":{"fixed_version":"2.2.4-1","repositories":{"buster":"2.2.5-5.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.2.4-1","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.1.0-5+deb8u9","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.2.4-1","repositories":{"sid":"2.2.5-5.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8874":{"debianbug":824627,"scope":"remote","description":"Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call.","releases":{"buster":{"fixed_version":"2.2.1-1","repositories":{"buster":"2.2.5-5.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.2.1-1","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.1.0-5+deb8u3","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.2.1-1","repositories":{"sid":"2.2.5-5.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-1001":{"scope":"remote","description":"Multiple integer overflows in the (1) createwbmp and (2) readwbmp functions in wbmp.c in the GD library (libgd) in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via Wireless Bitmap (WBMP) images with large width or height values.","releases":{"buster":{"fixed_version":"2.0.33-1","repositories":{"buster":"2.2.5-5.1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.0.33-1","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.0.33-1","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.0.33-1","repositories":{"sid":"2.2.5-5.1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2016-8670":{"debianbug":840805,"scope":"remote","description":"Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted imagecreatefromstring call.","releases":{"buster":{"fixed_version":"2.2.3-87-gd0fec80-1","repositories":{"buster":"2.2.5-5.1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.2.3-87-gd0fec80-1","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.1.0-5+deb8u7","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.2.3-87-gd0fec80-1","repositories":{"sid":"2.2.5-5.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-2445":{"scope":"remote","description":"The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value.","releases":{"buster":{"fixed_version":"2.0.35.dfsg-1","repositories":{"buster":"2.2.5-5.1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.0.35.dfsg-1","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.0.35.dfsg-1","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.0.35.dfsg-1","repositories":{"sid":"2.2.5-5.1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-9709":{"debianbug":835032,"scope":"remote","description":"The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function.","releases":{"buster":{"fixed_version":"2.1.0-5","repositories":{"buster":"2.2.5-5.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.1.0-5","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.1.0-5","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.1.0-5","repositories":{"sid":"2.2.5-5.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-10168":{"scope":"remote","description":"Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.","releases":{"buster":{"fixed_version":"2.2.4-1","repositories":{"buster":"2.2.5-5.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.2.4-1","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.1.0-5+deb8u9","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.2.4-1","repositories":{"sid":"2.2.5-5.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-10167":{"scope":"remote","description":"The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.","releases":{"buster":{"fixed_version":"2.2.4-1","repositories":{"buster":"2.2.5-5.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.2.4-1","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.1.0-5+deb8u9","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.2.4-1","repositories":{"sid":"2.2.5-5.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-6214":{"scope":"remote","description":"gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.","releases":{"buster":{"fixed_version":"2.2.2-29-g3c2b605-1","repositories":{"buster":"2.2.5-5.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.2.2-29-g3c2b605-1","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.1.0-5+deb8u4","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.2.2-29-g3c2b605-1","repositories":{"sid":"2.2.5-5.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-10166":{"scope":"remote","description":"Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable.","releases":{"buster":{"fixed_version":"2.2.4-1","repositories":{"buster":"2.2.5-5.1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.2.4-1","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.1.0-5+deb8u9","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.2.4-1","repositories":{"sid":"2.2.5-5.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-6132":{"debianbug":829694,"scope":"remote","description":"The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.","releases":{"buster":{"fixed_version":"2.2.2-29-g3c2b605-1","repositories":{"buster":"2.2.5-5.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.2.2-29-g3c2b605-1","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.1.0-5+deb8u4","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.2.2-29-g3c2b605-1","repositories":{"sid":"2.2.5-5.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-3546":{"debianbug":552534,"scope":"remote","description":"The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information.","releases":{"buster":{"fixed_version":"2.0.36~rc1~dfsg-3.1","repositories":{"buster":"2.2.5-5.1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.0.36~rc1~dfsg-3.1","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.0.36~rc1~dfsg-3.1","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.0.36~rc1~dfsg-3.1","repositories":{"sid":"2.2.5-5.1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2016-5766":{"debianbug":829014,"scope":"remote","description":"Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.","releases":{"buster":{"fixed_version":"2.2.2-29-g3c2b605-1","repositories":{"buster":"2.2.5-5.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.2.2-29-g3c2b605-1","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.1.0-5+deb8u4","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.2.2-29-g3c2b605-1","repositories":{"sid":"2.2.5-5.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5767":{"scope":"remote","description":"Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted image dimensions.","releases":{"buster":{"fixed_version":"2.0.34~rc1-1","repositories":{"buster":"2.2.5-5.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.0.34~rc1-1","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.0.34~rc1-1","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.0.34~rc1-1","repositories":{"sid":"2.2.5-5.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-6161":{"scope":"remote","description":"The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image.","releases":{"buster":{"fixed_version":"2.2.1-1","repositories":{"buster":"2.2.5-5.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.2.1-1","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.1.0-5+deb8u4","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.2.1-1","repositories":{"sid":"2.2.5-5.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-0455":{"debianbug":408982,"scope":"remote","description":"Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font.","releases":{"buster":{"fixed_version":"2.0.35.dfsg-1","repositories":{"buster":"2.2.5-5.1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.0.35.dfsg-1","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.0.35.dfsg-1","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.0.35.dfsg-1","repositories":{"sid":"2.2.5-5.1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-2756":{"debianbug":425584,"scope":"remote","description":"The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service (CPU consumption) via a crafted PNG image with truncated data, which causes an infinite loop in the png_read_info function in libpng.","releases":{"buster":{"fixed_version":"2.0.35.dfsg-1","repositories":{"buster":"2.2.5-5.1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.0.35.dfsg-1","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.0.35.dfsg-1","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.0.35.dfsg-1","repositories":{"sid":"2.2.5-5.1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2006-2906":{"debianbug":372912,"scope":"remote","description":"The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop.","releases":{"buster":{"fixed_version":"2.0.33-5","repositories":{"buster":"2.2.5-5.1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.0.33-5","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.0.33-5","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.0.33-5","repositories":{"sid":"2.2.5-5.1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-9317":{"scope":"remote","description":"The gdImageCreate function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (system hang) via an oversized image.","releases":{"buster":{"fixed_version":"2.2.4-1","repositories":{"buster":"2.2.5-5.1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.2.4-1","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.1.0-5+deb8u9","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.2.4-1","repositories":{"sid":"2.2.5-5.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-4484":{"debianbug":384838,"scope":"remote","description":"Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.","releases":{"buster":{"fixed_version":"2.0.33-5.1","repositories":{"buster":"2.2.5-5.1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.0.33-5.1","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.0.33-5.1","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.0.33-5.1","repositories":{"sid":"2.2.5-5.1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2016-6128":{"debianbug":829062,"scope":"remote","description":"The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.","releases":{"buster":{"fixed_version":"2.2.2-29-g3c2b605-1","repositories":{"buster":"2.2.5-5.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.2.2-29-g3c2b605-1","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.1.0-5+deb8u4","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.2.2-29-g3c2b605-1","repositories":{"sid":"2.2.5-5.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5116":{"scope":"remote","description":"gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application crash) via a long name.","releases":{"buster":{"fixed_version":"2.2.1-1","repositories":{"buster":"2.2.5-5.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.2.1-1","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.1.0-5+deb8u4","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.2.1-1","repositories":{"sid":"2.2.5-5.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-6207":{"scope":"remote","description":"Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors.","releases":{"buster":{"fixed_version":"2.2.2-43-g22cba39-1","repositories":{"buster":"2.2.5-5.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.2.2-43-g22cba39-1","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.1.0-5+deb8u6","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.2.2-43-g22cba39-1","repositories":{"sid":"2.2.5-5.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-7456":{"scope":"remote","description":"gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1, as used in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted image that is mishandled by the imagescale function.","releases":{"buster":{"fixed_version":"2.1.1-1","repositories":{"buster":"2.2.5-5.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.1.1-1","repositories":{"stretch-security":"2.2.4-2+deb9u4","stretch":"2.2.4-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.1.0-5+deb8u3","repositories":{"jessie":"2.1.0-5+deb8u11","jessie-security":"2.1.0-5+deb8u12"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.1.1-1","repositories":{"sid":"2.2.5-5.1"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0000000-1BAE4D":{"releases":{"buster":{"fixed_version":"3.4.14-1","repositories":{"buster":"3.6.6-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"3.4.14-1","repositories":{"stretch-security":"3.5.8-5+deb9u1","stretch":"3.5.8-5+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"3.3.8-6+deb8u7","jessie-security":"3.3.30-0+deb8u1"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"3.4.14-1","repositories":{"sid":"3.6.7-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-0282":{"scope":"remote","description":"GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.6.6-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"3.5.8-5+deb9u1","stretch":"3.5.8-5+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.3.8-6+deb8u7","jessie-security":"3.3.30-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.6.7-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-1573":{"scope":"remote","description":"gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.","releases":{"buster":{"fixed_version":"3.0.17-2","repositories":{"buster":"3.6.6-2"},"urgency":"high","status":"resolved"},"stretch":{"fixed_version":"3.0.17-2","repositories":{"stretch-security":"3.5.8-5+deb9u1","stretch":"3.5.8-5+deb9u4"},"urgency":"high","status":"resolved"},"jessie":{"fixed_version":"3.0.17-2","repositories":{"jessie":"3.3.8-6+deb8u7","jessie-security":"3.3.30-0+deb8u1"},"urgency":"high","status":"resolved"},"sid":{"fixed_version":"3.0.17-2","repositories":{"sid":"3.6.7-3"},"urgency":"high","status":"resolved"}}}}
{"CVE-2014-3466":{"scope":"remote","description":"Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.","releases":{"buster":{"fixed_version":"3.2.15-1","repositories":{"buster":"3.6.6-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.2.15-1","repositories":{"stretch-security":"3.5.8-5+deb9u1","stretch":"3.5.8-5+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.2.15-1","repositories":{"jessie":"3.3.8-6+deb8u7","jessie-security":"3.3.30-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.2.15-1","repositories":{"sid":"3.6.7-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7507":{"debianbug":864560,"scope":"remote","description":"GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application.","releases":{"buster":{"fixed_version":"3.5.8-6","repositories":{"buster":"3.6.6-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.5.8-5+deb9u1","repositories":{"stretch-security":"3.5.8-5+deb9u1","stretch":"3.5.8-5+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.3.8-6+deb8u6","repositories":{"jessie":"3.3.8-6+deb8u7","jessie-security":"3.3.30-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.5.8-6","repositories":{"sid":"3.6.7-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-3566":{"debianbug":765539,"scope":"remote","description":"The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the \"POODLE\" issue.","releases":{"buster":{"fixed_version":"3.3.8-5","repositories":{"buster":"3.6.6-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.3.8-5","repositories":{"stretch-security":"3.5.8-5+deb9u1","stretch":"3.5.8-5+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.3.8-5","repositories":{"jessie":"3.3.8-6+deb8u7","jessie-security":"3.3.30-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.3.8-5","repositories":{"sid":"3.6.7-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-3389":{"debianbug":645881,"scope":"remote","description":"The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.","releases":{"buster":{"repositories":{"buster":"3.6.6-2"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"3.5.8-5+deb9u1","stretch":"3.5.8-5+deb9u4"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.3.8-6+deb8u7","jessie-security":"3.3.30-0+deb8u1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.6.7-3"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-7869":{"scope":"remote","description":"GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10.","releases":{"buster":{"fixed_version":"3.5.8-4","repositories":{"buster":"3.6.6-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.5.8-4","repositories":{"stretch-security":"3.5.8-5+deb9u1","stretch":"3.5.8-5+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.3.8-6+deb8u5","repositories":{"jessie":"3.3.8-6+deb8u7","jessie-security":"3.3.30-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.5.8-4","repositories":{"sid":"3.6.7-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-7444":{"scope":"remote","description":"The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.","releases":{"buster":{"fixed_version":"3.5.3-4","repositories":{"buster":"3.6.6-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.5.3-4","repositories":{"stretch-security":"3.5.8-5+deb9u1","stretch":"3.5.8-5+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.3.8-6+deb8u4","repositories":{"jessie":"3.3.8-6+deb8u7","jessie-security":"3.3.30-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.5.3-4","repositories":{"sid":"3.6.7-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-3465":{"scope":"remote","description":"The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN.","releases":{"buster":{"fixed_version":"3.2.10-1","repositories":{"buster":"3.6.6-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.2.10-1","repositories":{"stretch-security":"3.5.8-5+deb9u1","stretch":"3.5.8-5+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.2.10-1","repositories":{"jessie":"3.3.8-6+deb8u7","jessie-security":"3.3.30-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.2.10-1","repositories":{"sid":"3.6.7-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-0092":{"scope":"remote","description":"lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.","releases":{"buster":{"fixed_version":"3.2.11-2","repositories":{"buster":"3.6.6-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.2.11-2","repositories":{"stretch-security":"3.5.8-5+deb9u1","stretch":"3.5.8-5+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.2.11-2","repositories":{"jessie":"3.3.8-6+deb8u7","jessie-security":"3.3.30-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.2.11-2","repositories":{"sid":"3.6.7-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-4456":{"scope":"remote","description":"The \"GNUTLS_KEYLOGFILE\" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem.","releases":{"buster":{"fixed_version":"3.4.13-1","repositories":{"buster":"3.6.6-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.4.13-1","repositories":{"stretch-security":"3.5.8-5+deb9u1","stretch":"3.5.8-5+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.3.8-6+deb8u7","jessie-security":"3.3.30-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"3.4.13-1","repositories":{"sid":"3.6.7-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-10846":{"scope":"local","description":"A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of \"Just in Time\" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets.","releases":{"buster":{"fixed_version":"3.5.19-1","repositories":{"buster":"3.6.6-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"3.5.8-5+deb9u4","repositories":{"stretch-security":"3.5.8-5+deb9u1","stretch":"3.5.8-5+deb9u4"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"3.3.30-0+deb8u1","repositories":{"jessie":"3.3.8-6+deb8u7","jessie-security":"3.3.30-0+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"3.5.19-1","repositories":{"sid":"3.6.7-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-16868":{"scope":"local","description":"A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.","releases":{"buster":{"fixed_version":"3.6.5-2","repositories":{"buster":"3.6.6-2"},"urgency":"low**","status":"resolved"},"stretch":{"repositories":{"stretch-security":"3.5.8-5+deb9u1","stretch":"3.5.8-5+deb9u4"},"urgency":"low**","status":"open"},"jessie":{"nodsa":"Minor issue - https://lists.debian.org/debian-lts/2019/03/msg00021.html","repositories":{"jessie":"3.3.8-6+deb8u7","jessie-security":"3.3.30-0+deb8u1"},"urgency":"low**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3.6.5-2","repositories":{"sid":"3.6.7-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-10845":{"scope":"remote","description":"It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.","releases":{"buster":{"fixed_version":"3.5.19-1","repositories":{"buster":"3.6.6-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.5.8-5+deb9u4","repositories":{"stretch-security":"3.5.8-5+deb9u1","stretch":"3.5.8-5+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.3.30-0+deb8u1","repositories":{"jessie":"3.3.8-6+deb8u7","jessie-security":"3.3.30-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.5.19-1","repositories":{"sid":"3.6.7-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-8155":{"scope":"remote","description":"GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.6.6-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"3.5.8-5+deb9u1","stretch":"3.5.8-5+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.3.8-6+deb8u7","jessie-security":"3.3.30-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.6.7-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-10844":{"scope":"remote","description":"It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets.","releases":{"buster":{"fixed_version":"3.5.19-1","repositories":{"buster":"3.6.6-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.5.8-5+deb9u4","repositories":{"stretch-security":"3.5.8-5+deb9u1","stretch":"3.5.8-5+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.3.30-0+deb8u1","repositories":{"jessie":"3.3.8-6+deb8u7","jessie-security":"3.3.30-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.5.19-1","repositories":{"sid":"3.6.7-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-3829":{"scope":"remote","description":"A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.","releases":{"buster":{"repositories":{"buster":"3.6.6-2"},"urgency":"medium**","status":"open"},"stretch":{"repositories":{"stretch-security":"3.5.8-5+deb9u1","stretch":"3.5.8-5+deb9u4"},"urgency":"medium**","status":"open"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.3.8-6+deb8u7","jessie-security":"3.3.30-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"3.6.7-2","repositories":{"sid":"3.6.7-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-7575":{"scope":"remote","description":"Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.","releases":{"buster":{"fixed_version":"3.3.15-1","repositories":{"buster":"3.6.6-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.3.15-1","repositories":{"stretch-security":"3.5.8-5+deb9u1","stretch":"3.5.8-5+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.3.8-6+deb8u3","repositories":{"jessie":"3.3.8-6+deb8u7","jessie-security":"3.3.30-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.3.15-1","repositories":{"sid":"3.6.7-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-0390":{"scope":"remote","description":"The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108.","releases":{"buster":{"fixed_version":"3.0.11-1","repositories":{"buster":"3.6.6-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.0.11-1","repositories":{"stretch-security":"3.5.8-5+deb9u1","stretch":"3.5.8-5+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.0.11-1","repositories":{"jessie":"3.3.8-6+deb8u7","jessie-security":"3.3.30-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.0.11-1","repositories":{"sid":"3.6.7-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-0294":{"debianbug":779428,"releases":{"buster":{"fixed_version":"3.3.8-6","repositories":{"buster":"3.6.6-2"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"3.3.8-6","repositories":{"stretch-security":"3.5.8-5+deb9u1","stretch":"3.5.8-5+deb9u4"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"3.3.8-6","repositories":{"jessie":"3.3.8-6+deb8u7","jessie-security":"3.3.30-0+deb8u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"3.3.8-6","repositories":{"sid":"3.6.7-3"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2012-1663":{"scope":"remote","description":"Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list.","releases":{"buster":{"fixed_version":"3.0.14-1","repositories":{"buster":"3.6.6-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.0.14-1","repositories":{"stretch-security":"3.5.8-5+deb9u1","stretch":"3.5.8-5+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.0.14-1","repositories":{"jessie":"3.3.8-6+deb8u7","jessie-security":"3.3.30-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.0.14-1","repositories":{"sid":"3.6.7-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1959":{"scope":"remote","description":"lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates.","releases":{"buster":{"fixed_version":"3.2.11-1","repositories":{"buster":"3.6.6-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.2.11-1","repositories":{"stretch-security":"3.5.8-5+deb9u1","stretch":"3.5.8-5+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.2.11-1","repositories":{"jessie":"3.3.8-6+deb8u7","jessie-security":"3.3.30-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.2.11-1","repositories":{"sid":"3.6.7-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5337":{"scope":"remote","description":"Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate.","releases":{"buster":{"fixed_version":"3.5.8-1","repositories":{"buster":"3.6.6-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.5.8-1","repositories":{"stretch-security":"3.5.8-5+deb9u1","stretch":"3.5.8-5+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.3.8-6+deb8u5","repositories":{"jessie":"3.3.8-6+deb8u7","jessie-security":"3.3.30-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.5.8-1","repositories":{"sid":"3.6.7-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-5138":{"scope":"remote","description":"GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.6.6-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"3.5.8-5+deb9u1","stretch":"3.5.8-5+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.3.8-6+deb8u7","jessie-security":"3.3.30-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.6.7-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-8564":{"debianbug":769154,"scope":"remote","description":"The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs.","releases":{"buster":{"fixed_version":"3.3.8-4","repositories":{"buster":"3.6.6-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.3.8-4","repositories":{"stretch-security":"3.5.8-5+deb9u1","stretch":"3.5.8-5+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.3.8-4","repositories":{"jessie":"3.3.8-6+deb8u7","jessie-security":"3.3.30-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.3.8-4","repositories":{"sid":"3.6.7-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-0169":{"debianbug":699885,"scope":"remote","description":"The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the \"Lucky Thirteen\" issue.","releases":{"buster":{"fixed_version":"3.0.22-3","repositories":{"buster":"3.6.6-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"3.0.22-3","repositories":{"stretch-security":"3.5.8-5+deb9u1","stretch":"3.5.8-5+deb9u4"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"3.0.22-3","repositories":{"jessie":"3.3.8-6+deb8u7","jessie-security":"3.3.30-0+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"3.0.22-3","repositories":{"sid":"3.6.7-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-5335":{"scope":"remote","description":"The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.","releases":{"buster":{"fixed_version":"3.5.8-1","repositories":{"buster":"3.6.6-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.5.8-1","repositories":{"stretch-security":"3.5.8-5+deb9u1","stretch":"3.5.8-5+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.3.8-6+deb8u5","repositories":{"jessie":"3.3.8-6+deb8u7","jessie-security":"3.3.30-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.5.8-1","repositories":{"sid":"3.6.7-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-4466":{"scope":"remote","description":"Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.6.6-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"3.5.8-5+deb9u1","stretch":"3.5.8-5+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.3.8-6+deb8u7","jessie-security":"3.3.30-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.6.7-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-5336":{"scope":"remote","description":"Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate.","releases":{"buster":{"fixed_version":"3.5.8-1","repositories":{"buster":"3.6.6-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.5.8-1","repositories":{"stretch-security":"3.5.8-5+deb9u1","stretch":"3.5.8-5+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.3.8-6+deb8u5","repositories":{"jessie":"3.3.8-6+deb8u7","jessie-security":"3.3.30-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.5.8-1","repositories":{"sid":"3.6.7-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-4487":{"scope":"remote","description":"Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries.  NOTE: this issue is due to an incomplete fix for CVE-2013-4466.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.6.6-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"3.5.8-5+deb9u1","stretch":"3.5.8-5+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.3.8-6+deb8u7","jessie-security":"3.3.30-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.6.7-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-3836":{"scope":"remote","description":"It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.","releases":{"buster":{"repositories":{"buster":"3.6.6-2"},"urgency":"medium**","status":"open"},"stretch":{"repositories":{"stretch-security":"3.5.8-5+deb9u1","stretch":"3.5.8-5+deb9u4"},"urgency":"medium**","status":"open"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.3.8-6+deb8u7","jessie-security":"3.3.30-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"3.6.7-2","repositories":{"sid":"3.6.7-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5334":{"scope":"remote","description":"Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension.","releases":{"buster":{"fixed_version":"3.5.8-1","repositories":{"buster":"3.6.6-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.5.8-1","repositories":{"stretch-security":"3.5.8-5+deb9u1","stretch":"3.5.8-5+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.3.8-6+deb8u5","repositories":{"jessie":"3.3.8-6+deb8u7","jessie-security":"3.3.30-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.5.8-1","repositories":{"sid":"3.6.7-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-3308":{"debianbug":782776,"scope":"remote","description":"Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point.","releases":{"buster":{"fixed_version":"3.3.8-7","repositories":{"buster":"3.6.6-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.3.8-7","repositories":{"stretch-security":"3.5.8-5+deb9u1","stretch":"3.5.8-5+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.3.8-6+deb8u1","repositories":{"jessie":"3.3.8-6+deb8u7","jessie-security":"3.3.30-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.3.8-7","repositories":{"sid":"3.6.7-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-6251":{"debianbug":795068,"scope":"remote","description":"Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate.","releases":{"buster":{"fixed_version":"3.3.17-1","repositories":{"buster":"3.6.6-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.3.17-1","repositories":{"stretch-security":"3.5.8-5+deb9u1","stretch":"3.5.8-5+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.3.8-6+deb8u2","repositories":{"jessie":"3.3.8-6+deb8u7","jessie-security":"3.3.30-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.3.17-1","repositories":{"sid":"3.6.7-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-1619":{"scope":"remote","description":"The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.","releases":{"buster":{"fixed_version":"3.0.22-3","repositories":{"buster":"3.6.6-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.0.22-3","repositories":{"stretch-security":"3.5.8-5+deb9u1","stretch":"3.5.8-5+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.0.22-3","repositories":{"jessie":"3.3.8-6+deb8u7","jessie-security":"3.3.30-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.0.22-3","repositories":{"sid":"3.6.7-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8313":{"releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.6.6-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"3.5.8-5+deb9u1","stretch":"3.5.8-5+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.3.8-6+deb8u7","jessie-security":"3.3.30-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.6.7-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-7572":{"debianbug":924609,"scope":"remote","description":"SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.","releases":{"buster":{"repositories":{"buster":"1.2.15+dfsg2-4"},"urgency":"medium**","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.2.15+dfsg1-4"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"1.2.15-10+deb8u1","repositories":{"jessie":"1.2.15-10","jessie-security":"1.2.15-10+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"repositories":{"sid":"1.2.15+dfsg2-4"},"urgency":"medium**","status":"open"}}}}
{"CVE-2019-7573":{"debianbug":924609,"scope":"remote","description":"SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).","releases":{"buster":{"repositories":{"buster":"1.2.15+dfsg2-4"},"urgency":"medium**","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.2.15+dfsg1-4"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"1.2.15-10+deb8u1","repositories":{"jessie":"1.2.15-10","jessie-security":"1.2.15-10+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"repositories":{"sid":"1.2.15+dfsg2-4"},"urgency":"medium**","status":"open"}}}}
{"CVE-2019-7574":{"debianbug":924609,"scope":"remote","description":"SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.","releases":{"buster":{"repositories":{"buster":"1.2.15+dfsg2-4"},"urgency":"medium**","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.2.15+dfsg1-4"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"1.2.15-10+deb8u1","repositories":{"jessie":"1.2.15-10","jessie-security":"1.2.15-10+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"repositories":{"sid":"1.2.15+dfsg2-4"},"urgency":"medium**","status":"open"}}}}
{"CVE-2019-7638":{"debianbug":924609,"scope":"remote","description":"SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.","releases":{"buster":{"repositories":{"buster":"1.2.15+dfsg2-4"},"urgency":"medium**","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.2.15+dfsg1-4"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"1.2.15-10+deb8u1","repositories":{"jessie":"1.2.15-10","jessie-security":"1.2.15-10+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"repositories":{"sid":"1.2.15+dfsg2-4"},"urgency":"medium**","status":"open"}}}}
{"CVE-2019-7635":{"debianbug":924609,"scope":"remote","description":"SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.","releases":{"buster":{"repositories":{"buster":"1.2.15+dfsg2-4"},"urgency":"medium**","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.2.15+dfsg1-4"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"1.2.15-10+deb8u1","repositories":{"jessie":"1.2.15-10","jessie-security":"1.2.15-10+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"repositories":{"sid":"1.2.15+dfsg2-4"},"urgency":"medium**","status":"open"}}}}
{"CVE-2019-7636":{"debianbug":924609,"scope":"remote","description":"SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.","releases":{"buster":{"repositories":{"buster":"1.2.15+dfsg2-4"},"urgency":"medium**","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.2.15+dfsg1-4"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"1.2.15-10+deb8u1","repositories":{"jessie":"1.2.15-10","jessie-security":"1.2.15-10+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"repositories":{"sid":"1.2.15+dfsg2-4"},"urgency":"medium**","status":"open"}}}}
{"CVE-2019-7637":{"debianbug":924609,"scope":"remote","description":"SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.","releases":{"buster":{"repositories":{"buster":"1.2.15+dfsg2-4"},"urgency":"medium**","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.2.15+dfsg1-4"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"1.2.15-10+deb8u1","repositories":{"jessie":"1.2.15-10","jessie-security":"1.2.15-10+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"repositories":{"sid":"1.2.15+dfsg2-4"},"urgency":"medium**","status":"open"}}}}
{"CVE-2019-7575":{"debianbug":924609,"scope":"remote","description":"SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.","releases":{"buster":{"repositories":{"buster":"1.2.15+dfsg2-4"},"urgency":"medium**","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.2.15+dfsg1-4"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"1.2.15-10+deb8u1","repositories":{"jessie":"1.2.15-10","jessie-security":"1.2.15-10+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"repositories":{"sid":"1.2.15+dfsg2-4"},"urgency":"medium**","status":"open"}}}}
{"CVE-2019-7576":{"debianbug":924609,"scope":"remote","description":"SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).","releases":{"buster":{"repositories":{"buster":"1.2.15+dfsg2-4"},"urgency":"medium**","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.2.15+dfsg1-4"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"1.2.15-10+deb8u1","repositories":{"jessie":"1.2.15-10","jessie-security":"1.2.15-10+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"repositories":{"sid":"1.2.15+dfsg2-4"},"urgency":"medium**","status":"open"}}}}
{"CVE-2017-2888":{"debianbug":878264,"scope":"remote","description":"An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.2.15+dfsg2-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.2.15+dfsg1-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.2.15-10","jessie-security":"1.2.15-10+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.2.15+dfsg2-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-7577":{"debianbug":924609,"scope":"remote","description":"SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.","releases":{"buster":{"repositories":{"buster":"1.2.15+dfsg2-4"},"urgency":"medium**","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.2.15+dfsg1-4"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"1.2.15-10+deb8u1","repositories":{"jessie":"1.2.15-10","jessie-security":"1.2.15-10+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"repositories":{"sid":"1.2.15+dfsg2-4"},"urgency":"medium**","status":"open"}}}}
{"CVE-2019-7578":{"debianbug":924609,"scope":"remote","description":"SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.","releases":{"buster":{"repositories":{"buster":"1.2.15+dfsg2-4"},"urgency":"medium**","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.2.15+dfsg1-4"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"1.2.15-10+deb8u1","repositories":{"jessie":"1.2.15-10","jessie-security":"1.2.15-10+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"repositories":{"sid":"1.2.15+dfsg2-4"},"urgency":"medium**","status":"open"}}}}
{"CVE-2018-10775":{"debianbug":898135,"scope":"remote","description":"NULL pointer dereference in the _fields_add function in fields.c in libbibcore.a in bibutils through 6.2 allows remote attackers to cause a denial of service (application crash), as demonstrated by end2xml.","releases":{"buster":{"repositories":{"buster":"6.2-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"4.12-5"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"4.12-5"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"6.2-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2018-10774":{"debianbug":898135,"scope":"remote","description":"Read access violation in the isiin_keyword function in isiin.c in libbibutils.a in bibutils through 6.2 allows remote attackers to cause a denial of service (application crash), as demonstrated by isi2xml.","releases":{"buster":{"repositories":{"buster":"6.2-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"4.12-5"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"4.12-5"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"6.2-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2018-10773":{"debianbug":898135,"scope":"remote","description":"NULL pointer deference in the addsn function in serialno.c in libbibcore.a in bibutils through 6.2 allows remote attackers to cause a denial of service (application crash), as demonstrated by copac2xml.","releases":{"buster":{"repositories":{"buster":"6.2-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"4.12-5"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"4.12-5"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"6.2-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2010-3444":{"debianbug":570068,"scope":"remote","description":"Buffer overflow in the log2vis_utf8 function in pyfribidi.c in GNU FriBidi 0.19.1, 0.19.2, and possibly other versions, as used in PyFriBidi 0.10.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Arabic UTF-8 string that causes original 2-byte UTF-8 sequences to be transformed into 3-byte sequences.","releases":{"buster":{"fixed_version":"0.10.0-2","repositories":{"buster":"0.11.0+repack-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.10.0-2","repositories":{"stretch":"0.11.0+repack-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.10.0-2","repositories":{"jessie":"0.11.0+repack-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.10.0-2","repositories":{"sid":"0.11.0+repack-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-1176":{"debianbug":663189,"scope":"remote","description":"Buffer overflow in the fribidi_utf8_to_unicode function in PyFriBidi before 0.11.0 allows remote attackers to cause a denial of service (application crash) via a 4-byte utf-8 sequence.","releases":{"buster":{"fixed_version":"0.11.0-1","repositories":{"buster":"0.11.0+repack-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.11.0-1","repositories":{"stretch":"0.11.0+repack-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.11.0-1","repositories":{"jessie":"0.11.0+repack-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.11.0-1","repositories":{"sid":"0.11.0+repack-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-4021":{"debianbug":773747,"scope":"remote","description":"The read_binary function in buffer.c in pgpdump before 0.30 allows context-dependent attackers to cause a denial of service (infinite loop and CPU consumption) via crafted input, as demonstrated by the \\xa3\\x03 string.","releases":{"buster":{"fixed_version":"0.31-0.1","repositories":{"buster":"0.33-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.31-0.1","repositories":{"stretch":"0.31-0.2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.28-1+deb8u1","repositories":{"jessie":"0.28-1+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.31-0.1","repositories":{"sid":"0.33-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-0842":{"debianbug":659296,"releases":{"buster":{"fixed_version":"0.4.1-6","repositories":{"buster":"2.0+git20181009-4"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"0.4.1-6","repositories":{"stretch":"0.7-2"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"0.4.1-6","repositories":{"jessie":"0.6-1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"0.4.1-6","repositories":{"sid":"2.0+git20181009-4"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2014-3566":{"debianbug":765539,"scope":"remote","description":"The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the \"POODLE\" issue.","releases":{"buster":{"repositories":{"buster":"2.0+git20181009-4"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"0.7-2"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"0.6-1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2.0+git20181009-4"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2012-4552":{"debianbug":694810,"scope":"remote","description":"Stack-based buffer overflow in the error function in ssg/ssgParser.cxx in PLIB 1.8.5 allows remote attackers to execute arbitrary code via a crafted 3d model file that triggers a long error message, as demonstrated by a .ase file.","releases":{"buster":{"fixed_version":"1.8.5-6","repositories":{"buster":"1.8.5-8"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.8.5-6","repositories":{"stretch":"1.8.5-7"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.8.5-6","repositories":{"jessie":"1.8.5-7"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.8.5-6","repositories":{"sid":"1.8.5-8"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-4620":{"debianbug":654785,"scope":"remote","description":"Buffer overflow in the ulSetError function in util/ulError.cxx in PLIB 1.8.5, as used in TORCS 1.3.1 and other products, allows user-assisted remote attackers to execute arbitrary code via vectors involving a long error message, as demonstrated by a crafted acc file for TORCS. NOTE: some of these details are obtained from third party information.","releases":{"buster":{"fixed_version":"1.8.5-5.1","repositories":{"buster":"1.8.5-8"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.8.5-5.1","repositories":{"stretch":"1.8.5-7"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.8.5-5.1","repositories":{"jessie":"1.8.5-7"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.8.5-5.1","repositories":{"sid":"1.8.5-8"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2002-1158":{"scope":"local","description":"Buffer overflow in the irw_through function for Canna 3.5b2 and earlier allows local users to execute arbitrary code as the bin user.","releases":{"buster":{"fixed_version":"3.6p1-1","repositories":{"buster":"3.7p3-14"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.6p1-1","repositories":{"stretch":"3.7p3-14~deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.6p1-1","repositories":{"jessie":"3.7p3-13"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.6p1-1","repositories":{"sid":"3.7p3-14"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2002-1159":{"scope":"remote","description":"Canna 3.6 and earlier does not properly validate requests, which allows remote attackers to cause a denial of service or information leak.","releases":{"buster":{"fixed_version":"3.6p1-1","repositories":{"buster":"3.7p3-14"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.6p1-1","repositories":{"stretch":"3.7p3-14~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.6p1-1","repositories":{"jessie":"3.7p3-13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.6p1-1","repositories":{"sid":"3.7p3-14"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2002-0901":{"scope":"remote","description":"Multiple buffer overflows in Advanced Maryland Automatic Network Disk Archiver (AMANDA) 2.3.0.4 allow (1) remote attackers to execute arbitrary code via long commands to the amindexd daemon, or certain local users to execute arbitrary code via long command line arguments to the programs (2) amcheck, (3) amgetidx, (4) amtrmidx, (5) createindex-dump, or (6) createindex-gnutar.","releases":{"buster":{"fixed_version":"2.4.0b6-1","repositories":{"buster":"1:3.5.1-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.4.0b6-1","repositories":{"stretch":"1:3.3.9-5"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.4.0b6-1","repositories":{"jessie":"1:3.3.6-4"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.4.0b6-1","repositories":{"sid":"1:3.5.1-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-10730":{"scope":"local","description":"An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs binaries with root permissions when parsing the command line argument --star-path.","releases":{"buster":{"repositories":{"buster":"1:3.5.1-2"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"1:3.3.9-5"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1:3.3.6-4"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"1:3.5.1-2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-10729":{"scope":"local","description":"An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The \"runtar\" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root.","releases":{"buster":{"repositories":{"buster":"1:3.5.1-2"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"1:3.3.9-5"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1:3.3.6-4"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"1:3.5.1-2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2010-3085":{"scope":"remote","description":"The network-play implementation in Mednafen before 0.8.D might allow remote servers to execute arbitrary code via unspecified vectors, related to \"stack manipulation\" issues.","releases":{"buster":{"fixed_version":"0.8.D-1","repositories":{"buster":"1.22.1+dfsg-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0.8.D-1","repositories":{"stretch":"0.9.41+dfsg-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0.8.D-1","repositories":{"jessie":"0.9.36.4-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0.8.D-1","repositories":{"sid":"1.22.1+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2002-1405":{"scope":"remote","description":"CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters.","releases":{"buster":{"fixed_version":"2.8.4.1b-4","repositories":{"buster":"2.8.9rel.1-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.8.4.1b-4","repositories":{"stretch":"2.8.9dev11-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.8.4.1b-4","repositories":{"sid":"2.8.9rel.1-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-3120":{"debianbug":334423,"scope":"remote","description":"Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters.","releases":{"buster":{"fixed_version":"2.8.5-2sarge1","repositories":{"buster":"2.8.9rel.1-3"},"urgency":"high","status":"resolved"},"stretch":{"fixed_version":"2.8.5-2sarge1","repositories":{"stretch":"2.8.9dev11-1"},"urgency":"high","status":"resolved"},"sid":{"fixed_version":"2.8.5-2sarge1","repositories":{"sid":"2.8.9rel.1-3"},"urgency":"high","status":"resolved"}}}}
{"CVE-2005-2929":{"scope":"remote","description":"Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog links, which are not properly restricted in the default configuration in some environments.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.8.9rel.1-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.8.9dev11-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.8.9rel.1-3"},"urgency":"unimportant","status":"resolved"}}}}
{"TEMP-0532514-9137E0":{"debianbug":520324,"releases":{"buster":{"fixed_version":"2.8.7rel.1-1","repositories":{"buster":"2.8.9rel.1-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.8.7rel.1-1","repositories":{"stretch":"2.8.9dev11-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.8.7rel.1-1","repositories":{"sid":"2.8.9rel.1-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-1000211":{"scope":"remote","description":"Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTML_put_string() can append a chunk onto itself.","releases":{"buster":{"fixed_version":"2.8.9dev16-1","repositories":{"buster":"2.8.9rel.1-3"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.8.9dev11-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.8.9dev16-1","repositories":{"sid":"2.8.9rel.1-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2004-1617":{"debianbug":296340,"scope":"remote","description":"Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme.  NOTE: a followup suggests that the relevant trigger for this issue is the large COLS value.","releases":{"buster":{"fixed_version":"2.8.5-2sarge1.2","repositories":{"buster":"2.8.9rel.1-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.8.5-2sarge1.2","repositories":{"stretch":"2.8.9dev11-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.8.5-2sarge1.2","repositories":{"sid":"2.8.9rel.1-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2006-7234":{"scope":"local","description":"Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.8.9rel.1-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.8.9dev11-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.8.9rel.1-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-4690":{"scope":"remote","description":"lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929.  NOTE: this might only be a vulnerability in limited deployments that have defined a lynxcgi: handler.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.8.9rel.1-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.8.9dev11-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.8.9rel.1-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-9179":{"debianbug":843258,"scope":"remote","description":"lynx: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host.","releases":{"buster":{"fixed_version":"2.8.9dev11-1","repositories":{"buster":"2.8.9rel.1-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.8.9dev11-1","repositories":{"stretch":"2.8.9dev11-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.8.9dev11-1","repositories":{"sid":"2.8.9rel.1-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-2954":{"debianbug":488630,"scope":"remote","description":"client/NmdcHub.cpp in Linux DC++ (linuxdcpp) before 0.707 allows remote attackers to cause a denial of service (crash) via an empty private message, which triggers an out-of-bounds read.","releases":{"stretch":{"fixed_version":"1.0.1-2","repositories":{"stretch":"1.1.0-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.0.1-2","repositories":{"jessie":"1.1.0-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-2953":{"debianbug":488630,"scope":"remote","description":"Linux DC++ (linuxdcpp) before 0.707 allows remote attackers to cause a denial of service (crash) via \"partial file list requests\" that trigger a NULL pointer dereference.","releases":{"stretch":{"fixed_version":"1.0.1-2","repositories":{"stretch":"1.1.0-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.0.1-2","repositories":{"jessie":"1.1.0-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-20721":{"scope":"remote","description":"URI_FUNC() in UriParse.c in uriparser before 0.9.1 has an out-of-bounds read (in uriParse*Ex* functions) for an incomplete URI with an IPv6 address containing an embedded IPv4 address, such as a \"//[::44.1\" address.","releases":{"buster":{"fixed_version":"0.9.1-1","repositories":{"buster":"0.9.1-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.8.4-1+deb9u1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"0.8.0.1-2+deb8u2","repositories":{"jessie":"0.8.0.1-2","jessie-security":"0.8.0.1-2+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.9.1-1","repositories":{"sid":"0.9.1-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-19200":{"debianbug":913817,"scope":"remote","description":"An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function.","releases":{"buster":{"fixed_version":"0.9.0-1","repositories":{"buster":"0.9.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.8.4-1+deb9u1","repositories":{"stretch":"0.8.4-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.8.0.1-2+deb8u1","repositories":{"jessie":"0.8.0.1-2","jessie-security":"0.8.0.1-2+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.9.0-1","repositories":{"sid":"0.9.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-19199":{"debianbug":913817,"scope":"remote","description":"An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an integer overflow via a uriComposeQuery* or uriComposeQueryEx* function because of an unchecked multiplication.","releases":{"buster":{"fixed_version":"0.9.0-1","repositories":{"buster":"0.9.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.8.4-1+deb9u1","repositories":{"stretch":"0.8.4-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.8.0.1-2+deb8u1","repositories":{"jessie":"0.8.0.1-2","jessie-security":"0.8.0.1-2+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.9.0-1","repositories":{"sid":"0.9.1-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-19198":{"debianbug":913817,"scope":"remote","description":"An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the '&' character is mishandled in certain contexts.","releases":{"buster":{"fixed_version":"0.9.0-1","repositories":{"buster":"0.9.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.8.4-1+deb9u1","repositories":{"stretch":"0.8.4-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.8.0.1-2+deb8u1","repositories":{"jessie":"0.8.0.1-2","jessie-security":"0.8.0.1-2+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.9.0-1","repositories":{"sid":"0.9.1-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-10030":{"debianbug":850491,"scope":"remote","description":"The _prolog_error function in slurmd/req.c in Slurm before 15.08.13, 16.x before 16.05.7, and 17.x before 17.02.0-pre4 has a vulnerability in how the slurmd daemon informs users of a Prolog failure on a compute node. That vulnerability could allow a user to assume control of an arbitrary file on the system. Any exploitation of this is dependent on the user being able to cause or anticipate the failure (non-zero return code) of a Prolog script that their job would run on. This issue affects all Slurm versions from 0.6.0 (September 2005) to present. Workarounds to prevent exploitation of this are to either disable your Prolog script, or modify it such that it always returns 0 (\"success\") and adjust it to set the node as down using scontrol instead of relying on the slurmd to handle that automatically. If you do not have a Prolog set you are unaffected by this issue.","releases":{"buster":{"fixed_version":"16.05.8-1","repositories":{"buster":"18.08.5.2-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"16.05.8-1","repositories":{"stretch-security":"16.05.9-1+deb9u2","stretch":"16.05.9-1+deb9u2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"14.03.9-5+deb8u1","repositories":{"jessie":"14.03.9-5+deb8u2","jessie-security":"14.03.9-5+deb8u4"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"16.05.8-1","repositories":{"sid":"18.08.6.2-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-10995":{"debianbug":900548,"scope":"remote","description":"SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles user names (aka user_name fields) and group ids (aka gid fields).","releases":{"buster":{"fixed_version":"17.11.7-1","repositories":{"buster":"18.08.5.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"16.05.9-1+deb9u2","repositories":{"stretch-security":"16.05.9-1+deb9u2","stretch":"16.05.9-1+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"14.03.9-5+deb8u3","repositories":{"jessie":"14.03.9-5+deb8u2","jessie-security":"14.03.9-5+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"17.11.7-1","repositories":{"sid":"18.08.6.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-15566":{"debianbug":880530,"scope":"local","description":"Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing privilege escalation to root during Prolog or Epilog execution.","releases":{"buster":{"fixed_version":"17.02.9-1","repositories":{"buster":"18.08.5.2-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"16.05.9-1+deb9u1","repositories":{"stretch-security":"16.05.9-1+deb9u2","stretch":"16.05.9-1+deb9u2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"14.03.9-5+deb8u2","jessie-security":"14.03.9-5+deb8u4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"17.02.9-1","repositories":{"sid":"18.08.6.2-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-7033":{"debianbug":893044,"scope":"remote","description":"SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows SQL Injection attacks against SlurmDBD.","releases":{"buster":{"fixed_version":"17.11.5-1","repositories":{"buster":"18.08.5.2-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"16.05.9-1+deb9u2","repositories":{"stretch-security":"16.05.9-1+deb9u2","stretch":"16.05.9-1+deb9u2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"14.03.9-5+deb8u3","repositories":{"jessie":"14.03.9-5+deb8u2","jessie-security":"14.03.9-5+deb8u4"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"17.11.5-1","repositories":{"sid":"18.08.6.2-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-2084":{"debianbug":524980,"scope":"local","description":"Simple Linux Utility for Resource Management (SLURM) 1.2 and 1.3 before 1.3.14 does not properly set supplementary groups before invoking (1) sbcast from the slurmd daemon or (2) strigger from the slurmctld daemon, which might allow local SLURM users to modify files and gain privileges.","releases":{"buster":{"fixed_version":"1.3.15-1","repositories":{"buster":"18.08.5.2-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.3.15-1","repositories":{"stretch-security":"16.05.9-1+deb9u2","stretch":"16.05.9-1+deb9u2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.3.15-1","repositories":{"jessie":"14.03.9-5+deb8u2","jessie-security":"14.03.9-5+deb8u4"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.3.15-1","repositories":{"sid":"18.08.6.2-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-0128":{"debianbug":511511,"scope":"remote","description":"plugins/crypto/openssl/crypto_openssl.c in Simple Linux Utility for Resource Management (aka SLURM or slurm-llnl) does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.","releases":{"buster":{"fixed_version":"1.3.13-1","repositories":{"buster":"18.08.5.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.3.13-1","repositories":{"stretch-security":"16.05.9-1+deb9u2","stretch":"16.05.9-1+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.3.13-1","repositories":{"jessie":"14.03.9-5+deb8u2","jessie-security":"14.03.9-5+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.3.13-1","repositories":{"sid":"18.08.6.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-3380":{"debianbug":602340,"scope":"local","description":"The (1) init.d/slurm and (2) init.d/slurmdbd scripts in SLURM before 2.1.14 place the . (dot) directory in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.","releases":{"buster":{"fixed_version":"2.1.15-2","repositories":{"buster":"18.08.5.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.1.15-2","repositories":{"stretch-security":"16.05.9-1+deb9u2","stretch":"16.05.9-1+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.1.15-2","repositories":{"jessie":"14.03.9-5+deb8u2","jessie-security":"14.03.9-5+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.1.15-2","repositories":{"sid":"18.08.6.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-6438":{"debianbug":920997,"scope":"remote","description":"SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems.","releases":{"buster":{"fixed_version":"18.08.5.2-1","repositories":{"buster":"18.08.5.2-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch-security":"16.05.9-1+deb9u2","stretch":"16.05.9-1+deb9u2"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"14.03.9-5+deb8u2","jessie-security":"14.03.9-5+deb8u4"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"18.08.5.2-1","repositories":{"sid":"18.08.6.2-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-7861":{"debianbug":860316,"scope":"remote","description":"Google gRPC before 2017-02-22 has an out-of-bounds write related to the gpr_free function in core/lib/support/alloc.c.","releases":{"buster":{"fixed_version":"1.2.5-1+nmu0","repositories":{"buster":"1.16.1-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.2.5-1+nmu0","repositories":{"sid":"1.16.1-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7860":{"debianbug":860316,"scope":"remote","description":"Google gRPC before 2017-02-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the parse_unix function in core/ext/client_channel/parse_address.c.","releases":{"buster":{"fixed_version":"1.2.5-1+nmu0","repositories":{"buster":"1.16.1-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.2.5-1+nmu0","repositories":{"sid":"1.16.1-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-8359":{"scope":"remote","description":"Google gRPC before 2017-03-29 has an out-of-bounds write caused by a heap-based use-after-free related to the grpc_call_destroy function in core/lib/surface/call.c.","releases":{"buster":{"fixed_version":"1.3.2-0.1","repositories":{"buster":"1.16.1-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.3.2-0.1","repositories":{"sid":"1.16.1-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-9431":{"debianbug":864210,"scope":"remote","description":"Google gRPC before 2017-04-05 has an out-of-bounds write caused by a heap-based buffer overflow related to core/lib/iomgr/error.c.","releases":{"buster":{"fixed_version":"1.3.2-0.1","repositories":{"buster":"1.16.1-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.3.2-0.1","repositories":{"sid":"1.16.1-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-17142":{"scope":"remote","description":"The html package (aka x/net/html) through 2018-09-17 in Go mishandles <math><template><mo><template>, leading to a \"panic: runtime error\" in parseCurrentToken in parse.go during an html.Parse call.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:0.0+git20181201.351d144+dfsg-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1:0.0+git20161013.8b4af36+dfsg-3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:0.0+git20181201.351d144+dfsg-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-17143":{"scope":"remote","description":"The html package (aka x/net/html) through 2018-09-17 in Go mishandles <template><tBody><isindex/action=0>, leading to a \"panic: runtime error\" in inBodyIM in parse.go during an html.Parse call.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:0.0+git20181201.351d144+dfsg-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1:0.0+git20161013.8b4af36+dfsg-3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:0.0+git20181201.351d144+dfsg-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-17075":{"scope":"remote","description":"The html package (aka x/net/html) before 2018-07-13 in Go mishandles \"in frameset\" insertion mode, leading to a \"panic: runtime error\" for html.Parse of <template><object>, <template><applet>, or <template><marquee>. This is related to HTMLTreeBuilder.cpp in WebKit.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:0.0+git20181201.351d144+dfsg-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1:0.0+git20161013.8b4af36+dfsg-3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:0.0+git20181201.351d144+dfsg-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-17847":{"debianbug":911795,"scope":"remote","description":"The html package (aka x/net/html) through 2018-09-25 in Go mishandles <svg><template><desc><t><svg><\/template>, leading to a \"panic: runtime error\" (index out of range) in (*nodeStack).pop in node.go, called from (*parser).clearActiveFormattingElements, during an html.Parse call.","releases":{"buster":{"repositories":{"buster":"1:0.0+git20181201.351d144+dfsg-2"},"urgency":"medium**","status":"open"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1:0.0+git20161013.8b4af36+dfsg-3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:0.0+git20181201.351d144+dfsg-3","repositories":{"sid":"1:0.0+git20181201.351d144+dfsg-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-17848":{"debianbug":911795,"scope":"remote","description":"The html package (aka x/net/html) through 2018-09-25 in Go mishandles <math><template><mn><b><\/template>, leading to a \"panic: runtime error\" (index out of range) in (*insertionModeStack).pop in node.go, called from inHeadIM, during an html.Parse call.","releases":{"buster":{"repositories":{"buster":"1:0.0+git20181201.351d144+dfsg-2"},"urgency":"medium**","status":"open"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1:0.0+git20161013.8b4af36+dfsg-3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:0.0+git20181201.351d144+dfsg-3","repositories":{"sid":"1:0.0+git20181201.351d144+dfsg-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-17846":{"debianbug":911795,"scope":"remote","description":"The html package (aka x/net/html) through 2018-09-25 in Go mishandles <table><math><select><mi><select><\/table>, leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification.","releases":{"buster":{"repositories":{"buster":"1:0.0+git20181201.351d144+dfsg-2"},"urgency":"medium**","status":"open"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1:0.0+git20161013.8b4af36+dfsg-3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:0.0+git20181201.351d144+dfsg-3","repositories":{"sid":"1:0.0+git20181201.351d144+dfsg-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-3215":{"debianbug":429179,"scope":"remote","description":"PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php.","releases":{"buster":{"fixed_version":"1.73-4","repositories":{"buster":"6.0.6-0.1"},"urgency":"high","status":"resolved"},"stretch":{"fixed_version":"1.73-4","repositories":{"stretch-security":"5.2.14+dfsg-2.3+deb9u1","stretch":"5.2.14+dfsg-2.3+deb9u1"},"urgency":"high","status":"resolved"},"jessie":{"fixed_version":"1.73-4","repositories":{"jessie":"5.2.9+dfsg-2+deb8u3","jessie-security":"5.2.9+dfsg-2+deb8u5"},"urgency":"high","status":"resolved"},"sid":{"fixed_version":"1.73-4","repositories":{"sid":"6.0.6-0.1"},"urgency":"high","status":"resolved"}}}}
{"CVE-2018-19296":{"debianbug":913912,"scope":"remote","description":"PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack.","releases":{"buster":{"fixed_version":"5.2.14+dfsg-2.4","repositories":{"buster":"6.0.6-0.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"5.2.14+dfsg-2.3+deb9u1","repositories":{"stretch-security":"5.2.14+dfsg-2.3+deb9u1","stretch":"5.2.14+dfsg-2.3+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"5.2.9+dfsg-2+deb8u4","repositories":{"jessie":"5.2.9+dfsg-2+deb8u3","jessie-security":"5.2.9+dfsg-2+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"5.2.14+dfsg-2.4","repositories":{"sid":"6.0.6-0.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-1807":{"scope":"remote","description":"The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier allows remote attackers to cause a denial of service (infinite loop leading to memory and CPU consumption) via a long header field.","releases":{"buster":{"fixed_version":"1.73","repositories":{"buster":"6.0.6-0.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.73","repositories":{"stretch-security":"5.2.14+dfsg-2.3+deb9u1","stretch":"5.2.14+dfsg-2.3+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.73","repositories":{"jessie":"5.2.9+dfsg-2+deb8u3","jessie-security":"5.2.9+dfsg-2+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.73","repositories":{"sid":"6.0.6-0.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5223":{"debianbug":853232,"scope":"local","description":"An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base directory is provided, it resolves to /, meaning that relative image URLs get treated as absolute local file paths and added as attachments. To form a remote vulnerability, the msgHTML method must be called, passed an unfiltered, user-supplied HTML document, and must not set a base directory.","releases":{"buster":{"fixed_version":"5.2.14+dfsg-2.3","repositories":{"buster":"6.0.6-0.1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"5.2.14+dfsg-2.3","repositories":{"stretch-security":"5.2.14+dfsg-2.3+deb9u1","stretch":"5.2.14+dfsg-2.3+deb9u1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"5.2.9+dfsg-2+deb8u4","repositories":{"jessie":"5.2.9+dfsg-2+deb8u3","jessie-security":"5.2.9+dfsg-2+deb8u5"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"5.2.14+dfsg-2.3","repositories":{"sid":"6.0.6-0.1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2015-8476":{"debianbug":807265,"scope":"remote","description":"Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 allow attackers to inject arbitrary SMTP commands via CRLF sequences in an (1) email address to the validateAddress function in class.phpmailer.php or (2) SMTP command to the sendCommand function in class.smtp.php, a different vulnerability than CVE-2012-0796.","releases":{"buster":{"fixed_version":"5.2.14+dfsg-1","repositories":{"buster":"6.0.6-0.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"5.2.14+dfsg-1","repositories":{"stretch-security":"5.2.14+dfsg-2.3+deb9u1","stretch":"5.2.14+dfsg-2.3+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"5.2.9+dfsg-2+deb8u1","repositories":{"jessie":"5.2.9+dfsg-2+deb8u3","jessie-security":"5.2.9+dfsg-2+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"5.2.14+dfsg-1","repositories":{"sid":"6.0.6-0.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-10045":{"scope":"remote","description":"The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"6.0.6-0.1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"5.2.14+dfsg-2.3+deb9u1","stretch":"5.2.14+dfsg-2.3+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"5.2.9+dfsg-2+deb8u3","jessie-security":"5.2.9+dfsg-2+deb8u5"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"6.0.6-0.1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-10033":{"debianbug":849365,"scope":"remote","description":"The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \\\" (backslash double quote) in a crafted Sender property.","releases":{"buster":{"fixed_version":"5.2.14+dfsg-2.1","repositories":{"buster":"6.0.6-0.1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"5.2.14+dfsg-2.1","repositories":{"stretch-security":"5.2.14+dfsg-2.3+deb9u1","stretch":"5.2.14+dfsg-2.3+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"5.2.9+dfsg-2+deb8u2","repositories":{"jessie":"5.2.9+dfsg-2+deb8u3","jessie-security":"5.2.9+dfsg-2+deb8u5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"5.2.14+dfsg-2.1","repositories":{"sid":"6.0.6-0.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-11503":{"scope":"remote","description":"PHPMailer 5.2.23 has XSS in the \"From Email Address\" and \"To Email Address\" fields of code_generator.php.","releases":{"buster":{"repositories":{"buster":"6.0.6-0.1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"5.2.14+dfsg-2.3+deb9u1","stretch":"5.2.14+dfsg-2.3+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"5.2.9+dfsg-2+deb8u3","jessie-security":"5.2.9+dfsg-2+deb8u5"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"6.0.6-0.1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2018-3769":{"debianbug":903086,"scope":"remote","description":"ruby-grape ruby gem suffers from a cross-site scripting (XSS) vulnerability via \"format\" parameter.","releases":{"buster":{"fixed_version":"1.1.0-1","repositories":{"buster":"1.1.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.16.2-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.1.0-1","repositories":{"sid":"1.1.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-0360":{"scope":"remote","description":"file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a \"same root name but with a suffix\" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242.","releases":{"buster":{"fixed_version":"4.2.1-2","repositories":{"buster":"5.0.4-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.2.1-2","repositories":{"stretch-security":"4.2.1-2+deb9u1","stretch":"4.2.1-2+deb9u1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"3.4.0-3+deb8u3","repositories":{"jessie":"3.4.0-3+deb8u3","jessie-security":"3.4.0-3+deb8u3"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.2.1-2","repositories":{"sid":"5.0.4-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2012-0215":{"scope":"remote","description":"model/modelstorage.py in the Tryton application framework (trytond) before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a (1) create, (2) write, (3) delete, or (4) copy rpc call.","releases":{"buster":{"fixed_version":"2.2.2-1","repositories":{"buster":"5.0.4-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.2.2-1","repositories":{"stretch-security":"4.2.1-2+deb9u1","stretch":"4.2.1-2+deb9u1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.2.2-1","repositories":{"jessie":"3.4.0-3+deb8u3","jessie-security":"3.4.0-3+deb8u3"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.2.2-1","repositories":{"sid":"5.0.4-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2012-2238":{"releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.0.4-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"4.2.1-2+deb9u1","stretch":"4.2.1-2+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.4.0-3+deb8u3","jessie-security":"3.4.0-3+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.0.4-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-6633":{"scope":"remote","description":"The safe_eval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the collection.domain in the webdav module or (2) the formula field in the price_list module.","releases":{"buster":{"fixed_version":"3.2.3-1","repositories":{"buster":"5.0.4-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.2.3-1","repositories":{"stretch-security":"4.2.1-2+deb9u1","stretch":"4.2.1-2+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.2.3-1","repositories":{"jessie":"3.4.0-3+deb8u3","jessie-security":"3.4.0-3+deb8u3"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.2.3-1","repositories":{"sid":"5.0.4-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-1242":{"scope":"remote","description":"file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors.","releases":{"buster":{"fixed_version":"4.0.4-1","repositories":{"buster":"5.0.4-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.0.4-1","repositories":{"stretch-security":"4.2.1-2+deb9u1","stretch":"4.2.1-2+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.4.0-3+deb8u2","repositories":{"jessie":"3.4.0-3+deb8u3","jessie-security":"3.4.0-3+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.0.4-1","repositories":{"sid":"5.0.4-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-0861":{"scope":"remote","description":"model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, and 3.8.x before 3.8.1 allows remote authenticated users to bypass intended access restrictions and write to arbitrary fields via a sequence of records.","releases":{"buster":{"fixed_version":"3.8.1-1","repositories":{"buster":"5.0.4-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.8.1-1","repositories":{"stretch-security":"4.2.1-2+deb9u1","stretch":"4.2.1-2+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.4.0-3+deb8u1","repositories":{"jessie":"3.4.0-3+deb8u3","jessie-security":"3.4.0-3+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.8.1-1","repositories":{"sid":"5.0.4-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-10868":{"scope":"remote","description":"In trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.4 before 4.4.19, 4.6 before 4.6.14, 4.8 before 4.8.10, and 5.0 before 5.0.6, an authenticated user can order records based on a field for which he has no access right. This may allow the user to guess values.","releases":{"buster":{"fixed_version":"5.0.4-2","repositories":{"buster":"5.0.4-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.2.1-2+deb9u1","repositories":{"stretch-security":"4.2.1-2+deb9u1","stretch":"4.2.1-2+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.4.0-3+deb8u3","jessie-security":"3.4.0-3+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"5.0.4-2","repositories":{"sid":"5.0.4-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-1241":{"scope":"remote","description":"Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors.","releases":{"buster":{"fixed_version":"4.0.4-1","repositories":{"buster":"5.0.4-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.0.4-1","repositories":{"stretch-security":"4.2.1-2+deb9u1","stretch":"4.2.1-2+deb9u1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"3.4.0-3+deb8u2","repositories":{"jessie":"3.4.0-3+deb8u3","jessie-security":"3.4.0-3+deb8u3"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.0.4-1","repositories":{"sid":"5.0.4-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-6789":{"debianbug":890000,"scope":"remote","description":"An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.","releases":{"buster":{"fixed_version":"4.90.1-1","repositories":{"buster":"4.92-7"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.89-2+deb9u3","repositories":{"stretch-security":"4.89-2+deb9u3","stretch":"4.89-2+deb9u3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.84.2-2+deb8u5","repositories":{"jessie":"4.84.2-2+deb8u5","jessie-security":"4.84.2-2+deb8u5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.90.1-1","repositories":{"sid":"4.92-7"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-2957":{"scope":"remote","description":"The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expand_string function.","releases":{"buster":{"fixed_version":"4.82.1-1","repositories":{"buster":"4.92-7"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"4.82.1-1","repositories":{"stretch-security":"4.89-2+deb9u3","stretch":"4.89-2+deb9u3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"4.82.1-1","repositories":{"jessie":"4.84.2-2+deb8u5","jessie-security":"4.84.2-2+deb8u5"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"4.82.1-1","repositories":{"sid":"4.92-7"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-0017":{"scope":"local","description":"The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.","releases":{"buster":{"fixed_version":"4.72-4","repositories":{"buster":"4.92-7"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.72-4","repositories":{"stretch-security":"4.89-2+deb9u3","stretch":"4.89-2+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.72-4","repositories":{"jessie":"4.84.2-2+deb8u5","jessie-security":"4.84.2-2+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.72-4","repositories":{"sid":"4.92-7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2004-0399":{"scope":"remote","description":"Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification.","releases":{"buster":{"fixed_version":"4.33-1","repositories":{"buster":"4.92-7"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.33-1","repositories":{"stretch-security":"4.89-2+deb9u3","stretch":"4.89-2+deb9u3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.33-1","repositories":{"jessie":"4.84.2-2+deb8u5","jessie-security":"4.84.2-2+deb8u5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.33-1","repositories":{"sid":"4.92-7"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-1764":{"debianbug":624670,"scope":"remote","description":"Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.","releases":{"buster":{"fixed_version":"4.75-3","repositories":{"buster":"4.92-7"},"urgency":"high","status":"resolved"},"stretch":{"fixed_version":"4.75-3","repositories":{"stretch-security":"4.89-2+deb9u3","stretch":"4.89-2+deb9u3"},"urgency":"high","status":"resolved"},"jessie":{"fixed_version":"4.75-3","repositories":{"jessie":"4.84.2-2+deb8u5","jessie-security":"4.84.2-2+deb8u5"},"urgency":"high","status":"resolved"},"sid":{"fixed_version":"4.75-3","repositories":{"sid":"4.92-7"},"urgency":"high","status":"resolved"}}}}
{"CVE-2011-1407":{"scope":"remote","description":"The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.","releases":{"buster":{"fixed_version":"4.76-1","repositories":{"buster":"4.92-7"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.76-1","repositories":{"stretch-security":"4.89-2+deb9u3","stretch":"4.89-2+deb9u3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.76-1","repositories":{"jessie":"4.84.2-2+deb8u5","jessie-security":"4.84.2-2+deb8u5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.76-1","repositories":{"sid":"4.92-7"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2005-0021":{"debianbug":290036,"scope":"local","description":"Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.","releases":{"buster":{"fixed_version":"4.34-10","repositories":{"buster":"4.92-7"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.34-10","repositories":{"stretch-security":"4.89-2+deb9u3","stretch":"4.89-2+deb9u3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.34-10","repositories":{"jessie":"4.84.2-2+deb8u5","jessie-security":"4.84.2-2+deb8u5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.34-10","repositories":{"sid":"4.92-7"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2002-1381":{"scope":"local","description":"Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.","releases":{"buster":{"fixed_version":"4.11-0.0.1","repositories":{"buster":"4.92-7"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.11-0.0.1","repositories":{"stretch-security":"4.89-2+deb9u3","stretch":"4.89-2+deb9u3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.11-0.0.1","repositories":{"jessie":"4.84.2-2+deb8u5","jessie-security":"4.84.2-2+deb8u5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.11-0.0.1","repositories":{"sid":"4.92-7"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2004-0400":{"scope":"remote","description":"Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check.","releases":{"buster":{"fixed_version":"4.33-1","repositories":{"buster":"4.92-7"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.33-1","repositories":{"stretch-security":"4.89-2+deb9u3","stretch":"4.89-2+deb9u3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.33-1","repositories":{"jessie":"4.84.2-2+deb8u5","jessie-security":"4.84.2-2+deb8u5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.33-1","repositories":{"sid":"4.92-7"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2005-0022":{"scope":"local","description":"Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.","releases":{"buster":{"fixed_version":"4.34-10","repositories":{"buster":"4.92-7"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.34-10","repositories":{"stretch-security":"4.89-2+deb9u3","stretch":"4.89-2+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.34-10","repositories":{"jessie":"4.84.2-2+deb8u5","jessie-security":"4.84.2-2+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.34-10","repositories":{"sid":"4.92-7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-2972":{"scope":"local","description":"expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value.","releases":{"buster":{"fixed_version":"4.82.1-2","repositories":{"buster":"4.92-7"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"4.82.1-2","repositories":{"stretch-security":"4.89-2+deb9u3","stretch":"4.89-2+deb9u3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"4.82.1-2","repositories":{"jessie":"4.84.2-2+deb8u5","jessie-security":"4.84.2-2+deb8u5"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"4.82.1-2","repositories":{"sid":"4.92-7"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-9963":{"scope":"remote","description":"Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.","releases":{"buster":{"fixed_version":"4.88~RC6-2","repositories":{"buster":"4.92-7"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.88~RC6-2","repositories":{"stretch-security":"4.89-2+deb9u3","stretch":"4.89-2+deb9u3"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.84.2-2+deb8u2","repositories":{"jessie":"4.84.2-2+deb8u5","jessie-security":"4.84.2-2+deb8u5"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.88~RC6-2","repositories":{"sid":"4.92-7"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2010-4345":{"debianbug":606527,"scope":"local","description":"Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.","releases":{"buster":{"fixed_version":"4.72-3","repositories":{"buster":"4.92-7"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.72-3","repositories":{"stretch-security":"4.89-2+deb9u3","stretch":"4.89-2+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.72-3","repositories":{"jessie":"4.84.2-2+deb8u5","jessie-security":"4.84.2-2+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.72-3","repositories":{"sid":"4.92-7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-1531":{"scope":"local","description":"Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument.","releases":{"buster":{"fixed_version":"4.86.2-1","repositories":{"buster":"4.92-7"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.86.2-1","repositories":{"stretch-security":"4.89-2+deb9u3","stretch":"4.89-2+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.84.2-1","repositories":{"jessie":"4.84.2-2+deb8u5","jessie-security":"4.84.2-2+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.86.2-1","repositories":{"sid":"4.92-7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-2023":{"scope":"local","description":"transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.","releases":{"buster":{"fixed_version":"4.72-1","repositories":{"buster":"4.92-7"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"4.72-1","repositories":{"stretch-security":"4.89-2+deb9u3","stretch":"4.89-2+deb9u3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"4.72-1","repositories":{"jessie":"4.84.2-2+deb8u5","jessie-security":"4.84.2-2+deb8u5"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"4.72-1","repositories":{"sid":"4.92-7"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-4344":{"debianbug":606612,"scope":"remote","description":"Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.","releases":{"buster":{"fixed_version":"4.70-1","repositories":{"buster":"4.92-7"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.70-1","repositories":{"stretch-security":"4.89-2+deb9u3","stretch":"4.89-2+deb9u3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.70-1","repositories":{"jessie":"4.84.2-2+deb8u5","jessie-security":"4.84.2-2+deb8u5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.70-1","repositories":{"sid":"4.92-7"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-2024":{"scope":"local","description":"transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.","releases":{"buster":{"fixed_version":"4.72-1","repositories":{"buster":"4.92-7"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"4.72-1","repositories":{"stretch-security":"4.89-2+deb9u3","stretch":"4.89-2+deb9u3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"4.72-1","repositories":{"jessie":"4.84.2-2+deb8u5","jessie-security":"4.84.2-2+deb8u5"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"4.72-1","repositories":{"sid":"4.92-7"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-1000369":{"scope":"local","description":"Exim supports the use of multiple \"-p\" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time.","releases":{"buster":{"fixed_version":"4.89-3","repositories":{"buster":"4.92-7"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.89-2+deb9u1","repositories":{"stretch-security":"4.89-2+deb9u3","stretch":"4.89-2+deb9u3"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.84.2-2+deb8u4","repositories":{"jessie":"4.84.2-2+deb8u5","jessie-security":"4.84.2-2+deb8u5"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.89-3","repositories":{"sid":"4.92-7"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2012-5671":{"scope":"remote","description":"Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to \"warn control = dkim_disable_verify,\" allows remote attackers to execute arbitrary code via an email from a malicious DNS server.","releases":{"buster":{"fixed_version":"4.80-5.1","repositories":{"buster":"4.92-7"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"4.80-5.1","repositories":{"stretch-security":"4.89-2+deb9u3","stretch":"4.89-2+deb9u3"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"4.80-5.1","repositories":{"jessie":"4.84.2-2+deb8u5","jessie-security":"4.84.2-2+deb8u5"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"4.80-5.1","repositories":{"sid":"4.92-7"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2017-16943":{"debianbug":882648,"scope":"remote","description":"The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands.","releases":{"buster":{"fixed_version":"4.89-12","repositories":{"buster":"4.92-7"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.89-2+deb9u2","repositories":{"stretch-security":"4.89-2+deb9u3","stretch":"4.89-2+deb9u3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.84.2-2+deb8u5","jessie-security":"4.84.2-2+deb8u5"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"4.89-12","repositories":{"sid":"4.92-7"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-16944":{"debianbug":882671,"scope":"remote","description":"The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the bdat_getc function.","releases":{"buster":{"fixed_version":"4.89-13","repositories":{"buster":"4.92-7"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.89-2+deb9u2","repositories":{"stretch-security":"4.89-2+deb9u3","stretch":"4.89-2+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.84.2-2+deb8u5","jessie-security":"4.84.2-2+deb8u5"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"4.89-13","repositories":{"sid":"4.92-7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-2570":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in www/make_subset.php in PHP Font Lib before 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter.","releases":{"buster":{"repositories":{"buster":"0.3.1+dfsg-3"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"0.3.1+dfsg-3"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"0.2.2+dfsg-2"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"0.3.1+dfsg-3"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2008-1845":{"scope":"local","description":"The Korn shell (aka mksh) before R33d on MirOS (aka MirBSD) does not flush the tty's I/O when invoking mksh in a new terminal, which allows local users to gain privileges by opening a virtual terminal and entering command sequences, which might later be executed in opportunistic circumstances by a different user who launches mksh and specifies that terminal with the -T option.","releases":{"buster":{"fixed_version":"33.4-1","repositories":{"buster":"57-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"33.4-1","repositories":{"stretch":"54-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"33.4-1","repositories":{"jessie":"50d-5"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"33.4-1","repositories":{"sid":"57-1"},"urgency":"low","status":"resolved"}}}}
{"TEMP-0313081-3428D4":{"debianbug":313081,"releases":{"buster":{"fixed_version":"4.2.22-1","repositories":{"buster":"4.6.0+git+20190209-2"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"4.2.22-1","repositories":{"stretch":"4.6.0+git+20161106-2"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"4.2.22-1","repositories":{"jessie":"4.4.2-9"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"4.2.22-1","repositories":{"sid":"4.6.0+git+20190209-2"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2007-2452":{"debianbug":426862,"scope":"remote","description":"Heap-based buffer overflow in the visit_old_format function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability than CVE-2001-1036.","releases":{"buster":{"fixed_version":"4.2.31-1","repositories":{"buster":"4.6.0+git+20190209-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"4.2.31-1","repositories":{"stretch":"4.6.0+git+20161106-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"4.2.31-1","repositories":{"jessie":"4.4.2-9"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"4.2.31-1","repositories":{"sid":"4.6.0+git+20190209-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-1378":{"debianbug":776502,"scope":"remote","description":"cmdlineopts.clp in grml-debootstrap in Debian 0.54, 0.68.x before 0.68.1, 0.7x before 0.78 is sourced without checking that the local directory is writable by non-root users.","releases":{"buster":{"fixed_version":"0.68.1","repositories":{"buster":"0.88"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.68.1","repositories":{"stretch":"0.78"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.68.1","repositories":{"jessie":"0.68.1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.68.1","repositories":{"sid":"0.88"},"urgency":"low","status":"resolved"}}}}
{"CVE-2003-0777":{"scope":"remote","description":"saned in sane-backends 1.0.7 and earlier, when debug messages are enabled, does not properly handle dropped connections, which can prevent strings from being null terminated and cause a denial of service (segmentation fault).","releases":{"buster":{"fixed_version":"1.0.11-1","repositories":{"buster":"1.0.27-3.2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.11-1","repositories":{"stretch":"1.0.25-4.1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.11-1","repositories":{"jessie":"1.0.24-8+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.11-1","repositories":{"sid":"1.0.27-3.2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2003-0778":{"scope":"remote","description":"saned in sane-backends 1.0.7 and earlier, and possibly later versions, does not properly allocate memory in certain cases, which could allow attackers to cause a denial of service (memory consumption).","releases":{"buster":{"fixed_version":"1.0.11-1","repositories":{"buster":"1.0.27-3.2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.11-1","repositories":{"stretch":"1.0.25-4.1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.11-1","repositories":{"jessie":"1.0.24-8+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.11-1","repositories":{"sid":"1.0.27-3.2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2003-0775":{"scope":"remote","description":"saned in sane-backends 1.0.7 and earlier calls malloc with an arbitrary size value if a connection is dropped before the size value has been sent, which allows remote attackers to cause a denial of service (memory consumption or crash).","releases":{"buster":{"fixed_version":"1.0.11-1","repositories":{"buster":"1.0.27-3.2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.11-1","repositories":{"stretch":"1.0.25-4.1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.11-1","repositories":{"jessie":"1.0.24-8+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.11-1","repositories":{"sid":"1.0.27-3.2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6318":{"debianbug":854804,"scope":"remote","description":"saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet.","releases":{"buster":{"fixed_version":"1.0.25-4","repositories":{"buster":"1.0.27-3.2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.0.25-4","repositories":{"stretch":"1.0.25-4.1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.0.24-8+deb8u2","repositories":{"jessie":"1.0.24-8+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.25-4","repositories":{"sid":"1.0.27-3.2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2003-0776":{"scope":"remote","description":"saned in sane-backends 1.0.7 and earlier does not properly \"check the validity of the RPC numbers it gets before getting the parameters,\" with unknown consequences.","releases":{"buster":{"fixed_version":"1.0.11-1","repositories":{"buster":"1.0.27-3.2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0.11-1","repositories":{"stretch":"1.0.25-4.1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.0.11-1","repositories":{"jessie":"1.0.24-8+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0.11-1","repositories":{"sid":"1.0.27-3.2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2003-0773":{"scope":"remote","description":"saned in sane-backends 1.0.7 and earlier does not check the IP address of the connecting host during the SANE_NET_INIT RPC call, which allows remote attackers to use that call even if they are restricted in saned.conf.","releases":{"buster":{"fixed_version":"1.0.11-1","repositories":{"buster":"1.0.27-3.2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0.11-1","repositories":{"stretch":"1.0.25-4.1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.0.11-1","repositories":{"jessie":"1.0.24-8+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0.11-1","repositories":{"sid":"1.0.27-3.2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2003-0774":{"scope":"remote","description":"saned in sane-backends 1.0.7 and earlier does not quickly handle connection drops, which allows remote attackers to cause a denial of service (segmentation fault) when invalid memory is accessed.","releases":{"buster":{"fixed_version":"1.0.11-1","repositories":{"buster":"1.0.27-3.2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0.11-1","repositories":{"stretch":"1.0.25-4.1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.0.11-1","repositories":{"jessie":"1.0.24-8+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0.11-1","repositories":{"sid":"1.0.27-3.2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-4040":{"scope":"remote","description":"snap in powerpc-utils 1.2.20 produces an archive with fstab and yaboot.conf files potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream.","releases":{"buster":{"fixed_version":"1.3.1-2","repositories":{"buster":"1.3.2-1.1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.3.1-2","repositories":{"stretch":"1.3.2-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"1.1.3-25"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"1.3.1-2","repositories":{"sid":"1.3.2-1.1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-8165":{"scope":"remote","description":"scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.3.2-1.1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.3.2-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.1.3-25"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.3.2-1.1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-4512":{"releases":{"stretch":{"repositories":{"stretch":"4:16.08.3-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"4:4.14.2-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2012-4514":{"scope":"remote","description":"rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted web page, related to \"trying to reuse a frame with a null part.\"","releases":{"stretch":{"repositories":{"stretch":"4:16.08.3-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"4:4.14.2-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2012-4513":{"scope":"remote","description":"khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via large canvas dimensions, which leads to an unexpected sign extension and a heap-based buffer over-read.","releases":{"stretch":{"repositories":{"stretch":"4:16.08.3-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"4:4.14.2-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2012-4515":{"scope":"remote","description":"Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in Konqueror in KDE 4.7.3, when the context menu is shown, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by accessing an iframe when it is being updated.","releases":{"stretch":{"repositories":{"stretch":"4:16.08.3-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"4:4.14.2-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2014-3566":{"debianbug":765539,"scope":"remote","description":"The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the \"POODLE\" issue.","releases":{"stretch":{"repositories":{"stretch":"4:16.08.3-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"4:4.14.2-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2015-2285":{"scope":"local","description":"The logrotation script (/etc/cron.daily/upstart) in the Ubuntu Upstart package before 1.13.2-0ubuntu9, as used in Ubuntu Vivid 15.04, allows local users to execute arbitrary commands and gain privileges via a crafted file in /run/user/*/upstart/sessions/.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1.11-5"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-1046":{"debianbug":355797,"scope":"remote","description":"server.cpp in Monopd 0.9.3 allows remote attackers to cause a denial of service (CPU and memory consumption) via a string containing a large number of characters that are escaped when Monopd produces XML output.","releases":{"buster":{"fixed_version":"0.9.3-2","repositories":{"buster":"0.10.2-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.9.3-2","repositories":{"stretch":"0.10.2-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.9.3-2","repositories":{"jessie":"0.9.7-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.9.3-2","repositories":{"sid":"0.10.2-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-0841":{"debianbug":781043,"releases":{"buster":{"repositories":{"buster":"0.10.2-3"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"0.10.2-2"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"0.9.7-2"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"0.10.2-3"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2009-4012":{"scope":"remote","description":"Multiple integer overflows in LibThai before 0.1.13 might allow context-dependent attackers to execute arbitrary code via long strings that trigger heap-based buffer overflows, related to (1) thbrk/thbrk.c and (2) thwbrk/thwbrk.c.  NOTE: some of these details are obtained from third party information.","releases":{"buster":{"fixed_version":"0.1.13-1","repositories":{"buster":"0.1.28-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.1.13-1","repositories":{"stretch":"0.1.26-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.1.13-1","repositories":{"jessie":"0.1.21-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.1.13-1","repositories":{"sid":"0.1.28-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-20455":{"scope":"remote","description":"In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow attackers to cause a denial of service (application crash via a stack-based buffer overflow) by crafting an input file, a related issue to CVE-2018-20456.","releases":{"buster":{"fixed_version":"3.1.2+dfsg-1","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"3.1.2+dfsg-1","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-20457":{"debianbug":917322,"scope":"remote","description":"In radare2 through 3.1.3, the assemble function inside libr/asm/p/asm_arm_cs.c allows attackers to cause a denial-of-service (application crash via an r_num_calc out-of-bounds read) by crafting an arm assembly input because a loop uses an incorrect index in armass.c and certain length validation is missing in armass64.c, a related issue to CVE-2018-20459.","releases":{"buster":{"fixed_version":"3.2.1+dfsg-1","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"3.2.1+dfsg-1","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-11380":{"scope":"remote","description":"The parse_import_ptr() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted Mach-O file.","releases":{"buster":{"fixed_version":"2.6.0+dfsg-1","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.6.0+dfsg-1","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-11381":{"scope":"remote","description":"The string_scan_range() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.","releases":{"buster":{"fixed_version":"2.6.0+dfsg-1","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.6.0+dfsg-1","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-20456":{"scope":"remote","description":"In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow attackers to cause a denial of service (application crash in libr/util/strbuf.c via a stack-based buffer over-read) by crafting an input file, a related issue to CVE-2018-20455.","releases":{"buster":{"fixed_version":"3.1.2+dfsg-1","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"3.1.2+dfsg-1","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-20459":{"debianbug":917322,"scope":"remote","description":"In radare2 through 3.1.3, the armass_assemble function in libr/asm/arch/arm/armass.c allows attackers to cause a denial-of-service (application crash by out-of-bounds read) by crafting an arm assembly input because a loop uses an incorrect index in armass.c and certain length validation is missing in armass64.c, a related issue to CVE-2018-20457.","releases":{"buster":{"fixed_version":"3.2.1+dfsg-1","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"3.2.1+dfsg-1","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-20458":{"scope":"remote","description":"In radare2 prior to 3.1.1, r_bin_dyldcache_extract in libr/bin/format/mach0/dyldcache.c may allow attackers to cause a denial-of-service (application crash caused by out-of-bounds read) by crafting an input file.","releases":{"buster":{"fixed_version":"3.1.2+dfsg-1","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"3.1.2+dfsg-1","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-6319":{"debianbug":856579,"scope":"remote","description":"The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted DEX file.","releases":{"buster":{"fixed_version":"1.1.0+dfsg-3","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.1.0+dfsg-3","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.1.0+dfsg-3","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-9949":{"debianbug":866068,"scope":"remote","description":"The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service (stack-based buffer underflow and application crash) or possibly have unspecified other impact via a crafted binary file, possibly related to a buffer underflow in fs/ext2.c in GNU GRUB 2.02.","releases":{"buster":{"fixed_version":"1.6.0+dfsg-1","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.6.0+dfsg-1","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-11379":{"scope":"remote","description":"The get_debug_info() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted PE file.","releases":{"buster":{"fixed_version":"2.6.0+dfsg-1","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.6.0+dfsg-1","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-15368":{"debianbug":878767,"scope":"remote","description":"The wasm_dis function in libr/asm/arch/wasm/wasm.c in radare2 2.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted WASM file that triggers an incorrect r_hex_bin2str call.","releases":{"buster":{"fixed_version":"2.1.0+dfsg-1","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.1.0+dfsg-1","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-11375":{"scope":"remote","description":"The _inst__lds() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-11376":{"scope":"remote","description":"The r_read_le32() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file.","releases":{"buster":{"fixed_version":"2.6.0+dfsg-1","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.6.0+dfsg-1","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-2305":{"debianbug":778389,"scope":"remote","description":"Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"0.10.5+dfsg-1","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.10.5+dfsg-1","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"low","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.10.5+dfsg-1","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-11377":{"scope":"remote","description":"The avr_op_analyze() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.","releases":{"buster":{"fixed_version":"2.6.0+dfsg-1","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.6.0+dfsg-1","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-11378":{"scope":"remote","description":"The wasm_dis() function in libr/asm/arch/wasm/wasm.c in or possibly have unspecified other impact via a crafted WASM file.","releases":{"buster":{"fixed_version":"2.6.0+dfsg-1","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.6.0+dfsg-1","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-6197":{"debianbug":856063,"scope":"remote","description":"The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by the r_read_le32 function.","releases":{"buster":{"fixed_version":"1.1.0+dfsg-2","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.1.0+dfsg-2","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.1.0+dfsg-2","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6194":{"debianbug":859448,"scope":"remote","description":"The relocs function in libr/bin/p/bin_bflt.c in radare2 1.2.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file.","releases":{"buster":{"fixed_version":"1.1.0+dfsg-4","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.1.0+dfsg-4","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.1.0+dfsg-4","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6448":{"debianbug":859447,"scope":"remote","description":"The dalvik_disassemble function in libr/asm/p/asm_dalvik.c in radare2 1.2.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted DEX file.","releases":{"buster":{"fixed_version":"1.1.0+dfsg-4","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.1.0+dfsg-4","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.1.0+dfsg-4","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-16805":{"debianbug":882134,"scope":"remote","description":"In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file, related to r_bin_dwarf_parse_comp_unit in dwarf.c and sdb_set_internal in shlr/sdb/src/sdb.c.","releases":{"buster":{"fixed_version":"2.1.0+dfsg-1","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.1.0+dfsg-1","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7854":{"scope":"remote","description":"The consume_init_expr function in wasm.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-14016":{"debianbug":903725,"scope":"remote","description":"The r_bin_mdmp_init_directory_entry function in mdmp.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Mini Crash Dump file.","releases":{"buster":{"fixed_version":"2.8.0+dfsg-1","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.8.0+dfsg-1","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-14015":{"debianbug":903724,"scope":"remote","description":"The sdb_set_internal function in sdb.c in radare2 2.7.0 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file because of missing input validation in r_bin_dwarf_parse_comp_unit in libr/bin/dwarf.c.","releases":{"buster":{"fixed_version":"2.8.0+dfsg-1","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.8.0+dfsg-1","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-14017":{"debianbug":903726,"scope":"remote","description":"The r_bin_java_annotation_new function in shlr/java/class.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted .class file because of missing input validation in r_bin_java_line_number_table_attr_new.","releases":{"buster":{"fixed_version":"2.8.0+dfsg-1","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.8.0+dfsg-1","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-11382":{"scope":"remote","description":"The _inst__sts() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-11383":{"scope":"remote","description":"The r_strbuf_fini() function in radare2 2.5.0 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted ELF file because of an uninitialized variable in the CPSE handler in libr/anal/p/anal_avr.c.","releases":{"buster":{"fixed_version":"2.6.0+dfsg-1","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.6.0+dfsg-1","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-11384":{"scope":"remote","description":"The sh_op() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file.","releases":{"buster":{"fixed_version":"2.6.0+dfsg-1","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.6.0+dfsg-1","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-8808":{"debianbug":895752,"scope":"remote","description":"In radare2 2.4.0, there is a heap-based buffer over-read in the r_asm_disassemble function of asm.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted dex file.","releases":{"buster":{"fixed_version":"2.6.0+dfsg-1","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.6.0+dfsg-1","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-8809":{"debianbug":895751,"scope":"remote","description":"In radare2 2.4.0, there is a heap-based buffer over-read in the dalvik_op function of anal_dalvik.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted dex file.","releases":{"buster":{"fixed_version":"2.6.0+dfsg-1","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.6.0+dfsg-1","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-7946":{"debianbug":860962,"scope":"remote","description":"The get_relocs_64 function in libr/bin/format/mach0/mach0.c in radare2 1.3.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted Mach0 file.","releases":{"buster":{"fixed_version":"1.1.0+dfsg-5","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.1.0+dfsg-5","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"low","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.1.0+dfsg-5","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-6415":{"debianbug":856572,"scope":"remote","description":"The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DEX file.","releases":{"buster":{"fixed_version":"1.1.0+dfsg-3","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.1.0+dfsg-3","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.1.0+dfsg-3","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-9762":{"debianbug":869426,"scope":"remote","description":"The cmd_info function in libr/core/cmd_info.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted binary file.","releases":{"buster":{"fixed_version":"1.6.0+dfsg-1","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.6.0+dfsg-1","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-9520":{"debianbug":864533,"scope":"remote","description":"The r_config_set function in libr/config/config.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted DEX file.","releases":{"buster":{"fixed_version":"1.6.0+dfsg-1","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.6.0+dfsg-1","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-9763":{"debianbug":869423,"scope":"remote","description":"The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote attackers to cause a denial of service (excessive stack use and application crash) via a crafted binary file, related to use of a variable-size stack array.","releases":{"buster":{"fixed_version":"1.6.0+dfsg-1","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.6.0+dfsg-1","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-15834":{"scope":"remote","description":"In radare2 before 2.9.0, a heap overflow vulnerability exists in the read_module_referenced_functions function in libr/anal/flirt.c via a crafted flirt signature file.","releases":{"buster":{"fixed_version":"2.9.0+dfsg-1","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.9.0+dfsg-1","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-12321":{"debianbug":901629,"scope":"remote","description":"There is a heap out of bounds read in radare2 2.6.0 in java_switch_op() in libr/anal/p/anal_java.c via a crafted Java binary file.","releases":{"buster":{"fixed_version":"2.7.0+dfsg-1","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.7.0+dfsg-1","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-10186":{"debianbug":897305,"scope":"remote","description":"In radare2 2.5.0, there is a heap-based buffer over-read in the r_hex_bin2str function (libr/util/hex.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted DEX file. This issue is different from CVE-2017-15368.","releases":{"buster":{"fixed_version":"2.6.0+dfsg-1","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.6.0+dfsg-1","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-12322":{"debianbug":901628,"scope":"remote","description":"There is a heap out of bounds read in radare2 2.6.0 in _6502_op() in libr/anal/p/anal_6502.c via a crafted iNES ROM binary file.","releases":{"buster":{"fixed_version":"2.7.0+dfsg-1","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.7.0+dfsg-1","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-16357":{"debianbug":880620,"scope":"remote","description":"In radare 2.0.1, a memory corruption vulnerability exists in store_versioninfo_gnu_verdef() and store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c, as demonstrated by an invalid free. This error is due to improper sh_size validation when allocating memory.","releases":{"buster":{"fixed_version":"2.1.0+dfsg-1","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.1.0+dfsg-1","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-9761":{"debianbug":869428,"scope":"remote","description":"The find_eoq function in libr/core/cmd.c in radare2 1.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.","releases":{"buster":{"fixed_version":"1.6.0+dfsg-1","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.6.0+dfsg-1","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-16358":{"debianbug":880619,"scope":"remote","description":"In radare 2.0.1, an out-of-bounds read vulnerability exists in string_scan_range() in libr/bin/bin.c when doing a string search.","releases":{"buster":{"fixed_version":"2.1.0+dfsg-1","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.1.0+dfsg-1","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-16359":{"debianbug":880616,"scope":"remote","description":"In radare 2.0.1, a pointer wraparound vulnerability exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c.","releases":{"buster":{"fixed_version":"2.1.0+dfsg-1","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.1.0+dfsg-1","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-12320":{"debianbug":901630,"scope":"remote","description":"There is a use after free in radare2 2.6.0 in r_anal_bb_free() in libr/anal/bb.c via a crafted Java binary file.","releases":{"buster":{"fixed_version":"2.7.0+dfsg-1","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.7.0+dfsg-1","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-10187":{"debianbug":897305,"scope":"remote","description":"In radare2 2.5.0, there is a heap-based buffer over-read in the dalvik_op function (libr/anal/p/anal_dalvik.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted DEX file. Note that this issue is different from CVE-2018-8809, which was patched earlier.","releases":{"buster":{"fixed_version":"2.6.0+dfsg-1","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.6.0+dfsg-1","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-10929":{"debianbug":867369,"scope":"remote","description":"The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, possibly related to a read overflow in the grub_disk_read_small_real function in kern/disk.c in GNU GRUB 2.02.","releases":{"buster":{"fixed_version":"1.6.0+dfsg-1","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.6.0+dfsg-1","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-7716":{"scope":"remote","description":"The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-15385":{"debianbug":879119,"scope":"remote","description":"The store_versioninfo_gnu_verdef function in libr/bin/format/elf/elf.c in radare2 2.0.0 allows remote attackers to cause a denial of service (r_read_le16 invalid write and application crash) or possibly have unspecified other impact via a crafted ELF file.","releases":{"buster":{"fixed_version":"2.1.0+dfsg-1","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.1.0+dfsg-1","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-20460":{"scope":"remote","description":"In radare2 prior to 3.1.2, the parseOperands function in libr/asm/arch/arm/armass64.c allows attackers to cause a denial-of-service (application crash caused by stack-based buffer overflow) by crafting an input file.","releases":{"buster":{"fixed_version":"3.1.2+dfsg-1","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"3.1.2+dfsg-1","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-20461":{"scope":"remote","description":"In radare2 prior to 3.1.1, core_anal_bytes in libr/core/cmd_anal.c allows attackers to cause a denial-of-service (application crash caused by out-of-bounds read) by crafting a binary file.","releases":{"buster":{"fixed_version":"3.1.2+dfsg-1","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"3.1.2+dfsg-1","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-6387":{"debianbug":856574,"scope":"remote","description":"The dex_loadcode function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DEX file.","releases":{"buster":{"fixed_version":"1.1.0+dfsg-3","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.1.0+dfsg-3","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.1.0+dfsg-3","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-15932":{"debianbug":880024,"scope":"remote","description":"In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c via crafted ELF files when parsing the ELF version on 32bit systems.","releases":{"buster":{"fixed_version":"2.1.0+dfsg-1","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.1.0+dfsg-1","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-15931":{"debianbug":880025,"scope":"remote","description":"In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c via crafted ELF files on 32bit systems.","releases":{"buster":{"fixed_version":"2.1.0+dfsg-1","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.1.0+dfsg-1","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-8810":{"debianbug":895749,"scope":"remote","description":"In radare2 2.4.0, there is a heap-based buffer over-read in the get_ivar_list_t function of mach0_classes.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted Mach-O file.","releases":{"buster":{"fixed_version":"2.6.0+dfsg-1","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.6.0+dfsg-1","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7274":{"scope":"remote","description":"The r_pkcs7_parse_cms function in libr/util/r_pkcs7.c in radare2 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PE file.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-19843":{"scope":"remote","description":"opmov in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service (buffer over-read) via crafted x86 assembly data, as demonstrated by rasm2.","releases":{"buster":{"fixed_version":"3.1.0+dfsg-1","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"3.1.0+dfsg-1","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-19842":{"scope":"remote","description":"getToken in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service (stack-based buffer over-read) via crafted x86 assembly data, as demonstrated by rasm2.","releases":{"buster":{"fixed_version":"3.1.0+dfsg-1","repositories":{"buster":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.1.0+dfsg-5"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.9.6-3.1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"3.1.0+dfsg-1","repositories":{"sid":"3.2.1+dfsg-5"},"urgency":"low","status":"resolved"}}}}
{"TEMP-0418662-DC1CF3":{"debianbug":418662,"releases":{"stretch":{"fixed_version":"3.0b2-5","repositories":{"stretch":"3.0.0-8.1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3.0b2-5","repositories":{"jessie":"3.0.0-7"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-0136":{"scope":"remote","description":"Multiple array index errors in the Audible::Tag::readTag function in metadata/audible/audibletag.cpp in Amarok 1.4.10 through 2.0.1 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via an Audible Audio (.aa) file with a crafted (1) nlen or (2) vlen Tag value, each of which can lead to an invalid pointer dereference, or the writing of a 0x00 byte to an arbitrary memory location, after an allocation failure.","releases":{"stretch":{"fixed_version":"1.4.10-2","repositories":{"stretch":"2.8.0-8"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.4.10-2","repositories":{"jessie":"2.8.0-2.1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.4.10-2","repositories":{"sid":"2.9.0-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2009-0135":{"scope":"remote","description":"Multiple integer overflows in the Audible::Tag::readTag function in metadata/audible/audibletag.cpp in Amarok 1.4.10 through 2.0.1 allow remote attackers to execute arbitrary code via an Audible Audio (.aa) file with a large (1) nlen or (2) vlen Tag value, each of which triggers a heap-based buffer overflow.","releases":{"stretch":{"fixed_version":"1.4.10-2","repositories":{"stretch":"2.8.0-8"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.4.10-2","repositories":{"jessie":"2.8.0-2.1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.4.10-2","repositories":{"sid":"2.9.0-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2006-6980":{"debianbug":410850,"scope":"remote","description":"The magnatune.com album browser in Amarok allows attackers to cause a denial of service (application crash) via unspecified vectors.","releases":{"stretch":{"fixed_version":"1.4.4-4","repositories":{"stretch":"2.8.0-8"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1.4.4-4","repositories":{"jessie":"2.8.0-2.1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.4.4-4","repositories":{"sid":"2.9.0-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-3699":{"debianbug":494765,"scope":"local","description":"The MagnatuneBrowser::listDownloadComplete function in magnatunebrowser/magnatunebrowser.cpp in Amarok before 1.4.10 allows local users to overwrite arbitrary files via a symlink attack on the album_info.xml temporary file.","releases":{"stretch":{"fixed_version":"1.4.10-1","repositories":{"stretch":"2.8.0-8"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1.4.10-1","repositories":{"jessie":"2.8.0-2.1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.4.10-1","repositories":{"sid":"2.9.0-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-6979":{"debianbug":410850,"scope":"remote","description":"The ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbitrary commands via shell metacharacters.","releases":{"stretch":{"fixed_version":"1.4.4-1","repositories":{"stretch":"2.8.0-8"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.4.4-1","repositories":{"jessie":"2.8.0-2.1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.4.4-1","repositories":{"sid":"2.9.0-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2005-2656":{"debianbug":325468,"scope":"local","description":"Polygen before 1.0.6 generates precompiled grammar objects with world-writable permissions, which allows local users to cause a denial of service (disk consumption) and possibly perform other unauthorized activities.","releases":{"buster":{"fixed_version":"1.0.6-9","repositories":{"buster":"1.0.6.ds2-18"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.0.6-9","repositories":{"stretch":"1.0.6.ds2-15"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.0.6-9","repositories":{"jessie":"1.0.6.ds2-13.1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.0.6-9","repositories":{"sid":"1.0.6.ds2-18"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-9206":{"scope":"remote","description":"Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0","releases":{"buster":{"fixed_version":"9.25.0-1","repositories":{"buster":"9.25.0-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"9.25.0-1","repositories":{"sid":"9.25.0-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-4567":{"debianbug":823649,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via an obfuscated form of the jsinitfunction parameter, as demonstrated by \"jsinitfunctio%gn.\"","releases":{"buster":{"repositories":{"buster":"2.15.1+dfsg-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"2.15.1+dfsg-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.15.1+dfsg-1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2.15.1+dfsg-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2007-3106":{"debianbug":669196,"scope":"remote","description":"lib/info.c in libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via invalid (1) blocksize_0 and (2) blocksize_1 values, which trigger a \"heap overwrite\" in the _01inverse function in res0.c.  NOTE: this issue has been RECAST so that CVE-2007-4029 handles additional vectors.","releases":{"buster":{"fixed_version":"1.2.0.dfsg-1","repositories":{"buster":"1.3.6-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.2.0.dfsg-1","repositories":{"stretch-security":"1.3.5-4+deb9u2","stretch":"1.3.5-4+deb9u2"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.2.0.dfsg-1","repositories":{"jessie":"1.3.4-2+deb8u1","jessie-security":"1.3.4-2+deb8u1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.2.0.dfsg-1","repositories":{"sid":"1.3.6-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2007-4029":{"debianbug":437916,"scope":"remote","description":"libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service via (1) an invalid mapping type, which triggers an out-of-bounds read in the vorbis_info_clear function in info.c, and (2) invalid blocksize values that trigger a segmentation fault in the read function in block.c.","releases":{"buster":{"fixed_version":"1.2.0.dfsg-1","repositories":{"buster":"1.3.6-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.2.0.dfsg-1","repositories":{"stretch-security":"1.3.5-4+deb9u2","stretch":"1.3.5-4+deb9u2"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.2.0.dfsg-1","repositories":{"jessie":"1.3.4-2+deb8u1","jessie-security":"1.3.4-2+deb8u1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.2.0.dfsg-1","repositories":{"sid":"1.3.6-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2018-5146":{"debianbug":893130,"scope":"remote","description":"An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.","releases":{"buster":{"fixed_version":"1.3.5-4.2","repositories":{"buster":"1.3.6-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.3.5-4+deb9u2","repositories":{"stretch-security":"1.3.5-4+deb9u2","stretch":"1.3.5-4+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.3.4-2+deb8u1","repositories":{"jessie":"1.3.4-2+deb8u1","jessie-security":"1.3.4-2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.3.5-4.2","repositories":{"sid":"1.3.6-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-1420":{"debianbug":482518,"scope":"remote","description":"Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow.","releases":{"buster":{"fixed_version":"1.2.0.dfsg-3.1","repositories":{"buster":"1.3.6-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.2.0.dfsg-3.1","repositories":{"stretch-security":"1.3.5-4+deb9u2","stretch":"1.3.5-4+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.2.0.dfsg-3.1","repositories":{"jessie":"1.3.4-2+deb8u1","jessie-security":"1.3.4-2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.2.0.dfsg-3.1","repositories":{"sid":"1.3.6-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-14160":{"debianbug":876780,"scope":"remote","description":"The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file.","releases":{"buster":{"fixed_version":"1.3.6-2","repositories":{"buster":"1.3.6-2"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch-security":"1.3.5-4+deb9u2","stretch":"1.3.5-4+deb9u2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.3.4-2+deb8u1","jessie-security":"1.3.4-2+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.3.6-2","repositories":{"sid":"1.3.6-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-1419":{"debianbug":482518,"scope":"remote","description":"Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a denial of service (crash or infinite loop) or trigger an integer overflow.","releases":{"buster":{"fixed_version":"1.2.0.dfsg-3.1","repositories":{"buster":"1.3.6-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.2.0.dfsg-3.1","repositories":{"stretch-security":"1.3.5-4+deb9u2","stretch":"1.3.5-4+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.2.0.dfsg-3.1","repositories":{"jessie":"1.3.4-2+deb8u1","jessie-security":"1.3.4-2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.2.0.dfsg-3.1","repositories":{"sid":"1.3.6-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-2663":{"debianbug":540958,"scope":"remote","description":"libvorbis before r16182, as used in Mozilla Firefox 3.5.x before 3.5.2 and other products, allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .ogg file.","releases":{"buster":{"fixed_version":"1.2.0.dfsg-6","repositories":{"buster":"1.3.6-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.2.0.dfsg-6","repositories":{"stretch-security":"1.3.5-4+deb9u2","stretch":"1.3.5-4+deb9u2"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.2.0.dfsg-6","repositories":{"jessie":"1.3.4-2+deb8u1","jessie-security":"1.3.4-2+deb8u1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.2.0.dfsg-6","repositories":{"sid":"1.3.6-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2017-11333":{"debianbug":870341,"scope":"remote","description":"The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file.","releases":{"buster":{"fixed_version":"1.3.5-4.1","repositories":{"buster":"1.3.6-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.3.5-4+deb9u1","repositories":{"stretch-security":"1.3.5-4+deb9u2","stretch":"1.3.5-4+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue, can be revisited once fixed upstream","repositories":{"jessie":"1.3.4-2+deb8u1","jessie-security":"1.3.4-2+deb8u1"},"urgency":"low","nodsa_reason":"postponed","status":"open"},"sid":{"fixed_version":"1.3.5-4.1","repositories":{"sid":"1.3.6-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-3379":{"debianbug":669196,"scope":"remote","description":"Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.  NOTE: this might overlap CVE-2009-2663.","releases":{"buster":{"fixed_version":"1.2.3-1","repositories":{"buster":"1.3.6-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.2.3-1","repositories":{"stretch-security":"1.3.5-4+deb9u2","stretch":"1.3.5-4+deb9u2"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.2.3-1","repositories":{"jessie":"1.3.4-2+deb8u1","jessie-security":"1.3.4-2+deb8u1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.2.3-1","repositories":{"sid":"1.3.6-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2017-14633":{"debianbug":876778,"scope":"remote","description":"In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().","releases":{"buster":{"fixed_version":"1.3.5-4.1","repositories":{"buster":"1.3.6-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.3.5-4+deb9u1","repositories":{"stretch-security":"1.3.5-4+deb9u2","stretch":"1.3.5-4+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue, can be fixed along later","repositories":{"jessie":"1.3.4-2+deb8u1","jessie-security":"1.3.4-2+deb8u1"},"urgency":"medium**","nodsa_reason":"postponed","status":"open"},"sid":{"fixed_version":"1.3.5-4.1","repositories":{"sid":"1.3.6-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-14632":{"debianbug":876779,"scope":"remote","description":"Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.","releases":{"buster":{"fixed_version":"1.3.5-4.1","repositories":{"buster":"1.3.6-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.3.5-4+deb9u1","repositories":{"stretch-security":"1.3.5-4+deb9u2","stretch":"1.3.5-4+deb9u2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.3.4-2+deb8u1","jessie-security":"1.3.4-2+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.3.5-4.1","repositories":{"sid":"1.3.6-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-2009":{"debianbug":482039,"scope":"remote","description":"Xiph.org libvorbis before 1.0 does not properly check for underpopulated Huffman trees, which allows remote attackers to cause a denial of service (crash) via a crafted OGG file that triggers memory corruption during execution of the _make_decode_tree function.","releases":{"buster":{"fixed_version":"1.2.0.dfsg-4","repositories":{"buster":"1.3.6-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.2.0.dfsg-4","repositories":{"stretch-security":"1.3.5-4+deb9u2","stretch":"1.3.5-4+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.2.0.dfsg-4","repositories":{"jessie":"1.3.4-2+deb8u1","jessie-security":"1.3.4-2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.2.0.dfsg-4","repositories":{"sid":"1.3.6-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-1423":{"debianbug":482518,"scope":"remote","description":"Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook, which triggers a heap overflow.","releases":{"buster":{"fixed_version":"1.2.0.dfsg-3.1","repositories":{"buster":"1.3.6-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.2.0.dfsg-3.1","repositories":{"stretch-security":"1.3.5-4+deb9u2","stretch":"1.3.5-4+deb9u2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.2.0.dfsg-3.1","repositories":{"jessie":"1.3.4-2+deb8u1","jessie-security":"1.3.4-2+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.2.0.dfsg-3.1","repositories":{"sid":"1.3.6-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-0444":{"debianbug":664197,"scope":"remote","description":"Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file.","releases":{"buster":{"fixed_version":"1.3.2-1.2","repositories":{"buster":"1.3.6-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.3.2-1.2","repositories":{"stretch-security":"1.3.5-4+deb9u2","stretch":"1.3.5-4+deb9u2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.3.2-1.2","repositories":{"jessie":"1.3.4-2+deb8u1","jessie-security":"1.3.4-2+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.3.2-1.2","repositories":{"sid":"1.3.6-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-4066":{"debianbug":669196,"scope":"remote","description":"Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow context-dependent attackers to cause a denial of service or have other unspecified impact via a crafted OGG file, aka trac Changesets 13162, 13168, 13169, 13170, 13172, 13211, and 13215, as demonstrated by an overflow in oggenc.exe related to the _psy_noiseguards_8 array.","releases":{"buster":{"fixed_version":"1.2.0.dfsg-1","repositories":{"buster":"1.3.6-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.2.0.dfsg-1","repositories":{"stretch-security":"1.3.5-4+deb9u2","stretch":"1.3.5-4+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.2.0.dfsg-1","repositories":{"jessie":"1.3.4-2+deb8u1","jessie-security":"1.3.4-2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.2.0.dfsg-1","repositories":{"sid":"1.3.6-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-10393":{"debianbug":876780,"scope":"remote","description":"bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.","releases":{"buster":{"fixed_version":"1.3.6-2","repositories":{"buster":"1.3.6-2"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch-security":"1.3.5-4+deb9u2","stretch":"1.3.5-4+deb9u2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.3.4-2+deb8u1","jessie-security":"1.3.4-2+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.3.6-2","repositories":{"sid":"1.3.6-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-10392":{"debianbug":876780,"scope":"remote","description":"mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.","releases":{"buster":{"fixed_version":"1.3.6-2","repositories":{"buster":"1.3.6-2"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch-security":"1.3.5-4+deb9u2","stretch":"1.3.5-4+deb9u2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.3.4-2+deb8u1","jessie-security":"1.3.4-2+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.3.6-2","repositories":{"sid":"1.3.6-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-4065":{"debianbug":669196,"scope":"remote","description":"lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before 1.2.0 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted OGG file, aka trac Changeset 13217.","releases":{"buster":{"fixed_version":"1.2.0.dfsg-1","repositories":{"buster":"1.3.6-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.2.0.dfsg-1","repositories":{"stretch-security":"1.3.5-4+deb9u2","stretch":"1.3.5-4+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.2.0.dfsg-1","repositories":{"jessie":"1.3.4-2+deb8u1","jessie-security":"1.3.4-2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.2.0.dfsg-1","repositories":{"sid":"1.3.6-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-19662":{"scope":"remote","description":"An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service.","releases":{"buster":{"fixed_version":"1.0.28-5","repositories":{"buster":"1.0.28-6"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.0.27-3"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"1.0.25-9.1+deb8u2","repositories":{"jessie":"1.0.25-9.1+deb8u1","jessie-security":"1.0.25-9.1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.28-5","repositories":{"sid":"1.0.28-6"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-19661":{"scope":"remote","description":"An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of service.","releases":{"buster":{"fixed_version":"1.0.28-5","repositories":{"buster":"1.0.28-6"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.0.27-3"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"1.0.25-9.1+deb8u2","repositories":{"jessie":"1.0.25-9.1+deb8u1","jessie-security":"1.0.25-9.1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.28-5","repositories":{"sid":"1.0.28-6"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-1788":{"debianbug":528650,"scope":"remote","description":"Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a VOC file with an invalid header value.","releases":{"buster":{"fixed_version":"1.0.20-1","repositories":{"buster":"1.0.28-6"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.0.20-1","repositories":{"stretch":"1.0.27-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.0.20-1","repositories":{"jessie":"1.0.25-9.1+deb8u1","jessie-security":"1.0.25-9.1+deb8u4"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.0.20-1","repositories":{"sid":"1.0.28-6"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-4835":{"debianbug":530831,"scope":"remote","description":"The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, (5) float32_init, and (6) sds_read_header functions in libsndfile 1.0.20 allow context-dependent attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted audio file.","releases":{"buster":{"fixed_version":"1.0.21-3","repositories":{"buster":"1.0.28-6"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.0.21-3","repositories":{"stretch":"1.0.27-3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1.0.21-3","repositories":{"jessie":"1.0.25-9.1+deb8u1","jessie-security":"1.0.25-9.1+deb8u4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.0.21-3","repositories":{"sid":"1.0.28-6"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-2696":{"scope":"remote","description":"Integer overflow in libsndfile before 1.0.25 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PARIS Audio Format (PAF) file that triggers a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"1.0.25-1","repositories":{"buster":"1.0.28-6"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.25-1","repositories":{"stretch":"1.0.27-3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.25-1","repositories":{"jessie":"1.0.25-9.1+deb8u1","jessie-security":"1.0.25-9.1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.25-1","repositories":{"sid":"1.0.28-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7741":{"scope":"remote","description":"In libsndfile before 1.0.28, an error in the \"flac_buffer_copy()\" function (flac.c) can be exploited to cause a segmentation violation (with write memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.","releases":{"buster":{"fixed_version":"1.0.27-2","repositories":{"buster":"1.0.28-6"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.27-2","repositories":{"stretch":"1.0.27-3"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.0.25-9.1+deb8u1","jessie-security":"1.0.25-9.1+deb8u4"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.0.27-2","repositories":{"sid":"1.0.28-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7586":{"scope":"remote","description":"In libsndfile before 1.0.28, an error in the \"header_read()\" function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.","releases":{"buster":{"fixed_version":"1.0.27-2","repositories":{"buster":"1.0.28-6"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.27-2","repositories":{"stretch":"1.0.27-3"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.0.25-9.1+deb8u1","jessie-security":"1.0.25-9.1+deb8u4"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.0.27-2","repositories":{"sid":"1.0.28-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-14634":{"debianbug":876783,"scope":"remote","description":"In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file.","releases":{"buster":{"fixed_version":"1.0.28-5","repositories":{"buster":"1.0.28-6"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.0.27-3"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"1.0.25-9.1+deb8u2","repositories":{"jessie":"1.0.25-9.1+deb8u1","jessie-security":"1.0.25-9.1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.28-5","repositories":{"sid":"1.0.28-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7585":{"scope":"remote","description":"In libsndfile before 1.0.28, an error in the \"flac_buffer_copy()\" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.","releases":{"buster":{"fixed_version":"1.0.27-2","repositories":{"buster":"1.0.28-6"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.27-2","repositories":{"stretch":"1.0.27-3"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.0.25-9.1+deb8u1","jessie-security":"1.0.25-9.1+deb8u4"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.0.27-2","repositories":{"sid":"1.0.28-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6892":{"debianbug":864704,"scope":"remote","description":"In libsndfile version 1.0.28, an error in the \"aiff_read_chanmap()\" function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file.","releases":{"buster":{"fixed_version":"1.0.28-1","repositories":{"buster":"1.0.28-6"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.0.27-3"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.0.25-9.1+deb8u1","jessie-security":"1.0.25-9.1+deb8u4"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.0.28-1","repositories":{"sid":"1.0.28-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-13139":{"scope":"remote","description":"A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave.","releases":{"buster":{"repositories":{"buster":"1.0.28-6"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"1.0.27-3"},"urgency":"unimportant","status":"open"},"jessie":{"fixed_version":"1.0.25-9.1+deb8u2","repositories":{"jessie":"1.0.25-9.1+deb8u1","jessie-security":"1.0.25-9.1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"repositories":{"sid":"1.0.28-6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-7742":{"debianbug":860255,"scope":"remote","description":"In libsndfile before 1.0.28, an error in the \"flac_buffer_copy()\" function (flac.c) can be exploited to cause a segmentation violation (with read memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.","releases":{"buster":{"fixed_version":"1.0.27-3","repositories":{"buster":"1.0.28-6"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.27-3","repositories":{"stretch":"1.0.27-3"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.0.25-9.1+deb8u1","jessie-security":"1.0.25-9.1+deb8u4"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.0.27-3","repositories":{"sid":"1.0.28-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-19758":{"debianbug":917416,"scope":"remote","description":"There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service.","releases":{"buster":{"fixed_version":"1.0.28-5","repositories":{"buster":"1.0.28-6"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.0.27-3"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"1.0.25-9.1+deb8u3","repositories":{"jessie":"1.0.25-9.1+deb8u1","jessie-security":"1.0.25-9.1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.28-5","repositories":{"sid":"1.0.28-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-19432":{"debianbug":914381,"scope":"remote","description":"An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service.","releases":{"buster":{"repositories":{"buster":"1.0.28-6"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"1.0.27-3"},"urgency":"unimportant","status":"open"},"jessie":{"fixed_version":"1.0.25-9.1+deb8u2","repositories":{"jessie":"1.0.25-9.1+deb8u1","jessie-security":"1.0.25-9.1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"repositories":{"sid":"1.0.28-6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2015-7805":{"debianbug":804445,"scope":"remote","description":"Heap-based buffer overflow in libsndfile 1.0.25 allows remote attackers to have unspecified impact via the headindex value in the header in an AIFF file.","releases":{"buster":{"fixed_version":"1.0.25-10","repositories":{"buster":"1.0.28-6"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0.25-10","repositories":{"stretch":"1.0.27-3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.0.25-9.1+deb8u1","repositories":{"jessie":"1.0.25-9.1+deb8u1","jessie-security":"1.0.25-9.1+deb8u4"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0.25-10","repositories":{"sid":"1.0.28-6"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-9756":{"debianbug":804447,"scope":"remote","description":"The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable.","releases":{"buster":{"fixed_version":"1.0.25-10","repositories":{"buster":"1.0.28-6"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.25-10","repositories":{"stretch":"1.0.27-3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.25-9.1+deb8u1","repositories":{"jessie":"1.0.25-9.1+deb8u1","jessie-security":"1.0.25-9.1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.25-10","repositories":{"sid":"1.0.28-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-0186":{"scope":"remote","description":"Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"1.0.19-1","repositories":{"buster":"1.0.28-6"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.0.19-1","repositories":{"stretch":"1.0.27-3"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.0.19-1","repositories":{"jessie":"1.0.25-9.1+deb8u1","jessie-security":"1.0.25-9.1+deb8u4"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.0.19-1","repositories":{"sid":"1.0.28-6"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2009-1791":{"debianbug":528650,"scope":"remote","description":"Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an AIFF file with an invalid header value.","releases":{"buster":{"fixed_version":"1.0.20-1","repositories":{"buster":"1.0.28-6"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.0.20-1","repositories":{"stretch":"1.0.27-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.0.20-1","repositories":{"jessie":"1.0.25-9.1+deb8u1","jessie-security":"1.0.25-9.1+deb8u4"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.0.20-1","repositories":{"sid":"1.0.28-6"},"urgency":"low","status":"resolved"}}}}
{"CVE-2019-3832":{"debianbug":922372,"scope":"local","description":"It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash.","releases":{"buster":{"fixed_version":"1.0.28-6","repositories":{"buster":"1.0.28-6"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.0.27-3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1.0.25-9.1+deb8u4","repositories":{"jessie":"1.0.25-9.1+deb8u1","jessie-security":"1.0.25-9.1+deb8u4"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.0.28-6","repositories":{"sid":"1.0.28-6"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-8365":{"debianbug":862202,"scope":"remote","description":"The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file.","releases":{"buster":{"fixed_version":"1.0.27-3","repositories":{"buster":"1.0.28-6"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.27-3","repositories":{"stretch":"1.0.27-3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.25-9.1+deb8u2","repositories":{"jessie":"1.0.25-9.1+deb8u1","jessie-security":"1.0.25-9.1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.27-3","repositories":{"sid":"1.0.28-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-9496":{"debianbug":774162,"scope":"remote","description":"The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.","releases":{"buster":{"fixed_version":"1.0.25-9.1","repositories":{"buster":"1.0.28-6"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.0.25-9.1","repositories":{"stretch":"1.0.27-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.0.25-9.1","repositories":{"jessie":"1.0.25-9.1+deb8u1","jessie-security":"1.0.25-9.1+deb8u4"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.0.25-9.1","repositories":{"sid":"1.0.28-6"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-12562":{"debianbug":869166,"scope":"remote","description":"Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.","releases":{"buster":{"fixed_version":"1.0.28-3","repositories":{"buster":"1.0.28-6"},"urgency":"high**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.0.27-3"},"urgency":"high**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.0.25-9.1+deb8u1","jessie-security":"1.0.25-9.1+deb8u4"},"urgency":"high**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.0.28-3","repositories":{"sid":"1.0.28-6"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-14246":{"debianbug":876682,"scope":"remote","description":"An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.","releases":{"buster":{"fixed_version":"1.0.28-5","repositories":{"buster":"1.0.28-6"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.0.27-3"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"1.0.25-9.1+deb8u2","repositories":{"jessie":"1.0.25-9.1+deb8u1","jessie-security":"1.0.25-9.1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.28-5","repositories":{"sid":"1.0.28-6"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-14245":{"debianbug":876682,"scope":"remote","description":"An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.","releases":{"buster":{"fixed_version":"1.0.28-5","repositories":{"buster":"1.0.28-6"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.0.27-3"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"1.0.25-9.1+deb8u2","repositories":{"jessie":"1.0.25-9.1+deb8u1","jessie-security":"1.0.25-9.1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.28-5","repositories":{"sid":"1.0.28-6"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-17456":{"debianbug":884735,"scope":"remote","description":"The function d2alaw_array() in alaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack (SEGV on unknown address 0x000000000000), a different vulnerability than CVE-2017-14245.","releases":{"buster":{"fixed_version":"1.0.28-5","repositories":{"buster":"1.0.28-6"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.0.27-3"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"1.0.25-9.1+deb8u2","repositories":{"jessie":"1.0.25-9.1+deb8u1","jessie-security":"1.0.25-9.1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.28-5","repositories":{"sid":"1.0.28-6"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-17457":{"debianbug":884735,"scope":"remote","description":"The function d2ulaw_array() in ulaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack (SEGV on unknown address 0x000000000000), a different vulnerability than CVE-2017-14246.","releases":{"buster":{"fixed_version":"1.0.28-5","repositories":{"buster":"1.0.28-6"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.0.27-3"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"1.0.25-9.1+deb8u2","repositories":{"jessie":"1.0.25-9.1+deb8u1","jessie-security":"1.0.25-9.1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.28-5","repositories":{"sid":"1.0.28-6"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-16942":{"scope":"remote","description":"In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS when playing a crafted audio file.","releases":{"buster":{"fixed_version":"1.0.27-1","repositories":{"buster":"1.0.28-6"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.27-1","repositories":{"stretch":"1.0.27-3"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.0.25-9.1+deb8u1","jessie-security":"1.0.25-9.1+deb8u4"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.0.27-1","repositories":{"sid":"1.0.28-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-4974":{"debianbug":443386,"scope":"remote","description":"Heap-based buffer overflow in the flac_buffer_copy function in libsndfile 1.0.17 and earlier might allow remote attackers to execute arbitrary code via a FLAC file with crafted PCM data containing a block with a size that exceeds the previous block size.","releases":{"buster":{"fixed_version":"1.0.17-4","repositories":{"buster":"1.0.28-6"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.0.17-4","repositories":{"stretch":"1.0.27-3"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.0.17-4","repositories":{"jessie":"1.0.25-9.1+deb8u1","jessie-security":"1.0.25-9.1+deb8u4"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.0.17-4","repositories":{"sid":"1.0.28-6"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2017-8363":{"debianbug":862203,"scope":"remote","description":"The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file.","releases":{"buster":{"fixed_version":"1.0.27-3","repositories":{"buster":"1.0.28-6"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.27-3","repositories":{"stretch":"1.0.27-3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.25-9.1+deb8u2","repositories":{"jessie":"1.0.25-9.1+deb8u1","jessie-security":"1.0.25-9.1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.27-3","repositories":{"sid":"1.0.28-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-8362":{"debianbug":862204,"scope":"remote","description":"The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file.","releases":{"buster":{"fixed_version":"1.0.27-3","repositories":{"buster":"1.0.28-6"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.27-3","repositories":{"stretch":"1.0.27-3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.25-9.1+deb8u2","repositories":{"jessie":"1.0.25-9.1+deb8u1","jessie-security":"1.0.25-9.1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.27-3","repositories":{"sid":"1.0.28-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-8361":{"debianbug":862205,"scope":"remote","description":"The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.","releases":{"buster":{"fixed_version":"1.0.27-3","repositories":{"buster":"1.0.28-6"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.27-3","repositories":{"stretch":"1.0.27-3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.25-9.1+deb8u2","repositories":{"jessie":"1.0.25-9.1+deb8u1","jessie-security":"1.0.25-9.1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.27-3","repositories":{"sid":"1.0.28-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-11552":{"debianbug":870406,"scope":"remote","description":"mpg321.c in mpg321 0.3.2-1 does not properly manage memory for use with libmad 0.15.1b, which allows remote attackers to cause a denial of service (memory corruption seen in a crash in the mad_decoder_run function in decoder.c in libmad) via a crafted MP3 file.","releases":{"buster":{"fixed_version":"0.3.2-2","repositories":{"buster":"0.3.2-3"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.3.2-1.1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.3.2-1.1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.3.2-2","repositories":{"sid":"0.3.2-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2003-0969":{"scope":"remote","description":"mpg321 0.2.10 allows remote attackers to overwrite memory and possibly execute arbitrary code via an mp3 file that passes certain strings to the printf function, possibly triggering a format string vulnerability.","releases":{"buster":{"fixed_version":"0.2.10.3","repositories":{"buster":"0.3.2-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.2.10.3","repositories":{"stretch":"0.3.2-1.1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.2.10.3","repositories":{"jessie":"0.3.2-1.1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.2.10.3","repositories":{"sid":"0.3.2-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-2099":{"debianbug":708530,"scope":"remote","description":"Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate.","releases":{"buster":{"fixed_version":"1.6-2","repositories":{"buster":"1.24.1-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.6-2","repositories":{"stretch":"1.19.1-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.6-2","repositories":{"jessie":"1.9.1-3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.6-2","repositories":{"sid":"1.24.1-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-20060":{"scope":"remote","description":"urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.","releases":{"buster":{"fixed_version":"1.24-1","repositories":{"buster":"1.24.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.19.1-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.9.1-3"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"1.24-1","repositories":{"sid":"1.24.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-11236":{"debianbug":927172,"scope":"remote","description":"In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.","releases":{"buster":{"repositories":{"buster":"1.24.1-1"},"urgency":"medium**","status":"open"},"stretch":{"repositories":{"stretch":"1.19.1-1"},"urgency":"medium**","status":"open"},"jessie":{"repositories":{"jessie":"1.9.1-3"},"urgency":"medium**","status":"open"},"sid":{"repositories":{"sid":"1.24.1-1"},"urgency":"medium**","status":"open"}}}}
{"CVE-2019-11324":{"debianbug":927412,"scope":"remote","description":"The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument.","releases":{"buster":{"repositories":{"buster":"1.24.1-1"},"urgency":"medium**","status":"open"},"stretch":{"repositories":{"stretch":"1.19.1-1"},"urgency":"medium**","status":"open"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.9.1-3"},"urgency":"unimportant","status":"resolved"},"sid":{"repositories":{"sid":"1.24.1-1"},"urgency":"medium**","status":"open"}}}}
{"CVE-2016-9015":{"scope":"remote","description":"Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those configurations at risk of man-in-the-middle and information leakage attacks. This vulnerability affects users using versions 1.17 and 1.18 of the urllib3 library, who are using the optional PyOpenSSL support for TLS instead of the regular standard library TLS backend, and who are using OpenSSL 1.1.0 via PyOpenSSL. This is an extremely uncommon configuration, so the security impact of this vulnerability is low.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.24.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.19.1-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.9.1-3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.24.1-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-1410":{"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in the History Window implementation in Kadu 0.9.0 through 0.11.0 allow remote attackers to inject arbitrary web script or HTML via a crafted (1) SMS message, (2) presence message, or (3) status description.","releases":{"buster":{"fixed_version":"0.11.0-1","repositories":{"buster":"4.1-1.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.11.0-1","repositories":{"stretch":"4.1-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.11.0-1","repositories":{"jessie":"1.2-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.11.0-1","repositories":{"sid":"4.1-1.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-4776":{"debianbug":503916,"scope":"remote","description":"libgadu before 1.8.2 allows remote servers to cause a denial of service (crash) via a contact description with a large length, which triggers a buffer over-read.","releases":{"buster":{"fixed_version":"0.6.0.2-3","repositories":{"buster":"4.1-1.1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.6.0.2-3","repositories":{"stretch":"4.1-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.6.0.2-3","repositories":{"jessie":"1.2-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.6.0.2-3","repositories":{"sid":"4.1-1.1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2004-0398":{"scope":"remote","description":"Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0.24.5 and earlier, as used by cadaver before 0.22, allows remote WebDAV servers to execute arbitrary code on the client.","releases":{"buster":{"fixed_version":"0.22.1-3","repositories":{"buster":"0.23.3-2.1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.22.1-3","repositories":{"stretch":"0.23.3-2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.22.1-3","repositories":{"jessie":"0.23.3-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.22.1-3","repositories":{"sid":"0.23.3-2.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-3720":{"debianbug":551936,"scope":"remote","description":"The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.","releases":{"buster":{"repositories":{"buster":"0.23.3-2.1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"0.23.3-2"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"0.23.3-2"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"0.23.3-2.1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2009-3560":{"debianbug":560901,"scope":"remote","description":"The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.","releases":{"buster":{"repositories":{"buster":"0.23.3-2.1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"0.23.3-2"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"0.23.3-2"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"0.23.3-2.1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2008-0666":{"debianbug":463907,"scope":"local","description":"Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on (1) the /tmp/pe.tmp.$$ temporary file used by wml_contrib/wmg.cgi and (2) temporary files used by wml_backend/p3_eperl/eperl_sys.c.","releases":{"buster":{"fixed_version":"2.0.11-3.1","repositories":{"buster":"2.12.2~ds1-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.0.11-3.1","repositories":{"stretch":"2.0.12ds1-10"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.0.11-3.1","repositories":{"jessie":"2.0.12ds1-8"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.0.11-3.1","repositories":{"sid":"2.12.2~ds1-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-0665":{"debianbug":463907,"scope":"local","description":"wml_backend/p1_ipp/ipp.src in Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on the ipp.$$.tmp temporary file.","releases":{"buster":{"fixed_version":"2.0.11-3.1","repositories":{"buster":"2.12.2~ds1-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.0.11-3.1","repositories":{"stretch":"2.0.12ds1-10"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.0.11-3.1","repositories":{"jessie":"2.0.12ds1-8"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.0.11-3.1","repositories":{"sid":"2.12.2~ds1-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-12852":{"debianbug":872407,"scope":"remote","description":"The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack.","releases":{"buster":{"repositories":{"buster":"1:1.16.2-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"1:1.12.1-3"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1:1.8.2-2"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"1:1.16.2-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2014-1858":{"debianbug":737778,"scope":"local","description":"__init__.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file.","releases":{"buster":{"fixed_version":"1:1.8.1~rc1-1","repositories":{"buster":"1:1.16.2-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:1.8.1~rc1-1","repositories":{"stretch":"1:1.12.1-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:1.8.1~rc1-1","repositories":{"jessie":"1:1.8.2-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:1.8.1~rc1-1","repositories":{"sid":"1:1.16.2-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-1859":{"debianbug":737778,"scope":"local","description":"(1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file.","releases":{"buster":{"fixed_version":"1:1.8.1~rc1-1","repositories":{"buster":"1:1.16.2-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:1.8.1~rc1-1","repositories":{"stretch":"1:1.12.1-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:1.8.1~rc1-1","repositories":{"jessie":"1:1.8.2-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:1.8.1~rc1-1","repositories":{"sid":"1:1.16.2-1"},"urgency":"low","status":"resolved"}}}}
{"TEMP-0581058-CF1E8D":{"debianbug":581058,"releases":{"buster":{"fixed_version":"1:1.4.1-5","repositories":{"buster":"1:1.16.2-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:1.4.1-5","repositories":{"stretch":"1:1.12.1-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:1.4.1-5","repositories":{"jessie":"1:1.8.2-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:1.4.1-5","repositories":{"sid":"1:1.16.2-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2019-6446":{"scope":"remote","description":"** DISPUTED **   An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is  a behavior that might have legitimate applications in (for example)  loading serialized Python object arrays from trusted and authenticated  sources.","releases":{"buster":{"fixed_version":"1:1.10.4-1","repositories":{"buster":"1:1.16.2-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:1.10.4-1","repositories":{"stretch":"1:1.12.1-3"},"urgency":"high**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1:1.8.2-2"},"urgency":"high**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1:1.10.4-1","repositories":{"sid":"1:1.16.2-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-14371":{"scope":"remote","description":"The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.2.8-6"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.2.8-3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.2.8-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.2.8-6"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-2672":{"debianbug":677194,"scope":"local","description":"Oracle Mojarra 2.1.7 does not properly \"clean up\" the FacesContext reference during startup, which allows local users to obtain context information an access resources from another WAR file by calling the FacesContext.getCurrentInstance function.","releases":{"buster":{"fixed_version":"2.2.8-1","repositories":{"buster":"2.2.8-6"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2.2.8-1","repositories":{"stretch":"2.2.8-3"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"2.2.8-1","repositories":{"jessie":"2.2.8-1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2.2.8-1","repositories":{"sid":"2.2.8-6"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2013-5855":{"debianbug":740586,"scope":"remote","description":"Oracle Mojarra 2.2.x before 2.2.6 and 2.1.x before 2.1.28 does not perform appropriate encoding when a (1) <h:outputText> tag or (2) EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors.","releases":{"buster":{"fixed_version":"2.2.8-1","repositories":{"buster":"2.2.8-6"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.2.8-1","repositories":{"stretch":"2.2.8-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.2.8-1","repositories":{"jessie":"2.2.8-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.2.8-1","repositories":{"sid":"2.2.8-6"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-2087":{"debianbug":611130,"scope":"remote","description":"Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.","releases":{"buster":{"repositories":{"buster":"2.2.8-6"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"2.2.8-3"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.2.8-1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2.2.8-6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2011-4367":{"scope":"remote","description":"Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces (JSF) in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ln parameter to faces/javax.faces.resource/web.xml or (2) the PATH_INFO to faces/javax.faces.resource/.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.2.8-6"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.2.8-3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.2.8-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.2.8-6"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-4358":{"debianbug":650430,"scope":"remote","description":"Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.0.1 and 3.1.1 allows remote attackers to affect confidentiality and integrity, related to JSF.","releases":{"buster":{"fixed_version":"2.0.3-2","repositories":{"buster":"2.2.8-6"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.0.3-2","repositories":{"stretch":"2.2.8-3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.0.3-2","repositories":{"jessie":"2.2.8-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.0.3-2","repositories":{"sid":"2.2.8-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-4007":{"scope":"remote","description":"Oracle Mojarra uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.2.8-6"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.2.8-3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.2.8-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.2.8-6"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-3848":{"debianbug":892458,"scope":"remote","description":"In the ffghbn function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.","releases":{"buster":{"fixed_version":"3.430-1","repositories":{"buster":"3.450-3"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"3.410-1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.370-2+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3.430-1","repositories":{"sid":"3.450-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-3849":{"debianbug":892458,"scope":"remote","description":"In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.","releases":{"buster":{"fixed_version":"3.430-1","repositories":{"buster":"3.450-3"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"3.410-1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.370-2+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3.430-1","repositories":{"sid":"3.450-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-3846":{"debianbug":892458,"scope":"remote","description":"In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.","releases":{"buster":{"fixed_version":"3.430-1","repositories":{"buster":"3.450-3"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"3.410-1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.370-2+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3.430-1","repositories":{"sid":"3.450-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-3847":{"debianbug":892458,"scope":"remote","description":"Multiple exploitable buffer overflow vulnerabilities exist in image parsing functionality of the CFITSIO library version 3.42. Specially crafted images parsed via the library, can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.","releases":{"buster":{"fixed_version":"3.430-1","repositories":{"buster":"3.450-3"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"3.410-1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.370-2+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3.430-1","repositories":{"sid":"3.450-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-5180":{"debianbug":839151,"scope":"remote","description":"Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.","releases":{"buster":{"fixed_version":"1.12.0-1","repositories":{"buster":"1.14.0-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.12.0-1","repositories":{"stretch":"1.12.0-1+deb9u1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.10.0-2+deb8u1","repositories":{"jessie":"1.10.0-2+deb8u2","jessie-security":"1.10.0-2+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.12.0-1","repositories":{"sid":"1.14.0-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2017-1000381":{"debianbug":865360,"scope":"remote","description":"The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.","releases":{"buster":{"fixed_version":"1.12.0-4","repositories":{"buster":"1.14.0-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.12.0-1+deb9u1","repositories":{"stretch":"1.12.0-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.10.0-2+deb8u2","repositories":{"jessie":"1.10.0-2+deb8u2","jessie-security":"1.10.0-2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.12.0-4","repositories":{"sid":"1.14.0-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8836":{"debianbug":779047,"scope":"remote","description":"Integer overflow in the isofs_real_read_zf function in isofs.c in FuseISO 20070708 might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ZF block size in an ISO file, leading to a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"20070708-3.2","repositories":{"buster":"20070708-3.2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"20070708-3.2","repositories":{"stretch":"20070708-3.2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"20070708-3.2","repositories":{"sid":"20070708-3.2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8837":{"debianbug":779047,"scope":"remote","description":"Stack-based buffer overflow in the isofs_real_readdir function in isofs.c in FuseISO 20070708 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long pathname in an ISO file.","releases":{"buster":{"fixed_version":"20070708-3.2","repositories":{"buster":"20070708-3.2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"20070708-3.2","repositories":{"stretch":"20070708-3.2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"20070708-3.2","repositories":{"sid":"20070708-3.2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-6110":{"debianbug":686650,"scope":"local","description":"bcron-exec in bcron before 0.10 does not close file descriptors associated with temporary files when running a cron job, which allows local users to modify job files and send spam messages by accessing an open file descriptor.","releases":{"buster":{"fixed_version":"0.09-13","repositories":{"buster":"0.11-8"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.09-13","repositories":{"jessie":"0.10-3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.09-13","repositories":{"sid":"0.11-8"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-1174":{"debianbug":664364,"scope":"local","description":"The rm_rf_children function in util.c in the systemd-logind login manager in systemd before 44, when logging out, allows local users to delete arbitrary files via a symlink attack on unspecified files, related to \"particular records related with user session.\"","releases":{"buster":{"fixed_version":"44-1","repositories":{"buster":"241-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"44-1","repositories":{"stretch-security":"232-25+deb9u11","stretch":"232-25+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"44-1","repositories":{"jessie":"215-17+deb8u7","jessie-security":"215-17+deb8u13"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"44-1","repositories":{"sid":"241-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2013-4394":{"debianbug":725357,"scope":"local","description":"The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors involving \"special and control characters.\"","releases":{"buster":{"fixed_version":"204-5","repositories":{"buster":"241-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"204-5","repositories":{"stretch-security":"232-25+deb9u11","stretch":"232-25+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"204-5","repositories":{"jessie":"215-17+deb8u7","jessie-security":"215-17+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"204-5","repositories":{"sid":"241-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-3842":{"scope":"local","description":"In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the \"allow_active\" element rather than \"allow_any\".","releases":{"buster":{"fixed_version":"241-3","repositories":{"buster":"241-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"232-25+deb9u11","repositories":{"stretch-security":"232-25+deb9u11","stretch":"232-25+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"215-17+deb8u12","repositories":{"jessie":"215-17+deb8u7","jessie-security":"215-17+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"241-3","repositories":{"sid":"241-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-4392":{"debianbug":725357,"scope":"local","description":"systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.","releases":{"buster":{"repositories":{"buster":"241-3"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"232-25+deb9u11","stretch":"232-25+deb9u11"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"215-17+deb8u7","jessie-security":"215-17+deb8u13"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"241-4"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2019-6454":{"scope":"local","description":"An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).","releases":{"buster":{"fixed_version":"240-6","repositories":{"buster":"241-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"232-25+deb9u9","repositories":{"stretch-security":"232-25+deb9u11","stretch":"232-25+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"215-17+deb8u10","repositories":{"jessie":"215-17+deb8u7","jessie-security":"215-17+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"240-6","repositories":{"sid":"241-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-4393":{"debianbug":725357,"scope":"local","description":"journald in systemd, when the origin of native messages is set to file, allows local users to cause a denial of service (logging service blocking) via a crafted file descriptor.","releases":{"buster":{"fixed_version":"204-5","repositories":{"buster":"241-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"204-5","repositories":{"stretch-security":"232-25+deb9u11","stretch":"232-25+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"204-5","repositories":{"jessie":"215-17+deb8u7","jessie-security":"215-17+deb8u13"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"204-5","repositories":{"sid":"241-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2013-4391":{"debianbug":725357,"scope":"remote","description":"Integer overflow in the valid_user_field function in journal/journald-native.c in systemd allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large journal data field, which triggers a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"204-5","repositories":{"buster":"241-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"204-5","repositories":{"stretch-security":"232-25+deb9u11","stretch":"232-25+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"204-5","repositories":{"jessie":"215-17+deb8u7","jessie-security":"215-17+deb8u13"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"204-5","repositories":{"sid":"241-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2019-3844":{"debianbug":928102,"scope":"local","description":"It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.","releases":{"buster":{"nodsa":"Minor issue; exploit vector needs control both of the service and a helper outside","repositories":{"buster":"241-3"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"stretch":{"nodsa":"Minor issue; exploit vector needs control both of the service and a helper outside","repositories":{"stretch-security":"232-25+deb9u11","stretch":"232-25+deb9u11"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"jessie":{"fixed_version":"0","repositories":{"jessie":"215-17+deb8u7","jessie-security":"215-17+deb8u13"},"urgency":"unimportant","status":"resolved"},"sid":{"repositories":{"sid":"241-4"},"urgency":"medium**","status":"open"}}}}
{"CVE-2019-3843":{"debianbug":928102,"scope":"local","description":"It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.","releases":{"buster":{"nodsa":"Minor issue; exploit vector needs control both of the service and a helper outside","repositories":{"buster":"241-3"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"stretch":{"nodsa":"Minor issue; exploit vector needs control both of the service and a helper outside","repositories":{"stretch-security":"232-25+deb9u11","stretch":"232-25+deb9u11"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"jessie":{"fixed_version":"0","repositories":{"jessie":"215-17+deb8u7","jessie-security":"215-17+deb8u13"},"urgency":"unimportant","status":"resolved"},"sid":{"repositories":{"sid":"241-4"},"urgency":"medium**","status":"open"}}}}
{"CVE-2017-9445":{"debianbug":866147,"scope":"remote","description":"In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it.","releases":{"buster":{"fixed_version":"233-10","repositories":{"buster":"241-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"232-25+deb9u1","repositories":{"stretch-security":"232-25+deb9u11","stretch":"232-25+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"215-17+deb8u7","jessie-security":"215-17+deb8u13"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"233-10","repositories":{"sid":"241-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-16888":{"scope":"local","description":"It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.","releases":{"buster":{"fixed_version":"237-1","repositories":{"buster":"241-3"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue, too intrusive to backport","repositories":{"stretch-security":"232-25+deb9u11","stretch":"232-25+deb9u11"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"low priority because this is inherently a bug in the PID file logic, too intrusive to backport","repositories":{"jessie":"215-17+deb8u7","jessie-security":"215-17+deb8u13"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"237-1","repositories":{"sid":"241-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-15908":{"debianbug":880026,"scope":"remote","description":"In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service.","releases":{"buster":{"fixed_version":"235-3","repositories":{"buster":"241-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"232-25+deb9u2","repositories":{"stretch-security":"232-25+deb9u11","stretch":"232-25+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"215-17+deb8u7","jessie-security":"215-17+deb8u13"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"235-3","repositories":{"sid":"241-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-16866":{"scope":"local","description":"An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.","releases":{"buster":{"fixed_version":"240-1","repositories":{"buster":"241-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"232-25+deb9u7","repositories":{"stretch-security":"232-25+deb9u11","stretch":"232-25+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"215-17+deb8u7","jessie-security":"215-17+deb8u13"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"240-1","repositories":{"sid":"241-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-20839":{"debianbug":929116,"scope":"local","description":"systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.","releases":{"buster":{"repositories":{"buster":"241-3"},"urgency":"not yet assigned","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch-security":"232-25+deb9u11","stretch":"232-25+deb9u11"},"urgency":"not yet assigned","nodsa_reason":"","status":"open"},"jessie":{"repositories":{"jessie":"215-17+deb8u7","jessie-security":"215-17+deb8u13"},"urgency":"not yet assigned","status":"open"},"sid":{"fixed_version":"241-4","repositories":{"sid":"241-4"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-16864":{"debianbug":918841,"scope":"local","description":"An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable.","releases":{"buster":{"fixed_version":"240-4","repositories":{"buster":"241-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"232-25+deb9u7","repositories":{"stretch-security":"232-25+deb9u11","stretch":"232-25+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"215-17+deb8u9","repositories":{"jessie":"215-17+deb8u7","jessie-security":"215-17+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"240-4","repositories":{"sid":"241-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-16865":{"debianbug":918848,"scope":"local","description":"An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable.","releases":{"buster":{"fixed_version":"240-4","repositories":{"buster":"241-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"232-25+deb9u7","repositories":{"stretch-security":"232-25+deb9u11","stretch":"232-25+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"215-17+deb8u9","repositories":{"jessie":"215-17+deb8u7","jessie-security":"215-17+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"240-4","repositories":{"sid":"241-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-7510":{"scope":"remote","description":"Stack-based buffer overflow in the getpwnam and getgrnam functions of the NSS module nss-mymachines in systemd.","releases":{"buster":{"fixed_version":"229-1","repositories":{"buster":"241-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"229-1","repositories":{"stretch-security":"232-25+deb9u11","stretch":"232-25+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"215-17+deb8u7","jessie-security":"215-17+deb8u13"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"229-1","repositories":{"sid":"241-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-8842":{"debianbug":825059,"scope":"local","description":"tmpfiles.d/systemd.conf in systemd before 229 uses weak permissions for /var/log/journal/%m/system.journal, which allows local users to obtain sensitive information by reading the file.","releases":{"buster":{"fixed_version":"215-1","repositories":{"buster":"241-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"215-1","repositories":{"stretch-security":"232-25+deb9u11","stretch":"232-25+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"215-1","repositories":{"jessie":"215-17+deb8u7","jessie-security":"215-17+deb8u13"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"215-1","repositories":{"sid":"241-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-6954":{"debianbug":890779,"scope":"local","description":"systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.","releases":{"buster":{"fixed_version":"238-1","repositories":{"buster":"241-3"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue, too intrusive to backport","repositories":{"stretch-security":"232-25+deb9u11","stretch":"232-25+deb9u11"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Minor issue, revisit if/when fixed upstream","repositories":{"jessie":"215-17+deb8u7","jessie-security":"215-17+deb8u13"},"urgency":"low","nodsa_reason":"postponed","status":"open"},"sid":{"fixed_version":"238-1","repositories":{"sid":"241-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-18078":{"scope":"local","description":"systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.","releases":{"buster":{"fixed_version":"237-1","repositories":{"buster":"241-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch-security":"232-25+deb9u11","stretch":"232-25+deb9u11"},"urgency":"unimportant","status":"open"},"jessie":{"fixed_version":"215-17+deb8u12","repositories":{"jessie":"215-17+deb8u7","jessie-security":"215-17+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"237-1","repositories":{"sid":"241-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-1101":{"debianbug":662029,"releases":{"buster":{"fixed_version":"43-1","repositories":{"buster":"241-3"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"43-1","repositories":{"stretch-security":"232-25+deb9u11","stretch":"232-25+deb9u11"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"43-1","repositories":{"jessie":"215-17+deb8u7","jessie-security":"215-17+deb8u13"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"43-1","repositories":{"sid":"241-4"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2016-7796":{"debianbug":839607,"scope":"local","description":"The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled.","releases":{"buster":{"fixed_version":"231-9","repositories":{"buster":"241-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"231-9","repositories":{"stretch-security":"232-25+deb9u11","stretch":"232-25+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"215-17+deb8u6","repositories":{"jessie":"215-17+deb8u7","jessie-security":"215-17+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"231-9","repositories":{"sid":"241-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-10156":{"scope":"local","description":"A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229.","releases":{"buster":{"fixed_version":"229-1","repositories":{"buster":"241-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"229-1","repositories":{"stretch-security":"232-25+deb9u11","stretch":"232-25+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"215-17+deb8u7","jessie-security":"215-17+deb8u13"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"229-1","repositories":{"sid":"241-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-7795":{"debianbug":839171,"scope":"local","description":"The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket.","releases":{"buster":{"fixed_version":"231-9","repositories":{"buster":"241-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"231-9","repositories":{"stretch-security":"232-25+deb9u11","stretch":"232-25+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"215-17+deb8u7","jessie-security":"215-17+deb8u13"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"231-9","repositories":{"sid":"241-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-1000082":{"scope":"remote","description":"systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. \"0day\"), running the service in question with root privileges rather than the user intended.","releases":{"buster":{"fixed_version":"234-1","repositories":{"buster":"241-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch-security":"232-25+deb9u11","stretch":"232-25+deb9u11"},"urgency":"unimportant","status":"open"},"jessie":{"fixed_version":"0","repositories":{"jessie":"215-17+deb8u7","jessie-security":"215-17+deb8u13"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"234-1","repositories":{"sid":"241-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-4327":{"debianbug":723713,"scope":"local","description":"systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.","releases":{"buster":{"fixed_version":"204-5","repositories":{"buster":"241-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"204-5","repositories":{"stretch-security":"232-25+deb9u11","stretch":"232-25+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"204-5","repositories":{"jessie":"215-17+deb8u7","jessie-security":"215-17+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"204-5","repositories":{"sid":"241-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-9217":{"debianbug":863277,"scope":"remote","description":"systemd-resolved through 233 allows remote attackers to cause a denial of service (daemon crash) via a crafted DNS response with an empty question section.","releases":{"buster":{"fixed_version":"232-24","repositories":{"buster":"241-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"232-24","repositories":{"stretch-security":"232-25+deb9u11","stretch":"232-25+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"215-17+deb8u7","jessie-security":"215-17+deb8u13"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"232-24","repositories":{"sid":"241-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-9619":{"releases":{"buster":{"nodsa":"Too intrusive change for a stable release","repositories":{"buster":"241-3"},"urgency":"not yet assigned","nodsa_reason":"ignored","status":"open"},"stretch":{"nodsa":"Too intrusive change for a stable release","repositories":{"stretch-security":"232-25+deb9u11","stretch":"232-25+deb9u11"},"urgency":"not yet assigned","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Too intrusive change for a stable release","repositories":{"jessie":"215-17+deb8u7","jessie-security":"215-17+deb8u13"},"urgency":"not yet assigned","nodsa_reason":"ignored","status":"open"},"sid":{"repositories":{"sid":"241-4"},"urgency":"not yet assigned","status":"open"}}}}
{"CVE-2014-9770":{"scope":"local","description":"tmpfiles.d/systemd.conf in systemd before 214 uses weak permissions for journal files under (1) /run/log/journal/%m and (2) /var/log/journal/%m, which allows local users to obtain sensitive information by reading these files.","releases":{"buster":{"fixed_version":"215-1","repositories":{"buster":"241-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"215-1","repositories":{"stretch-security":"232-25+deb9u11","stretch":"232-25+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"215-1","repositories":{"jessie":"215-17+deb8u7","jessie-security":"215-17+deb8u13"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"215-1","repositories":{"sid":"241-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2019-3815":{"scope":"local","description":"A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"241-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"232-25+deb9u8","repositories":{"stretch-security":"232-25+deb9u11","stretch":"232-25+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"215-17+deb8u11","repositories":{"jessie":"215-17+deb8u7","jessie-security":"215-17+deb8u13"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"241-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-15688":{"debianbug":912008,"scope":"remote","description":"A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.","releases":{"buster":{"fixed_version":"239-11","repositories":{"buster":"241-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"232-25+deb9u6","repositories":{"stretch-security":"232-25+deb9u11","stretch":"232-25+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"215-17+deb8u8","repositories":{"jessie":"215-17+deb8u7","jessie-security":"215-17+deb8u13"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"239-11","repositories":{"sid":"241-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-15687":{"debianbug":912007,"scope":"local","description":"A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239.","releases":{"buster":{"fixed_version":"239-11","repositories":{"buster":"241-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"232-25+deb9u11","stretch":"232-25+deb9u11"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"215-17+deb8u7","jessie-security":"215-17+deb8u13"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"239-11","repositories":{"sid":"241-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2012-0871":{"scope":"local","description":"The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/.","releases":{"buster":{"fixed_version":"43-1","repositories":{"buster":"241-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"43-1","repositories":{"stretch-security":"232-25+deb9u11","stretch":"232-25+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"43-1","repositories":{"jessie":"215-17+deb8u7","jessie-security":"215-17+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"43-1","repositories":{"sid":"241-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-1049":{"scope":"remote","description":"In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.","releases":{"buster":{"fixed_version":"234-1","repositories":{"buster":"241-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"232-25+deb9u10","repositories":{"stretch-security":"232-25+deb9u11","stretch":"232-25+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"215-17+deb8u8","repositories":{"jessie":"215-17+deb8u7","jessie-security":"215-17+deb8u13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"234-1","repositories":{"sid":"241-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-15686":{"debianbug":912005,"scope":"remote","description":"A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.","releases":{"buster":{"fixed_version":"239-12","repositories":{"buster":"241-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"232-25+deb9u10","repositories":{"stretch-security":"232-25+deb9u11","stretch":"232-25+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"215-17+deb8u8","repositories":{"jessie":"215-17+deb8u7","jessie-security":"215-17+deb8u13"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"239-12","repositories":{"sid":"241-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-7810":{"releases":{"buster":{"fixed_version":"1:0.9.1-1","repositories":{"buster":"1:1.1.0-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:0.9.1-1","repositories":{"stretch":"1:0.9.3-3"},"urgency":"low","status":"resolved"},"jessie":{"nodsa":"Minor issue, too intrusive to backport","repositories":{"jessie":"1:0.6.2-1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1:0.9.1-1","repositories":{"sid":"1:1.1.0-1"},"urgency":"low","status":"resolved"}}}}
{"TEMP-0000000-CDF09E":{"releases":{"buster":{"fixed_version":"0.7.0-1","repositories":{"buster":"1:1.1.0-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0.7.0-1","repositories":{"stretch":"1:0.9.3-3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0.7.0-1","repositories":{"jessie":"1:0.6.2-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0.7.0-1","repositories":{"sid":"1:1.1.0-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-12445":{"debianbug":871495,"scope":"remote","description":"The JB2BitmapCoder::code_row_by_refinement function in jb2/bmpcoder.cpp in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.","releases":{"buster":{"repositories":{"buster":"0.8.svn.2010.05.06+dfsg-6"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"0.8.svn.2010.05.06+dfsg-5"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"0.8.svn.2010.05.06+dfsg-5"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"0.8.svn.2010.05.06+dfsg-6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-12443":{"debianbug":871495,"scope":"remote","description":"The mdjvu_bitmap_pack_row function in base/4bitmap.c in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.","releases":{"buster":{"repositories":{"buster":"0.8.svn.2010.05.06+dfsg-6"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"0.8.svn.2010.05.06+dfsg-5"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"0.8.svn.2010.05.06+dfsg-5"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"0.8.svn.2010.05.06+dfsg-6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-12444":{"debianbug":871495,"scope":"remote","description":"The mdjvu_bitmap_get_bounding_box function in base/4bitmap.c in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.","releases":{"buster":{"repositories":{"buster":"0.8.svn.2010.05.06+dfsg-6"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"0.8.svn.2010.05.06+dfsg-5"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"0.8.svn.2010.05.06+dfsg-5"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"0.8.svn.2010.05.06+dfsg-6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-12441":{"debianbug":871495,"scope":"remote","description":"The row_is_empty function in base/4bitmap.c:274 in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.","releases":{"buster":{"repositories":{"buster":"0.8.svn.2010.05.06+dfsg-6"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"0.8.svn.2010.05.06+dfsg-5"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"0.8.svn.2010.05.06+dfsg-5"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"0.8.svn.2010.05.06+dfsg-6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-12442":{"debianbug":871495,"scope":"remote","description":"The row_is_empty function in base/4bitmap.c:272 in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.","releases":{"buster":{"repositories":{"buster":"0.8.svn.2010.05.06+dfsg-6"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"0.8.svn.2010.05.06+dfsg-5"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"0.8.svn.2010.05.06+dfsg-5"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"0.8.svn.2010.05.06+dfsg-6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-10081":{"debianbug":849777,"scope":"remote","description":"/usr/bin/shutter in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a \"Run a plugin\" action.","releases":{"stretch":{"fixed_version":"0.93.1-1.3","repositories":{"stretch":"0.93.1-1.3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.92-0.1+deb8u2","repositories":{"jessie":"0.92-0.1+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-0854":{"debianbug":798862,"scope":"remote","description":"App/HelperFunctions.pm in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a \"Show in Folder\" action.","releases":{"stretch":{"fixed_version":"0.93.1-1","repositories":{"stretch":"0.93.1-1.3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.92-0.1+deb8u1","repositories":{"jessie":"0.92-0.1+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-2413":{"debianbug":368159,"scope":"remote","description":"GNUnet before SVN revision 2781 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an empty UDP datagram, possibly involving FIONREAD errors.","releases":{"buster":{"fixed_version":"0.7.0e-1","repositories":{"buster":"0.10.1-5.1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"0.7.0e-1","repositories":{"stretch":"0.10.1-4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"0.7.0e-1","repositories":{"jessie":"0.10.1-2.1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"0.7.0e-1","repositories":{"sid":"0.10.1-5.1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2016-3180":{"scope":"remote","description":"Tor Browser Launcher (aka torbrowser-launcher) before 0.2.4, during the initial run, allows man-in-the-middle attackers to bypass the PGP signature verification and execute arbitrary code via a Trojan horse tar file and a signature file with the valid tarball and signature.","releases":{"jessie":{"fixed_version":"0.1.9-1+deb8u3","repositories":{"jessie":"0.1.9-1+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.2.4-1","repositories":{"sid":"0.3.1-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-1894":{"debianbug":537351,"scope":"local","description":"Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LD_BIND_NOW to 1, and then calling execv on the target of the /proc/self/exe symlink.","releases":{"buster":{"fixed_version":"0.9.15-4.1","repositories":{"buster":"12.2-4"},"urgency":"high","status":"resolved"},"stretch":{"fixed_version":"0.9.15-4.1","repositories":{"stretch":"10.0-1+deb9u1"},"urgency":"high","status":"resolved"},"jessie":{"fixed_version":"0.9.15-4.1","repositories":{"jessie":"5.0-13"},"urgency":"high","status":"resolved"},"sid":{"fixed_version":"0.9.15-4.1","repositories":{"sid":"12.2-4"},"urgency":"high","status":"resolved"}}}}
{"CVE-2008-0008":{"scope":"local","description":"The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion.","releases":{"buster":{"fixed_version":"0.9.9-1","repositories":{"buster":"12.2-4"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.9.9-1","repositories":{"stretch":"10.0-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.9.9-1","repositories":{"jessie":"5.0-13"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.9.9-1","repositories":{"sid":"12.2-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-1299":{"debianbug":573615,"scope":"local","description":"The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10 and 0.9.19 allows local users to change the ownership and permissions of arbitrary files via a symlink attack on a /tmp/.esd-##### temporary file.","releases":{"buster":{"fixed_version":"0.9.21-1.1","repositories":{"buster":"12.2-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.9.21-1.1","repositories":{"stretch":"10.0-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.9.21-1.1","repositories":{"jessie":"5.0-13"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.9.21-1.1","repositories":{"sid":"12.2-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-3970":{"scope":"remote","description":"The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service (assertion failure and abort) via an empty UDP packet.","releases":{"buster":{"fixed_version":"5.0-3","repositories":{"buster":"12.2-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"5.0-3","repositories":{"stretch":"10.0-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"5.0-3","repositories":{"jessie":"5.0-13"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"5.0-3","repositories":{"sid":"12.2-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-1804":{"scope":"remote","description":"PulseAudio 0.9.5 allows remote attackers to cause a denial of service (daemon crash) via (1) a PA_PSTREAM_DESCRIPTOR_LENGTH value of FRAME_SIZE_MAX_ALLOW sent on TCP port 9875, which triggers a p->export assertion failure in do_read; (2) a PA_PSTREAM_DESCRIPTOR_LENGTH value of 0 sent on TCP port 9875, which triggers a length assertion failure in pa_memblock_new; or (3) an empty packet on UDP port 9875, which triggers a t assertion failure in pa_sdp_parse; and allows remote authenticated users to cause a denial of service (daemon crash) via a crafted packet on TCP port 9875 that (4) triggers a maxlength assertion failure in pa_memblockq_new, (5) triggers a size assertion failure in pa_xmalloc, or (6) plays a certain sound file.","releases":{"buster":{"fixed_version":"0.9.6-1","repositories":{"buster":"12.2-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.9.6-1","repositories":{"stretch":"10.0-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.9.6-1","repositories":{"jessie":"5.0-13"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.9.6-1","repositories":{"sid":"12.2-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-7370":{"debianbug":744374,"releases":{"buster":{"fixed_version":"3.0.0-1","repositories":{"buster":"3.6.7-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"3.0.0-1","repositories":{"stretch":"3.4.1-1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"3.0.0-1","repositories":{"jessie":"3.3.0-1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"3.0.0-1","repositories":{"sid":"3.6.7-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-3717":{"scope":"remote","description":"connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middleware.","releases":{"buster":{"fixed_version":"3.0.0-1","repositories":{"buster":"3.6.7-1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"3.0.0-1","repositories":{"stretch":"3.4.1-1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"3.0.0-1","repositories":{"jessie":"3.3.0-1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"3.0.0-1","repositories":{"sid":"3.6.7-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2013-7371":{"releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.6.7-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"3.4.1-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.3.0-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.6.7-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-1691":{"debianbug":737149,"scope":"remote","description":"The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form.","releases":{"buster":{"fixed_version":"2.3.0-1","repositories":{"buster":"2.5.8-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.3.0-1","repositories":{"stretch":"2.5.8-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.3.0-1","repositories":{"jessie":"2.5.1-5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.3.0-1","repositories":{"sid":"2.5.8-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-2132":{"debianbug":672880,"scope":"remote","description":"libsoup 2.32.2 and earlier does not validate certificates or clear the trust flag when the ssl-ca-file does not exist, which allows remote attackers to bypass authentication by connecting with a SSL connection.","releases":{"buster":{"repositories":{"buster":"7.0-2"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"0.5.11-ds1-4"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"7.0-2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2014-3566":{"debianbug":765539,"scope":"remote","description":"The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the \"POODLE\" issue.","releases":{"buster":{"repositories":{"buster":"7.0-2"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"0.5.11-ds1-4"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"7.0-2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2010-3900":{"debianbug":607497,"scope":"remote","description":"Midori before 0.2.5, when WebKitGTK+ before 1.1.14 or LibSoup before 2.29.91 is used, does not verify X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted server certificate, a related issue to CVE-2010-3312.","releases":{"buster":{"fixed_version":"0.2.7-1.1","repositories":{"buster":"7.0-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0.2.7-1.1","repositories":{"stretch":"0.5.11-ds1-4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0.2.7-1.1","repositories":{"sid":"7.0-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-4988":{"debianbug":496393,"scope":"local","description":"pscal in xcal 4.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/pscal##### temporary file.","releases":{"buster":{"fixed_version":"4.1-19","repositories":{"buster":"4.1-19"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"4.1-19","repositories":{"stretch":"4.1-19"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"4.1-19","repositories":{"jessie":"4.1-19"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"4.1-19","repositories":{"sid":"4.1-19"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-2230":{"debianbug":484311,"scope":"local","description":"Untrusted search path vulnerability in (1) reportbug 3.8 and 3.31, and (2) reportbug-ng before 0.2008.06.04, allows local users to execute arbitrary code via a malicious module file in the current working directory.","releases":{"stretch":{"fixed_version":"0.2008.03.28","repositories":{"stretch":"2.1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.2008.03.28","repositories":{"jessie":"1.31"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-2064":{"scope":"remote","description":"Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function.","releases":{"buster":{"fixed_version":"1.8.1-2+deb7u1","repositories":{"buster":"1.13.1-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.8.1-2+deb7u1","repositories":{"stretch":"1.12-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.8.1-2+deb7u1","repositories":{"jessie":"1.10-3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.8.1-2+deb7u1","repositories":{"sid":"1.13.1-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-0294":{"scope":"remote","description":"chronyd in Chrony before 1.23.1, and possibly 1.24-pre1, generates a syslog message for each unauthorized cmdmon packet, which allows remote attackers to cause a denial of service (disk consumption) via a large number of invalid packets.","releases":{"buster":{"fixed_version":"1.23-7","repositories":{"buster":"3.4-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.23-7","repositories":{"stretch":"3.0-4+deb9u2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.23-7","repositories":{"jessie":"1.30-2+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.23-7","repositories":{"sid":"3.4-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-0292":{"scope":"remote","description":"The read_from_cmd_socket function in cmdmon.c in chronyd in Chrony before 1.23.1, and 1.24-pre1, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a spoofed cmdmon packet that triggers a continuous exchange of NOHOSTACCESS messages between two daemons, a related issue to CVE-2009-3563.","releases":{"buster":{"fixed_version":"1.23-7","repositories":{"buster":"3.4-4"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.23-7","repositories":{"stretch":"3.0-4+deb9u2"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.23-7","repositories":{"jessie":"1.30-2+deb8u2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.23-7","repositories":{"sid":"3.4-4"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2012-4503":{"debianbug":719203,"scope":"remote","description":"cmdmon.c in Chrony before 1.29 allows remote attackers to obtain potentially sensitive information from stack memory via vectors related to (1) an invalid subnet in a RPY_SUBNETS_ACCESSED command to the handle_subnets_accessed function or (2) a RPY_CLIENT_ACCESSES command to the handle_client_accesses function when client logging is disabled, which causes uninitialized data to be included in a reply.","releases":{"buster":{"fixed_version":"1.29-1","repositories":{"buster":"3.4-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.29-1","repositories":{"stretch":"3.0-4+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.29-1","repositories":{"jessie":"1.30-2+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.29-1","repositories":{"sid":"3.4-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-0293":{"scope":"remote","description":"The client logging functionality in chronyd in Chrony before 1.23.1 does not restrict the amount of memory used for storage of client information, which allows remote attackers to cause a denial of service (memory consumption) via spoofed (1) NTP or (2) cmdmon packets.","releases":{"buster":{"fixed_version":"1.23-7","repositories":{"buster":"3.4-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.23-7","repositories":{"stretch":"3.0-4+deb9u2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.23-7","repositories":{"jessie":"1.30-2+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.23-7","repositories":{"sid":"3.4-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-1567":{"debianbug":812923,"scope":"remote","description":"chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a \"skeleton key.\"","releases":{"buster":{"fixed_version":"2.2.1-1","repositories":{"buster":"3.4-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.2.1-1","repositories":{"stretch":"3.0-4+deb9u2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.30-2+deb8u2","repositories":{"jessie":"1.30-2+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.2.1-1","repositories":{"sid":"3.4-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-4502":{"debianbug":719203,"scope":"remote","description":"Multiple integer overflows in pktlength.c in Chrony before 1.29 allow remote attackers to cause a denial of service (crash) via a crafted (1) REQ_SUBNETS_ACCESSED or (2) REQ_CLIENT_ACCESSES command request to the PKL_CommandLength function or crafted (3) RPY_SUBNETS_ACCESSED, (4) RPY_CLIENT_ACCESSES, (5) RPY_CLIENT_ACCESSES_BY_INDEX, or (6) RPY_MANUAL_LIST command reply to the PKL_ReplyLength function, which triggers an out-of-bounds read or buffer overflow.  NOTE: versions 1.27 and 1.28 do not require authentication to exploit.","releases":{"buster":{"fixed_version":"1.29-1","repositories":{"buster":"3.4-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.29-1","repositories":{"stretch":"3.0-4+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.29-1","repositories":{"jessie":"1.30-2+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.29-1","repositories":{"sid":"3.4-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-1821":{"debianbug":782160,"scope":"remote","description":"Heap-based buffer overflow in chrony before 1.31.1 allows remote authenticated users to cause a denial of service (chronyd crash) or possibly execute arbitrary code by configuring the (1) NTP or (2) cmdmon access with a subnet size that is indivisible by four and an address with a nonzero bit in the subnet remainder.","releases":{"buster":{"fixed_version":"1.30-2","repositories":{"buster":"3.4-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.30-2","repositories":{"stretch":"3.0-4+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.30-2","repositories":{"jessie":"1.30-2+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.30-2","repositories":{"sid":"3.4-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-0021":{"debianbug":737644,"releases":{"buster":{"fixed_version":"1.29.1-1","repositories":{"buster":"3.4-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.29.1-1","repositories":{"stretch":"3.0-4+deb9u2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.29.1-1","repositories":{"jessie":"1.30-2+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.29.1-1","repositories":{"sid":"3.4-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-1822":{"debianbug":782160,"scope":"remote","description":"chrony before 1.31.1 does not initialize the last \"next\" pointer when saving unacknowledged replies to command requests, which allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a large number of command requests.","releases":{"buster":{"fixed_version":"1.30-2","repositories":{"buster":"3.4-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.30-2","repositories":{"stretch":"3.0-4+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.30-2","repositories":{"jessie":"1.30-2+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.30-2","repositories":{"sid":"3.4-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-1853":{"debianbug":782160,"releases":{"buster":{"fixed_version":"1.30-2","repositories":{"buster":"3.4-4"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"1.30-2","repositories":{"stretch":"3.0-4+deb9u2"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"1.30-2","repositories":{"jessie":"1.30-2+deb8u2"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"1.30-2","repositories":{"sid":"3.4-4"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2013-4509":{"debianbug":729065,"scope":"local","description":"The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allows physically proximate attackers to obtain a user password by reading the lockscreen.","releases":{"buster":{"fixed_version":"1.12.1599.102-1","repositories":{"buster":"2.23.2815.102+dfsg-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.12.1599.102-1","repositories":{"stretch":"2.19.2623.102+dfsg-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.12.1599.102-1","repositories":{"jessie":"1.15.1857.102-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.12.1599.102-1","repositories":{"sid":"2.23.2815.102+dfsg-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-4970":{"debianbug":702895,"scope":"remote","description":"Multiple SQL injection vulnerabilities in LCG Disk Pool Manager (DPM) before 1.8.6, as used in EGI UDM, allow remote attackers to execute arbitrary SQL commands via the (1) r_token variable in the dpm_get_pending_req_by_token, (2) dpm_get_cpr_by_fullid, (3) dpm_get_cpr_by_surl, (4) dpm_get_cpr_by_surls, (5) dpm_get_gfr_by_fullid, (6) dpm_get_gfr_by_surl, (7) dpm_get_pfr_by_fullid, (8) dpm_get_pfr_by_surl, (9) dpm_get_req_by_token, (10) dpm_insert_cpr_entry, (11) dpm_insert_gfr_entry, (12) dpm_insert_pending_entry, (13) dpm_insert_pfr_entry, (14) dpm_insert_xferreq_entry, (15) dpm_list_cpr_entry, (16) dpm_list_gfr_entry, or (17) dpm_list_pfr_entry function; the (18) surl variable in the dpm_get_cpr_by_surl function; the (19) to_surl variable in the dpm_get_cpr_by_surls function; the (20) u_token variable in the dpm_get_pending_reqs_by_u_desc, (21) dpm_get_reqs_by_u_desc, (22) dpm_get_spcmd_by_u_desc, (23) dpm_insert_pending_entry, (24) dpm_insert_spcmd_entry, or (25) dpm_insert_xferreq_entry function; the (26) s_token variable in the dpm_get_spcmd_by_token, (27) dpm_insert_cpr_entry, (28) dpm_insert_gfr_entry, (29) dpm_insert_pfr_entry, (30) dpm_insert_spcmd_entry, (31) dpm_update_cpr_entry, (32) dpm_update_gfr_entry, or (33) dpm_update_pfr_entry function; or remote administrators to execute arbitrary SQL commands via the (34) poolname variable in the dpm_get_pool_entry, (35) dpm_insert_fs_entry, (36) dpm_insert_pool_entry, (37) dpm_insert_spcmd_entry, (38) dpm_list_fs_entry, or (39) dpm_update_spcmd_entry function.","releases":{"buster":{"fixed_version":"1.8.6-1","repositories":{"buster":"1.10.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.8.6-1","repositories":{"stretch":"1.9.0-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.8.6-1","repositories":{"jessie":"1.8.7-3.1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.8.6-1","repositories":{"sid":"1.10.0-2"},"urgency":"low","status":"resolved"}}}}
{"TEMP-0000000-6B3154":{"releases":{"buster":{"fixed_version":"2004.11.04-3","repositories":{"buster":"20061220+dfsg3-4.4"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"2004.11.04-3","repositories":{"stretch":"20061220+dfsg3-4.3+deb9u2"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"2004.11.04-3","repositories":{"jessie":"20061220+dfsg3-4.1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"2004.11.04-3","repositories":{"sid":"20061220+dfsg3-4.4"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2017-11654":{"debianbug":869803,"scope":"remote","description":"An out-of-bounds read and write flaw was found in the way SIPcrack 0.2 processed SIP traffic, because 0x00 termination of a payload array was mishandled. A remote attacker could potentially use this flaw to crash the sipdump process by generating specially crafted SIP traffic.","releases":{"buster":{"repositories":{"buster":"0.2-3"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"0.2-2"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"0.2-2"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"0.2-3"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-11655":{"debianbug":869803,"scope":"remote","description":"A memory leak was found in the way SIPcrack 0.2 handled processing of SIP traffic, because a lines array was mismanaged. A remote attacker could potentially use this flaw to crash long-running sipdump network sniffing sessions.","releases":{"buster":{"repositories":{"buster":"0.2-3"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"0.2-2"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"0.2-2"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"0.2-3"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2012-0878":{"debianbug":661061,"scope":"remote","description":"Paste Script 1.7.5 and earlier does not properly set group memberships during execution with root privileges, which might allow remote attackers to bypass intended file-access restrictions by leveraging a web application that uses the local filesystem.","releases":{"buster":{"fixed_version":"1.7.5-2","repositories":{"buster":"2.0.2-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.7.5-2","repositories":{"stretch":"1.7.5-4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.7.5-2","repositories":{"jessie":"1.7.5-3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.7.5-2","repositories":{"sid":"2.0.2-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-10140":{"debianbug":872436,"scope":"local","description":"Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory.","releases":{"jessie":{"fixed_version":"5.1.29-9+deb8u1","repositories":{"jessie":"5.1.29-9+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-2220":{"debianbug":714362,"scope":"remote","description":"Buffer overflow in the radius_get_vendor_attr function in the Radius extension before 1.2.7 for PHP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large Vendor Specific Attributes (VSA) length value.","releases":{"buster":{"fixed_version":"1.2.5-2.4","repositories":{"buster":"1.4.0~b1-9"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.2.5-2.4","repositories":{"stretch":"1.4.0~b1-6"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.2.5-2.4","repositories":{"jessie":"1.2.5-2.4"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.2.5-2.4","repositories":{"sid":"1.4.0~b1-9"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2019-7629":{"debianbug":924348,"scope":"remote","description":"Stack-based buffer overflow in the strip_vt102_codes function in TinTin++ 2.01.6 and WinTin++ 2.01.6 allows remote attackers to execute arbitrary code by sending a long message to the client.","releases":{"buster":{"fixed_version":"2.01.5-2","repositories":{"buster":"2.01.5-2"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.01.1-1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.01.0-1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.01.5-2","repositories":{"sid":"2.01.5-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-0673":{"debianbug":465643,"scope":"remote","description":"TinTin++ 1.97.9 and WinTin++ 1.97.9 open files on the basis of an inbound file-transfer request, before the user has an opportunity to decline the request, which allows remote attackers to truncate arbitrary files in the top level of a home directory.","releases":{"buster":{"fixed_version":"1.97.9-2","repositories":{"buster":"2.01.5-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.97.9-2","repositories":{"stretch":"2.01.1-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.97.9-2","repositories":{"jessie":"2.01.0-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.97.9-2","repositories":{"sid":"2.01.5-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-0671":{"debianbug":465643,"scope":"remote","description":"Stack-based buffer overflow in the add_line_buffer function in TinTin++ 1.97.9 and WinTin++ 1.97.9 allows remote attackers to execute arbitrary code via a long chat message, related to conversion from LF to CRLF.","releases":{"buster":{"fixed_version":"1.97.9-2","repositories":{"buster":"2.01.5-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.97.9-2","repositories":{"stretch":"2.01.1-1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.97.9-2","repositories":{"jessie":"2.01.0-1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.97.9-2","repositories":{"sid":"2.01.5-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2008-0672":{"debianbug":465643,"scope":"remote","description":"The process_chat_input function in TinTin++ 1.97.9 and WinTin++ 1.97.9 allows remote attackers to cause a denial of service (application crash) via a YES message without a newline character, which triggers a NULL dereference.","releases":{"buster":{"fixed_version":"1.97.9-2","repositories":{"buster":"2.01.5-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.97.9-2","repositories":{"stretch":"2.01.1-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.97.9-2","repositories":{"jessie":"2.01.0-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.97.9-2","repositories":{"sid":"2.01.5-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-0001":{"debianbug":566002,"scope":"remote","description":"Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.","releases":{"buster":{"fixed_version":"4.2.4.3-1","repositories":{"buster":"4.2.4.5-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.2.4.3-1","repositories":{"stretch":"4.2.4.4-16"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.2.4.3-1","repositories":{"jessie":"4.2.4.4-9"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.2.4.3-1","repositories":{"sid":"4.2.4.5-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-2991":{"scope":"local","description":"ncompress 4.2.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files using (1) zdiff or (2) zcmp, a different vulnerability than CVE-2004-0970.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"4.2.4.5-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.2.4.4-16"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.2.4.4-9"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"4.2.4.5-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-1168":{"scope":"remote","description":"The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow.","releases":{"buster":{"fixed_version":"4.2.4-16","repositories":{"buster":"4.2.4.5-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.2.4-16","repositories":{"stretch":"4.2.4.4-16"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.2.4-16","repositories":{"jessie":"4.2.4.4-9"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.2.4-16","repositories":{"sid":"4.2.4.5-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2001-1413":{"scope":"remote","description":"Stack-based buffer overflow in the comprexx function for ncompress 4.2.4 and earlier, when used in situations that cross security boundaries (such as FTP server), may allow remote attackers to execute arbitrary code via a long filename argument.","releases":{"buster":{"fixed_version":"4.2.4-15","repositories":{"buster":"4.2.4.5-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.2.4-15","repositories":{"stretch":"4.2.4.4-16"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.2.4-15","repositories":{"jessie":"4.2.4.4-9"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.2.4-15","repositories":{"sid":"4.2.4.5-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-10518":{"scope":"remote","description":"A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clients to allocate memory by sending a ping frame. The ping functionality by default responds with a pong frame and the previously given payload of the ping frame. This is exactly what you expect, but internally ws always transforms all data that we need to send to a Buffer instance and that is where the vulnerability existed. ws didn't do any checks for the type of data it was sending. With buffers in node when you allocate it when a number instead of a string it will allocate the amount of bytes.","releases":{"buster":{"fixed_version":"1.0.1+ds1.e6ddaae4-1","repositories":{"buster":"1.1.0+ds1.e6ddaae4-5"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.0.1+ds1.e6ddaae4-1","repositories":{"stretch":"1.1.0+ds1.e6ddaae4-3"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"0.4.32-1"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"1.0.1+ds1.e6ddaae4-1","repositories":{"sid":"1.1.0+ds1.e6ddaae4-5"},"urgency":"unimportant","status":"resolved"}}}}
{"TEMP-0000000-BBB7D8":{"releases":{"buster":{"fixed_version":"1.0.1+ds1.e6ddaae4-1","repositories":{"buster":"1.1.0+ds1.e6ddaae4-5"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.0.1+ds1.e6ddaae4-1","repositories":{"stretch":"1.1.0+ds1.e6ddaae4-3"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"0.4.32-1"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"1.0.1+ds1.e6ddaae4-1","repositories":{"sid":"1.1.0+ds1.e6ddaae4-5"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-10542":{"debianbug":927671,"scope":"remote","description":"ws is a \"simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455\". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and earlier.","releases":{"buster":{"fixed_version":"1.1.0+ds1.e6ddaae4-5","repositories":{"buster":"1.1.0+ds1.e6ddaae4-5"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Nodejs in stretch not covered by security support","repositories":{"stretch":"1.1.0+ds1.e6ddaae4-3"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Nodejs in jessie not covered by security support","repositories":{"jessie":"0.4.32-1"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"1.1.0+ds1.e6ddaae4-5","repositories":{"sid":"1.1.0+ds1.e6ddaae4-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-1100":{"scope":"remote","description":"Integer overflow in Arora allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type, as demonstrated by a value of 65561 for TCP port 25.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"0.11.0+qt5+git2014-04-06-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.11.0+qt5+git2014-04-06-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-3566":{"debianbug":765539,"scope":"remote","description":"The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the \"POODLE\" issue.","releases":{"jessie":{"repositories":{"jessie":"0.11.0+qt5+git2014-04-06-1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"0.11.0+qt5+git2014-04-06-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2011-3367":{"scope":"remote","description":"Arora, possibly 0.11 and other versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.","releases":{"jessie":{"repositories":{"jessie":"0.11.0+qt5+git2014-04-06-1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"0.11.0+qt5+git2014-04-06-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-17532":{"scope":"remote","description":"examples/framework/news/news3.py in Kiwi 1.9.22 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.","releases":{"buster":{"repositories":{"buster":"1.9.22-4"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"1.9.22-4"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1.9.22-2"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"1.9.22-4"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-6296":{"debianbug":832959,"scope":"remote","description":"Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a long first argument to the PHP xmlrpc_encode_request function.","releases":{"buster":{"fixed_version":"0.54.2-1.2","repositories":{"buster":"0.54.2-1.2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.54.2-1.2","repositories":{"stretch":"0.54.2-1.2"},"urgency":"high**","status":"resolved"},"jessie":{"nodsa":"Can be fixed via point release, nothing depending on it in stable","repositories":{"jessie":"0.54.2-1.1"},"urgency":"high**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.54.2-1.2","repositories":{"sid":"0.54.2-1.2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-10114":{"debianbug":870860,"scope":"remote","description":"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).","releases":{"buster":{"fixed_version":"8u141-b14-1","repositories":{"buster":"11.0.2+1-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"8u141-b14-3~deb9u1","repositories":{"stretch-security":"8u141-b14-3~deb9u1","stretch":"8u111-b14-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"8u141-b14-1","repositories":{"sid":"11.0.2+1-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-10086":{"debianbug":870860,"scope":"remote","description":"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).","releases":{"buster":{"fixed_version":"8u141-b14-1","repositories":{"buster":"11.0.2+1-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"8u141-b14-3~deb9u1","repositories":{"stretch-security":"8u141-b14-3~deb9u1","stretch":"8u111-b14-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"8u141-b14-1","repositories":{"sid":"11.0.2+1-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-2581":{"debianbug":888530,"scope":"remote","description":"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N).","releases":{"buster":{"fixed_version":"8u161-b12-1","repositories":{"buster":"11.0.2+1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Specific details withheld by Oracle, impossible to fix","repositories":{"stretch-security":"8u141-b14-3~deb9u1","stretch":"8u111-b14-1"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"8u161-b12-1","repositories":{"sid":"11.0.2+1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-4901":{"debianbug":823622,"scope":"remote","description":"Unspecified vulnerability in Oracle Java SE 8u60 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX.","releases":{"buster":{"fixed_version":"8u91-b14-1","repositories":{"buster":"11.0.2+1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"8u91-b14-1","repositories":{"stretch-security":"8u141-b14-3~deb9u1","stretch":"8u111-b14-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"8u91-b14-1","repositories":{"sid":"11.0.2+1-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-4916":{"debianbug":823622,"scope":"remote","description":"Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2015-4906 and CVE-2015-4908.","releases":{"buster":{"fixed_version":"8u91-b14-1","repositories":{"buster":"11.0.2+1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"8u91-b14-1","repositories":{"stretch-security":"8u141-b14-3~deb9u1","stretch":"8u111-b14-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"8u91-b14-1","repositories":{"sid":"11.0.2+1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-4906":{"debianbug":823622,"scope":"remote","description":"Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 allows remote attackers to affect confidentiality via unknown vectors related to JavaFX, a different vulnerability than CVE-2015-4908 and CVE-2015-4916.","releases":{"buster":{"fixed_version":"8u91-b14-1","repositories":{"buster":"11.0.2+1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"8u91-b14-1","repositories":{"stretch-security":"8u141-b14-3~deb9u1","stretch":"8u111-b14-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"8u91-b14-1","repositories":{"sid":"11.0.2+1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-3498":{"debianbug":832419,"scope":"remote","description":"Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows remote attackers to affect availability via vectors related to JavaFX.","releases":{"buster":{"fixed_version":"8u102-b14-1","repositories":{"buster":"11.0.2+1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"8u102-b14-1","repositories":{"stretch-security":"8u141-b14-3~deb9u1","stretch":"8u111-b14-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"8u102-b14-1","repositories":{"sid":"11.0.2+1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-3209":{"scope":"remote","description":"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). The supported version that is affected is Java SE: 8u182. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).","releases":{"buster":{"fixed_version":"11+26-1","repositories":{"buster":"11.0.2+1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Specific details withheld by Oracle, impossible to fix","repositories":{"stretch-security":"8u141-b14-3~deb9u1","stretch":"8u111-b14-1"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"11+26-1","repositories":{"sid":"11.0.2+1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-2941":{"debianbug":905215,"scope":"remote","description":"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u181, 8u172 and 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).","releases":{"buster":{"fixed_version":"11+26-1","repositories":{"buster":"11.0.2+1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Specific details withheld by Oracle, impossible to fix","repositories":{"stretch-security":"8u141-b14-3~deb9u1","stretch":"8u111-b14-1"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"11+26-1","repositories":{"sid":"11.0.2+1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-4908":{"debianbug":823622,"scope":"remote","description":"Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2015-4906 and CVE-2015-4916.","releases":{"buster":{"fixed_version":"8u91-b14-1","repositories":{"buster":"11.0.2+1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"8u91-b14-1","repositories":{"stretch-security":"8u141-b14-3~deb9u1","stretch":"8u111-b14-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"8u91-b14-1","repositories":{"sid":"11.0.2+1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-3495":{"debianbug":751902,"releases":{"buster":{"fixed_version":"0.6.21-1","repositories":{"buster":"0.7.18.2-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.6.21-1","repositories":{"stretch":"0.7.11-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.6.21-1","repositories":{"jessie":"0.6.24-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.6.21-1","repositories":{"sid":"0.7.18.2-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-5201":{"debianbug":442840,"scope":"local","description":"The FTP backend for Duplicity before 0.4.9 sends the password as a command line argument when calling ncftp, which might allow local users to read the password by listing the process and its arguments.","releases":{"buster":{"fixed_version":"0.4.3-2","repositories":{"buster":"0.7.18.2-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.4.3-2","repositories":{"stretch":"0.7.11-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.4.3-2","repositories":{"jessie":"0.6.24-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.4.3-2","repositories":{"sid":"0.7.18.2-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-1440":{"debianbug":525078,"scope":"remote","description":"Incomplete blacklist vulnerability in DownloadListCtrl.cpp in amule 2.2.4 allows remote attackers to conduct argument injection attacks into a command for mplayer via a crafted filename.","releases":{"buster":{"fixed_version":"2.2.5-1.1","repositories":{"buster":"1:2.3.2-5"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.2.5-1.1","repositories":{"stretch":"1:2.3.2-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.2.5-1.1","repositories":{"sid":"1:2.3.2-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2006-2692":{"scope":"remote","description":"Multiple unspecified vulnerabilities in aMuleWeb for AMule before 2.1.2 allow remote attackers to read arbitrary image, HTML, or PHP files via unknown vectors, probably related to directory traversal.","releases":{"buster":{"fixed_version":"2.1.2-1","repositories":{"buster":"1:2.3.2-5"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.1.2-1","repositories":{"stretch":"1:2.3.2-1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.1.2-1","repositories":{"sid":"1:2.3.2-5"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2006-2691":{"scope":"remote","description":"Unspecified \"information leakage\" vulnerabilities in aMuleWeb for AMule before 2.1.2 allow remote attackers to access arbitrary images, including dynamically generated images, via unknown vectors.","releases":{"buster":{"fixed_version":"2.1.2-1","repositories":{"buster":"1:2.3.2-5"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.1.2-1","repositories":{"stretch":"1:2.3.2-1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.1.2-1","repositories":{"sid":"1:2.3.2-5"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2008-2486":{"scope":"remote","description":"Unspecified vulnerability in eMule Plus before 1.2d has unknown impact and attack vectors related to \"staticservers.dat processing.\"","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:2.3.2-5"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1:2.3.2-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:2.3.2-5"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-4128":{"debianbug":555195,"scope":"local","description":"GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted portion of a password with the actual password, which makes it easier for physically proximate attackers to conduct brute force attacks and bypass authentication by submitting a password whose length is 1.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.97-75"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"0.97-72"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.97-70"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.97-75"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-3896":{"scope":"local","description":"Grub Legacy 0.97 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.","releases":{"buster":{"repositories":{"buster":"0.97-75"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"0.97-72"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"0.97-70"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"0.97-75"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-12678":{"debianbug":871511,"scope":"remote","description":"In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"18.2.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"16.5.3-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"18.2.1-1"},"urgency":"unimportant","status":"resolved"}}}}
{"TEMP-0876540-D98160":{"debianbug":876540,"releases":{"buster":{"fixed_version":"1.2.5-2","repositories":{"buster":"2.1.1-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"1.1.4-2","repositories":{"stretch":"1.1.4-2"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"1.2.5-2","repositories":{"sid":"2.1.2-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2005-0440":{"scope":"remote","description":"ELOG before 2.5.7 allows remote attackers to bypass authentication and download a configuration file that contains a sensitive write password via a modified URL.","releases":{"buster":{"fixed_version":"2.5.7+r1558-1","repositories":{"buster":"3.1.3-1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.5.7+r1558-1","repositories":{"stretch":"3.1.2-1-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.5.7+r1558-1","repositories":{"jessie":"2.9.2+2014.05.11git44800a7-2+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.5.7+r1558-1","repositories":{"sid":"3.1.3-1-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-0600":{"scope":"remote","description":"elog before 2.5.7 r1558-4 allows remote attackers to cause a denial of service (infinite redirection) via a request with the fail parameter set to 1, which redirects to the same request.","releases":{"buster":{"fixed_version":"2.6.1+r1642-1","repositories":{"buster":"3.1.3-1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.6.1+r1642-1","repositories":{"stretch":"3.1.2-1-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.6.1+r1642-1","repositories":{"jessie":"2.9.2+2014.05.11git44800a7-2+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.6.1+r1642-1","repositories":{"sid":"3.1.3-1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-0347":{"debianbug":349528,"scope":"remote","description":"Directory traversal vulnerability in ELOG before 2.6.1 allows remote attackers to access arbitrary files outside of the elog directory via \"../\" (dot dot) sequences in the URL.","releases":{"buster":{"fixed_version":"2.6.1+r1642-1","repositories":{"buster":"3.1.3-1-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.6.1+r1642-1","repositories":{"stretch":"3.1.2-1-1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.6.1+r1642-1","repositories":{"jessie":"2.9.2+2014.05.11git44800a7-2+deb8u2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.6.1+r1642-1","repositories":{"sid":"3.1.3-1-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2006-0348":{"debianbug":349528,"scope":"remote","description":"Format string vulnerability in the write_logfile function in ELOG before 2.6.1 allows remote attackers to cause a denial of service (server crash) via unknown attack vectors.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.","releases":{"buster":{"fixed_version":"2.6.1+r1642-1","repositories":{"buster":"3.1.3-1-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.6.1+r1642-1","repositories":{"stretch":"3.1.2-1-1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.6.1+r1642-1","repositories":{"jessie":"2.9.2+2014.05.11git44800a7-2+deb8u2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.6.1+r1642-1","repositories":{"sid":"3.1.3-1-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2006-6318":{"scope":"remote","description":"The show_elog_list function in elogd.c in elog 2.6.2 and earlier allows remote authenticated users to cause a denial of service (daemon crash) by attempting to access a logbook whose name begins with \"global,\" which results in a NULL pointer dereference.  NOTE: some of these details are obtained from third party information.","releases":{"buster":{"fixed_version":"2.6.2+r1754-1","repositories":{"buster":"3.1.3-1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.6.2+r1754-1","repositories":{"stretch":"3.1.2-1-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.6.2+r1754-1","repositories":{"jessie":"2.9.2+2014.05.11git44800a7-2+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.6.2+r1754-1","repositories":{"sid":"3.1.3-1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-0597":{"scope":"remote","description":"Multiple stack-based buffer overflows in elogd.c in elog before 2.5.7 r1558-4 allow attackers to cause a denial of service (application crash) and possibly execute code via long \"revision attributes\".","releases":{"buster":{"fixed_version":"2.6.1+r1642-1","repositories":{"buster":"3.1.3-1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.6.1+r1642-1","repositories":{"stretch":"3.1.2-1-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.6.1+r1642-1","repositories":{"jessie":"2.9.2+2014.05.11git44800a7-2+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.6.1+r1642-1","repositories":{"sid":"3.1.3-1-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-0598":{"scope":"remote","description":"Buffer overflow in elogd.c in elog before 2.5.7 r1558-4 allows attackers to execute code via unspecified variables, when writing to the log file.","releases":{"buster":{"fixed_version":"2.6.1+r1642-1","repositories":{"buster":"3.1.3-1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.6.1+r1642-1","repositories":{"stretch":"3.1.2-1-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.6.1+r1642-1","repositories":{"jessie":"2.9.2+2014.05.11git44800a7-2+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.6.1+r1642-1","repositories":{"sid":"3.1.3-1-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-6342":{"debianbug":836505,"scope":"remote","description":"elog 3.1.1 allows remote attackers to post data as any username in the logbook.","releases":{"buster":{"fixed_version":"3.1.2-1-1","repositories":{"buster":"3.1.3-1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.1.2-1-1","repositories":{"stretch":"3.1.2-1-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.9.2+2014.05.11git44800a7-2+deb8u1","repositories":{"jessie":"2.9.2+2014.05.11git44800a7-2+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.1.2-1-1","repositories":{"sid":"3.1.3-1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-0599":{"scope":"remote","description":"The (1) elog.c and (2) elogd.c components in elog before 2.5.7 r1558-4 generate different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames.","releases":{"buster":{"fixed_version":"2.6.1+r1642-1","repositories":{"buster":"3.1.3-1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.6.1+r1642-1","repositories":{"stretch":"3.1.2-1-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.6.1+r1642-1","repositories":{"jessie":"2.9.2+2014.05.11git44800a7-2+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.6.1+r1642-1","repositories":{"sid":"3.1.3-1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-0439":{"scope":"remote","description":"Buffer overflow in the decode_post function in ELOG before 2.5.7 allows remote attackers to execute arbitrary code via attachments with long file names.","releases":{"buster":{"fixed_version":"2.5.7+r1558-1","repositories":{"buster":"3.1.3-1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.5.7+r1558-1","repositories":{"stretch":"3.1.2-1-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.5.7+r1558-1","repositories":{"jessie":"2.9.2+2014.05.11git44800a7-2+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.5.7+r1558-1","repositories":{"sid":"3.1.3-1-1"},"urgency":"high**","status":"resolved"}}}}
{"TEMP-0349528-9E59D3":{"debianbug":349528,"releases":{"buster":{"fixed_version":"2.5.7+r1558-3","repositories":{"buster":"3.1.3-1-1"},"urgency":"high","status":"resolved"},"stretch":{"fixed_version":"2.5.7+r1558-3","repositories":{"stretch":"3.1.2-1-1"},"urgency":"high","status":"resolved"},"jessie":{"fixed_version":"2.5.7+r1558-3","repositories":{"jessie":"2.9.2+2014.05.11git44800a7-2+deb8u2"},"urgency":"high","status":"resolved"},"sid":{"fixed_version":"2.5.7+r1558-3","repositories":{"sid":"3.1.3-1-1"},"urgency":"high","status":"resolved"}}}}
{"CVE-2008-0444":{"debianbug":463600,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via subtext parameter to unspecified components.","releases":{"buster":{"fixed_version":"2.9.2+2014.05.11git44800a7-1","repositories":{"buster":"3.1.3-1-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.9.2+2014.05.11git44800a7-1","repositories":{"stretch":"3.1.2-1-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.9.2+2014.05.11git44800a7-1","repositories":{"jessie":"2.9.2+2014.05.11git44800a7-2+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.9.2+2014.05.11git44800a7-1","repositories":{"sid":"3.1.3-1-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2006-5791":{"debianbug":392016,"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the filename for downloading, which is not quoted in an error message by the send_file_direct function, and (2) the Type or Category values in a New entry, which is not properly handled in an error message by the submit_elog function.","releases":{"buster":{"fixed_version":"2.6.2+r1754-1","repositories":{"buster":"3.1.3-1-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.6.2+r1754-1","repositories":{"stretch":"3.1.2-1-1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.6.2+r1754-1","repositories":{"jessie":"2.9.2+2014.05.11git44800a7-2+deb8u2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.6.2+r1754-1","repositories":{"sid":"3.1.3-1-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2008-0445":{"debianbug":463600,"scope":"remote","description":"The replace_inline_img function in elogd in Electronic Logbook (ELOG) before 2.7.1 allows remote attackers to cause a denial of service (infinite loop) via crafted logbook entries.  NOTE: some of these details are obtained from third party information.","releases":{"buster":{"fixed_version":"2.9.2+2014.05.11git44800a7-1","repositories":{"buster":"3.1.3-1-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.9.2+2014.05.11git44800a7-1","repositories":{"stretch":"3.1.2-1-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.9.2+2014.05.11git44800a7-1","repositories":{"jessie":"2.9.2+2014.05.11git44800a7-2+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.9.2+2014.05.11git44800a7-1","repositories":{"sid":"3.1.3-1-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2006-5790":{"debianbug":392016,"scope":"remote","description":"Multiple format string vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) an entry with an attachment whose name contains format string specifiers (el_submit function), and possibly other vectors in the (2) receive_config, (3) show_rss_feed, (4) show_elog_list, (5) show_logbook_node, and (6) server_loop functions.","releases":{"buster":{"fixed_version":"2.6.2+r1754-1","repositories":{"buster":"3.1.3-1-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.6.2+r1754-1","repositories":{"stretch":"3.1.2-1-1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.6.2+r1754-1","repositories":{"jessie":"2.9.2+2014.05.11git44800a7-2+deb8u2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.6.2+r1754-1","repositories":{"sid":"3.1.3-1-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2006-5063":{"debianbug":389361,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in Elog 2.6.1 allows remote attackers to inject arbitrary web script or HTML by editing log entries in HTML mode.","releases":{"buster":{"fixed_version":"2.6.2+r1719-1","repositories":{"buster":"3.1.3-1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.6.2+r1719-1","repositories":{"stretch":"3.1.2-1-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.6.2+r1719-1","repositories":{"jessie":"2.9.2+2014.05.11git44800a7-2+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.6.2+r1719-1","repositories":{"sid":"3.1.3-1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-4439":{"debianbug":349528,"scope":"remote","description":"Buffer overflow in ELOG elogd 2.6.0-beta4 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a URL with a long (1) cmd or (2) mode parameter.","releases":{"buster":{"fixed_version":"2.6.1+r1642-1","repositories":{"buster":"3.1.3-1-1"},"urgency":"high","status":"resolved"},"stretch":{"fixed_version":"2.6.1+r1642-1","repositories":{"stretch":"3.1.2-1-1"},"urgency":"high","status":"resolved"},"jessie":{"fixed_version":"2.6.1+r1642-1","repositories":{"jessie":"2.9.2+2014.05.11git44800a7-2+deb8u2"},"urgency":"high","status":"resolved"},"sid":{"fixed_version":"2.6.1+r1642-1","repositories":{"sid":"3.1.3-1-1"},"urgency":"high","status":"resolved"}}}}
{"CVE-2009-2688":{"debianbug":540470,"scope":"remote","description":"Multiple integer overflows in glyphs-eimage.c in XEmacs 21.4.22, when running on Windows, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) the tiff_instantiate function processing a crafted TIFF file, (2) the png_instantiate function processing a crafted PNG file, and (3) the jpeg_instantiate function processing a crafted JPEG file, all which trigger a heap-based buffer overflow.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.","releases":{"buster":{"fixed_version":"21.4.22-3","repositories":{"buster":"21.4.24-8"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"21.4.22-3","repositories":{"stretch":"21.4.24-4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"21.4.22-3","repositories":{"jessie":"21.4.22-14~deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"21.4.22-3","repositories":{"sid":"21.4.24-8"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-6109":{"debianbug":455432,"scope":"remote","description":"Stack-based buffer overflow in emacs allows user-assisted attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a large precision value in an integer format string specifier to the format function, as demonstrated via a certain \"emacs -batch -eval\" command line.","releases":{"buster":{"fixed_version":"21.4.21-4","repositories":{"buster":"21.4.24-8"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"21.4.21-4","repositories":{"stretch":"21.4.24-4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"21.4.21-4","repositories":{"jessie":"21.4.22-14~deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"21.4.21-4","repositories":{"sid":"21.4.24-8"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-0825":{"debianbug":590301,"scope":"local","description":"lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks.","releases":{"buster":{"fixed_version":"21.4.22-3.1","repositories":{"buster":"21.4.24-8"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"21.4.22-3.1","repositories":{"stretch":"21.4.24-4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"21.4.22-3.1","repositories":{"jessie":"21.4.22-14~deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"21.4.22-3.1","repositories":{"sid":"21.4.24-8"},"urgency":"low","status":"resolved"}}}}
{"CVE-2005-0100":{"scope":"remote","description":"Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets.","releases":{"buster":{"fixed_version":"21.4.16-2","repositories":{"buster":"21.4.24-8"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"21.4.16-2","repositories":{"stretch":"21.4.24-4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"21.4.16-2","repositories":{"jessie":"21.4.22-14~deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"21.4.16-2","repositories":{"sid":"21.4.24-8"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-1694":{"debianbug":476611,"scope":"local","description":"vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary files via a symlink attack on temporary files.","releases":{"buster":{"fixed_version":"21.4.21-4","repositories":{"buster":"21.4.24-8"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"21.4.21-4","repositories":{"stretch":"21.4.24-4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"21.4.21-4","repositories":{"jessie":"21.4.22-14~deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"21.4.21-4","repositories":{"sid":"21.4.24-8"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-3949":{"debianbug":499568,"scope":"local","description":"emacs/lisp/progmodes/python.el in Emacs 22.1 and 22.2 imports Python script from the current working directory during editing of a Python file, which allows local users to execute arbitrary code via a Trojan horse Python file.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"21.4.24-8"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"21.4.24-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"21.4.22-14~deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"21.4.24-8"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-2383":{"debianbug":555217,"scope":"remote","description":"The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka \"JavaScript Hijacking.\"","releases":{"buster":{"fixed_version":"1.48-3","repositories":{"buster":"1.48-5"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.48-3","repositories":{"stretch":"1.48-5"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.48-3","repositories":{"jessie":"1.48-4"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.48-3","repositories":{"sid":"1.48-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-7220":{"debianbug":555217,"scope":"remote","description":"Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make \"cross-site ajax requests\" via unknown vectors.","releases":{"buster":{"fixed_version":"1.48-3","repositories":{"buster":"1.48-5"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.48-3","repositories":{"stretch":"1.48-5"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.48-3","repositories":{"jessie":"1.48-4"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.48-3","repositories":{"sid":"1.48-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-5354":{"scope":"remote","description":"Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has multiple menus of SELECT elements active, which allows remote attackers to conduct clickjacking attacks via vectors involving an XPI file, the window.open method, and the Geolocation API, a different vulnerability than CVE-2012-3984.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-0059":{"scope":"remote","description":"Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to hijack the authentication of arbitrary users for requests that were initiated by a plugin and received a 307 redirect to a page on a different web site.","releases":{"jessie":{"fixed_version":"3.0.11-2","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-1719":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-5339":{"debianbug":447734,"scope":"remote","description":"Multiple vulnerabilities in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption or assert errors.","releases":{"jessie":{"fixed_version":"2.0.0.9-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-0053":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"3.0.11-2","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1562":{"scope":"remote","description":"Unspecified vulnerability in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"31.2.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-0054":{"scope":"remote","description":"Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving non-local JavaScript variables, aka an \"upvarMap\" issue.","releases":{"jessie":{"fixed_version":"3.0.11-2","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-0051":{"scope":"remote","description":"Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, does not properly handle certain recursive eval calls, which makes it easier for remote attackers to force a user to respond positively to a dialog question, as demonstrated by a question about granting privileges.","releases":{"jessie":{"fixed_version":"3.0.11-2","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-1564":{"scope":"remote","description":"Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not properly initialize memory for GIF rendering, which allows remote attackers to obtain sensitive information from process memory via crafted web script that interacts with a CANVAS element associated with a malformed GIF image.","releases":{"jessie":{"fixed_version":"31.2.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-1303":{"debianbug":535124,"scope":"remote","description":"The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree.","releases":{"jessie":{"fixed_version":"2.0.0.22-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-1563":{"scope":"remote","description":"Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG animation with DOM interaction that triggers incorrect cycle collection.","releases":{"jessie":{"fixed_version":"31.2.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-0057":{"scope":"remote","description":"Use-after-free vulnerability in the Web Workers implementation in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to execute arbitrary code via vectors related to a JavaScript Worker and garbage collection.","releases":{"jessie":{"fixed_version":"3.0.11-2","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-0058":{"scope":"remote","description":"Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long string that triggers construction of a long text run.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-1565":{"scope":"remote","description":"The mozilla::dom::AudioEventTimeline function in the Web Audio API implementation in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 does not properly create audio timelines, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via crafted API calls.","releases":{"jessie":{"fixed_version":"31.2.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-0055":{"scope":"remote","description":"Use-after-free vulnerability in the JSON.stringify method in js3250.dll in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via unspecified vectors related to the js_HasOwnProperty function and garbage collection.","releases":{"jessie":{"fixed_version":"3.0.11-2","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1568":{"scope":"remote","description":"Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a \"signature malleability\" issue.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-1307":{"debianbug":535124,"scope":"remote","description":"The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.","releases":{"jessie":{"fixed_version":"2.0.0.22-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-0056":{"scope":"remote","description":"Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving exception timing and a large number of string values, aka an \"atom map\" issue.","releases":{"jessie":{"fixed_version":"3.0.11-2","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1567":{"scope":"remote","description":"Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout.","releases":{"jessie":{"fixed_version":"31.2.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-0750":{"scope":"remote","description":"Integer overflow in the JavaScript implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted string concatenation, leading to improper memory allocation and a heap-based buffer overflow.","releases":{"jessie":{"fixed_version":"10.0.12-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-2752":{"scope":"remote","description":"Integer overflow in an array class in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code by placing many Cascading Style Sheets (CSS) values in an array, related to references to external font resources and an inconsistency between 16-bit and 32-bit integers.","releases":{"jessie":{"fixed_version":"3.0.6-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-0751":{"scope":"remote","description":"Mozilla Firefox before 18.0 on Android and SeaMonkey before 2.15 do not restrict a touch event to a single IFRAME element, which allows remote attackers to obtain sensitive information or possibly conduct cross-site scripting (XSS) attacks via a crafted HTML document.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-0752":{"scope":"remote","description":"Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XBL file with multiple bindings that have SVG content.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-0753":{"scope":"remote","description":"Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via crafted web content.","releases":{"jessie":{"fixed_version":"10.0.12-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-1720":{"scope":"remote","description":"The nsHtml5TreeBuilder::resetTheInsertionMode function in the HTML5 Tree Builder in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 does not properly maintain the state of the insertion-mode stack for template elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer over-read) by triggering use of this stack in its empty state.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-1302":{"debianbug":535124,"scope":"remote","description":"The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors.","releases":{"jessie":{"fixed_version":"2.0.0.22-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-1560":{"scope":"remote","description":"Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use ASCII character encoding in a required context.","releases":{"jessie":{"fixed_version":"31.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-0758":{"scope":"remote","description":"Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging improper interaction between plugin objects and SVG elements.","releases":{"jessie":{"fixed_version":"10.0.12-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-1727":{"scope":"remote","description":"Mozilla Firefox before 24.0 on Android allows attackers to bypass the Same Origin Policy, and consequently conduct cross-site scripting (XSS) attacks or obtain password or cookie information, by using a symlink in conjunction with a file: URL for a local file.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-0759":{"scope":"remote","description":"Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to spoof the address bar via vectors involving authentication information in the userinfo field of a URL, in conjunction with a 204 (aka No Content) HTTP status code.","releases":{"jessie":{"fixed_version":"10.0.12-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-1726":{"scope":"local","description":"Mozilla Updater in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 does not ensure exclusive access to a MAR file, which allows local users to gain privileges by creating a Trojan horse file after MAR signature verification but before MAR use.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-1729":{"scope":"remote","description":"The WebGL implementation in Mozilla Firefox before 24.0, when NVIDIA graphics drivers are used on Mac OS X, allows remote attackers to obtain desktop-screenshot data by reading from a CANVAS element.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-1728":{"scope":"remote","description":"The IonMonkey JavaScript engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21, when Valgrind mode is used, does not properly initialize memory, which makes it easier for remote attackers to obtain sensitive information via unspecified vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-0754":{"scope":"remote","description":"Use-after-free vulnerability in the ListenerManager implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via vectors involving the triggering of garbage collection after memory allocation for listener objects.","releases":{"jessie":{"fixed_version":"10.0.12-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-1723":{"scope":"remote","description":"The NativeKey widget in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 processes key messages after destruction by a dispatched event listener, which allows remote attackers to cause a denial of service (application crash) by leveraging incorrect event usage after widget-memory reallocation.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-0755":{"scope":"remote","description":"Use-after-free vulnerability in the mozVibrate implementation in the Vibrate library in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via vectors related to the domDoc pointer.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-1722":{"scope":"remote","description":"Use-after-free vulnerability in the nsAnimationManager::BuildAnimations function in the Animation Manager in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving stylesheet cloning.","releases":{"jessie":{"fixed_version":"17.0.9-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-0756":{"scope":"remote","description":"Use-after-free vulnerability in the obj_toSource function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted web page referencing JavaScript Proxy objects that are not properly handled during garbage collection.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-1725":{"scope":"remote","description":"Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not ensure that initialization occurs for JavaScript objects with compartments, which allows remote attackers to execute arbitrary code by leveraging incorrect scope handling.","releases":{"jessie":{"fixed_version":"17.0.9-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-2754":{"scope":"remote","description":"dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler.","releases":{"jessie":{"fixed_version":"3.0.6-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-0757":{"scope":"remote","description":"The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not prevent modifications to the prototype of an object, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by referencing Object.prototype.__proto__ in a crafted HTML document.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-1724":{"scope":"remote","description":"Use-after-free vulnerability in the mozilla::dom::HTMLFormElement::IsDefaultSubmitElement function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving a destroyed SELECT element.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-2753":{"scope":"remote","description":"Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which triggers a use-after-free.","releases":{"jessie":{"fixed_version":"3.0.6-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1559":{"scope":"remote","description":"Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use UTF-8 character encoding in a required context, a different vulnerability than CVE-2014-1558.","releases":{"jessie":{"fixed_version":"31.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-1558":{"scope":"remote","description":"Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use UTF-8 character encoding in a required context, a different vulnerability than CVE-2014-1559.","releases":{"jessie":{"fixed_version":"31.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-2364":{"scope":"remote","description":"Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2365.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-1551":{"scope":"remote","description":"Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 on Windows allows remote attackers to execute arbitrary code via crafted use of fonts in MathML content, leading to improper handling of a DirectWrite font-face object.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-2408":{"debianbug":539934,"scope":"remote","description":"Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5.","releases":{"jessie":{"fixed_version":"2.0.0.24-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2011-2363":{"scope":"remote","description":"Use-after-free vulnerability in the nsSVGPointList::AppendElement function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback.","releases":{"jessie":{"fixed_version":"3.1.11-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-0065":{"scope":"remote","description":"Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mChannel.","releases":{"jessie":{"fixed_version":"3.1.15-1+b1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1550":{"scope":"remote","description":"Use-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging incorrect Web Audio control-message ordering.","releases":{"jessie":{"fixed_version":"31.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1553":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"31.2.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-2362":{"scope":"remote","description":"Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers.","releases":{"jessie":{"fixed_version":"3.1.11-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-1552":{"scope":"remote","description":"Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not properly implement the sandbox attribute of the IFRAME element, which allows remote attackers to bypass intended restrictions on same-origin content via a crafted web site in conjunction with a redirect.","releases":{"jessie":{"fixed_version":"31.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5257":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"1:45.4.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1555":{"scope":"remote","description":"Use-after-free vulnerability in the nsDocLoader::OnProgress function in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allows remote attackers to execute arbitrary code via vectors that trigger a FireOnStateChange event.","releases":{"jessie":{"fixed_version":"31.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-5052":{"scope":"remote","description":"The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger memory corruption, as demonstrated by e4x/extensions/regress-410192.js.","releases":{"jessie":{"fixed_version":"2.0.0.19-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1554":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 32.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"31.2.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-2404":{"debianbug":539934,"scope":"remote","description":"Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.","releases":{"jessie":{"fixed_version":"2.0.0.24-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-0069":{"scope":"remote","description":"Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0070.","releases":{"jessie":{"fixed_version":"3.1.10-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1557":{"scope":"remote","description":"The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code by triggering prolonged image scaling, as demonstrated by scaling of a high-quality image.","releases":{"jessie":{"fixed_version":"31.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-0066":{"scope":"remote","description":"Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mObserverList.","releases":{"jessie":{"fixed_version":"3.1.15-1+b1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1556":{"scope":"remote","description":"Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to execute arbitrary code via crafted WebGL content constructed with the Cesium JavaScript library.","releases":{"jessie":{"fixed_version":"31.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-2365":{"scope":"remote","description":"Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2364.","releases":{"jessie":{"fixed_version":"3.1.11-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-1730":{"scope":"remote","description":"Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly handle movement of XBL-backed nodes between documents, which allows remote attackers to execute arbitrary code or cause a denial of service (JavaScript compartment mismatch, or assertion failure and application exit) via a crafted web site.","releases":{"jessie":{"fixed_version":"17.0.9-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-0761":{"scope":"remote","description":"Use-after-free vulnerability in the mozilla::TrackUnionStream::EndTrack implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-0762":{"scope":"remote","description":"Use-after-free vulnerability in the imgRequest::OnStopFrame function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.","releases":{"jessie":{"fixed_version":"10.0.12-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-1732":{"scope":"remote","description":"Buffer overflow in the nsFloatManager::GetFlowArea function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via crafted use of lists and floats within a multi-column layout.","releases":{"jessie":{"fixed_version":"17.0.9-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-0763":{"scope":"remote","description":"Use-after-free vulnerability in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to Mesa drivers and a resized WebGL canvas.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-1731":{"scope":"remote","description":"Untrusted search path vulnerability in the GL tracing functionality in Mozilla Firefox before 24.0 on Android allows attackers to execute arbitrary code via a Trojan horse .so file in a world-writable directory.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-0764":{"scope":"remote","description":"The nsSOCKSSocketInfo::ConnectToProxy function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not ensure thread safety for SSL sessions, which allows remote attackers to execute arbitrary code via crafted data, as demonstrated by e-mail message data.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-0760":{"scope":"remote","description":"Buffer overflow in the CharDistributionAnalysis::HandleOneChar function in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted document.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-1738":{"scope":"remote","description":"Use-after-free vulnerability in the JS_GetGlobalForScopeChain function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code by leveraging incorrect garbage collection in situations involving default compartments and frame-chain restoration.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-0769":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"10.0.12-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-1737":{"scope":"remote","description":"Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the \"this\" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass intended access restrictions via vectors involving an expando object.","releases":{"jessie":{"fixed_version":"17.0.9-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-0765":{"scope":"remote","description":"Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 do not prevent multiple wrapping of WebIDL objects, which allows remote attackers to bypass intended access restrictions via unspecified vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-0766":{"scope":"remote","description":"Use-after-free vulnerability in the ~nsHTMLEditRules implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.","releases":{"jessie":{"fixed_version":"10.0.12-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-1736":{"scope":"remote","description":"The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to improperly establishing parent-child relationships of range-request nodes.","releases":{"jessie":{"fixed_version":"17.0.9-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-0767":{"scope":"remote","description":"The nsSVGPathElement::GetPathLengthScale function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.","releases":{"jessie":{"fixed_version":"10.0.12-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-1735":{"scope":"remote","description":"Use-after-free vulnerability in the mozilla::layout::ScrollbarActivity function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via vectors related to image-document scrolling.","releases":{"jessie":{"fixed_version":"17.0.9-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-0768":{"scope":"remote","description":"Stack-based buffer overflow in the Canvas implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via an HTML document that specifies invalid width and height values.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-1547":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"31.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1549":{"scope":"remote","description":"The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via crafted audio content that is improperly handled during playback buffering.","releases":{"jessie":{"fixed_version":"31.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1540":{"scope":"remote","description":"Use-after-free vulnerability in the nsEventListenerManager::CompileEventHandlerInternal function in the Event Listener Manager in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content.","releases":{"jessie":{"fixed_version":"31.0~b1-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-4070":{"scope":"remote","description":"Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long header in a news article, related to \"canceling [a] newsgroup message\" and \"cancelled newsgroup messages.\"","releases":{"jessie":{"fixed_version":"2.0.0.17-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1542":{"scope":"remote","description":"Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel count and sample rate.","releases":{"jessie":{"fixed_version":"31.0~b1-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-1541":{"scope":"remote","description":"Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content.","releases":{"jessie":{"fixed_version":"31.0~b1-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1544":{"scope":"remote","description":"Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain.","releases":{"jessie":{"fixed_version":"31.2.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1543":{"scope":"remote","description":"Multiple heap-based buffer overflows in the navigator.getGamepads function in the Gamepad API in Mozilla Firefox before 30.0 allow remote attackers to execute arbitrary code by using non-contiguous axes with a (1) physical or (2) virtual Gamepad device.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-1545":{"scope":"remote","description":"Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console functions.","releases":{"jessie":{"fixed_version":"31.0~b1-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-0352":{"debianbug":535124,"scope":"remote","description":"Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and destruction of arbitrary layout objects by the nsViewManager::Composite function.","releases":{"jessie":{"fixed_version":"2.0.0.22-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-0353":{"debianbug":535124,"scope":"remote","description":"Unspecified vulnerability in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine.","releases":{"jessie":{"fixed_version":"2.0.0.22-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-1707":{"scope":"local","description":"Stack-based buffer overflow in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 allows local users to gain privileges via a long pathname on the command line to the Mozilla Maintenance Service.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-1706":{"scope":"local","description":"Stack-based buffer overflow in maintenanceservice.exe in the Mozilla Maintenance Service in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 allows local users to gain privileges via a long pathname on the command line.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-1701":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"17.0.8-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-1205":{"debianbug":587670,"scope":"remote","description":"Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.","releases":{"jessie":{"fixed_version":"3.0.6-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-1702":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-1537":{"scope":"remote","description":"Use-after-free vulnerability in the mozilla::dom::workers::WorkerPrivateParent function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.","releases":{"jessie":{"fixed_version":"31.0~b1-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-4066":{"scope":"remote","description":"Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demonstrated by a \"jav&#56325ascript\" sequence, aka \"HTML escaped low surrogates bug.\"","releases":{"jessie":{"fixed_version":"2.0.0.17-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-4067":{"scope":"remote","description":"Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 on Linux allows remote attackers to read arbitrary files via a .. (dot dot) and URL-encoded / (slash) characters in a resource: URI.","releases":{"jessie":{"fixed_version":"2.0.0.17-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-1536":{"scope":"remote","description":"The PropertyProvider::FindJustificationRange function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.","releases":{"jessie":{"fixed_version":"31.0~b1-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1539":{"scope":"remote","description":"Mozilla Firefox before 30.0 and Thunderbird through 24.6 on OS X do not ensure visibility of the cursor after interaction with a Flash object and a DIV element, which makes it easier for remote attackers to conduct clickjacking attacks via JavaScript code that produces a fake cursor image.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-4068":{"scope":"remote","description":"Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass \"restrictions imposed on local HTML files,\" and obtain sensitive information and prompt users to write this information into a file, via directory traversal sequences in a resource: URI.","releases":{"jessie":{"fixed_version":"2.0.0.17-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-4179":{"scope":"remote","description":"Use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyTxn function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.","releases":{"jessie":{"fixed_version":"10.0.9-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1538":{"scope":"remote","description":"Use-after-free vulnerability in the nsTextEditRules::CreateMozBR function in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.","releases":{"jessie":{"fixed_version":"31.0~b1-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-1709":{"scope":"remote","description":"Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly handle the interaction between FRAME elements and history, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving spoofing a relative location in a previously visited document.","releases":{"jessie":{"fixed_version":"17.0.8-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-4060":{"scope":"remote","description":"Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to create documents that lack script-handling objects, and execute arbitrary code with chrome privileges, via vectors related to (1) the document.loadBindingDocument function and (2) XSLT.","releases":{"jessie":{"fixed_version":"2.0.0.17-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1531":{"scope":"remote","description":"Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving an imgLoader object that is not properly handled during an image-resize operation.","releases":{"jessie":{"fixed_version":"24.5.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-4061":{"scope":"remote","description":"Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via an mtd element with a large integer value in the rowspan attribute, related to the layout engine.","releases":{"jessie":{"fixed_version":"2.0.0.17-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1530":{"scope":"remote","description":"The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web site that performs history navigation.","releases":{"jessie":{"fixed_version":"24.5.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-4062":{"scope":"remote","description":"Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine and (1) misinterpretation of the characteristics of Namespace and QName in jsxml.c, (2) misuse of signed integers in the nsEscapeCount function in nsEscape.cpp, and (3) interaction of JavaScript garbage collection with certain use of an NPObject in the nsNPObjWrapper::GetNewOrUsed function in nsJSNPRuntime.cpp.","releases":{"jessie":{"fixed_version":"2.0.0.17-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1533":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"31.0~b1-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-3670":{"scope":"remote","description":"Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages.","releases":{"jessie":{"fixed_version":"7.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-1532":{"scope":"remote","description":"Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to host resolution.","releases":{"jessie":{"fixed_version":"24.5.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-4065":{"scope":"remote","description":"Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) characters that are removed from JavaScript code before execution, aka \"Stripped BOM characters bug.\"","releases":{"jessie":{"fixed_version":"2.0.0.17-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-1534":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"31.0~b1-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-2763":{"scope":"remote","description":"The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox before 3.5.12, Thunderbird before 3.0.7, and SeaMonkey before 2.0.7 does not properly restrict scripted functions, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted function.","releases":{"jessie":{"fixed_version":"3.0.7-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-1710":{"scope":"remote","description":"The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting (XSS) attacks via vectors related to Certificate Request Message Format (CRMF) request generation.","releases":{"jessie":{"fixed_version":"17.0.8-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-1571":{"scope":"remote","description":"Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory situations.","releases":{"jessie":{"fixed_version":"3.0.2-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-2760":{"scope":"remote","description":"Use-after-free vulnerability in the nsTreeSelection function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via vectors involving a XUL tree selection, related to a \"dangling pointer vulnerability.\" NOTE: this issue exists because of an incomplete fix for CVE-2010-2753.","releases":{"jessie":{"fixed_version":"3.0.7-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-5340":{"scope":"remote","description":"Multiple vulnerabilities in the Javascript engine in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption.","releases":{"jessie":{"fixed_version":"2.0.0.9-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-9495":{"debianbug":773823,"scope":"remote","description":"Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a \"very wide interlaced\" PNG image.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-0747":{"scope":"remote","description":"The gPluginHandler.handleEvent function in the plugin handler in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly enforce the Same Origin Policy, which allows remote attackers to conduct clickjacking attacks via crafted JavaScript code that listens for a mutation event.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-0748":{"scope":"remote","description":"The XBL.__proto__.toString implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 makes it easier for remote attackers to bypass the ASLR protection mechanism by calling the toString function of an XBL object.","releases":{"jessie":{"fixed_version":"10.0.12-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-2769":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allows user-assisted remote attackers to inject arbitrary web script or HTML via a selection that is added to a document in which the designMode property is enabled.","releases":{"jessie":{"fixed_version":"3.0.7-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-0749":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-1718":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"17.0.9-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-1717":{"scope":"remote","description":"Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote attackers to read arbitrary files by leveraging a download to a fixed pathname or other predictable pathname.","releases":{"jessie":{"fixed_version":"17.0.8-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-2768":{"scope":"remote","description":"Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict use of the type attribute of an OBJECT element to set a document's charset, which allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms via UTF-7 encoding.","releases":{"jessie":{"fixed_version":"3.0.7-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-1712":{"scope":"local","description":"Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 on Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 allow local users to gain privileges via a Trojan horse DLL in (1) the update directory or (2) the current working directory.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-2767":{"scope":"remote","description":"The navigator.plugins implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle destruction of the DOM plugin array, which might allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted access to the navigator object, related to a \"dangling pointer vulnerability.\"","releases":{"jessie":{"fixed_version":"3.0.7-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-2766":{"scope":"remote","description":"The normalizeDocument function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle the removal of DOM nodes during normalization, which might allow remote attackers to execute arbitrary code via vectors involving access to a deleted object.","releases":{"jessie":{"fixed_version":"3.0.7-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-0744":{"scope":"remote","description":"Use-after-free vulnerability in the TableBackgroundPainter::TableBackgroundData::Destroy function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an HTML document with a table containing many columns and column groups.","releases":{"jessie":{"fixed_version":"10.0.12-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-2765":{"scope":"remote","description":"Integer overflow in the FRAMESET element implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a large number of values in the cols (aka columns) attribute, leading to a heap-based buffer overflow.","releases":{"jessie":{"fixed_version":"3.0.7-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-1714":{"scope":"remote","description":"The Web Workers implementation in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 does not properly restrict XMLHttpRequest calls, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via unspecified vectors.","releases":{"jessie":{"fixed_version":"17.0.8-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-0745":{"scope":"remote","description":"The AutoWrapperChanger class in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly interact with garbage collection, which allows remote attackers to execute arbitrary code via a crafted HTML document referencing JavaScript objects.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-1713":{"scope":"remote","description":"Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 use an incorrect URI within unspecified comparisons during enforcement of the Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks or install arbitrary add-ons via a crafted web site.","releases":{"jessie":{"fixed_version":"17.0.8-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-2764":{"scope":"remote","description":"Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, which allows remote attackers to discover the existence of intranet web servers via cross-origin requests.","releases":{"jessie":{"fixed_version":"3.0.7-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-0746":{"scope":"remote","description":"Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 do not properly implement quickstubs that use the jsval data type for their return values, which allows remote attackers to execute arbitrary code or cause a denial of service (compartment mismatch and application crash) via crafted JavaScript code that is not properly handled during garbage collection.","releases":{"jessie":{"fixed_version":"10.0.12-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-4488":{"scope":"remote","description":"Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 allows remote attackers to have an unspecified impact by leveraging a StyleAnimationValue::operator self assignment.","releases":{"jessie":{"fixed_version":"38.4.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-4188":{"scope":"remote","description":"Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.","releases":{"jessie":{"fixed_version":"10.0.9-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-4489":{"scope":"remote","description":"The nsTArray_Impl class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging a self assignment.","releases":{"jessie":{"fixed_version":"38.4.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-1187":{"debianbug":617418,"scope":"remote","description":"Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an \"error message leak.\"","releases":{"jessie":{"fixed_version":"17.0.2-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-1485":{"scope":"remote","description":"The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient style-src restrictions.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-1484":{"scope":"remote","description":"Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers to obtain sensitive information via a crafted application.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-1487":{"scope":"remote","description":"The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages.","releases":{"jessie":{"fixed_version":"24.3.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-1486":{"scope":"remote","description":"Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data.","releases":{"jessie":{"fixed_version":"24.3.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1489":{"scope":"remote","description":"Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session restore) via a crafted web site.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-1488":{"scope":"remote","description":"The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that has performed a cross-thread object-passing operation in conjunction with use of asm.js.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-3000":{"scope":"remote","description":"Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values.","releases":{"jessie":{"fixed_version":"3.1.15-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-0417":{"scope":"remote","description":"CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows remote user-assisted web sites to corrupt the user's password store via newlines that are not properly handled when the user saves a password.","releases":{"jessie":{"fixed_version":"2.0.0.12-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-0418":{"scope":"remote","description":"Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using \"flat\" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js.","releases":{"jessie":{"fixed_version":"2.0.0.12-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-0415":{"scope":"remote","description":"Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting (XSS) attacks via multiple vectors including the XMLDocument.load function, aka \"JavaScript privilege escalation bugs.\"","releases":{"jessie":{"fixed_version":"2.0.0.12-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-0416":{"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox  before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allow remote attackers to inject arbitrary web script or HTML via certain character encodings, including (1) a backspace character that is treated as whitespace, (2) 0x80 with Shift_JIS encoding, and (3) \"zero-length non-ASCII sequences\" in certain Asian character sets.","releases":{"jessie":{"fixed_version":"2.0.0.12-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-0413":{"scope":"remote","description":"The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via (1) a large switch statement, (2) certain uses of watch and eval, (3) certain uses of the mousedown event listener, and other vectors.","releases":{"jessie":{"fixed_version":"2.0.0.12-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1481":{"scope":"remote","description":"Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines.","releases":{"jessie":{"fixed_version":"24.3.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-1480":{"scope":"remote","description":"The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-0414":{"scope":"remote","description":"Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to trick the user into uploading arbitrary files via label tags that shift focus to a file input field, aka \"focus spoofing.\"","releases":{"jessie":{"fixed_version":"2.0.0.12-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-1483":{"scope":"remote","description":"Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint functions.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-0412":{"scope":"remote","description":"The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to the (1) nsTableFrame::GetFrameAtOrBefore, (2) nsAccessibilityService::GetAccessible, (3) nsBindingManager::GetNestedInsertionPoint, (4) nsXBLPrototypeBinding::AttributeChanged, (5) nsColumnSetFrame::GetContentInsertionFrame, and (6) nsLineLayout::TrimTrailingWhiteSpaceIn methods, and other vectors.","releases":{"jessie":{"fixed_version":"2.0.0.12-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1482":{"scope":"remote","description":"RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write operations) via crafted image data, as demonstrated by Goo Create.","releases":{"jessie":{"fixed_version":"24.3.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-4181":{"scope":"remote","description":"Use-after-free vulnerability in the nsSMILAnimationController::DoSample function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.","releases":{"jessie":{"fixed_version":"10.0.9-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-4180":{"scope":"remote","description":"Heap-based buffer overflow in the nsHTMLEditor::IsPrevCharInNodeWhitespace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.","releases":{"jessie":{"fixed_version":"10.0.9-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-4183":{"scope":"remote","description":"Use-after-free vulnerability in the DOMSVGTests::GetRequiredFeatures function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.","releases":{"jessie":{"fixed_version":"10.0.9-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-4182":{"scope":"remote","description":"Use-after-free vulnerability in the nsTextEditRules::WillInsert function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.","releases":{"jessie":{"fixed_version":"10.0.9-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-4185":{"scope":"remote","description":"Buffer overflow in the nsCharTraits::length function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.","releases":{"jessie":{"fixed_version":"10.0.9-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-0654":{"debianbug":570743,"scope":"remote","description":"Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 permit cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document.","releases":{"jessie":{"fixed_version":"3.0.6-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-4000":{"scope":"remote","description":"The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the \"Logjam\" issue.","releases":{"jessie":{"fixed_version":"31.8.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-4184":{"scope":"remote","description":"The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not prevent access to properties of a prototype for a standard class, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site.","releases":{"jessie":{"fixed_version":"10.0.9-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-0419":{"scope":"remote","description":"Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigation history and cause a denial of service (crash) via images in a page that uses designMode frames, which triggers memory corruption related to resize handles.","releases":{"jessie":{"fixed_version":"2.0.0.12-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-4187":{"scope":"remote","description":"Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage a certain insPos variable, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and assertion failure) via unspecified vectors.","releases":{"jessie":{"fixed_version":"10.0.9-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-4186":{"scope":"remote","description":"Heap-based buffer overflow in the nsWaveReader::DecodeAudioData function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.","releases":{"jessie":{"fixed_version":"10.0.9-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-4487":{"scope":"remote","description":"The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, related to an \"overflow.\"","releases":{"jessie":{"fixed_version":"38.4.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1595":{"scope":"local","description":"Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, and Thunderbird before 31.3 on Apple OS X 10.10 omit a CoreGraphics disable-logging action that is needed by jemalloc-based applications, which allows local users to obtain sensitive information by reading /tmp files, as demonstrated by credential information.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-4629":{"scope":"remote","description":"Mozilla Necko, as used in Thunderbird 3.0.1, SeaMonkey, and other applications, performs DNS prefetching even when the app type is APP_TYPE_MAIL or APP_TYPE_EDITOR, which makes it easier for remote attackers to determine the network location of the application's user by logging DNS requests, as demonstrated by DNS requests triggered by reading text/plain e-mail messages in Thunderbird.","releases":{"jessie":{"fixed_version":"3.0.2-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-1594":{"scope":"remote","description":"Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type.","releases":{"jessie":{"fixed_version":"31.3.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-1478":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the MPostWriteBarrier class in js/src/jit/MIR.h and stack alignment in js/src/jit/AsmJS.cpp in OdinMonkey, and unknown other vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-1477":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"24.3.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1479":{"scope":"remote","description":"The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involving XBL content scopes.","releases":{"jessie":{"fixed_version":"24.3.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-1591":{"scope":"remote","description":"Mozilla Firefox 33.0 and SeaMonkey before 2.31 include path strings in CSP violation reports, which allows remote attackers to obtain sensitive information via a web site that receives a report after a redirect.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-1590":{"scope":"remote","description":"The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service (application crash) via a crafted JavaScript object.","releases":{"jessie":{"fixed_version":"31.3.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-1593":{"scope":"remote","description":"Stack-based buffer overflow in the mozilla::FileBlockCache::Read function in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code via crafted media content.","releases":{"jessie":{"fixed_version":"31.3.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-1592":{"scope":"remote","description":"Use-after-free vulnerability in the nsHtml5TreeOperation function in xul.dll in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code by adding a second root element to an HTML5 document during parsing.","releases":{"jessie":{"fixed_version":"31.3.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-4192":{"scope":"remote","description":"Mozilla Firefox 16.0, Thunderbird 16.0, and SeaMonkey 2.13 allow remote attackers to bypass the Same Origin Policy and read the properties of a Location object via a crafted web site, a related issue to CVE-2012-4193.","releases":{"jessie":{"fixed_version":"10.0.9-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-4194":{"scope":"remote","description":"Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 do not prevent use of the valueOf method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin.","releases":{"jessie":{"fixed_version":"10.0.10-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-1282":{"scope":"remote","description":"Integer overflow in Mozilla Thunderbird before 1.5.0.10 and SeaMonkey before 1.0.8 allows remote attackers to trigger a buffer overflow and possibly execute arbitrary code via a text/enhanced or text/richtext e-mail message with an extremely long line.","releases":{"jessie":{"fixed_version":"1.5.0.10.dfsg1-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2012-4193":{"scope":"remote","description":"Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site.","releases":{"jessie":{"fixed_version":"10.0.9-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-4473":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"38.4.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-4196":{"scope":"remote","description":"Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a prototype property-injection attack that defeats certain protection mechanisms for this object.","releases":{"jessie":{"fixed_version":"10.0.10-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-4474":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-4195":{"scope":"remote","description":"The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 does not properly determine the calling document and principal in its return value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, and makes it easier for remote attackers to execute arbitrary JavaScript code by leveraging certain add-on behavior.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-1584":{"scope":"remote","description":"The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 skips pinning checks upon an unspecified issuer-verification error, which makes it easier for remote attackers to bypass an intended pinning configuration and spoof a web site via a crafted certificate that leads to presentation of the Untrusted Connection dialog to the user.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-0075":{"scope":"remote","description":"Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0077, and CVE-2011-0078.","releases":{"jessie":{"fixed_version":"3.1.10-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-2374":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"3.1.11-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1586":{"scope":"remote","description":"content/base/src/nsDocument.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not consider whether WebRTC video sharing is occurring, which allows remote attackers to obtain sensitive information from the local camera in certain IFRAME situations by maintaining a session after the user temporarily navigates away.","releases":{"jessie":{"fixed_version":"31.2.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-2373":{"scope":"remote","description":"Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document.","releases":{"jessie":{"fixed_version":"3.1.11-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-2372":{"scope":"remote","description":"Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site.","releases":{"jessie":{"fixed_version":"3.1.15-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2014-1585":{"scope":"remote","description":"The WebRTC video-sharing feature in dom/media/MediaManager.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not properly recognize Stop Sharing actions for videos in IFRAME elements, which allows remote attackers to obtain sensitive information from the local camera by maintaining a session after the user tries to discontinue streaming.","releases":{"jessie":{"fixed_version":"31.2.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-0074":{"scope":"remote","description":"Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0075, CVE-2011-0077, and CVE-2011-0078.","releases":{"jessie":{"fixed_version":"3.1.10-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1588":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-1587":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"31.3.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-2378":{"scope":"remote","description":"The appendChild function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, SeaMonkey 2.x, and possibly other products does not properly handle DOM objects, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to dereferencing of a \"dangling pointer.\"","releases":{"jessie":{"fixed_version":"3.1.12-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-2377":{"scope":"remote","description":"Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace image.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-0077":{"scope":"remote","description":"Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, and CVE-2011-0078.","releases":{"jessie":{"fixed_version":"3.1.10-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1589":{"scope":"remote","description":"Mozilla Firefox before 34.0 and SeaMonkey before 2.31 provide stylesheets with an incorrect primary namespace, which allows remote attackers to bypass intended access restrictions via an XBL binding.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-2376":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and Thunderbird before 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"3.1.11-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-1937":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"10.0.5-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-0078":{"scope":"remote","description":"Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, and CVE-2011-0077.","releases":{"jessie":{"fixed_version":"3.1.10-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1580":{"scope":"remote","description":"Mozilla Firefox before 33.0 does not properly initialize memory for GIF images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers a sequence of rendering operations for truncated GIF data within a CANVAS element.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-2371":{"scope":"remote","description":"Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object.","releases":{"jessie":{"fixed_version":"3.1.11-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-0071":{"scope":"remote","description":"Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL.","releases":{"jessie":{"fixed_version":"3.1.10-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-2811":{"scope":"remote","description":"The block reflow implementation in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image whose display requires more pixels than nscoord_MAX, related to nsBlockFrame::DrainOverflowLines.","releases":{"jessie":{"fixed_version":"2.0.0.16-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-2370":{"scope":"remote","description":"Mozilla Firefox before 5.0 does not properly enforce the whitelist for the xpinstall functionality, which allows remote attackers to trigger an installation dialog for a (1) add-on or (2) theme via unspecified vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-0072":{"scope":"remote","description":"Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, and CVE-2011-0078.","releases":{"jessie":{"fixed_version":"3.1.10-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1582":{"scope":"remote","description":"The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 does not properly consider the connection-coalescing behavior of SPDY and HTTP/2 in the case of a shared IP address, which allows man-in-the-middle attackers to bypass an intended pinning configuration and spoof a web site by providing a valid certificate from an arbitrary recognized Certification Authority.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-2210":{"debianbug":535124,"scope":"remote","description":"Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a multipart/alternative e-mail message containing a text/enhanced part that triggers access to an incorrect object type.","releases":{"jessie":{"fixed_version":"2.0.0.22-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1581":{"scope":"remote","description":"Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout.","releases":{"jessie":{"fixed_version":"31.2.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-0070":{"scope":"remote","description":"Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0069.","releases":{"jessie":{"fixed_version":"3.1.10-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-1940":{"scope":"remote","description":"Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by changing the size of a container of absolutely positioned elements in a column.","releases":{"jessie":{"fixed_version":"10.0.5-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-1941":{"scope":"remote","description":"Heap-based buffer overflow in the nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code by resizing a window displaying absolutely positioned and relatively positioned elements in nested columns.","releases":{"jessie":{"fixed_version":"10.0.5-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1575":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to improper interaction between threading and garbage collection in the GCRuntime::triggerGC function in js/src/jsgc.cpp, and unknown other vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-0084":{"scope":"remote","description":"The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5; Thunderbird 3.x before 3.1.12 and other versions before 6; SeaMonkey 2.x before 2.3; and possibly other products does not properly handle SVG text, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a \"dangling pointer.\"","releases":{"jessie":{"fixed_version":"3.1.12-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-0085":{"scope":"remote","description":"Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via a crafted XUL document that dequeues the current command updater.","releases":{"jessie":{"fixed_version":"3.1.11-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1574":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"31.2.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-1944":{"scope":"remote","description":"The Content Security Policy (CSP) implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not block inline event handlers, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document.","releases":{"jessie":{"fixed_version":"10.0.5-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-1945":{"scope":"remote","description":"Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba.","releases":{"jessie":{"fixed_version":"10.0.5-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2014-1577":{"scope":"remote","description":"The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read, memory corruption, and application crash) via an invalid custom waveform that triggers a calculation of a negative frequency value.","releases":{"jessie":{"fixed_version":"31.2.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-1576":{"scope":"remote","description":"Heap-based buffer overflow in the nsTransformedTextRun function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via Cascading Style Sheets (CSS) token sequences that trigger changes to capitalization style.","releases":{"jessie":{"fixed_version":"31.2.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-1946":{"scope":"remote","description":"Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 might allow remote attackers to execute arbitrary code via document changes involving replacement or insertion of a node.","releases":{"jessie":{"fixed_version":"10.0.5-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-3232":{"scope":"remote","description":"YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, and SeaMonkey before 2.4, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-1947":{"scope":"remote","description":"Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure.","releases":{"jessie":{"fixed_version":"10.0.5-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-1948":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"10.0.6-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1578":{"debianbug":765435,"scope":"remote","description":"The get_tile function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly execute arbitrary code via WebM frames with invalid tile sizes that are improperly handled in buffering operations during video playback.","releases":{"jessie":{"fixed_version":"31.2.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-1939":{"scope":"remote","description":"jsinfer.cpp in Mozilla Firefox ESR 10.x before 10.0.5 and Thunderbird ESR 10.x before 10.0.5 does not properly determine data types, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted JavaScript code.","releases":{"jessie":{"fixed_version":"10.0.5-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-2803":{"scope":"remote","description":"The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from (1) file: URIs, (2) data: URIs, or (3) certain non-canonical chrome: URIs, which allows remote attackers to execute arbitrary code via vectors involving third-party add-ons.","releases":{"jessie":{"fixed_version":"2.0.0.16-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-2802":{"scope":"remote","description":"Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to execute arbitrary code via an XUL document that includes a script from a chrome: URI that points to a fastload file, related to this file's \"privilege level.\"","releases":{"jessie":{"fixed_version":"2.0.0.16-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-0083":{"scope":"remote","description":"Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback.","releases":{"jessie":{"fixed_version":"3.1.11-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-2463":{"scope":"remote","description":"Multiple integer overflows in the (1) PL_Base64Decode and (2) PL_Base64Encode functions in nsprpub/lib/libc/src/base64.c in Mozilla Firefox before 3.0.12, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors that trigger buffer overflows.","releases":{"jessie":{"fixed_version":"3.0~rc2-2","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-0080":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"3.1.10-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-2809":{"scope":"remote","description":"Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.","releases":{"jessie":{"fixed_version":"2.0.0.16-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-0040":{"debianbug":516256,"scope":"remote","description":"The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.","releases":{"jessie":{"fixed_version":"2.0.0.22-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-2807":{"scope":"remote","description":"Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly handle an invalid .properties file for an add-on, which allows remote attackers to read uninitialized memory, as demonstrated by use of ISO 8859 encoding instead of UTF-8 encoding in a French .properties file.","releases":{"jessie":{"fixed_version":"2.0.0.16-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-1950":{"scope":"remote","description":"The drag-and-drop implementation in Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 allows remote attackers to spoof the address bar by canceling a page load.","releases":{"jessie":{"fixed_version":"10.0.6-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-1951":{"scope":"remote","description":"Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code by interacting with objects used for SMIL Timing.","releases":{"jessie":{"fixed_version":"10.0.6-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-1952":{"scope":"remote","description":"The nsTableFrame::InsertFrames function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly perform a cast of a frame variable during processing of mixed row-group and column-group frames, which might allow remote attackers to execute arbitrary code via a crafted web site.","releases":{"jessie":{"fixed_version":"10.0.6-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-1953":{"scope":"remote","description":"The ElementAnimations::EnsureStyleRuleFor function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (buffer over-read, incorrect pointer dereference, and heap-based buffer overflow) or possibly execute arbitrary code via a crafted web site.","releases":{"jessie":{"fixed_version":"10.0.6-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-1954":{"scope":"remote","description":"Use-after-free vulnerability in the nsDocument::AdoptNode function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors involving multiple adoptions and empty documents.","releases":{"jessie":{"fixed_version":"10.0.6-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-1955":{"scope":"remote","description":"Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to spoof the address bar via vectors involving history.forward and history.back calls.","releases":{"jessie":{"fixed_version":"10.0.6-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-1956":{"scope":"remote","description":"Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-1957":{"scope":"remote","description":"An unspecified parser-utility class in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly handle EMBED elements within description elements in RSS feeds, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a feed.","releases":{"jessie":{"fixed_version":"10.0.6-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-1958":{"scope":"remote","description":"Use-after-free vulnerability in the nsGlobalWindow::PageHidden function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 might allow remote attackers to execute arbitrary code via vectors related to focused content.","releases":{"jessie":{"fixed_version":"10.0.6-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-1959":{"scope":"remote","description":"Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not consider the presence of same-compartment security wrappers (SCSW) during the cross-compartment wrapping of objects, which allows remote attackers to bypass intended XBL access restrictions via crafted content.","releases":{"jessie":{"fixed_version":"10.0.6-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-0175":{"scope":"remote","description":"Use-after-free vulnerability in the nsTreeSelection implementation in Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.9, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger a call to the handler for the select event for XUL tree items.","releases":{"jessie":{"fixed_version":"3.0.4-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-2835":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-0176":{"scope":"remote","description":"Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to execute arbitrary code via unspecified vectors that trigger access to deleted elements, related to a \"dangling pointer vulnerability.\"","releases":{"jessie":{"fixed_version":"3.0.4-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-0173":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"3.0.4-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-0174":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"3.0.4-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-0171":{"scope":"remote","description":"Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting (XSS) attacks, by using the addEventListener and setTimeout functions in conjunction with a wrapped object.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-3736.","releases":{"jessie":{"fixed_version":"3.0.2-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-3670":{"scope":"remote","description":"Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe.  NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE's opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a \"defense in depth\" fix that will \"prevent IE from sending Firefox malicious data.\"","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-2836":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to Http2Session::Shutdown and SpdySession31::Shutdown, and other vectors.","releases":{"jessie":{"fixed_version":"1:45.3.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-1961":{"scope":"remote","description":"Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly handle duplicate values in X-Frame-Options headers, which makes it easier for remote attackers to conduct clickjacking attacks via a FRAME element referencing a web site that produces these duplicate values.","releases":{"jessie":{"fixed_version":"10.0.6-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-1962":{"scope":"remote","description":"Use-after-free vulnerability in the JSDependentString::undepend function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors involving strings with multiple dependencies.","releases":{"jessie":{"fixed_version":"10.0.6-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-1963":{"scope":"remote","description":"The Content Security Policy (CSP) functionality in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly restrict the strings placed into the blocked-uri parameter of a violation report, which allows remote web servers to capture OpenID credentials and OAuth 2.0 access tokens by triggering a violation.","releases":{"jessie":{"fixed_version":"10.0.6-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-1836":{"debianbug":535124,"scope":"remote","description":"Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an \"SSL tampering\" attack.","releases":{"jessie":{"fixed_version":"2.0.0.22-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-1964":{"scope":"remote","description":"The certificate-warning functionality in browser/components/certerror/content/aboutCertError.xhtml in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.10 does not properly handle attempted clickjacking of the about:certerror page, which allows man-in-the-middle attackers to trick users into adding an unintended exception via an IFRAME element.","releases":{"jessie":{"fixed_version":"10.0.6-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-1838":{"debianbug":535124,"scope":"remote","description":"The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler.","releases":{"jessie":{"fixed_version":"2.0.0.22-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-1967":{"scope":"remote","description":"Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to execute arbitrary JavaScript code with improper privileges via a javascript: URL.","releases":{"jessie":{"fixed_version":"10.0.6-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-1832":{"debianbug":535124,"scope":"remote","description":"Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors involving \"double frame construction.\"","releases":{"jessie":{"fixed_version":"2.0.0.22-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-0167":{"scope":"remote","description":"The browser engine in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via vectors related to (1) layout/generic/nsBlockFrame.cpp and (2) the _evaluate function in modules/plugin/base/src/nsNPAPIPlugin.cpp.","releases":{"jessie":{"fixed_version":"3.0.2-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-1977":{"scope":"remote","description":"The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font.","releases":{"jessie":{"fixed_version":"38.7.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-0163":{"scope":"remote","description":"Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 process e-mail attachments with a parser that performs casts and line termination incorrectly, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted message, related to message indexing.","releases":{"jessie":{"fixed_version":"3.0.4-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2016-1974":{"scope":"remote","description":"The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document.","releases":{"jessie":{"fixed_version":"38.7.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-1979":{"scope":"remote","description":"Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding.","releases":{"jessie":{"fixed_version":"38.8.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-0800":{"scope":"remote","description":"Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation.","releases":{"jessie":{"fixed_version":"17.0.5-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-0169":{"scope":"remote","description":"The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings in a stylesheet before adding this stylesheet to the XUL cache, which might allow remote attackers to modify the browser's font and other CSS attributes, and potentially disrupt rendering of a web page, by forcing the browser to perform this erroneous stylesheet caching.","releases":{"jessie":{"fixed_version":"3.0.2-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-0801":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"17.0.7-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-1970":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"10.0.7-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-1972":{"scope":"remote","description":"Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.","releases":{"jessie":{"fixed_version":"10.0.7-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-1973":{"scope":"remote","description":"Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.","releases":{"jessie":{"fixed_version":"10.0.7-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-6674":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in an IFRAME element, a related issue to CVE-2014-2018.","releases":{"jessie":{"fixed_version":"24.2.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-1974":{"scope":"remote","description":"Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.","releases":{"jessie":{"fixed_version":"10.0.7-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-6673":{"scope":"remote","description":"Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid certificate that is unacceptable to the user.","releases":{"jessie":{"fixed_version":"24.2.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-1975":{"scope":"remote","description":"Use-after-free vulnerability in the PresShell::CompleteMove function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.","releases":{"jessie":{"fixed_version":"10.0.7-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-1976":{"scope":"remote","description":"Use-after-free vulnerability in the nsHTMLSelectElement::SubmitNamesValues function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.","releases":{"jessie":{"fixed_version":"10.0.7-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-6671":{"scope":"remote","description":"The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements.","releases":{"jessie":{"fixed_version":"24.2.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-1962":{"scope":"remote","description":"Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections.","releases":{"jessie":{"fixed_version":"38.7.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-1961":{"scope":"remote","description":"Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka ZDI-CAN-3574.","releases":{"jessie":{"fixed_version":"38.7.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-1960":{"scope":"remote","description":"Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545.","releases":{"jessie":{"fixed_version":"38.7.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-1841":{"debianbug":535124,"scope":"remote","description":"js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by the browser sidebar and the FeedWriter.","releases":{"jessie":{"fixed_version":"2.0.0.22-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-1966":{"scope":"remote","description":"The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a crafted NPAPI plugin.","releases":{"jessie":{"fixed_version":"38.7.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-1964":{"scope":"remote","description":"Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations.","releases":{"jessie":{"fixed_version":"38.7.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2818":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"1:45.2.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-5430":{"scope":"remote","description":"Mozilla Thunderbird 2.0.14 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many \"Content-type: message/rfc822;\" headers, which might allow remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173.","releases":{"jessie":{"repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2013-5595":{"scope":"remote","description":"The JavaScript engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly allocate memory for unspecified functions, which allows remote attackers to conduct buffer overflow attacks via a crafted web page.","releases":{"jessie":{"fixed_version":"17.0.10-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-5596":{"scope":"remote","description":"The cycle collection (CC) implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly determine the thread for release of an image object, which allows remote attackers to execute arbitrary code or cause a denial of service (race condition and application crash) via a large HTML document containing IMG elements, as demonstrated by the Never-Ending Reddit on reddit.com.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-5593":{"scope":"remote","description":"The SELECT element implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly restrict the nature or placement of HTML within a dropdown menu, which allows remote attackers to spoof the address bar or conduct clickjacking attacks via vectors that trigger navigation off of a page containing this element.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-5591":{"scope":"remote","description":"Unspecified vulnerability in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-5592":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 25.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-4582":{"scope":"remote","description":"Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via an HTML document that is directly accessible through a filesystem, as demonstrated by documents in (1) local folders, (2) Windows share folders, and (3) RAR archives, and as demonstrated by IFRAMEs referencing shortcuts that point to (a) about:cache?device=memory and (b) about:cache?device=disk, a variant of CVE-2008-2810.","releases":{"jessie":{"fixed_version":"2.0.0.19-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-5590":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"17.0.10-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-2800":{"scope":"remote","description":"The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2792.","releases":{"jessie":{"fixed_version":"38.7.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-1950":{"scope":"remote","description":"Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.","releases":{"jessie":{"fixed_version":"38.7.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2801":{"scope":"remote","description":"The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2797.","releases":{"jessie":{"fixed_version":"38.7.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2802":{"scope":"remote","description":"The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.","releases":{"jessie":{"fixed_version":"38.7.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-5599":{"scope":"remote","description":"Use-after-free vulnerability in the nsIPresShell::GetPresContext function in the PresShell (aka presentation shell) implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a CANVAS element, a mozTextStyle attribute, and an onresize event.","releases":{"jessie":{"fixed_version":"17.0.10-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-1954":{"scope":"remote","description":"The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local file.","releases":{"jessie":{"fixed_version":"38.7.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-5597":{"scope":"remote","description":"Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving a state-change event during an update of the offline cache.","releases":{"jessie":{"fixed_version":"17.0.10-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-0182":{"scope":"remote","description":"The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows attackers to bypass intended access restrictions via crafted content.","releases":{"jessie":{"fixed_version":"3.0.4-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-5598":{"scope":"remote","description":"PDF.js in Mozilla Firefox before 25.0 and Firefox ESR 24.x before 24.1 does not properly handle the appending of an IFRAME element, which allows remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges by using this element within an embedded PDF object.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-2807":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"38.8.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-1957":{"scope":"remote","description":"Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array.","releases":{"jessie":{"fixed_version":"38.7.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2805":{"scope":"remote","description":"Unspecified vulnerability in the browser engine in Mozilla Firefox ESR 38.x before 38.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"38.8.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-2806":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"1:45.1.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1526":{"scope":"remote","description":"The XrayWrapper implementation in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that is visited in the debugger, leading to unwrapping operations and calls to DOM methods on the unwrapped objects.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-5024":{"scope":"remote","description":"Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document.","releases":{"jessie":{"fixed_version":"2.0.0.19-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1525":{"scope":"remote","description":"The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) via a crafted VIDEO element in an HTML document.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-1527":{"scope":"remote","description":"Mozilla Firefox before 29.0 on Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses DOM events to prevent the reemergence of the actual address bar after scrolling has taken it off of the screen.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-4058":{"scope":"remote","description":"The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to \"pollute XPCNativeWrappers\" and execute arbitrary code with chrome privileges via vectors related to (1) chrome XBL and (2) chrome JS.","releases":{"jessie":{"fixed_version":"2.0.0.17-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-0008":{"scope":"remote","description":"Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the \"Master Secret\", which results in a heap-based overflow.","releases":{"jessie":{"fixed_version":"1.5.0.10.dfsg1-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-4059":{"scope":"remote","description":"The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to \"pollute XPCNativeWrappers\" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element.","releases":{"jessie":{"fixed_version":"2.0.0.17-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1529":{"scope":"remote","description":"The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page for which Notification.permission is granted.","releases":{"jessie":{"fixed_version":"24.5.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-0009":{"scope":"remote","description":"Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid \"Client Master Key\" length values.","releases":{"jessie":{"fixed_version":"1.5.0.10.dfsg1-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-0776":{"debianbug":535124,"scope":"remote","description":"nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.","releases":{"jessie":{"fixed_version":"2.0.0.22-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1522":{"scope":"remote","description":"The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read, memory corruption, and application crash) via crafted content.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-1524":{"scope":"remote","description":"The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted JavaScript code that accesses a non-XBL object as if it were an XBL object.","releases":{"jessie":{"fixed_version":"24.5.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-5021":{"scope":"remote","description":"nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory.","releases":{"jessie":{"fixed_version":"2.0.0.19-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1523":{"scope":"remote","description":"Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image.","releases":{"jessie":{"fixed_version":"24.5.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-5022":{"scope":"remote","description":"The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check.","releases":{"jessie":{"fixed_version":"2.0.0.19-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-1585":{"scope":"remote","description":"The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remote attackers to execute arbitrary JavaScript with chrome privileges via a javascript: URI in input to an extension, as demonstrated by a javascript:alert sequence in (1) the HREF attribute of an A element or (2) the ACTION attribute of a FORM element.","releases":{"jessie":{"fixed_version":"3.0.11-2","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-0774":{"debianbug":535124,"scope":"remote","description":"The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773.","releases":{"jessie":{"fixed_version":"2.0.0.22-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-0773":{"debianbug":535124,"scope":"remote","description":"The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains \"some non-set elements,\" which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang.","releases":{"jessie":{"fixed_version":"2.0.0.22-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-0652":{"debianbug":535124,"scope":"remote","description":"The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by homoglyphs of the / (slash) and ? (question mark) characters in a subdomain of a .cn domain name, a different vulnerability than CVE-2005-0233.  NOTE: some third parties claim that 3.0.6 is not affected, but much older versions perhaps are affected.","releases":{"jessie":{"fixed_version":"2.0.0.22-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-0772":{"debianbug":535124,"scope":"remote","description":"The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which triggers memory corruption.","releases":{"jessie":{"fixed_version":"2.0.0.22-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-0771":{"debianbug":535124,"scope":"remote","description":"The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures.","releases":{"jessie":{"fixed_version":"2.0.0.22-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-3769":{"scope":"remote","description":"The line-breaking implementation in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 on Windows does not properly handle long strings, which allows remote attackers to execute arbitrary code via a crafted document.write call that triggers a buffer over-read.","releases":{"jessie":{"fixed_version":"3.0.11-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-3768":{"scope":"remote","description":"Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do not properly validate downloadable fonts before use within an operating system's font implementation, which allows remote attackers to execute arbitrary code via vectors related to @font-face Cascading Style Sheets (CSS) rules.","releases":{"jessie":{"fixed_version":"3.0.11-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-4841":{"scope":"remote","description":"Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid \"%\" encoding, related to improper file type handling on Windows XP with Internet Explorer 7 installed, a variant of CVE-2007-3845.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-3765":{"scope":"remote","description":"Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.","releases":{"jessie":{"fixed_version":"3.0.10-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-5012":{"scope":"remote","description":"Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker.  NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon.","releases":{"jessie":{"fixed_version":"2.0.0.19-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-1514":{"scope":"remote","description":"vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a copy operation, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by triggering incorrect use of the TypedArrayObject class.","releases":{"jessie":{"fixed_version":"24.4.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-5291":{"scope":"local","description":"A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.","releases":{"jessie":{"fixed_version":"1:45.5.1-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-5014":{"scope":"remote","description":"jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function.","releases":{"jessie":{"fixed_version":"2.0.0.19-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-5294":{"scope":"local","description":"The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-4513":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"38.4.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-5016":{"scope":"remote","description":"The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequences.","releases":{"jessie":{"fixed_version":"2.0.0.19-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-1519":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-5017":{"scope":"remote","description":"Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors.","releases":{"jessie":{"fixed_version":"2.0.0.19-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1518":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"24.5.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-5018":{"scope":"remote","description":"The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via vectors related to \"insufficient class checking\" in the Date class.","releases":{"jessie":{"fixed_version":"2.0.0.19-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-5290":{"scope":"remote","description":"Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.","releases":{"jessie":{"fixed_version":"1:45.5.1-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-9899":{"scope":"remote","description":"Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.","releases":{"jessie":{"fixed_version":"1:45.6.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-9898":{"scope":"remote","description":"Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.","releases":{"jessie":{"fixed_version":"1:45.6.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-9897":{"scope":"remote","description":"Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.","releases":{"jessie":{"fixed_version":"1:45.6.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5296":{"scope":"remote","description":"A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.","releases":{"jessie":{"fixed_version":"1:45.5.1-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-1511":{"scope":"remote","description":"Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors.","releases":{"jessie":{"fixed_version":"24.4.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1510":{"scope":"remote","description":"The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call.","releases":{"jessie":{"fixed_version":"24.4.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-9895":{"scope":"remote","description":"Event handlers on \"marquee\" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.","releases":{"jessie":{"fixed_version":"1:45.6.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-1513":{"scope":"remote","description":"TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayBuffer object, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based out-of-bounds write or read) via a crafted web site.","releases":{"jessie":{"fixed_version":"24.4.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-5297":{"scope":"remote","description":"An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.","releases":{"jessie":{"fixed_version":"1:45.5.1-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1512":{"scope":"remote","description":"Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage collection is occurring, as demonstrated by improper handling of BumpChunk objects.","releases":{"jessie":{"fixed_version":"24.4.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-9893":{"scope":"remote","description":"Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.","releases":{"jessie":{"fixed_version":"1:45.6.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-1211":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"3.0.6-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-1212":{"scope":"remote","description":"js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) propagation of deep aborts in the TraceRecorder::record_JSOP_BINDNAME function, (2) depth handling in the TraceRecorder::record_JSOP_GETELEM function, and (3) tracing of out-of-range arguments in the TraceRecorder::record_JSOP_ARGSUB function.","releases":{"jessie":{"fixed_version":"3.0.6-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-1930":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"38.6.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-1935":{"scope":"remote","description":"Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allows remote attackers to execute arbitrary code via crafted WebGL content.","releases":{"jessie":{"fixed_version":"38.6.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-1213":{"scope":"remote","description":"The importScripts Web Worker method in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not verify that content is valid JavaScript code, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted HTML document.","releases":{"jessie":{"fixed_version":"3.0.6-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-1504":{"scope":"remote","description":"The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document that is accessed after a browser restart.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-1506":{"scope":"remote","description":"Directory traversal vulnerability in Android Crash Reporter in Mozilla Firefox before 28.0 on Android allows attackers to trigger the transmission of local files to arbitrary servers, or cause a denial of service (application crash), via a crafted application that specifies Android Crash Reporter arguments.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-1505":{"scope":"remote","description":"The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a different domain, via a timing attack involving feDisplacementMap elements, a related issue to CVE-2013-1693.","releases":{"jessie":{"fixed_version":"24.4.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-1508":{"scope":"remote","description":"The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service (out-of-bounds read and application crash), or possibly bypass the Same Origin Policy via vectors involving MathML polygon rendering.","releases":{"jessie":{"fixed_version":"24.4.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-1509":{"scope":"remote","description":"Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a crafted extension that renders fonts in a PDF document.","releases":{"jessie":{"fixed_version":"24.4.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-6630":{"debianbug":729867,"scope":"remote","description":"The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.","releases":{"jessie":{"fixed_version":"24.2.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-3957":{"scope":"remote","description":"Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors.","releases":{"jessie":{"fixed_version":"10.0.7-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-3956":{"scope":"remote","description":"Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-1500":{"scope":"remote","description":"Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background JavaScript execution.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-3959":{"scope":"remote","description":"Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.","releases":{"jessie":{"fixed_version":"10.0.7-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-3958":{"scope":"remote","description":"Use-after-free vulnerability in the nsHTMLEditRules::DeleteNonTableElements function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-1502":{"scope":"remote","description":"The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a different domain via unspecified vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-1501":{"scope":"remote","description":"Mozilla Firefox before 28.0 on Android allows remote attackers to bypass the Same Origin Policy and access arbitrary file: URLs via vectors involving the \"Open Link in New Tab\" menu selection.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-3062":{"scope":"remote","description":"Off-by-one error in the OpenType Sanitizer in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted OpenType file.","releases":{"jessie":{"fixed_version":"10.0.4-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-0449":{"scope":"remote","description":"Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document.","releases":{"jessie":{"fixed_version":"10.0.3-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-0447":{"scope":"remote","description":"Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image.","releases":{"jessie":{"fixed_version":"10.0.3-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-0446":{"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to inject arbitrary web script or HTML via a (1) web page or (2) Firefox extension, related to improper enforcement of XPConnect security restrictions for frame scripts that call untrusted objects.","releases":{"jessie":{"fixed_version":"10.0.3-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-0445":{"scope":"remote","description":"Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to bypass the HTML5 frame-navigation policy and replace arbitrary sub-frames by creating a form submission target with a sub-frame's name attribute.","releases":{"jessie":{"fixed_version":"10.0.3-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-0444":{"debianbug":664197,"scope":"remote","description":"Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file.","releases":{"jessie":{"fixed_version":"10.0.3-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-0442":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"10.0.3-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-0159":{"scope":"remote","description":"The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors.","releases":{"jessie":{"fixed_version":"3.0.2-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-3960":{"scope":"remote","description":"Use-after-free vulnerability in the mozSpellChecker::SetCurrentDictionary function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.","releases":{"jessie":{"fixed_version":"10.0.7-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-3962":{"scope":"remote","description":"Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly iterate through the characters in a text run, which allows remote attackers to execute arbitrary code via a crafted document.","releases":{"jessie":{"fixed_version":"10.0.7-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-3961":{"scope":"remote","description":"Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-3964":{"scope":"remote","description":"Use-after-free vulnerability in the gfxTextRun::GetUserData function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-3963":{"scope":"remote","description":"Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-3966":{"scope":"remote","description":"Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a negative height value in a BMP image within a .ICO file, related to (1) improper handling of the transparency bitmask by the nsICODecoder component and (2) improper processing of the alpha channel by the nsBMPDecoder component.","releases":{"jessie":{"fixed_version":"10.0.7-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-3968":{"scope":"remote","description":"Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via vectors related to deletion of a fragment shader by its accessor.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-3967":{"scope":"remote","description":"The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 on Linux, when a large number of sampler uniforms are used, does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted web site.","releases":{"jessie":{"fixed_version":"10.0.7-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-3969":{"scope":"remote","description":"Integer overflow in the nsSVGFEMorphologyElement::Filter function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via a crafted SVG filter that triggers an incorrect sum calculation, leading to a heap-based buffer overflow.","releases":{"jessie":{"fixed_version":"10.0.7-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-3079":{"scope":"remote","description":"The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and other products, does not properly validate messages, which has unspecified impact and attack vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-0459":{"scope":"remote","description":"The Cascading Style Sheets (CSS) implementation in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via dynamic modification of a keyframe followed by access to the cssText of the keyframe.","releases":{"jessie":{"fixed_version":"10.0.3-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-0458":{"scope":"remote","description":"Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict setting the home page through the dragging of a URL to the home button, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a javascript: URL that is later interpreted in the about:sessionrestore context.","releases":{"jessie":{"fixed_version":"10.0.3-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-0457":{"scope":"remote","description":"Use-after-free vulnerability in the nsSMILTimeValueSpec::ConvertBetweenTimeContainer function in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to execute arbitrary code via an SVG animation.","releases":{"jessie":{"fixed_version":"10.0.3-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-0456":{"scope":"remote","description":"The SVG Filters implementation in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to obtain sensitive information from process memory via vectors that trigger an out-of-bounds read.","releases":{"jessie":{"fixed_version":"10.0.3-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-0455":{"scope":"remote","description":"Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict drag-and-drop operations on javascript: URLs, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web page, related to a \"DragAndDropJacking\" issue.","releases":{"jessie":{"fixed_version":"10.0.3-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-0452":{"scope":"remote","description":"Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger failure of an nsXBLDocumentInfo::ReadPrototypeBindings function call, related to the cycle collector's access to a hash table containing a stale XBL binding.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-0451":{"scope":"remote","description":"CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote web servers to bypass intended Content Security Policy (CSP) restrictions and possibly conduct cross-site scripting (XSS) attacks via crafted HTTP headers.","releases":{"jessie":{"fixed_version":"10.0.3-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-3778":{"scope":"remote","description":"Unspecified vulnerability in Mozilla Firefox 3.5.x before 3.5.16, Thunderbird before 3.0.11, and SeaMonkey before 2.0.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"3.0.11-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-0450":{"scope":"local","description":"Mozilla Firefox 4.x through 9.0 and SeaMonkey before 2.7 on Linux and Mac OS X set weak permissions for Firefox Recovery Key.html, which might allow local users to read a Firefox Sync key via standard filesystem operations.","releases":{"jessie":{"fixed_version":"10.0.3-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2010-3776":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"3.0.11-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-1380":{"scope":"remote","description":"The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird before 2.0.0.14, and SeaMonkey before 1.1.10 allows remote attackers to cause a denial of service (garbage collector crash) and possibly have other impacts via a crafted web page.  NOTE: this is due to an incorrect fix for CVE-2008-1237.","releases":{"jessie":{"fixed_version":"2.0.0.14-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-9066":{"scope":"remote","description":"A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.","releases":{"jessie":{"fixed_version":"1:45.5.1-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-3971":{"scope":"remote","description":"Summer Institute of Linguistics (SIL) Graphite 2, as used in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the (1) Silf::readClassMap and (2) Pass::readPass functions.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-3970":{"scope":"remote","description":"Use-after-free vulnerability in the nsTArray_base::Length function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving movement of a requiredFeatures attribute from one SVG document to another.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-5500":{"scope":"remote","description":"The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to (1) a reachable assertion or (2) an integer overflow.","releases":{"jessie":{"fixed_version":"2.0.0.19-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-5501":{"scope":"remote","description":"The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service via vectors that trigger an assertion failure.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-3972":{"scope":"remote","description":"The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based buffer over-read.","releases":{"jessie":{"fixed_version":"10.0.7-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-5502":{"scope":"remote","description":"The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) via vectors that trigger memory corruption, related to the GetXMLEntity and FastAppendChar functions.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-3975":{"scope":"remote","description":"The DOMParser component in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 loads subresources during parsing of text/html data within an extension, which allows remote attackers to obtain sensitive information by providing crafted data to privileged extension code.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-2867":{"scope":"remote","description":"Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) via vectors related to dangling pointers, heap corruption, signed/unsigned, and other issues.","releases":{"jessie":{"fixed_version":"2.0.0.4-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-5503":{"scope":"remote","description":"The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domain policy, which allows remote attackers to read or access data from other domains via crafted XBL bindings.","releases":{"jessie":{"fixed_version":"2.0.0.19-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-2868":{"scope":"remote","description":"Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger memory corruption.","releases":{"jessie":{"fixed_version":"2.0.0.4-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-2791":{"scope":"remote","description":"The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.","releases":{"jessie":{"fixed_version":"38.7.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-8639":{"scope":"remote","description":"Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Required) status code, which allows remote HTTP proxy servers to conduct session fixation attacks by providing a cookie name that corresponds to the session cookie of the origin server.","releases":{"jessie":{"fixed_version":"31.4.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2792":{"scope":"remote","description":"The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2800.","releases":{"jessie":{"fixed_version":"38.7.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-8638":{"scope":"remote","description":"The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site.","releases":{"jessie":{"fixed_version":"31.4.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2793":{"scope":"remote","description":"CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.","releases":{"jessie":{"fixed_version":"38.7.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-3978":{"scope":"remote","description":"The nsLocation::CheckURL function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 does not properly follow the security model of the location object, which allows remote attackers to bypass intended content-loading restrictions or possibly have unspecified other impact via vectors involving chrome code.","releases":{"jessie":{"fixed_version":"10.0.7-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2794":{"scope":"remote","description":"The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.","releases":{"jessie":{"fixed_version":"38.7.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-8634":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"31.4.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-2790":{"scope":"remote","description":"The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font.","releases":{"jessie":{"fixed_version":"38.7.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2799":{"scope":"remote","description":"Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font.","releases":{"jessie":{"fixed_version":"38.7.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-3169":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"3.0.7-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-2708":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"31.7.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-3168":{"scope":"remote","description":"Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict the role of property changes in triggering XUL tree removal, which allows remote attackers to cause a denial of service (deleted memory access and application crash) or possibly execute arbitrary code by setting unspecified properties.","releases":{"jessie":{"fixed_version":"3.0.7-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-6499":{"scope":"remote","description":"The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that reduce the precision.","releases":{"jessie":{"fixed_version":"1.5.0.9.dfsg1-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-3167":{"scope":"remote","description":"The nsTreeContentView function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle node removal in XUL trees, which allows remote attackers to execute arbitrary code via vectors involving access to deleted memory, related to a \"dangling pointer vulnerability.\"","releases":{"jessie":{"fixed_version":"3.0.7-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-6498":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown impact and attack vectors.","releases":{"jessie":{"fixed_version":"1.5.0.9.dfsg1-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-2795":{"scope":"remote","description":"The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font.","releases":{"jessie":{"fixed_version":"38.7.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-3166":{"scope":"remote","description":"Heap-based buffer overflow in the nsTextFrameUtils::TransformText function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a bidirectional text run.","releases":{"jessie":{"fixed_version":"3.0.7-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-0469":{"scope":"remote","description":"Use-after-free vulnerability in the mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to execute arbitrary code via vectors related to crafted IndexedDB data.","releases":{"jessie":{"fixed_version":"10.0.4-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-6497":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the layout engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown attack vectors.","releases":{"jessie":{"fixed_version":"1.5.0.9.dfsg1-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-2796":{"scope":"remote","description":"Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font.","releases":{"jessie":{"fixed_version":"38.7.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-0468":{"scope":"remote","description":"The browser engine in Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (assertion failure and memory corruption) or possibly execute arbitrary code via vectors related to jsval.h and the js::array_shift function.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-2797":{"scope":"remote","description":"The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2801.","releases":{"jessie":{"fixed_version":"38.7.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-0467":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"10.0.4-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-2798":{"scope":"remote","description":"The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.","releases":{"jessie":{"fixed_version":"38.7.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-5506":{"scope":"remote","description":"Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain, then reading content from the response, aka \"response disclosure.\"","releases":{"jessie":{"fixed_version":"2.0.0.19-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-0464":{"scope":"remote","description":"Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to execute arbitrary code via vectors involving an empty argument to the array.join function in conjunction with the triggering of garbage collection.","releases":{"jessie":{"fixed_version":"10.0.3-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-5507":{"scope":"remote","description":"Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which generates an error if the target data does not have JavaScript syntax, which can be accessed using the window.onerror DOM API.","releases":{"jessie":{"fixed_version":"2.0.0.19-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-5508":{"scope":"remote","description":"Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not properly parse URLs with leading whitespace or control characters, which might allow remote attackers to misrepresent URLs and simplify phishing attacks.","releases":{"jessie":{"fixed_version":"2.0.0.19-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-0462":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"10.0.3-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-0461":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"10.0.3-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-0460":{"scope":"remote","description":"Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict write access to the window.fullScreen object, which allows remote attackers to spoof the user interface via a crafted web page.","releases":{"jessie":{"fixed_version":"10.0.3-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-3980":{"scope":"remote","description":"The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that injects this code and triggers an eval operation.","releases":{"jessie":{"fixed_version":"10.0.7-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-3982":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"10.0.9-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-3984":{"scope":"remote","description":"Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has a SELECT element's menu active, which allows remote attackers to spoof page content via vectors involving absolute positioning and scrolling.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-3983":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-3986":{"scope":"remote","description":"Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code.","releases":{"jessie":{"fixed_version":"10.0.9-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-3985":{"scope":"remote","description":"Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly implement the HTML5 Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging initial-origin access after document.domain has been set.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-3988":{"scope":"remote","description":"Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 might allow user-assisted remote attackers to execute arbitrary code via vectors involving use of mozRequestFullScreen to enter full-screen mode, and use of the history.back method for backwards history navigation.","releases":{"jessie":{"fixed_version":"10.0.9-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-3989":{"scope":"remote","description":"Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly perform a cast of an unspecified variable during use of the instanceof operator on a JavaScript object, which allows remote attackers to execute arbitrary code or cause a denial of service (assertion failure) via a crafted web site.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-0479":{"scope":"remote","description":"Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an https URL for invalid (1) RSS or (2) Atom XML content.","releases":{"jessie":{"fixed_version":"10.0.4-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-0478":{"scope":"remote","description":"The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page.","releases":{"jessie":{"fixed_version":"10.0.4-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-0477":{"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to inject arbitrary web script or HTML via the (1) ISO-2022-KR or (2) ISO-2022-CN character set.","releases":{"jessie":{"fixed_version":"10.0.4-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-0475":{"debianbug":703071,"scope":"remote","description":"Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site (1) XMLHttpRequest or (2) WebSocket operation involving a nonstandard port number and an IPv6 address that contains certain zero fields.","releases":{"jessie":{"fixed_version":"10.0.4-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2012-0474":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in the docshell implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via vectors related to short-circuited page loads, aka \"Universal XSS (UXSS).\"","releases":{"jessie":{"fixed_version":"10.0.4-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-0473":{"scope":"remote","description":"The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 calls the FindMaxElementInSubArray function with incorrect template arguments, which allows remote attackers to obtain sensitive information from video memory via a crafted WebGL.drawElements call.","releases":{"jessie":{"fixed_version":"10.0.4-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-0472":{"scope":"remote","description":"The cairo-dwrite implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9, when certain Windows Vista and Windows 7 configurations are used, does not properly restrict font-rendering attempts, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-6629":{"debianbug":729867,"scope":"remote","description":"The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.","releases":{"jessie":{"fixed_version":"24.2.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-0471":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via a multibyte character set.","releases":{"jessie":{"fixed_version":"10.0.4-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-0470":{"scope":"remote","description":"Heap-based buffer overflow in the nsSVGFEDiffuseLightingElement::LightPixel function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (invalid gfxImageSurface free operation) or possibly execute arbitrary code by leveraging the use of \"different number systems.\"","releases":{"jessie":{"fixed_version":"10.0.4-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-3991":{"scope":"remote","description":"Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict JSAPI access to the GetProperty function, which allows remote attackers to bypass the Same Origin Policy and possibly have unspecified other impact via a crafted web site.","releases":{"jessie":{"fixed_version":"10.0.9-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-3735":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption.","releases":{"jessie":{"fixed_version":"2.0.0.6-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-3990":{"scope":"remote","description":"Use-after-free vulnerability in the IME State Manager implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors, related to the nsIContent::GetNameSpaceID function.","releases":{"jessie":{"fixed_version":"10.0.9-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-3734":{"debianbug":444010,"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption.","releases":{"jessie":{"fixed_version":"2.0.0.6-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high","status":"resolved"}}}}
{"CVE-2012-3993":{"scope":"remote","description":"The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site, related to an \"XrayWrapper pollution\" issue.","releases":{"jessie":{"fixed_version":"10.0.9-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-3992":{"scope":"remote","description":"Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive POST content via vectors involving a location.hash write operation and history navigation that triggers the loading of a URL into the history object.","releases":{"jessie":{"fixed_version":"10.0.9-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-3995":{"scope":"remote","description":"The IsCSSWordSpacingSpace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.","releases":{"jessie":{"fixed_version":"10.0.9-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-3994":{"scope":"remote","description":"Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site scripting (XSS) attacks via a binary plugin that uses Object.defineProperty to shadow the top object, and leverages the relationship between top.location and the location property.","releases":{"jessie":{"fixed_version":"10.0.9-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-1558":{"scope":"remote","description":"The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions.  NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.","releases":{"jessie":{"fixed_version":"2.0.0.4-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-7749":{"scope":"remote","description":"A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.","releases":{"jessie":{"fixed_version":"1:52.2.1-4~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-3183":{"scope":"remote","description":"The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via vectors involving a \"dangling pointer\" and the JS_ValueToId function.","releases":{"jessie":{"fixed_version":"3.0.9-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-3182":{"scope":"local","description":"A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.","releases":{"jessie":{"fixed_version":"3.0.9-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-3180":{"scope":"remote","description":"Use-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code by accessing the locationbar property of a closed window.","releases":{"jessie":{"fixed_version":"3.0.9-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-2726":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-2725":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-2724":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"31.8.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-2721":{"scope":"remote","description":"Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a \"SMACK SKIP-TLS\" issue.","releases":{"jessie":{"fixed_version":"31.8.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-3845":{"scope":"remote","description":"Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching \"a file handling program based on the file extension at the end of the URI,\" a variant of CVE-2007-4041.  NOTE: the vendor states that \"it is still possible to launch a filetype handler based on extension rather than the registered protocol handler.\"","releases":{"jessie":{"fixed_version":"2.0.0.6-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2007-3844":{"scope":"remote","description":"Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that inserts a (1) javascript: or (2) data: link into an about:blank document loaded by chrome via (a) the window.open function or (b) a content.location assignment, aka \"Cross Context Scripting.\" NOTE: this issue is caused by a CVE-2007-3089 regression.","releases":{"jessie":{"fixed_version":"2.0.0.6-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2008-1235":{"scope":"remote","description":"Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via unknown vectors that cause JavaScript to execute with the wrong principal, aka \"Privilege escalation via incorrect principals.\"","releases":{"jessie":{"fixed_version":"2.0.0.14-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-1234":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to inject arbitrary web script or HTML via event handlers, aka \"Universal XSS using event handlers.\"","releases":{"jessie":{"fixed_version":"2.0.0.14-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-1233":{"scope":"remote","description":"Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via \"XPCNativeWrapper pollution.\"","releases":{"jessie":{"fixed_version":"2.0.0.14-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7758":{"scope":"remote","description":"An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.","releases":{"jessie":{"fixed_version":"1:52.2.1-4~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7757":{"scope":"remote","description":"A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.","releases":{"jessie":{"fixed_version":"1:52.2.1-4~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-5829":{"scope":"remote","description":"Heap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors.","releases":{"jessie":{"fixed_version":"10.0.11-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7752":{"scope":"remote","description":"A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.","releases":{"jessie":{"fixed_version":"1:52.2.1-4~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7751":{"scope":"remote","description":"A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.","releases":{"jessie":{"fixed_version":"1:52.2.1-4~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-3179":{"scope":"remote","description":"Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a long argument to the document.write method.","releases":{"jessie":{"fixed_version":"3.0.9-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7750":{"scope":"remote","description":"A use-after-free vulnerability during video control operations when a \"<track>\" element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.","releases":{"jessie":{"fixed_version":"1:52.2.1-4~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-3178":{"scope":"remote","description":"Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document.","releases":{"jessie":{"fixed_version":"3.0.9-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7756":{"scope":"remote","description":"A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.","releases":{"jessie":{"fixed_version":"1:52.2.1-4~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-2716":{"scope":"remote","description":"Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.","releases":{"jessie":{"fixed_version":"31.7.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-1237":{"scope":"remote","description":"Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the JavaScript engine.","releases":{"jessie":{"fixed_version":"2.0.0.14-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7754":{"scope":"remote","description":"An out-of-bounds read in WebGL with a maliciously crafted \"ImageInfo\" object during WebGL operations. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.","releases":{"jessie":{"fixed_version":"1:52.2.1-4~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-1236":{"scope":"remote","description":"Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the layout engine.","releases":{"jessie":{"fixed_version":"2.0.0.14-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-3174":{"scope":"remote","description":"Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before 2.0.9 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"3.0.9-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7753":{"debianbug":872834,"scope":"remote","description":"An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.","releases":{"jessie":{"fixed_version":"1:52.3.0-4~deb8u2","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-2713":{"scope":"remote","description":"Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) token sequence containing properties related to vertical text.","releases":{"jessie":{"fixed_version":"31.7.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-3075":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.2, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to use of mutable strings in the js_StringReplaceHelper function in js/src/jsstr.cpp, and unknown vectors.","releases":{"jessie":{"fixed_version":"3.0~rc2-2","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-2710":{"scope":"remote","description":"Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code via crafted SVG graphics data in conjunction with a crafted Cascading Style Sheets (CSS) token sequence.","releases":{"jessie":{"fixed_version":"31.7.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-3072":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.3, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the BinHex decoder in netwerk/streamconv/converters/nsBinHexDecoder.cpp, and unknown vectors.","releases":{"jessie":{"fixed_version":"3.0~rc2-2","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-5830":{"scope":"remote","description":"Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X allows remote attackers to execute arbitrary code via an HTML document.","releases":{"jessie":{"fixed_version":"10.0.11-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7809":{"debianbug":872834,"scope":"remote","description":"A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.","releases":{"jessie":{"fixed_version":"1:52.3.0-4~deb8u2","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-5833":{"scope":"remote","description":"The texImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via function calls involving certain values of the level parameter.","releases":{"jessie":{"fixed_version":"10.0.11-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7804":{"scope":"remote","description":"The destructor function for the \"WindowsDllDetourPatcher\" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used to bypass existing memory protections in this situation. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7803":{"debianbug":872834,"scope":"remote","description":"When a page's content security policy (CSP) header contains a \"sandbox\" directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.","releases":{"jessie":{"fixed_version":"1:52.3.0-4~deb8u2","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-5838":{"scope":"remote","description":"The copyTexImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via large image dimensions.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7802":{"debianbug":872834,"scope":"remote","description":"A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.","releases":{"jessie":{"fixed_version":"1:52.3.0-4~deb8u2","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-5835":{"scope":"remote","description":"Integer overflow in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) via crafted data.","releases":{"jessie":{"fixed_version":"10.0.11-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7801":{"debianbug":872834,"scope":"remote","description":"A use-after-free vulnerability can occur while re-computing layout for a \"marquee\" element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.","releases":{"jessie":{"fixed_version":"1:52.3.0-4~deb8u2","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-5836":{"scope":"remote","description":"Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the setting of Cascading Style Sheets (CSS) properties in conjunction with SVG text.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7807":{"debianbug":872834,"scope":"remote","description":"A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.","releases":{"jessie":{"fixed_version":"1:52.3.0-4~deb8u2","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-5839":{"scope":"remote","description":"Heap-based buffer overflow in the gfxShapedWord::CompressedGlyph::IsClusterStart function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors.","releases":{"jessie":{"fixed_version":"10.0.11-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-5603":{"scope":"remote","description":"Use-after-free vulnerability in the nsContentUtils::ContentIsHostIncludingDescendantOf function in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving HTML document templates.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-5604":{"scope":"remote","description":"The txXPathNodeUtils::getBaseURI function in the XSLT processor in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly initialize data, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via crafted documents.","releases":{"jessie":{"fixed_version":"17.0.10-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-5601":{"scope":"remote","description":"Use-after-free vulnerability in the nsEventListenerManager::SetEventHandler function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code via vectors related to a memory allocation through the garbage collection (GC) API.","releases":{"jessie":{"fixed_version":"17.0.10-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-5602":{"scope":"remote","description":"The Worker::SetEventListener function in the Web workers implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to direct proxies.","releases":{"jessie":{"fixed_version":"17.0.10-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7800":{"debianbug":872834,"scope":"remote","description":"A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.","releases":{"jessie":{"fixed_version":"1:52.3.0-4~deb8u2","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-7194":{"scope":"remote","description":"Buffer underflow in libjar in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ZIP archive.","releases":{"jessie":{"fixed_version":"38.4.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-5600":{"scope":"remote","description":"Use-after-free vulnerability in the nsIOService::NewChannelFromURIWithProxyFlags function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code via vectors involving a blob: URL.","releases":{"jessie":{"fixed_version":"17.0.10-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-7193":{"scope":"remote","description":"Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly follow the CORS cross-origin request algorithm for the POST method in situations involving an unspecified Content-Type header manipulation, which allows remote attackers to bypass the Same Origin Policy by leveraging the lack of a preflight-request step.","releases":{"jessie":{"fixed_version":"38.4.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-7198":{"scope":"remote","description":"Buffer overflow in the rx::TextureStorage11 class in ANGLE, as used in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted texture data.","releases":{"jessie":{"fixed_version":"38.4.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-7197":{"scope":"remote","description":"Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-content restrictions via crafted JavaScript code.","releases":{"jessie":{"fixed_version":"38.4.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-5609":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"24.2.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-7199":{"scope":"remote","description":"The (1) AddWeightedPathSegLists and (2) SVGPathSegListSMILType::Interpolate functions in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lack status checking, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted SVG document.","releases":{"jessie":{"fixed_version":"38.4.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-2741":{"scope":"remote","description":"Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 do not enforce key pinning upon encountering an X.509 certificate problem that generates a user dialog, which allows user-assisted man-in-the-middle attackers to bypass intended access restrictions by triggering a (1) expired certificate or (2) mismatched hostname for a domain with pinning enabled.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-2740":{"scope":"remote","description":"Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allow remote attackers to cause a denial of service or have unspecified other impact via unknown vectors.","releases":{"jessie":{"fixed_version":"31.8.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-5840":{"scope":"remote","description":"Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4214.","releases":{"jessie":{"fixed_version":"10.0.11-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-5841":{"scope":"remote","description":"Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 implement cross-origin wrappers with a filtering behavior that does not properly restrict write actions, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.","releases":{"jessie":{"fixed_version":"10.0.11-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-5842":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"10.0.11-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-2605":{"scope":"remote","description":"CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \\n (newline) character, which is not properly handled in a JavaScript \"document.cookie =\" expression, a different vulnerability than CVE-2011-2374.","releases":{"jessie":{"fixed_version":"3.1.11-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-5843":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-5615":{"scope":"remote","description":"The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs, which has unspecified impact and remote attack vectors.","releases":{"jessie":{"fixed_version":"24.2.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-7181":{"scope":"remote","description":"The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a \"use-after-poison\" issue.","releases":{"jessie":{"fixed_version":"38.4.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-5613":{"scope":"remote","description":"Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving synthetic mouse movement, related to the RestyleManager::GetHoverGeneration function.","releases":{"jessie":{"fixed_version":"24.2.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-5610":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-7183":{"scope":"remote","description":"Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.","releases":{"jessie":{"fixed_version":"31.7.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-2739":{"scope":"remote","description":"The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which has unspecified impact and attack vectors.","releases":{"jessie":{"fixed_version":"31.8.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-7182":{"scope":"remote","description":"Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.","releases":{"jessie":{"fixed_version":"38.4.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-2738":{"scope":"remote","description":"The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.","releases":{"jessie":{"fixed_version":"31.8.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-2737":{"scope":"remote","description":"The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.","releases":{"jessie":{"fixed_version":"31.8.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-2736":{"scope":"remote","description":"The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive.","releases":{"jessie":{"fixed_version":"31.8.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-2735":{"scope":"remote","description":"nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive.","releases":{"jessie":{"fixed_version":"31.8.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-2734":{"scope":"remote","description":"The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.","releases":{"jessie":{"fixed_version":"31.8.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-7189":{"scope":"remote","description":"Race condition in the JPEGEncoder function in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via vectors involving a CANVAS element and crafted JavaScript code.","releases":{"jessie":{"fixed_version":"38.4.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-0797":{"debianbug":784220,"scope":"remote","description":"GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 video data in an m4v file.","releases":{"jessie":{"fixed_version":"31.7.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-7188":{"scope":"remote","description":"Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to bypass the Same Origin Policy for an IP address origin, and conduct cross-site scripting (XSS) attacks, by appending whitespace characters to an IP address string.","releases":{"jessie":{"fixed_version":"38.4.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-5618":{"scope":"remote","description":"Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code by triggering improper garbage collection.","releases":{"jessie":{"fixed_version":"24.2.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-2731":{"scope":"remote","description":"Use-after-free vulnerability in the CSPService::ShouldLoad function in the microtask implementation in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allows remote attackers to execute arbitrary code by leveraging client-side JavaScript that triggers removal of a DOM object on the basis of a Content Policy.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-5616":{"scope":"remote","description":"Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to mListeners event listeners.","releases":{"jessie":{"fixed_version":"24.2.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-5405":{"scope":"remote","description":"Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.","releases":{"jessie":{"fixed_version":"1:45.8.0-3~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7825":{"scope":"remote","description":"Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-5404":{"scope":"remote","description":"A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.","releases":{"jessie":{"fixed_version":"1:45.8.0-3~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-5407":{"scope":"remote","description":"Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.","releases":{"jessie":{"fixed_version":"1:45.8.0-3~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5408":{"scope":"remote","description":"Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.","releases":{"jessie":{"fixed_version":"1:45.8.0-3~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5401":{"scope":"remote","description":"A crash triggerable by web content in which an \"ErrorResult\" references unassigned memory due to a logic error. The resulting crash may be exploitable. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.","releases":{"jessie":{"fixed_version":"1:45.8.0-3~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-5464":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) via unspecified vectors.","releases":{"jessie":{"fixed_version":"1.5.0.8-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-1526":{"scope":"remote","description":"The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.","releases":{"jessie":{"fixed_version":"38.6.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-5463":{"scope":"remote","description":"Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary JavaScript bytecode via unspecified vectors involving modification of a Script object while it is executing.","releases":{"jessie":{"fixed_version":"1.5.0.8-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2017-5402":{"scope":"remote","description":"A use-after-free can occur when events are fired for a \"FontFace\" object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.","releases":{"jessie":{"fixed_version":"1:45.8.0-3~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-5462":{"scope":"remote","description":"Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340.","releases":{"jessie":{"fixed_version":"1.5.0.8-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2017-5400":{"scope":"remote","description":"JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.","releases":{"jessie":{"fixed_version":"1:45.8.0-3~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-1523":{"scope":"remote","description":"The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (missing initialization, NULL pointer dereference, and application crash) via a crafted Graphite smart font.","releases":{"jessie":{"fixed_version":"38.6.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-0776":{"scope":"remote","description":"Heap-based buffer overflow in the _cairo_pen_init function in Mozilla Firefox 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to execute arbitrary code via a large stroke-width attribute in the clipPath element in an SVG file.","releases":{"jessie":{"fixed_version":"1.5.0.10.dfsg1-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-6961":{"scope":"remote","description":"mailnews in Mozilla Thunderbird before 2.0.0.18 and SeaMonkey before 1.1.13, when JavaScript is enabled in mail, allows remote attackers to obtain sensitive information about the recipient, or comments in forwarded mail, via script that reads the (1) .documentURI or (2) .textContent DOM properties.","releases":{"jessie":{"fixed_version":"2.0.0.19-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-5510":{"scope":"remote","description":"The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the '\\0' escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines.","releases":{"jessie":{"fixed_version":"2.0.0.19-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-0775":{"scope":"local","description":"Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allow remote attackers to cause a denial of service (crash) and potentially execute arbitrary code via certain vectors.","releases":{"jessie":{"fixed_version":"1.5.0.10.dfsg1-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-5511":{"scope":"remote","description":"Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting (XSS) attacks via an XBL binding to an \"unloaded document.\"","releases":{"jessie":{"fixed_version":"2.0.0.19-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-5512":{"scope":"remote","description":"Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to run arbitrary JavaScript with chrome privileges via unknown vectors in which \"page content can pollute XPCNativeWrappers.\"","releases":{"jessie":{"fixed_version":"2.0.0.19-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-0777":{"scope":"remote","description":"The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption.","releases":{"jessie":{"fixed_version":"1.5.0.10.dfsg1-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-1199":{"scope":"remote","description":"Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node.","releases":{"jessie":{"fixed_version":"3.0.5-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-1196":{"scope":"remote","description":"Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a heap-based buffer overflow.","releases":{"jessie":{"fixed_version":"3.0.5-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-5410":{"scope":"remote","description":"Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.","releases":{"jessie":{"fixed_version":"1:45.8.0-3~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-2999":{"scope":"remote","description":"Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle \"location\" as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, a different vulnerability than CVE-2010-0170.","releases":{"jessie":{"fixed_version":"3.1.15-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-2998":{"scope":"remote","description":"Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via JavaScript code containing a large RegExp expression.","releases":{"jessie":{"fixed_version":"3.1.15-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-2996":{"scope":"remote","description":"Unspecified vulnerability in the plugin API in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-2991":{"scope":"remote","description":"The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement JavaScript, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-9900":{"scope":"remote","description":"External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of \"data:\" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.","releases":{"jessie":{"fixed_version":"1:45.6.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-1680":{"scope":"remote","description":"Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.","releases":{"jessie":{"fixed_version":"17.0.7-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-2018":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in a (1) OBJECT or (2) EMBED element, a related issue to CVE-2013-6674.","releases":{"jessie":{"fixed_version":"24.2.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-2995":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"3.1.15-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-2992":{"scope":"remote","description":"The Ogg reader in the browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-1686":{"scope":"remote","description":"Use-after-free vulnerability in the mozilla::ResetDir function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.","releases":{"jessie":{"fixed_version":"17.0.7-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-0807":{"scope":"remote","description":"The navigator.sendBeacon implementation in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 processes HTTP 30x status codes for redirects after a preflight request has occurred, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site, a similar issue to CVE-2014-8638.","releases":{"jessie":{"fixed_version":"31.6.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-1685":{"scope":"remote","description":"Use-after-free vulnerability in the nsIDocument::GetRootElement function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted web site.","releases":{"jessie":{"fixed_version":"17.0.7-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-9905":{"scope":"remote","description":"A potentially exploitable crash in \"EnumerateSubDocuments\" while adding or removing sub-documents. This vulnerability affects Firefox ESR < 45.6 and Thunderbird < 45.6.","releases":{"jessie":{"fixed_version":"1:45.6.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-1687":{"scope":"remote","description":"The System Only Wrapper (SOW) and Chrome Object Wrapper (COW) implementations in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly restrict XBL user-defined functions, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges, or conduct cross-site scripting (XSS) attacks, via a crafted web site.","releases":{"jessie":{"fixed_version":"17.0.7-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-9904":{"scope":"remote","description":"An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.","releases":{"jessie":{"fixed_version":"1:45.6.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-1682":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"17.0.7-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-1681":{"scope":"remote","description":"Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.","releases":{"jessie":{"fixed_version":"17.0.7-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-1684":{"scope":"remote","description":"Use-after-free vulnerability in the mozilla::dom::HTMLMediaElement::LookupMediaElementURITable function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted web site.","releases":{"jessie":{"fixed_version":"17.0.7-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-0801":{"scope":"remote","description":"Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818.","releases":{"jessie":{"fixed_version":"31.6.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-1683":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-5383":{"scope":"remote","description":"URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.","releases":{"jessie":{"fixed_version":"1:45.8.0-3~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5380":{"scope":"remote","description":"A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.","releases":{"jessie":{"fixed_version":"1:45.8.0-3~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-1690":{"scope":"remote","description":"Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location.","releases":{"jessie":{"fixed_version":"17.0.7-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-1697":{"scope":"remote","description":"The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers use of a user-defined (1) toString or (2) valueOf method.","releases":{"jessie":{"fixed_version":"17.0.7-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-5398":{"scope":"remote","description":"Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.","releases":{"jessie":{"fixed_version":"1:45.8.0-3~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-5396":{"scope":"remote","description":"A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.","releases":{"jessie":{"fixed_version":"1:45.8.0-3~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-1693":{"scope":"remote","description":"The SVG filter implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to read pixel values, and possibly bypass the Same Origin Policy and read text from a different domain, by observing timing differences in execution of filter code.","releases":{"jessie":{"fixed_version":"17.0.7-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-1692":{"scope":"remote","description":"Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not prevent the inclusion of body data in an XMLHttpRequest HEAD request, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web site.","releases":{"jessie":{"fixed_version":"17.0.7-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-1694":{"scope":"remote","description":"The PreserveWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly handle the lack of a wrapper, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by leveraging unintended clearing of the wrapper cache's preserved-wrapper flag.","releases":{"jessie":{"fixed_version":"17.0.7-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-5390":{"scope":"remote","description":"The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.","releases":{"jessie":{"fixed_version":"1:45.8.0-3~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-3835":{"scope":"remote","description":"The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors.","releases":{"jessie":{"fixed_version":"2.0.0.17-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-5045":{"scope":"remote","description":"Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, when running on systems with Mozilla Firefox before 2.0.0.7 installed, allows remote attackers to execute arbitrary commands via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter containing the Firefox \"-chrome\" argument.  NOTE: this is a related issue to CVE-2006-4965 and the result of an incomplete fix for CVE-2007-3670.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-1392":{"debianbug":535124,"scope":"remote","description":"The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsEventStateManager::GetContentState and nsNativeTheme::CheckBooleanAttr; (2) UnhookTextRunFromFrames and ClearAllTextRunReferences; (3) nsTextFrame::ClearTextRun; (4) IsPercentageAware; (5) PL_DHashTableFinish; (6) nsListBoxBodyFrame::GetNextItemBox; (7) AtomTableClearEntry, related to the atom table, DOM mutation events, and Unicode surrogates; (8) nsHTMLEditor::HideResizers; and (9) nsWindow::SetCursor, related to changing the cursor; and other vectors.","releases":{"jessie":{"fixed_version":"2.0.0.22-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-4202":{"scope":"remote","description":"Heap-based buffer overflow in the image::RasterImage::DrawFrameTo function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via a crafted GIF image.","releases":{"jessie":{"fixed_version":"10.0.11-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-4201":{"scope":"remote","description":"The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an incorrect context during the handling of JavaScript code that sets the location.href property, which allows remote attackers to conduct cross-site scripting (XSS) attacks or read arbitrary files by leveraging a sandboxed add-on.","releases":{"jessie":{"fixed_version":"10.0.11-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-4204":{"scope":"remote","description":"The str_unescape function in the JavaScript engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-4205":{"scope":"remote","description":"Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks or obtain sensitive information by leveraging a sandboxed add-on.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-4208":{"scope":"remote","description":"The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 does not consider the compartment during property filtering, which allows remote attackers to bypass intended chrome-only restrictions on reading DOM object properties via a crafted web site.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-4207":{"scope":"remote","description":"The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly handle a ~ (tilde) character in proximity to a chunk delimiter, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document.","releases":{"jessie":{"fixed_version":"10.0.11-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-3566":{"debianbug":765539,"scope":"remote","description":"The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the \"POODLE\" issue.","releases":{"jessie":{"fixed_version":"31.3.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-4209":{"scope":"remote","description":"Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a \"top\" frame name-attribute value to access the location property, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a binary plugin.","releases":{"jessie":{"fixed_version":"10.0.11-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-0827":{"scope":"remote","description":"Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to obtain sensitive information from uninitialized process memory via a malformed SVG graphic.","releases":{"jessie":{"fixed_version":"31.5.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-0822":{"scope":"remote","description":"The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code.","releases":{"jessie":{"fixed_version":"31.5.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-7213":{"scope":"remote","description":"Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow.","releases":{"jessie":{"fixed_version":"38.5.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-7575":{"scope":"remote","description":"Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.","releases":{"jessie":{"fixed_version":"38.6.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-7212":{"scope":"remote","description":"Integer overflow in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering a graphics operation that requires a large texture allocation.","releases":{"jessie":{"fixed_version":"38.5.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-1669":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 21.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-7214":{"scope":"remote","description":"Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs.","releases":{"jessie":{"fixed_version":"38.5.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-2988":{"scope":"remote","description":"Buffer overflow in an unspecified string class in the WebGL shader implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long source-code block for a shader.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-7205":{"scope":"remote","description":"Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a crafted WebRTC RTP packet.","releases":{"jessie":{"fixed_version":"38.5.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-2987":{"scope":"remote","description":"Heap-based buffer overflow in Almost Native Graphics Layer Engine (ANGLE), as used in the WebGL implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products might allow remote attackers to execute arbitrary code via unspecified vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-4213":{"scope":"remote","description":"Use-after-free vulnerability in the nsEditor::FindNextLeafNode function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-2986":{"scope":"remote","description":"Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products, when the Direct2D (aka D2D) API is used on Windows, allows remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-4212":{"scope":"remote","description":"Use-after-free vulnerability in the XPCWrappedNative::Mark function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-2985":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-4215":{"scope":"remote","description":"Use-after-free vulnerability in the nsPlaintextEditor::FireClipboardEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.","releases":{"jessie":{"fixed_version":"10.0.11-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-4214":{"scope":"remote","description":"Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-5840.","releases":{"jessie":{"fixed_version":"10.0.11-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-4217":{"scope":"remote","description":"Use-after-free vulnerability in the nsViewManager::ProcessPendingUpdates function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-4216":{"scope":"remote","description":"Use-after-free vulnerability in the gfxFont::GetFontEntry function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.","releases":{"jessie":{"fixed_version":"10.0.11-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-2989":{"scope":"remote","description":"The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement WebGL, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-1496":{"scope":"local","description":"Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during an update.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-2980":{"scope":"local","description":"Untrusted search path vulnerability in the ThinkPadSensor::Startup function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, allows local users to gain privileges by leveraging write access in an unspecified directory to place a Trojan horse DLL that is loaded into the running Firefox process.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-4218":{"scope":"remote","description":"Use-after-free vulnerability in the BuildTextRunsScanner::BreakSink::SetBreaks function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-1498":{"scope":"remote","description":"The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algorithm.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-1497":{"scope":"remote","description":"The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service (out-of-bounds read and application crash), or possibly have unspecified other impact via a crafted WAV file.","releases":{"jessie":{"fixed_version":"24.4.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-2984":{"scope":"remote","description":"Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering for drop events.","releases":{"jessie":{"fixed_version":"3.1.12-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-6505":{"scope":"remote","description":"Multiple heap-based buffer overflows in Mozilla Thunderbird before 1.5.0.9 and SeaMonkey before 1.0.7 allow remote attackers to execute arbitrary code via (1) external message modies with long Content-Type headers or (2) long RFC2047-encoded (MIME non-ASCII) headers.","releases":{"jessie":{"fixed_version":"1.5.0.9.dfsg1-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high","status":"resolved"}}}}
{"CVE-2014-1499":{"scope":"remote","description":"Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or (2) microphone permission prompt by triggering navigation at a certain time during generation of this prompt.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-2983":{"scope":"remote","description":"Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products does not properly handle the RegExp.input property, which allows remote attackers to bypass the Same Origin Policy and read data from a different domain via a crafted web site, possibly related to a use-after-free.","releases":{"jessie":{"fixed_version":"3.1.12-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-6504":{"scope":"remote","description":"Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption.","releases":{"jessie":{"fixed_version":"1.5.0.9.dfsg1-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high","status":"resolved"}}}}
{"CVE-2011-2982":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"3.1.12-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-6503":{"scope":"remote","description":"Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to bypass cross-site scripting (XSS) protection by changing the src attribute of an IMG element to a javascript: URI.","releases":{"jessie":{"fixed_version":"1.5.0.9.dfsg1-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high","status":"resolved"}}}}
{"CVE-2011-2981":{"scope":"remote","description":"The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly select the context for script to run in, which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript code with chrome privileges via a crafted web site.","releases":{"jessie":{"fixed_version":"3.1.12-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-6502":{"scope":"remote","description":"Use-after-free vulnerability in the LiveConnect bridge code for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) via unknown vectors.","releases":{"jessie":{"fixed_version":"1.5.0.9.dfsg1-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-1675":{"scope":"remote","description":"Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.","releases":{"jessie":{"fixed_version":"17.0.7-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-6501":{"scope":"remote","description":"Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to gain privileges and install malicious code via the watch Javascript function.","releases":{"jessie":{"fixed_version":"1.5.0.9.dfsg1-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-1674":{"scope":"remote","description":"Use-after-free vulnerability in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code via vectors involving an onresize event during the playing of a video.","releases":{"jessie":{"fixed_version":"17.0.7-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-6500":{"scope":"remote","description":"Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by setting the CSS cursor to certain images that cause an incorrect size calculation when converting to a Windows bitmap.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-1677":{"scope":"remote","description":"The gfxSkipCharsIterator::SetOffsets function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.","releases":{"jessie":{"fixed_version":"17.0.7-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1490":{"scope":"remote","description":"Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket.","releases":{"jessie":{"fixed_version":"24.3.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-0815":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"31.6.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-1676":{"scope":"remote","description":"The SelectionIterator::GetNextSegment function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.","releases":{"jessie":{"fixed_version":"17.0.7-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-0816":{"scope":"remote","description":"Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as demonstrated by the resource: URL associated with PDF.js.","releases":{"jessie":{"fixed_version":"31.6.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-1492":{"scope":"remote","description":"The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-0813":{"scope":"remote","description":"Use-after-free vulnerability in the AppendElements function in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 on Linux, when the Fluendo MP3 plugin for GStreamer is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted MP3 file.","releases":{"jessie":{"fixed_version":"31.6.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-0304":{"scope":"remote","description":"Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.12 and SeaMonkey before 1.1.8 might allow remote attackers to execute arbitrary code via a crafted external-body MIME type in an e-mail message, related to an incorrect memory allocation during message preview.","releases":{"jessie":{"fixed_version":"2.0.0.12-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2014-1491":{"scope":"remote","description":"Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value.","releases":{"jessie":{"fixed_version":"24.3.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-1670":{"scope":"remote","description":"The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attackers to bypass certain read-only restrictions and conduct cross-site scripting (XSS) attacks via a crafted web site.","releases":{"jessie":{"fixed_version":"17.0.7-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-1494":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-1672":{"scope":"local","description":"The Mozilla Maintenance Service in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 on Windows allows local users to bypass integrity verification and gain privileges via vectors involving junctions.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-1493":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"24.4.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-7200":{"scope":"remote","description":"The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key.","releases":{"jessie":{"fixed_version":"38.4.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-1679":{"scope":"remote","description":"Use-after-free vulnerability in the mozilla::plugins::child::_geturlnotify function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.","releases":{"jessie":{"fixed_version":"17.0.7-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-7201":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"38.5.0-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-1678":{"scope":"remote","description":"The _cairo_xlib_surface_add_glyph function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) via unspecified vectors.","releases":{"jessie":{"fixed_version":"17.0.7-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-3647":{"scope":"remote","description":"The JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird before 3.1.6 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior, a related issue to CVE-2011-3004.","releases":{"jessie":{"fixed_version":"3.1.16-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-3648":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding.","releases":{"jessie":{"fixed_version":"3.1.16-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7763":{"scope":"remote","description":"Default fonts on OS X display some Tibetan characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-0795":{"scope":"remote","description":"The System Only Wrapper (SOW) implementation in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 does not prevent use of the cloneNode method for cloning a protected node, which allows remote attackers to bypass the Same Origin Policy or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site.","releases":{"jessie":{"fixed_version":"17.0.7-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-0796":{"scope":"remote","description":"The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 on Linux does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (free of unallocated memory) via unspecified vectors.","releases":{"jessie":{"fixed_version":"17.0.5-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-2799":{"scope":"remote","description":"Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors related to the JavaScript engine.","releases":{"jessie":{"fixed_version":"2.0.0.16-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7765":{"scope":"remote","description":"The \"Mark of the Web\" was not correctly saved on Windows when files with very long names were downloaded from the Internet. Without the Mark of the Web data, the security warning that Windows displays before running executables downloaded from the Internet is not shown. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-2798":{"scope":"remote","description":"Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors related to the layout engine.","releases":{"jessie":{"fixed_version":"2.0.0.16-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-0016":{"scope":"remote","description":"Stack-based buffer overflow in the URL parsing implementation in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to execute arbitrary code via a crafted UTF-8 URL in a link.","releases":{"jessie":{"fixed_version":"2.0.0.17-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7764":{"scope":"remote","description":"Characters from the \"Canadian Syllabics\" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw \"punycode\" form, allowing for domain name spoofing attacks through character confusion. The current Unicode standard allows characters from \"Aspirational Use Scripts\" such as Canadian Syllabics to be mixed with Latin characters in the \"moderately restrictive\" IDN profile. We have changed Firefox behavior to match the upcoming Unicode version 10.0 which removes this category and treats them as \"Limited Use Scripts.\". This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.","releases":{"jessie":{"fixed_version":"1:52.2.1-4~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-0793":{"scope":"remote","description":"Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 do not ensure the correctness of the address bar during history navigation, which allows remote attackers to conduct cross-site scripting (XSS) attacks or phishing attacks by leveraging control over navigation timing.","releases":{"jessie":{"fixed_version":"17.0.5-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-2785":{"debianbug":488358,"scope":"remote","description":"Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array (aka nsCSSValue:Array) data structure, which allows remote attackers to execute arbitrary code via a large number of references to a common CSS object, leading to a counter overflow and a free of in-use memory, aka ZDI-CAN-349.","releases":{"jessie":{"fixed_version":"2.0.0.16-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7779":{"debianbug":872834,"scope":"remote","description":"Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.","releases":{"jessie":{"fixed_version":"1:52.3.0-4~deb8u2","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-3650":{"scope":"remote","description":"Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug.","releases":{"jessie":{"fixed_version":"3.1.16-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7774":{"scope":"remote","description":"Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function.","releases":{"jessie":{"fixed_version":"1:52.2.1-4~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-5633":{"scope":"remote","description":"Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers to cause a denial of service (crash) by creating a range object using createRange, calling selectNode on a DocType node (DOCUMENT_TYPE_NODE), then calling createContextualFragment on the range, which triggers a null dereference.  NOTE: the original Bugtraq post mentioned that code execution was possible, but followup analysis has shown that it is only a null dereference.","releases":{"jessie":{"repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-7773":{"scope":"remote","description":"Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor.","releases":{"jessie":{"fixed_version":"1:52.2.1-4~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7772":{"scope":"remote","description":"Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function.","releases":{"jessie":{"fixed_version":"1:52.2.1-4~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5472":{"scope":"remote","description":"A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.","releases":{"jessie":{"fixed_version":"1:52.2.1-4~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7771":{"scope":"remote","description":"Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function.","releases":{"jessie":{"fixed_version":"1:52.2.1-4~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7778":{"scope":"remote","description":"A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.","releases":{"jessie":{"fixed_version":"1:52.2.1-4~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7777":{"scope":"remote","description":"Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function.","releases":{"jessie":{"fixed_version":"1:52.2.1-4~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-0836":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"31.5.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7776":{"scope":"remote","description":"Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph.","releases":{"jessie":{"fixed_version":"1:52.2.1-4~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-0833":{"scope":"local","description":"Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 on Windows, when the Maintenance Service is not used, allow local users to gain privileges via a Trojan horse DLL in (1) the current working directory or (2) a temporary directory, as demonstrated by bcrypt.dll.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-0831":{"scope":"remote","description":"Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted content that is improperly handled during IndexedDB index creation.","releases":{"jessie":{"fixed_version":"31.5.0-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-4039":{"scope":"remote","description":"Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-5470":{"scope":"remote","description":"Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.","releases":{"jessie":{"fixed_version":"1:52.2.1-4~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-0594":{"scope":"remote","description":"Mozilla Firefox before 2.0.0.12 does not always display a web forgery warning dialog if the entire contents of a web page are in a DIV tag that uses absolute positioning, which makes it easier for remote attackers to conduct phishing attacks.","releases":{"jessie":{"fixed_version":"2.0.0.12-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-5748":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger memory corruption.","releases":{"jessie":{"fixed_version":"1.5.0.8-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2008-0592":{"scope":"remote","description":"Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to cause a denial of service via a plain .txt file with a \"Content-Disposition: attachment\" and an invalid \"Content-Type: plain/text,\" which prevents Firefox from rendering future plain text files within the browser.","releases":{"jessie":{"fixed_version":"2.0.0.12-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-5747":{"scope":"remote","description":"Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary code via the XML.prototype.hasOwnProperty JavaScript function.","releases":{"jessie":{"fixed_version":"1.5.0.8-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2008-0593":{"scope":"remote","description":"Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original URL, such as with Single-Signon systems.","releases":{"jessie":{"fixed_version":"2.0.0.12-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-0591":{"scope":"remote","description":"Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, by using a timer to change the window focus, aka the \"dialog refocus bug\" or \"ffclick2\".","releases":{"jessie":{"fixed_version":"2.0.0.12-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7785":{"debianbug":872834,"scope":"remote","description":"A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.","releases":{"jessie":{"fixed_version":"1:52.3.0-4~deb8u2","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-0772":{"scope":"remote","description":"The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) via a crafted GIF image.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-0773":{"debianbug":703071,"scope":"remote","description":"The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) implementations in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent modifications to a prototype, which allows remote attackers to obtain sensitive information from chrome objects or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site.","releases":{"jessie":{"fixed_version":"17.0.5-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7784":{"debianbug":872834,"scope":"remote","description":"A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.","releases":{"jessie":{"fixed_version":"1:52.3.0-4~deb8u2","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-0774":{"scope":"remote","description":"Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent JavaScript workers from reading the browser-profile directory name, which has unspecified impact and remote attack vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-0775":{"debianbug":703071,"scope":"remote","description":"Use-after-free vulnerability in the nsImageLoadingContent::OnStopContainer function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via crafted web script.","releases":{"jessie":{"fixed_version":"17.0.5-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7782":{"scope":"remote","description":"An error in the \"WindowsDllDetourPatcher\" where a RWX (\"Read/Write/Execute\") 4k block is allocated but never protected, violating DEP protections. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-0770":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7787":{"debianbug":872834,"scope":"remote","description":"Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.","releases":{"jessie":{"fixed_version":"1:52.3.0-4~deb8u2","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7786":{"debianbug":872834,"scope":"remote","description":"A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.","releases":{"jessie":{"fixed_version":"1:52.3.0-4~deb8u2","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-0771":{"scope":"remote","description":"Heap-based buffer overflow in the gfxTextRun::ShrinkToLigatureBoundaries function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted document.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-0776":{"debianbug":703071,"scope":"remote","description":"Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides a 407 HTTP status code accompanied by web script, as demonstrated by a phishing attack on an HTTPS site.","releases":{"jessie":{"fixed_version":"17.0.5-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-0777":{"scope":"remote","description":"Use-after-free vulnerability in the nsDisplayBoxShadowOuter::Paint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-0778":{"scope":"remote","description":"The ClusterIterator::NextCluster function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-0779":{"scope":"remote","description":"The nsCodingStateMachine::NextState function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-9074":{"scope":"remote","description":"An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.","releases":{"jessie":{"fixed_version":"1:45.5.1-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9079":{"scope":"remote","description":"A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.","releases":{"jessie":{"fixed_version":"1:45.5.1-1~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5375":{"scope":"remote","description":"JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.","releases":{"jessie":{"fixed_version":"1:45.8.0-3~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-0783":{"debianbug":703071,"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"17.0.5-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-5376":{"scope":"remote","description":"Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.","releases":{"jessie":{"fixed_version":"1:45.8.0-3~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-0784":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-5373":{"scope":"remote","description":"Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.","releases":{"jessie":{"fixed_version":"1:45.8.0-3~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-0780":{"debianbug":703071,"scope":"remote","description":"Use-after-free vulnerability in the nsOverflowContinuationTracker::Finish function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted document that uses Cascading Style Sheets (CSS) -moz-column-* properties.","releases":{"jessie":{"fixed_version":"17.0.5-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-0781":{"scope":"remote","description":"Use-after-free vulnerability in the nsPrintEngine::CommonPrint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-5378":{"scope":"remote","description":"Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.","releases":{"jessie":{"fixed_version":"1:45.8.0-3~deb8u1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-0782":{"debianbug":703071,"scope":"remote","description":"Heap-based buffer overflow in the nsSaveAsCharset::DoCharsetConversion function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via unspecified vectors.","releases":{"jessie":{"fixed_version":"17.0.5-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-2061":{"debianbug":535124,"scope":"remote","description":"Mozilla Firefox before 3.0.10 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site.","releases":{"jessie":{"fixed_version":"2.0.0.22-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-0973":{"debianbug":773823,"scope":"remote","description":"Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7792":{"debianbug":872834,"scope":"remote","description":"A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.","releases":{"jessie":{"fixed_version":"1:52.3.0-4~deb8u2","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-0787":{"scope":"remote","description":"Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call.","releases":{"jessie":{"fixed_version":"17.0.5-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7791":{"debianbug":872834,"scope":"remote","description":"On pages containing an iframe, the \"data:\" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.","releases":{"jessie":{"fixed_version":"1:52.3.0-4~deb8u2","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-0788":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"jessie":{"fixed_version":"17.0.5-1","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-0789":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0 and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsContentUtils::HoldJSObjects function and the nsAutoPtr class, and other vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1:52.3.0-4~deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-6836":{"scope":"remote","description":"Heap-based buffer overflow in the ms_escher_get_data function in plugins/excel/ms-escher.c in GNOME Office Gnumeric before 1.12.9 allows remote attackers to cause a denial of service (crash) via a crafted xls file with a crafted length value.","releases":{"buster":{"fixed_version":"1.12.9-1","repositories":{"buster":"1.12.44-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.12.9-1","repositories":{"stretch":"1.12.32-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.12.9-1","repositories":{"jessie":"1.12.18-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.12.9-1","repositories":{"sid":"1.12.44-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2005-2491":{"debianbug":324531,"scope":"remote","description":"Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"1.5.1-1","repositories":{"buster":"1.12.44-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.5.1-1","repositories":{"stretch":"1.12.32-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1.5.1-1","repositories":{"jessie":"1.12.18-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.5.1-1","repositories":{"sid":"1.12.44-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-0668":{"scope":"remote","description":"The excel_read_HLINK function in plugins/excel/ms-excel-read.c in Gnome Office Gnumeric before 1.8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file containing XLS HLINK opcodes, possibly because of an integer signedness error that leads to an integer overflow.  NOTE: some of these details are obtained from third party information.","releases":{"buster":{"fixed_version":"1.8.1-1","repositories":{"buster":"1.12.44-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.8.1-1","repositories":{"stretch":"1.12.32-1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.8.1-1","repositories":{"jessie":"1.12.18-2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.8.1-1","repositories":{"sid":"1.12.44-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2009-0318":{"debianbug":513418,"scope":"local","description":"Untrusted search path vulnerability in the GObject Python interpreter wrapper in Gnumeric allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).","releases":{"buster":{"fixed_version":"1.8.4-3","repositories":{"buster":"1.12.44-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.8.4-3","repositories":{"stretch":"1.12.32-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.8.4-3","repositories":{"jessie":"1.12.18-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.8.4-3","repositories":{"sid":"1.12.44-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-6814":{"debianbug":851408,"scope":"remote","description":"When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects were subject to this vulnerability.","releases":{"jessie":{"fixed_version":"2.2.2+dfsg-3+deb8u2","repositories":{"jessie":"2.2.2+dfsg-3+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-3253":{"debianbug":793397,"scope":"remote","description":"The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object.","releases":{"jessie":{"fixed_version":"2.2.2+dfsg-3+deb8u1","repositories":{"jessie":"2.2.2+dfsg-3+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-7320":{"scope":"local","description":"** DISPUTED ** GNOME Seahorse through 3.30 allows physically proximate attackers to read plaintext passwords by using the quickAllow dialog at an unattended workstation, if the keyring is unlocked. NOTE: this is disputed by a software maintainer because the behavior represents a design decision.","releases":{"buster":{"repositories":{"buster":"3.30.1.1-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.20.0-3.1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.14.0-2"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.30.1.1-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-5357":{"scope":"remote","description":"regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.15-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.10-2.1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.10-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.15-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-6939":{"scope":"local","description":"GNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function.","releases":{"buster":{"fixed_version":"0.2-19","repositories":{"buster":"1.15-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.2-19","repositories":{"stretch":"1.10-2.1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.2-19","repositories":{"jessie":"1.10-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.2-19","repositories":{"sid":"1.15-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-3916":{"scope":"remote","description":"Heap-based buffer overflow in the strip_escapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename.  NOTE: since ed itself does not typically run with special privileges, this issue only crosses privilege boundaries when ed is invoked as a third-party component.","releases":{"buster":{"fixed_version":"0.7-2","repositories":{"buster":"1.15-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.7-2","repositories":{"stretch":"1.10-2.1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.7-2","repositories":{"jessie":"1.10-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.7-2","repositories":{"sid":"1.15-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-1577":{"scope":"remote","description":"Multiple stack-based buffer overflows in the putstring function in find.c in Cscope before 15.6 allow user-assisted remote attackers to execute arbitrary code via a long (1) function name or (2) symbol in a source-code file.","releases":{"buster":{"fixed_version":"15.6-1","repositories":{"buster":"15.9-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"15.6-1","repositories":{"stretch":"15.8b-2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"15.6-1","repositories":{"jessie":"15.8a-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"15.6-1","repositories":{"sid":"15.9-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2004-2541":{"debianbug":340177,"scope":"local","description":"Buffer overflow in Cscope 15.5, and possibly multiple overflows, allows remote attackers to execute arbitrary code via a C file with a long #include line that is later browsed by the target.","releases":{"buster":{"fixed_version":"15.5+cvs20050816-1.1","repositories":{"buster":"15.9-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"15.5+cvs20050816-1.1","repositories":{"stretch":"15.8b-2"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"15.5+cvs20050816-1.1","repositories":{"jessie":"15.8a-2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"15.5+cvs20050816-1.1","repositories":{"sid":"15.9-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2004-0996":{"debianbug":282815,"scope":"local","description":"main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.","releases":{"buster":{"fixed_version":"15.5-1.1","repositories":{"buster":"15.9-1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"15.5-1.1","repositories":{"stretch":"15.8b-2"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"15.5-1.1","repositories":{"jessie":"15.8a-2"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"15.5-1.1","repositories":{"sid":"15.9-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2006-4262":{"debianbug":385893,"scope":"remote","description":"Multiple buffer overflows in cscope 15.5 and earlier allow user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple vectors including (1) a long pathname that is not properly handled during file list parsing, (2) long pathnames that result from path variable expansion such as tilde expansion for the HOME environment variable, and (3) a long -f (aka reffile) command line argument.","releases":{"buster":{"fixed_version":"15.5+cvs20060902-1","repositories":{"buster":"15.9-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"15.5+cvs20060902-1","repositories":{"stretch":"15.8b-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"15.5+cvs20060902-1","repositories":{"jessie":"15.8a-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"15.5+cvs20060902-1","repositories":{"sid":"15.9-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-0148":{"debianbug":528510,"scope":"remote","description":"Multiple buffer overflows in Cscope before 15.7a allow remote attackers to execute arbitrary code via long strings in input such as (1) source-code tokens and (2) pathnames, related to integer overflows in some cases. NOTE: this issue exists because of an incomplete fix for CVE-2004-2541.","releases":{"buster":{"fixed_version":"15.7a-1","repositories":{"buster":"15.9-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"15.7a-1","repositories":{"stretch":"15.8b-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"15.7a-1","repositories":{"jessie":"15.8a-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"15.7a-1","repositories":{"sid":"15.9-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-0806":{"debianbug":466382,"scope":"local","description":"wyrd 1.4.3b allows local users to overwrite arbitrary files via a symlink attack on the wyrd-tmp.[USERID] temporary file.","releases":{"buster":{"fixed_version":"1.4.3b-4","repositories":{"buster":"1.4.6-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.4.3b-4","repositories":{"stretch":"1.4.6-4"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.4.3b-4","repositories":{"sid":"1.4.6-4"},"urgency":"low","status":"resolved"}}}}
{"TEMP-0302790-27DC0A":{"debianbug":302790,"releases":{"buster":{"fixed_version":"2.0.14-2","repositories":{"buster":"2.0.14-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.0.14-2","repositories":{"stretch":"2.0.14-4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.0.14-2","repositories":{"jessie":"2.0.14-4"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.0.14-2","repositories":{"sid":"2.0.14-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2019-11675":{"debianbug":928304,"scope":"local","description":"The groonga-httpd package 6.1.5-1 for Debian sets the /var/log/groonga ownership to the groonga account, which might let local users obtain root access because of unsafe interaction with logrotate. For example, an attacker can exploit a race condition to insert a symlink from /var/log/groonga/httpd to /etc/bash_completion.d. NOTE: this is an issue in the Debian packaging of the Groonga HTTP server.","releases":{"buster":{"fixed_version":"9.0.0-1+deb10u1","repositories":{"buster":"9.0.0-1+deb10u1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue, can be fixed via point release","repositories":{"stretch":"6.1.5-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"9.0.1-2","repositories":{"sid":"9.0.1-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-5314":{"debianbug":804708,"scope":"remote","description":"The eap_pwd_process function in eap_server/eap_server_pwd.c in hostapd 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when used with (1) an internal EAP server or (2) a RADIUS server and EAP-pwd is enabled in a runtime configuration, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message.","releases":{"buster":{"fixed_version":"2.3-2.3","repositories":{"buster":"2:2.7+git20190128+0c1e29f-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.3-2.3","repositories":{"stretch-security":"2:2.4-1+deb9u3","stretch":"2:2.4-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.3-1+deb8u3","repositories":{"jessie":"2.3-1+deb8u5","jessie-security":"2.3-1+deb8u7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.3-2.3","repositories":{"sid":"2:2.7+git20190128+0c1e29f-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-5315":{"debianbug":804708,"scope":"remote","description":"The eap_pwd_process function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when EAP-pwd is enabled in a network configuration profile, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message.","releases":{"buster":{"fixed_version":"2.3-2.3","repositories":{"buster":"2:2.7+git20190128+0c1e29f-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.3-2.3","repositories":{"stretch-security":"2:2.4-1+deb9u3","stretch":"2:2.4-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.3-1+deb8u3","repositories":{"jessie":"2.3-1+deb8u5","jessie-security":"2.3-1+deb8u7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.3-2.3","repositories":{"sid":"2:2.7+git20190128+0c1e29f-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-5316":{"debianbug":804710,"scope":"remote","description":"The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6, when EAP-pwd is enabled in a network configuration profile, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an EAP-pwd Confirm message followed by the Identity exchange.","releases":{"buster":{"fixed_version":"2.3-2.3","repositories":{"buster":"2:2.7+git20190128+0c1e29f-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.3-2.3","repositories":{"stretch-security":"2:2.4-1+deb9u3","stretch":"2:2.4-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.3-1+deb8u3","repositories":{"jessie":"2.3-1+deb8u5","jessie-security":"2.3-1+deb8u7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.3-2.3","repositories":{"sid":"2:2.7+git20190128+0c1e29f-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-2389":{"scope":"local","description":"hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 permissions for /etc/hostapd/hostapd.conf, which might allow local users to obtain sensitive information such as credentials.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2:2.7+git20190128+0c1e29f-5"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"2:2.4-1+deb9u3","stretch":"2:2.4-1+deb9u3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.3-1+deb8u5","jessie-security":"2.3-1+deb8u7"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2:2.7+git20190128+0c1e29f-5"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-4445":{"debianbug":689990,"scope":"remote","description":"Heap-based buffer overflow in the eap_server_tls_process_fragment function in eap_server_tls_common.c in the EAP authentication server in hostapd 0.6 through 1.0 allows remote attackers to cause a denial of service (crash or abort) via a small \"TLS Message Length\" value in an EAP-TLS message with the \"More Fragments\" flag set.","releases":{"buster":{"fixed_version":"1.0-3","repositories":{"buster":"2:2.7+git20190128+0c1e29f-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0-3","repositories":{"stretch-security":"2:2.4-1+deb9u3","stretch":"2:2.4-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0-3","repositories":{"jessie":"2.3-1+deb8u5","jessie-security":"2.3-1+deb8u7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0-3","repositories":{"sid":"2:2.7+git20190128+0c1e29f-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-10743":{"scope":"remote","description":"hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call.","releases":{"buster":{"fixed_version":"2:2.6-7","repositories":{"buster":"2:2.7+git20190128+0c1e29f-5"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch-security":"2:2.4-1+deb9u3","stretch":"2:2.4-1+deb9u3"},"urgency":"unimportant","status":"open"},"jessie":{"fixed_version":"2.3-1+deb8u7","repositories":{"jessie":"2.3-1+deb8u5","jessie-security":"2.3-1+deb8u7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:2.6-7","repositories":{"sid":"2:2.7+git20190128+0c1e29f-5"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-3686":{"debianbug":765352,"scope":"remote","description":"wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame.","releases":{"buster":{"fixed_version":"2.3-1","repositories":{"buster":"2:2.7+git20190128+0c1e29f-5"},"urgency":"high","status":"resolved"},"stretch":{"fixed_version":"2.3-1","repositories":{"stretch-security":"2:2.4-1+deb9u3","stretch":"2:2.4-1+deb9u3"},"urgency":"high","status":"resolved"},"jessie":{"fixed_version":"2.3-1","repositories":{"jessie":"2.3-1+deb8u5","jessie-security":"2.3-1+deb8u7"},"urgency":"high","status":"resolved"},"sid":{"fixed_version":"2.3-1","repositories":{"sid":"2:2.7+git20190128+0c1e29f-5"},"urgency":"high","status":"resolved"}}}}
{"CVE-2016-4477":{"debianbug":823411,"scope":"local","description":"wpa_supplicant 0.4.0 through 2.5 does not reject \\n and \\r characters in passphrase parameters, which allows local users to trigger arbitrary library loading and consequently gain privileges, or cause a denial of service (daemon outage), via a crafted (1) SET, (2) SET_CRED, or (3) SET_NETWORK command.","releases":{"buster":{"fixed_version":"2.3-2.4","repositories":{"buster":"2:2.7+git20190128+0c1e29f-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.3-2.4","repositories":{"stretch-security":"2:2.4-1+deb9u3","stretch":"2:2.4-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.3-1+deb8u4","repositories":{"jessie":"2.3-1+deb8u5","jessie-security":"2.3-1+deb8u7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.3-2.4","repositories":{"sid":"2:2.7+git20190128+0c1e29f-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-4476":{"debianbug":823411,"scope":"remote","description":"hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \\n and \\r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation.","releases":{"buster":{"fixed_version":"2.3-2.4","repositories":{"buster":"2:2.7+git20190128+0c1e29f-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.3-2.4","repositories":{"stretch-security":"2:2.4-1+deb9u3","stretch":"2:2.4-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.3-1+deb8u4","repositories":{"jessie":"2.3-1+deb8u5","jessie-security":"2.3-1+deb8u7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.3-2.4","repositories":{"sid":"2:2.7+git20190128+0c1e29f-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-11555":{"debianbug":927463,"scope":"remote","description":"The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference (denial of service). This affects eap_server/eap_server_pwd.c and eap_peer/eap_pwd.c.","releases":{"buster":{"fixed_version":"2:2.7+git20190128+0c1e29f-5","repositories":{"buster":"2:2.7+git20190128+0c1e29f-5"},"urgency":"medium**","status":"resolved"},"stretch":{"repositories":{"stretch-security":"2:2.4-1+deb9u3","stretch":"2:2.4-1+deb9u3"},"urgency":"medium**","status":"open"},"jessie":{"repositories":{"jessie":"2.3-1+deb8u5","jessie-security":"2.3-1+deb8u7"},"urgency":"medium**","status":"open"},"sid":{"fixed_version":"2:2.7+git20190128+0c1e29f-5","repositories":{"sid":"2:2.7+git20190128+0c1e29f-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8041":{"debianbug":795740,"scope":"remote","description":"Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which triggers an out-of-bounds read.","releases":{"buster":{"fixed_version":"2.3-2.2","repositories":{"buster":"2:2.7+git20190128+0c1e29f-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.3-2.2","repositories":{"stretch-security":"2:2.4-1+deb9u3","stretch":"2:2.4-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.3-1+deb8u3","repositories":{"jessie":"2.3-1+deb8u5","jessie-security":"2.3-1+deb8u7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.3-2.2","repositories":{"sid":"2:2.7+git20190128+0c1e29f-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-14526":{"debianbug":905739,"scope":"remote","description":"An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.","releases":{"buster":{"fixed_version":"2:2.6-18","repositories":{"buster":"2:2.7+git20190128+0c1e29f-5"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2:2.4-1+deb9u2","repositories":{"stretch-security":"2:2.4-1+deb9u3","stretch":"2:2.4-1+deb9u3"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"2.3-1+deb8u6","repositories":{"jessie":"2.3-1+deb8u5","jessie-security":"2.3-1+deb8u7"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2:2.6-18","repositories":{"sid":"2:2.7+git20190128+0c1e29f-5"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-13088":{"scope":"remote","description":"Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.","releases":{"buster":{"fixed_version":"2:2.4-1.1","repositories":{"buster":"2:2.7+git20190128+0c1e29f-5"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2:2.4-1+deb9u1","repositories":{"stretch-security":"2:2.4-1+deb9u3","stretch":"2:2.4-1+deb9u3"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"2.3-1+deb8u5","repositories":{"jessie":"2.3-1+deb8u5","jessie-security":"2.3-1+deb8u7"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2:2.4-1.1","repositories":{"sid":"2:2.7+git20190128+0c1e29f-5"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2015-4141":{"debianbug":787372,"scope":"remote","description":"The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow.","releases":{"buster":{"fixed_version":"2.3-2.2","repositories":{"buster":"2:2.7+git20190128+0c1e29f-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.3-2.2","repositories":{"stretch-security":"2:2.4-1+deb9u3","stretch":"2:2.4-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.3-1+deb8u3","repositories":{"jessie":"2.3-1+deb8u5","jessie-security":"2.3-1+deb8u7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.3-2.2","repositories":{"sid":"2:2.7+git20190128+0c1e29f-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-4142":{"debianbug":787373,"scope":"remote","description":"Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read.","releases":{"buster":{"fixed_version":"2.3-2.2","repositories":{"buster":"2:2.7+git20190128+0c1e29f-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.3-2.2","repositories":{"stretch-security":"2:2.4-1+deb9u3","stretch":"2:2.4-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.3-1+deb8u3","repositories":{"jessie":"2.3-1+deb8u5","jessie-security":"2.3-1+deb8u7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.3-2.2","repositories":{"sid":"2:2.7+git20190128+0c1e29f-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-4143":{"debianbug":787371,"scope":"remote","description":"The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload.","releases":{"buster":{"fixed_version":"2.3-2.2","repositories":{"buster":"2:2.7+git20190128+0c1e29f-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.3-2.2","repositories":{"stretch-security":"2:2.4-1+deb9u3","stretch":"2:2.4-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.3-1+deb8u3","repositories":{"jessie":"2.3-1+deb8u5","jessie-security":"2.3-1+deb8u7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.3-2.2","repositories":{"sid":"2:2.7+git20190128+0c1e29f-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-5310":{"debianbug":804707,"scope":"remote","description":"The WNM Sleep Mode code in wpa_supplicant 2.x before 2.6 does not properly ignore key data in response frames when management frame protection (MFP) was not negotiated, which allows remote attackers to inject arbitrary broadcast or multicast packets or cause a denial of service (ignored packets) via a WNM Sleep Mode response.","releases":{"buster":{"fixed_version":"2.3-2.3","repositories":{"buster":"2:2.7+git20190128+0c1e29f-5"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2.3-2.3","repositories":{"stretch-security":"2:2.4-1+deb9u3","stretch":"2:2.4-1+deb9u3"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"2.3-1+deb8u3","repositories":{"jessie":"2.3-1+deb8u5","jessie-security":"2.3-1+deb8u7"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2.3-2.3","repositories":{"sid":"2:2.7+git20190128+0c1e29f-5"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2015-4144":{"debianbug":787371,"scope":"remote","description":"The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service (crash) via a crafted message.","releases":{"buster":{"fixed_version":"2.3-2.2","repositories":{"buster":"2:2.7+git20190128+0c1e29f-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.3-2.2","repositories":{"stretch-security":"2:2.4-1+deb9u3","stretch":"2:2.4-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.3-1+deb8u3","repositories":{"jessie":"2.3-1+deb8u5","jessie-security":"2.3-1+deb8u7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.3-2.2","repositories":{"sid":"2:2.7+git20190128+0c1e29f-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-4145":{"debianbug":787371,"scope":"remote","description":"The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate a fragment is already being processed, which allows remote attackers to cause a denial of service (memory leak) via a crafted message.","releases":{"buster":{"fixed_version":"2.3-2.2","repositories":{"buster":"2:2.7+git20190128+0c1e29f-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.3-2.2","repositories":{"stretch-security":"2:2.4-1+deb9u3","stretch":"2:2.4-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.3-1+deb8u3","repositories":{"jessie":"2.3-1+deb8u5","jessie-security":"2.3-1+deb8u7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.3-2.2","repositories":{"sid":"2:2.7+git20190128+0c1e29f-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-4146":{"debianbug":787371,"scope":"remote","description":"The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not clear the L (Length) and M (More) flags before determining if a response should be fragmented, which allows remote attackers to cause a denial of service (crash) via a crafted message.","releases":{"buster":{"fixed_version":"2.3-2.2","repositories":{"buster":"2:2.7+git20190128+0c1e29f-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.3-2.2","repositories":{"stretch-security":"2:2.4-1+deb9u3","stretch":"2:2.4-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.3-1+deb8u3","repositories":{"jessie":"2.3-1+deb8u5","jessie-security":"2.3-1+deb8u7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.3-2.2","repositories":{"sid":"2:2.7+git20190128+0c1e29f-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-9497":{"debianbug":926801,"scope":"remote","description":"The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not implement additional checks for the EC point, the attacker will not be able to derive the session key or complete the key exchange. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.","releases":{"buster":{"fixed_version":"2:2.7+git20190128+0c1e29f-4","repositories":{"buster":"2:2.7+git20190128+0c1e29f-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:2.4-1+deb9u3","repositories":{"stretch-security":"2:2.4-1+deb9u3","stretch":"2:2.4-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"repositories":{"jessie":"2.3-1+deb8u5","jessie-security":"2.3-1+deb8u7"},"urgency":"medium**","status":"open"},"sid":{"fixed_version":"2:2.7+git20190128+0c1e29f-4","repositories":{"sid":"2:2.7+git20190128+0c1e29f-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-9496":{"debianbug":926801,"scope":"remote","description":"An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. An attacker may force the hostapd process to terminate, performing a denial of service attack. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.","releases":{"buster":{"fixed_version":"2:2.7+git20190128+0c1e29f-4","repositories":{"buster":"2:2.7+git20190128+0c1e29f-5"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"SAE code not enabled for build in stretch","repositories":{"stretch-security":"2:2.4-1+deb9u3","stretch":"2:2.4-1+deb9u3"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"SAE code not enabled for build in jessie","repositories":{"jessie":"2.3-1+deb8u5","jessie-security":"2.3-1+deb8u7"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"2:2.7+git20190128+0c1e29f-4","repositories":{"sid":"2:2.7+git20190128+0c1e29f-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-9499":{"debianbug":926801,"scope":"remote","description":"The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.","releases":{"buster":{"fixed_version":"2:2.7+git20190128+0c1e29f-4","repositories":{"buster":"2:2.7+git20190128+0c1e29f-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:2.4-1+deb9u3","repositories":{"stretch-security":"2:2.4-1+deb9u3","stretch":"2:2.4-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"repositories":{"jessie":"2.3-1+deb8u5","jessie-security":"2.3-1+deb8u7"},"urgency":"medium**","status":"open"},"sid":{"fixed_version":"2:2.7+git20190128+0c1e29f-4","repositories":{"sid":"2:2.7+git20190128+0c1e29f-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-9498":{"debianbug":926801,"scope":"remote","description":"The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.","releases":{"buster":{"fixed_version":"2:2.7+git20190128+0c1e29f-4","repositories":{"buster":"2:2.7+git20190128+0c1e29f-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:2.4-1+deb9u3","repositories":{"stretch-security":"2:2.4-1+deb9u3","stretch":"2:2.4-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"repositories":{"jessie":"2.3-1+deb8u5","jessie-security":"2.3-1+deb8u7"},"urgency":"medium**","status":"open"},"sid":{"fixed_version":"2:2.7+git20190128+0c1e29f-4","repositories":{"sid":"2:2.7+git20190128+0c1e29f-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-9495":{"debianbug":926801,"scope":"remote","description":"The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.","releases":{"buster":{"fixed_version":"2:2.7+git20190128+0c1e29f-4","repositories":{"buster":"2:2.7+git20190128+0c1e29f-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:2.4-1+deb9u3","repositories":{"stretch-security":"2:2.4-1+deb9u3","stretch":"2:2.4-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"repositories":{"jessie":"2.3-1+deb8u5","jessie-security":"2.3-1+deb8u7"},"urgency":"medium**","status":"open"},"sid":{"fixed_version":"2:2.7+git20190128+0c1e29f-4","repositories":{"sid":"2:2.7+git20190128+0c1e29f-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-9494":{"debianbug":926801,"scope":"remote","description":"The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.","releases":{"buster":{"fixed_version":"2:2.7+git20190128+0c1e29f-4","repositories":{"buster":"2:2.7+git20190128+0c1e29f-5"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"SAE code not enabled for build in stretch","repositories":{"stretch-security":"2:2.4-1+deb9u3","stretch":"2:2.4-1+deb9u3"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"SAE code not enabled for build in jessie","repositories":{"jessie":"2.3-1+deb8u5","jessie-security":"2.3-1+deb8u7"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"2:2.7+git20190128+0c1e29f-4","repositories":{"sid":"2:2.7+git20190128+0c1e29f-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-13086":{"scope":"remote","description":"Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.","releases":{"buster":{"fixed_version":"2:2.4-1.1","repositories":{"buster":"2:2.7+git20190128+0c1e29f-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:2.4-1+deb9u1","repositories":{"stretch-security":"2:2.4-1+deb9u3","stretch":"2:2.4-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.3-1+deb8u5","repositories":{"jessie":"2.3-1+deb8u5","jessie-security":"2.3-1+deb8u7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:2.4-1.1","repositories":{"sid":"2:2.7+git20190128+0c1e29f-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-13087":{"scope":"remote","description":"Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.","releases":{"buster":{"fixed_version":"2:2.4-1.1","repositories":{"buster":"2:2.7+git20190128+0c1e29f-5"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2:2.4-1+deb9u1","repositories":{"stretch-security":"2:2.4-1+deb9u3","stretch":"2:2.4-1+deb9u3"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"2.3-1+deb8u5","repositories":{"jessie":"2.3-1+deb8u5","jessie-security":"2.3-1+deb8u7"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2:2.4-1.1","repositories":{"sid":"2:2.7+git20190128+0c1e29f-5"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-13084":{"scope":"remote","description":"Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.","releases":{"buster":{"repositories":{"buster":"2:2.7+git20190128+0c1e29f-5"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"2:2.4-1+deb9u3","stretch":"2:2.4-1+deb9u3"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.3-1+deb8u5","jessie-security":"2.3-1+deb8u7"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2:2.7+git20190128+0c1e29f-5"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-13082":{"scope":"remote","description":"Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.","releases":{"buster":{"fixed_version":"2:2.4-1.1","repositories":{"buster":"2:2.7+git20190128+0c1e29f-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:2.4-1+deb9u1","repositories":{"stretch-security":"2:2.4-1+deb9u3","stretch":"2:2.4-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.3-1+deb8u5","repositories":{"jessie":"2.3-1+deb8u5","jessie-security":"2.3-1+deb8u7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:2.4-1.1","repositories":{"sid":"2:2.7+git20190128+0c1e29f-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-13080":{"scope":"remote","description":"Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.","releases":{"buster":{"fixed_version":"2:2.4-1.1","repositories":{"buster":"2:2.7+git20190128+0c1e29f-5"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2:2.4-1+deb9u1","repositories":{"stretch-security":"2:2.4-1+deb9u3","stretch":"2:2.4-1+deb9u3"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"2.3-1+deb8u5","repositories":{"jessie":"2.3-1+deb8u5","jessie-security":"2.3-1+deb8u7"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2:2.4-1.1","repositories":{"sid":"2:2.7+git20190128+0c1e29f-5"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-13081":{"scope":"remote","description":"Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.","releases":{"buster":{"fixed_version":"2:2.4-1.1","repositories":{"buster":"2:2.7+git20190128+0c1e29f-5"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2:2.4-1+deb9u1","repositories":{"stretch-security":"2:2.4-1+deb9u3","stretch":"2:2.4-1+deb9u3"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"2.3-1+deb8u5","repositories":{"jessie":"2.3-1+deb8u5","jessie-security":"2.3-1+deb8u7"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2:2.4-1.1","repositories":{"sid":"2:2.7+git20190128+0c1e29f-5"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-13079":{"scope":"remote","description":"Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.","releases":{"buster":{"fixed_version":"2:2.4-1.1","repositories":{"buster":"2:2.7+git20190128+0c1e29f-5"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2:2.4-1+deb9u1","repositories":{"stretch-security":"2:2.4-1+deb9u3","stretch":"2:2.4-1+deb9u3"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"2.3-1+deb8u5","repositories":{"jessie":"2.3-1+deb8u5","jessie-security":"2.3-1+deb8u7"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2:2.4-1.1","repositories":{"sid":"2:2.7+git20190128+0c1e29f-5"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-13077":{"scope":"remote","description":"Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.","releases":{"buster":{"fixed_version":"2:2.4-1.1","repositories":{"buster":"2:2.7+git20190128+0c1e29f-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:2.4-1+deb9u1","repositories":{"stretch-security":"2:2.4-1+deb9u3","stretch":"2:2.4-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.3-1+deb8u5","repositories":{"jessie":"2.3-1+deb8u5","jessie-security":"2.3-1+deb8u7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:2.4-1.1","repositories":{"sid":"2:2.7+git20190128+0c1e29f-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-13078":{"scope":"remote","description":"Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.","releases":{"buster":{"fixed_version":"2:2.4-1.1","repositories":{"buster":"2:2.7+git20190128+0c1e29f-5"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2:2.4-1+deb9u1","repositories":{"stretch-security":"2:2.4-1+deb9u3","stretch":"2:2.4-1+deb9u3"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"2.3-1+deb8u5","repositories":{"jessie":"2.3-1+deb8u5","jessie-security":"2.3-1+deb8u7"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2:2.4-1.1","repositories":{"sid":"2:2.7+git20190128+0c1e29f-5"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2015-1863":{"debianbug":783148,"scope":"remote","description":"Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries.","releases":{"buster":{"fixed_version":"2.3-2","repositories":{"buster":"2:2.7+git20190128+0c1e29f-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.3-2","repositories":{"stretch-security":"2:2.4-1+deb9u3","stretch":"2:2.4-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.3-1+deb8u1","repositories":{"jessie":"2.3-1+deb8u5","jessie-security":"2.3-1+deb8u7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.3-2","repositories":{"sid":"2:2.7+git20190128+0c1e29f-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2004-1034":{"scope":"remote","description":"Buffer overflow in the http_open function in Kaffeine before 0.5, whose code is also used in gxine before 0.3.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long Content-Type header for a Real Audio Media (.ram) playlist file.","releases":{"stretch":{"fixed_version":"0.4-rc1","repositories":{"stretch":"0.5.908-3.1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.4-rc1","repositories":{"jessie":"0.5.908-3.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2005-1692":{"debianbug":310712,"scope":"remote","description":"Format string vulnerability in gxine 0.4.1 through 0.4.4, and other versions down to 0.3, allows remote attackers to execute arbitrary code via a ram file with a URL whose hostname contains format string specifiers.","releases":{"stretch":{"fixed_version":"0.4.7-0.1","repositories":{"stretch":"0.5.908-3.1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"0.4.7-0.1","repositories":{"jessie":"0.5.908-3.1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2007-0406":{"debianbug":405876,"scope":"local","description":"Multiple buffer overflows in the (1) main function in (a) client.c, and the (2) server_setup and (3) server_client_connect functions in (b) server.c in gxine 0.5.9 and earlier allow local users to cause a denial of service (daemon crash) or gain privileges via a long HOME environment variable.  NOTE: some of these details are obtained from third party information.","releases":{"stretch":{"fixed_version":"0.5.8-2","repositories":{"stretch":"0.5.908-3.1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"0.5.8-2","repositories":{"jessie":"0.5.908-3.1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2008-5139":{"debianbug":410548,"scope":"local","description":"updatejail in jailer 0.4 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/#####.updatejail temporary file.","releases":{"jessie":{"fixed_version":"0.4-10","repositories":{"jessie":"0.4-17"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-3590":{"scope":"remote","description":"The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, includes all of root's SSH private keys within a vmcore file, which allows context-dependent attackers to obtain sensitive information by inspecting the file content.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:2.0.18-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1:2.0.14-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.0.7-5"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:2.0.18-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-3588":{"scope":"remote","description":"The SSH configuration in the Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, disables the StrictHostKeyChecking option, which allows man-in-the-middle attackers to spoof kdump servers, and obtain sensitive core information, by using an arbitrary SSH key.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:2.0.18-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1:2.0.14-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.0.7-5"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:2.0.18-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-3589":{"scope":"remote","description":"The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, uses world-readable permissions for vmcore files, which allows local users to obtain sensitive information by inspecting the file content, as demonstrated by a search for a root SSH key.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:2.0.18-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1:2.0.14-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.0.7-5"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:2.0.18-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-0267":{"scope":"local","description":"The Red Hat module-setup.sh script for kexec-tools, as distributed in the kexec-tools before 2.0.7-19 packages in Red Hat Enterprise Linux, allows local users to write to arbitrary files via a symlink attack on a temporary file.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:2.0.18-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1:2.0.14-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.0.7-5"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:2.0.18-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-10369":{"debianbug":862098,"scope":"local","description":"unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).","releases":{"buster":{"fixed_version":"0.3.0-2","repositories":{"buster":"0.3.2-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.3.0-2","repositories":{"stretch":"0.3.0-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.2.0-1+deb8u1","repositories":{"jessie":"0.2.0-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.3.0-2","repositories":{"sid":"0.3.2-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-17142":{"scope":"remote","description":"The html package (aka x/net/html) through 2018-09-17 in Go mishandles <math><template><mo><template>, leading to a \"panic: runtime error\" in parseCurrentToken in parse.go during an html.Parse call.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"0.0~hg20131201-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-17143":{"scope":"remote","description":"The html package (aka x/net/html) through 2018-09-17 in Go mishandles <template><tBody><isindex/action=0>, leading to a \"panic: runtime error\" in inBodyIM in parse.go during an html.Parse call.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"0.0~hg20131201-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-17075":{"scope":"remote","description":"The html package (aka x/net/html) before 2018-07-13 in Go mishandles \"in frameset\" insertion mode, leading to a \"panic: runtime error\" for html.Parse of <template><object>, <template><applet>, or <template><marquee>. This is related to HTMLTreeBuilder.cpp in WebKit.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"0.0~hg20131201-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-17847":{"debianbug":911795,"scope":"remote","description":"The html package (aka x/net/html) through 2018-09-25 in Go mishandles <svg><template><desc><t><svg><\/template>, leading to a \"panic: runtime error\" (index out of range) in (*nodeStack).pop in node.go, called from (*parser).clearActiveFormattingElements, during an html.Parse call.","releases":{"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.0~hg20131201-1"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"}}}}
{"CVE-2018-17848":{"debianbug":911795,"scope":"remote","description":"The html package (aka x/net/html) through 2018-09-25 in Go mishandles <math><template><mn><b><\/template>, leading to a \"panic: runtime error\" (index out of range) in (*insertionModeStack).pop in node.go, called from inHeadIM, during an html.Parse call.","releases":{"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.0~hg20131201-1"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"}}}}
{"CVE-2018-17846":{"debianbug":911795,"scope":"remote","description":"The html package (aka x/net/html) through 2018-09-25 in Go mishandles <table><math><select><mi><select><\/table>, leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification.","releases":{"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.0~hg20131201-1"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"}}}}
{"CVE-2018-19492":{"scope":"remote","description":"An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument passed to the \"set font\" function. This issue occurs when the Gnuplot pngcairo terminal is used as a backend.","releases":{"buster":{"repositories":{"buster":"5.2.6+dfsg1-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"5.0.5+dfsg1-6+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"fixed_version":"4.6.6-2+deb8u1","repositories":{"jessie":"4.6.6-2","jessie-security":"4.6.6-2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"repositories":{"sid":"5.2.6+dfsg1-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-9670":{"debianbug":864901,"scope":"remote","description":"An uninitialized stack variable vulnerability in load_tic_series() in set.c in gnuplot 5.2.rc1 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact when a victim opens a specially crafted file.","releases":{"buster":{"fixed_version":"5.0.5+dfsg1-7","repositories":{"buster":"5.2.6+dfsg1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"5.0.5+dfsg1-6+deb9u1","repositories":{"stretch":"5.0.5+dfsg1-6+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.6.6-2","jessie-security":"4.6.6-2+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"5.0.5+dfsg1-7","repositories":{"sid":"5.2.6+dfsg1-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-19491":{"scope":"remote","description":"An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PS_options function. This flaw is caused by a missing size check of an argument passed to the \"set font\" function. This issue occurs when the Gnuplot postscript terminal is used as a backend.","releases":{"buster":{"repositories":{"buster":"5.2.6+dfsg1-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"5.0.5+dfsg1-6+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"fixed_version":"4.6.6-2+deb8u1","repositories":{"jessie":"4.6.6-2","jessie-security":"4.6.6-2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"repositories":{"sid":"5.2.6+dfsg1-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2018-19490":{"scope":"remote","description":"An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerability, an attacker must pass an overlong string as the right bound of the range argument that is passed to the plot function.","releases":{"buster":{"repositories":{"buster":"5.2.6+dfsg1-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"5.0.5+dfsg1-6+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"fixed_version":"4.6.6-2+deb8u1","repositories":{"jessie":"4.6.6-2","jessie-security":"4.6.6-2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"repositories":{"sid":"5.2.6+dfsg1-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2015-8855":{"scope":"remote","description":"The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a \"regular expression denial of service (ReDoS).\"","releases":{"buster":{"fixed_version":"5.3.0-1","repositories":{"buster":"5.5.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"5.3.0-1","repositories":{"stretch":"5.3.0-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.1.0-2"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"5.3.0-1","repositories":{"sid":"5.5.1-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-17512":{"debianbug":881767,"scope":"remote","description":"sensible-browser in sensible-utils before 0.0.11 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument.","releases":{"buster":{"fixed_version":"0.0.11","repositories":{"buster":"0.0.12"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.0.9+deb9u1","repositories":{"stretch-security":"0.0.9+deb9u1","stretch":"0.0.9+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.0.9+deb8u1","repositories":{"jessie":"0.0.9+deb8u1","jessie-security":"0.0.9+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.0.11","repositories":{"sid":"0.0.12"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-9578":{"debianbug":923874,"scope":"remote","description":"In devs.c in Yubico libu2f-host before 1.1.8, the response to init is misparsed, leaking uninitialized stack memory back to the device.","releases":{"buster":{"fixed_version":"1.1.9-1","repositories":{"buster":"1.1.9-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch-security":"1.1.2-2+deb9u1","stretch":"1.1.2-2+deb9u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.1.9-1","repositories":{"sid":"1.1.9-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-20340":{"debianbug":921726,"scope":"local","description":"Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which could enable a malicious token to exploit a buffer overflow. An attacker could use this to attempt to execute malicious code using a crafted USB device masquerading as a security token on a computer where the affected library is currently in use. It is not possible to perform this attack with a genuine YubiKey.","releases":{"buster":{"fixed_version":"1.1.7-1","repositories":{"buster":"1.1.9-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.1.2-2+deb9u1","repositories":{"stretch-security":"1.1.2-2+deb9u1","stretch":"1.1.2-2+deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.1.7-1","repositories":{"sid":"1.1.9-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7961":{"debianbug":860961,"scope":"remote","description":"** DISPUTED ** The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an \"outside the range of representable values of type long\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CSS file. NOTE: third-party analysis reports \"This is not a security issue in my view. The conversion surely is truncating the double into a long value, but there is no impact as the value is one of the RGB components.\"","releases":{"buster":{"fixed_version":"0.6.11-3","repositories":{"buster":"0.6.12-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.6.11-3","repositories":{"stretch":"0.6.11-3"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue; will be fixed via point release","repositories":{"jessie":"0.6.8-3"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.6.11-3","repositories":{"sid":"0.6.12-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7960":{"debianbug":860961,"scope":"remote","description":"The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file.","releases":{"buster":{"fixed_version":"0.6.11-3","repositories":{"buster":"0.6.12-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.6.11-3","repositories":{"stretch":"0.6.11-3"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue; will be fixed via point release","repositories":{"jessie":"0.6.8-3"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.6.11-3","repositories":{"sid":"0.6.12-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-8871":{"debianbug":864666,"scope":"remote","description":"The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file.","releases":{"buster":{"nodsa":"Minor issue","repositories":{"buster":"0.6.12-3"},"urgency":"low","nodsa_reason":"","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.6.11-3"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.6.8-3"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"0.6.12-3"},"urgency":"low","status":"open"}}}}
{"CVE-2017-8834":{"debianbug":864666,"scope":"remote","description":"The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file.","releases":{"buster":{"nodsa":"Minor issue","repositories":{"buster":"0.6.12-3"},"urgency":"low","nodsa_reason":"","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.6.11-3"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.6.8-3"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"0.6.12-3"},"urgency":"low","status":"open"}}}}
{"CVE-2016-1246":{"scope":"remote","description":"Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message.","releases":{"buster":{"fixed_version":"4.037-1","repositories":{"buster":"4.050-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"4.037-1","repositories":{"stretch":"4.041-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"4.028-2+deb8u2","repositories":{"jessie":"4.028-2+deb8u2","jessie-security":"4.028-2+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.037-1","repositories":{"sid":"4.050-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-8949":{"scope":"remote","description":"Use-after-free vulnerability in the my_login function in DBD::mysql before 4.033_01 allows attackers to have unspecified impact by leveraging a call to mysql_errno after a failure of my_login.","releases":{"buster":{"fixed_version":"4.035-1","repositories":{"buster":"4.050-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.035-1","repositories":{"stretch":"4.041-2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.028-2+deb8u1","repositories":{"jessie":"4.028-2+deb8u2","jessie-security":"4.028-2+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.035-1","repositories":{"sid":"4.050-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-1249":{"debianbug":844475,"scope":"remote","description":"The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allows attackers to cause a denial of service (out-of-bounds read) via vectors involving an unaligned number of placeholders in WHERE condition and output fields in SELECT expression.","releases":{"buster":{"fixed_version":"4.039-1","repositories":{"buster":"4.050-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.039-1","repositories":{"stretch":"4.041-2"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"4.028-2+deb8u2","jessie-security":"4.028-2+deb8u2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"4.039-1","repositories":{"sid":"4.050-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-9906":{"scope":"remote","description":"Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server connection.","releases":{"buster":{"fixed_version":"4.033-1","repositories":{"buster":"4.050-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.033-1","repositories":{"stretch":"4.041-2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.028-2+deb8u1","repositories":{"jessie":"4.028-2+deb8u2","jessie-security":"4.028-2+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.033-1","repositories":{"sid":"4.050-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-10789":{"debianbug":866821,"scope":"remote","description":"The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting's documentation has a \"your communication with the server will be encrypted\" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152.","releases":{"buster":{"fixed_version":"4.046-1","repositories":{"buster":"4.050-2"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue, can be fixed via point release","repositories":{"stretch":"4.041-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue, can be fixed via point release","repositories":{"jessie":"4.028-2+deb8u2","jessie-security":"4.028-2+deb8u2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"4.046-1","repositories":{"sid":"4.050-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-10788":{"debianbug":866818,"scope":"remote","description":"The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples.","releases":{"buster":{"fixed_version":"4.046-1","repositories":{"buster":"4.050-2"},"urgency":"high**","status":"resolved"},"stretch":{"nodsa":"Minor issue, can be fixed via point release","repositories":{"stretch":"4.041-2"},"urgency":"high**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue, can be fixed via point release","repositories":{"jessie":"4.028-2+deb8u2","jessie-security":"4.028-2+deb8u2"},"urgency":"high**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"4.046-1","repositories":{"sid":"4.050-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-1251":{"scope":"remote","description":"There is a vulnerability of type use-after-free affecting DBD::mysql (aka DBD-mysql or the Database Interface (DBI) MySQL driver for Perl) 3.x and 4.x before 4.041 when used with mysql_server_prepare=1.","releases":{"buster":{"fixed_version":"4.041-1","repositories":{"buster":"4.050-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.041-1","repositories":{"stretch":"4.041-2"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"4.028-2+deb8u2","jessie-security":"4.028-2+deb8u2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"4.041-1","repositories":{"sid":"4.050-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-2524":{"debianbug":741953,"scope":"local","description":"The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.","releases":{"jessie":{"fixed_version":"6.3-7","repositories":{"jessie":"6.3-8"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-13797":{"scope":"remote","description":"The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call.","releases":{"buster":{"fixed_version":"0.2.9-1","repositories":{"buster":"0.2.9-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0.2.9-1","repositories":{"sid":"0.2.9-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-20004":{"debianbug":918007,"scope":"remote","description":"An issue has been found in Mini-XML (aka mxml) 2.12. It is a stack-based buffer overflow in mxml_write_node in mxml-file.c via vectors involving a double-precision floating point number and the '<order type=\"real\">' substring, as demonstrated by testmxml.","releases":{"buster":{"fixed_version":"2.12-2","repositories":{"buster":"2.12-2"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.10-1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"2.6-2+deb8u1","repositories":{"jessie":"2.6-2","jessie-security":"2.6-2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.12-2","repositories":{"sid":"2.12-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-20005":{"scope":"remote","description":"An issue has been found in Mini-XML (aka mxml) 2.12. It is a use-after-free in mxmlWalkNext in mxml-search.c, as demonstrated by mxmldoc.","releases":{"buster":{"repositories":{"buster":"2.12-2"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"2.10-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6-2","jessie-security":"2.6-2+deb8u1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2.12-2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2018-20592":{"debianbug":924353,"scope":"remote","description":"In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated by mxmldoc.","releases":{"buster":{"nodsa":"Minor issue","repositories":{"buster":"2.12-2"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.10-1"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Minor issue, only affected the mxmldoc tool","repositories":{"jessie":"2.6-2","jessie-security":"2.6-2+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"2.12-2"},"urgency":"low","status":"open"}}}}
{"CVE-2016-4570":{"debianbug":825855,"scope":"remote","description":"The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.","releases":{"buster":{"fixed_version":"2.9-1","repositories":{"buster":"2.12-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.9-1","repositories":{"stretch":"2.10-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.6-2+deb8u1","repositories":{"jessie":"2.6-2","jessie-security":"2.6-2+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.9-1","repositories":{"sid":"2.12-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-20593":{"debianbug":924353,"scope":"remote","description":"In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c.","releases":{"buster":{"nodsa":"Minor issue","repositories":{"buster":"2.12-2"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.10-1"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Minor issue, only affects the mxmldoc tool","repositories":{"jessie":"2.6-2","jessie-security":"2.6-2+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"2.12-2"},"urgency":"low","status":"open"}}}}
{"CVE-2016-4571":{"debianbug":825855,"scope":"remote","description":"The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.","releases":{"buster":{"fixed_version":"2.9-2","repositories":{"buster":"2.12-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.9-2","repositories":{"stretch":"2.10-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.6-2+deb8u1","repositories":{"jessie":"2.6-2","jessie-security":"2.6-2+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.9-2","repositories":{"sid":"2.12-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-3121":{"debianbug":429221,"scope":"remote","description":"Buffer overflow in the CCdecode function in contrib/ntsc-cc.c in the zvbi-ntsc-cc tool in Zapping VBI Library (ZVBI) before 0.2.25 allows attackers to cause a denial of service (application crash) and possibly execute arbitrary code via long data during a reception error.  NOTE: some of these details are obtained from third party information.","releases":{"buster":{"fixed_version":"0.2.25-1","repositories":{"buster":"0.2.35-16"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0.2.25-1","repositories":{"stretch":"0.2.35-13"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0.2.25-1","repositories":{"jessie":"0.2.35-3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0.2.25-1","repositories":{"sid":"0.2.35-16"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-0357":{"scope":"remote","description":"A heap-overflow flaw exists in the -tr loader of iucode-tool starting with v1.4 and before v2.1.1, potentially leading to SIGSEGV, or heap corruption.","releases":{"buster":{"fixed_version":"2.1.1-1","repositories":{"buster":"2.3.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.1.1-1","repositories":{"stretch":"2.1.1-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.1.1-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.1.1-1","repositories":{"sid":"2.3.1-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-3156":{"debianbug":787654,"scope":"local","description":"The _write_config function in trove/guestagent/datastore/experimental/mongodb/service.py, reset_configuration function in trove/guestagent/datastore/experimental/postgresql/service/config.py, write_config function in trove/guestagent/datastore/experimental/redis/service.py, _write_mycnf function in trove/guestagent/datastore/mysql/service.py, InnoBackupEx::_run_prepare function in trove/guestagent/strategies/restore/mysql_impl.py, InnoBackupEx::cmd function in trove/guestagent/strategies/backup/mysql_impl.py, MySQLDump::cmd in trove/guestagent/strategies/backup/mysql_impl.py, InnoBackupExIncremental::cmd function in trove/guestagent/strategies/backup/mysql_impl.py, _get_actual_db_status function in trove/guestagent/datastore/experimental/cassandra/system.py and trove/guestagent/datastore/experimental/cassandra/service.py, and multiple class CbBackup methods in trove/guestagent/strategies/backup/experimental/couchbase_impl.py in Openstack DBaaS (aka Trove) as packaged in Openstack before 2015.1.0 (aka Kilo) allows local users to write to configuration files via a symlink attack on a temporary file.","releases":{"stretch":{"repositories":{"stretch":"1:6.0.0-3"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2014.1.3-8"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"1:10.0.0-3"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2014-7230":{"debianbug":765704,"scope":"local","description":"The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log.","releases":{"stretch":{"fixed_version":"2014.1.3-1","repositories":{"stretch":"1:6.0.0-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2014.1.3-1","repositories":{"jessie":"2014.1.3-8"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2014.1.3-1","repositories":{"sid":"1:10.0.0-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2006-5873":{"debianbug":401742,"scope":"remote","description":"Buffer overflow in the cluster_process_heartbeat function in cluster.c in layer 2 tunneling protocol network server (l2tpns) before 2.1.21 allows remote attackers to cause a denial of service via a large heartbeat packet.","releases":{"buster":{"fixed_version":"2.1.21-1","repositories":{"buster":"2.2.1-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.1.21-1","repositories":{"stretch":"2.2.1-2"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.1.21-1","repositories":{"jessie":"2.2.1-1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.1.21-1","repositories":{"sid":"2.2.1-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2011-1070":{"debianbug":619404,"releases":{"buster":{"fixed_version":"0.1.10-1","repositories":{"buster":"0.1.10-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.1.10-1","repositories":{"stretch":"0.1.10-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.1.10-1","repositories":{"jessie":"0.1.10-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.1.10-1","repositories":{"sid":"0.1.10-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-5661":{"debianbug":860567,"scope":"remote","description":"In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.","releases":{"buster":{"fixed_version":"1:2.1-6","repositories":{"buster":"1:2.3-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:2.1-6","repositories":{"stretch":"1:2.1-6"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:1.1.dfsg2-1+deb8u1","repositories":{"jessie":"1:1.1.dfsg2-1+deb8u1","jessie-security":"1:1.1.dfsg2-1+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:2.1-6","repositories":{"sid":"1:2.3-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2019-9741":{"debianbug":924630,"scope":"remote","description":"An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \\r\\n followed by an HTTP header or a Redis command.","releases":{"jessie":{"fixed_version":"2:1.3.3-1+deb8u2","repositories":{"jessie":"2:1.3.3-1","jessie-security":"2:1.3.3-1+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-6574":{"scope":"local","description":"Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow \"go get\" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.","releases":{"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2:1.3.3-1","jessie-security":"2:1.3.3-1+deb8u2"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"}}}}
{"CVE-2015-8618":{"debianbug":809168,"scope":"remote","description":"The Int.Exp Montgomery code in the math/big library in Go 1.5.x before 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"2:1.3.3-1","jessie-security":"2:1.3.3-1+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-5739":{"debianbug":795106,"scope":"remote","description":"The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by \"Content Length\" instead of \"Content-Length.\"","releases":{"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2:1.3.3-1","jessie-security":"2:1.3.3-1+deb8u2"},"urgency":"high**","nodsa_reason":"","status":"open"}}}}
{"CVE-2017-15042":{"scope":"remote","description":"An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. RFC 4954 requires that, during SMTP, the PLAIN auth scheme must only be used on network connections secured with TLS. The original implementation of smtp.PlainAuth in Go 1.0 enforced this requirement, and it was documented to do so. In 2013, upstream issue #5184, this was changed so that the server may decide whether PLAIN is acceptable. The result is that if you set up a man-in-the-middle SMTP server that doesn't advertise STARTTLS and does advertise that PLAIN auth is OK, the smtp.PlainAuth implementation sends the username and password.","releases":{"jessie":{"nodsa":"Minor issue, would require builds of all go packages in stable","repositories":{"jessie":"2:1.3.3-1","jessie-security":"2:1.3.3-1+deb8u2"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"}}}}
{"CVE-2019-6486":{"debianbug":920548,"scope":"remote","description":"Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.","releases":{"jessie":{"fixed_version":"2:1.3.3-1+deb8u1","repositories":{"jessie":"2:1.3.3-1","jessie-security":"2:1.3.3-1+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-15041":{"scope":"remote","description":"Go before 1.8.4 and 1.9.x before 1.9.1 allows \"go get\" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repository. If the Subversion repository includes a Git checkout in its pkg2 directory and some other work is done to ensure the proper ordering of operations, \"go get\" can be tricked into reusing this Git checkout for the fetch of code from pkg2. If the Subversion repository's Git checkout has malicious commands in .git/hooks/, they will execute on the system running \"go get.\"","releases":{"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2:1.3.3-1","jessie-security":"2:1.3.3-1+deb8u2"},"urgency":"high**","nodsa_reason":"ignored","status":"open"}}}}
{"CVE-2016-5386":{"scope":"remote","description":"The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue.","releases":{"jessie":{"repositories":{"jessie":"2:1.3.3-1","jessie-security":"2:1.3.3-1+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2014-7189":{"scope":"remote","description":"crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors.","releases":{"jessie":{"fixed_version":"2:1.3.2-1","repositories":{"jessie":"2:1.3.3-1","jessie-security":"2:1.3.3-1+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-1000098":{"scope":"remote","description":"The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given \"maxMemory\" limit. It was possible for an attacker to generate a multipart request crafted such that the server ran out of file descriptors.","releases":{"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2:1.3.3-1","jessie-security":"2:1.3.3-1+deb8u2"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"}}}}
{"TEMP-0000000-1C4729":{"releases":{"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2:1.3.3-1","jessie-security":"2:1.3.3-1+deb8u2"},"urgency":"not yet assigned","nodsa_reason":"","status":"open"}}}}
{"CVE-2017-1000097":{"scope":"remote","description":"On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"2:1.3.3-1","jessie-security":"2:1.3.3-1+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-8932":{"debianbug":863307,"scope":"remote","description":"A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"2:1.3.3-1","jessie-security":"2:1.3.3-1+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-7187":{"debianbug":895663,"scope":"remote","description":"The \"go get\" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path (get/vcs.go only checks for \"://\" anywhere in the string), which allows remote attackers to execute arbitrary OS commands via a crafted web site.","releases":{"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2:1.3.3-1","jessie-security":"2:1.3.3-1+deb8u2"},"urgency":"high**","nodsa_reason":"ignored","status":"open"}}}}
{"CVE-2016-3958":{"scope":"local","description":"Untrusted search path vulnerability in Go before 1.5.4 and 1.6.x before 1.6.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, related to use of the LoadLibrary function.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"2:1.3.3-1","jessie-security":"2:1.3.3-1+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-3959":{"debianbug":820369,"scope":"remote","description":"The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries.","releases":{"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2:1.3.3-1","jessie-security":"2:1.3.3-1+deb8u2"},"urgency":"medium**","nodsa_reason":"","status":"open"}}}}
{"CVE-2015-5740":{"debianbug":795106,"scope":"remote","description":"The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers.","releases":{"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2:1.3.3-1","jessie-security":"2:1.3.3-1+deb8u2"},"urgency":"high**","nodsa_reason":"","status":"open"}}}}
{"CVE-2015-5741":{"debianbug":795106,"releases":{"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2:1.3.3-1","jessie-security":"2:1.3.3-1+deb8u2"},"urgency":"not yet assigned","nodsa_reason":"","status":"open"}}}}
{"TEMP-0000000-62CF51":{"releases":{"buster":{"fixed_version":"2.0.2-1","repositories":{"buster":"4.1.1-3"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"2.0.2-1","repositories":{"stretch":"4.1.1-2"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"2.0.2-1","repositories":{"jessie":"4.1.0-2+deb8u1","jessie-security":"4.1.0-2+deb8u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"2.0.2-1","repositories":{"sid":"4.1.1-3"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2016-2851":{"debianbug":817799,"scope":"remote","description":"Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"4.1.1-1","repositories":{"buster":"4.1.1-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.1.1-1","repositories":{"stretch":"4.1.1-2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.1.0-2+deb8u1","repositories":{"jessie":"4.1.0-2+deb8u1","jessie-security":"4.1.0-2+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.1.1-1","repositories":{"sid":"4.1.1-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-3461":{"debianbug":684121,"scope":"remote","description":"The (1) otrl_base64_otr_decode function in src/b64.c; (2) otrl_proto_data_read_flags and (3) otrl_proto_accept_data functions in src/proto.c; and (4) decode function in toolkit/parse.c in libotr before 3.2.1 allocates a zero-length buffer when decoding a base64 string, which allows remote attackers to cause a denial of service (application crash) via a message with the value \"?OTR:===.\", which triggers a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"3.2.1-1","repositories":{"buster":"4.1.1-3"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"3.2.1-1","repositories":{"stretch":"4.1.1-2"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"3.2.1-1","repositories":{"jessie":"4.1.0-2+deb8u1","jessie-security":"4.1.0-2+deb8u1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"3.2.1-1","repositories":{"sid":"4.1.1-3"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2013-6171":{"debianbug":729063,"scope":"remote","description":"checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by attaching to the process and using a restricted file descriptor to modify account information in the response to the dovecot-auth server.","releases":{"buster":{"fixed_version":"1:2.2.9-1","repositories":{"buster":"1:2.3.4.1-5"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:2.2.9-1","repositories":{"stretch-security":"1:2.2.27-3+deb9u4","stretch":"1:2.2.27-3+deb9u4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:2.2.9-1","repositories":{"jessie":"1:2.2.13-12~deb8u4","jessie-security":"1:2.2.13-12~deb8u6"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:2.2.9-1","repositories":{"sid":"1:2.3.4.1-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-4870":{"scope":"local","description":"dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.","releases":{"buster":{"repositories":{"buster":"1:2.3.4.1-5"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"1:2.2.27-3+deb9u4","stretch":"1:2.2.27-3+deb9u4"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1:2.2.13-12~deb8u4","jessie-security":"1:2.2.13-12~deb8u6"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"1:2.3.4.1-5"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2019-11494":{"debianbug":928235,"scope":"remote","description":"In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command.","releases":{"buster":{"fixed_version":"1:2.3.4.1-5","repositories":{"buster":"1:2.3.4.1-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1:2.2.27-3+deb9u4","stretch":"1:2.2.27-3+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.2.13-12~deb8u4","jessie-security":"1:2.2.13-12~deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:2.3.4.1-5","repositories":{"sid":"1:2.3.4.1-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-5301":{"debianbug":506031,"scope":"remote","description":"Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a \"..\" (dot dot) in a script name.","releases":{"buster":{"fixed_version":"1:1.0.15-2.3","repositories":{"buster":"1:2.3.4.1-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.0.15-2.3","repositories":{"stretch-security":"1:2.2.27-3+deb9u4","stretch":"1:2.2.27-3+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:1.0.15-2.3","repositories":{"jessie":"1:2.2.13-12~deb8u4","jessie-security":"1:2.2.13-12~deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.0.15-2.3","repositories":{"sid":"1:2.3.4.1-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-4577":{"debianbug":502967,"scope":"remote","description":"The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.","releases":{"buster":{"fixed_version":"1:1.0.15-2.2","repositories":{"buster":"1:2.3.4.1-5"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:1.0.15-2.2","repositories":{"stretch-security":"1:2.2.27-3+deb9u4","stretch":"1:2.2.27-3+deb9u4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:1.0.15-2.2","repositories":{"jessie":"1:2.2.13-12~deb8u4","jessie-security":"1:2.2.13-12~deb8u6"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:1.0.15-2.2","repositories":{"sid":"1:2.3.4.1-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-4318":{"debianbug":649511,"scope":"remote","description":"Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.","releases":{"buster":{"fixed_version":"1:2.0.18-1","repositories":{"buster":"1:2.3.4.1-5"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1:2.0.18-1","repositories":{"stretch-security":"1:2.2.27-3+deb9u4","stretch":"1:2.2.27-3+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1:2.0.18-1","repositories":{"jessie":"1:2.2.13-12~deb8u4","jessie-security":"1:2.2.13-12~deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:2.0.18-1","repositories":{"sid":"1:2.3.4.1-5"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-4578":{"debianbug":502967,"scope":"remote","description":"The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the \"k\" right to create unauthorized \"parent/child/child\" mailboxes.","releases":{"buster":{"fixed_version":"1:1.1.9-1","repositories":{"buster":"1:2.3.4.1-5"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:1.1.9-1","repositories":{"stretch-security":"1:2.2.27-3+deb9u4","stretch":"1:2.2.27-3+deb9u4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:1.1.9-1","repositories":{"jessie":"1:2.2.13-12~deb8u4","jessie-security":"1:2.2.13-12~deb8u6"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:1.1.9-1","repositories":{"sid":"1:2.3.4.1-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2019-7524":{"scope":"local","description":"In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components.","releases":{"buster":{"fixed_version":"1:2.3.4.1-3","repositories":{"buster":"1:2.3.4.1-5"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:2.2.27-3+deb9u4","repositories":{"stretch-security":"1:2.2.27-3+deb9u4","stretch":"1:2.2.27-3+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:2.2.13-12~deb8u6","repositories":{"jessie":"1:2.2.13-12~deb8u4","jessie-security":"1:2.2.13-12~deb8u6"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:2.3.4.1-3","repositories":{"sid":"1:2.3.4.1-5"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-15132":{"debianbug":888432,"scope":"remote","description":"A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion.","releases":{"buster":{"fixed_version":"1:2.2.34-1","repositories":{"buster":"1:2.3.4.1-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:2.2.27-3+deb9u2","repositories":{"stretch-security":"1:2.2.27-3+deb9u4","stretch":"1:2.2.27-3+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:2.2.13-12~deb8u4","repositories":{"jessie":"1:2.2.13-12~deb8u4","jessie-security":"1:2.2.13-12~deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:2.2.34-1","repositories":{"sid":"1:2.3.4.1-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-14461":{"debianbug":891819,"scope":"remote","description":"A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the server.","releases":{"buster":{"fixed_version":"1:2.2.34-1","repositories":{"buster":"1:2.3.4.1-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:2.2.27-3+deb9u2","repositories":{"stretch-security":"1:2.2.27-3+deb9u4","stretch":"1:2.2.27-3+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:2.2.13-12~deb8u4","repositories":{"jessie":"1:2.2.13-12~deb8u4","jessie-security":"1:2.2.13-12~deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:2.2.34-1","repositories":{"sid":"1:2.3.4.1-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-11499":{"debianbug":928235,"scope":"remote","description":"In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login component crashes if AUTH PLAIN is attempted over a TLS secured channel with an unacceptable authentication message.","releases":{"buster":{"fixed_version":"1:2.3.4.1-5","repositories":{"buster":"1:2.3.4.1-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1:2.2.27-3+deb9u4","stretch":"1:2.2.27-3+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.2.13-12~deb8u4","jessie-security":"1:2.2.13-12~deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:2.3.4.1-5","repositories":{"sid":"1:2.3.4.1-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-15130":{"debianbug":891820,"scope":"remote","description":"A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart.","releases":{"buster":{"fixed_version":"1:2.2.34-1","repositories":{"buster":"1:2.3.4.1-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:2.2.27-3+deb9u2","repositories":{"stretch-security":"1:2.2.27-3+deb9u4","stretch":"1:2.2.27-3+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:2.2.13-12~deb8u4","repositories":{"jessie":"1:2.2.13-12~deb8u4","jessie-security":"1:2.2.13-12~deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:2.2.34-1","repositories":{"sid":"1:2.3.4.1-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-8652":{"debianbug":846605,"scope":"remote","description":"The auth component in Dovecot before 2.2.27, when auth-policy is configured, allows a remote attackers to cause a denial of service (crash) by aborting authentication without setting a username.","releases":{"buster":{"fixed_version":"1:2.2.27-1","repositories":{"buster":"1:2.3.4.1-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:2.2.27-1","repositories":{"stretch-security":"1:2.2.27-3+deb9u4","stretch":"1:2.2.27-3+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.2.13-12~deb8u4","jessie-security":"1:2.2.13-12~deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:2.2.27-1","repositories":{"sid":"1:2.3.4.1-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-2414":{"scope":"remote","description":"Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via \"..\" sequences in the (1) LIST or (2) DELETE IMAP command.","releases":{"buster":{"fixed_version":"1.0.beta8-1","repositories":{"buster":"1:2.3.4.1-5"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.0.beta8-1","repositories":{"stretch-security":"1:2.2.27-3+deb9u4","stretch":"1:2.2.27-3+deb9u4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.0.beta8-1","repositories":{"jessie":"1:2.2.13-12~deb8u4","jessie-security":"1:2.2.13-12~deb8u6"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.0.beta8-1","repositories":{"sid":"1:2.3.4.1-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2006-0730":{"debianbug":353341,"scope":"remote","description":"Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) \"potential hangs\" in the APPEND command and \"potential crashes\" in (2) dovecot-auth and (3) imap/pop3-login.  NOTE: vector 2 might be related to a double free vulnerability.","releases":{"buster":{"fixed_version":"1.0.beta3-1","repositories":{"buster":"1:2.3.4.1-5"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.0.beta3-1","repositories":{"stretch-security":"1:2.2.27-3+deb9u4","stretch":"1:2.2.27-3+deb9u4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.0.beta3-1","repositories":{"jessie":"1:2.2.13-12~deb8u4","jessie-security":"1:2.2.13-12~deb8u6"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.0.beta3-1","repositories":{"sid":"1:2.3.4.1-5"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2009-2632":{"debianbug":546656,"scope":"local","description":"Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.","releases":{"buster":{"fixed_version":"1:1.2.1-1","repositories":{"buster":"1:2.3.4.1-5"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1:1.2.1-1","repositories":{"stretch-security":"1:2.2.27-3+deb9u4","stretch":"1:2.2.27-3+deb9u4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1:1.2.1-1","repositories":{"jessie":"1:2.2.13-12~deb8u4","jessie-security":"1:2.2.13-12~deb8u6"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1:1.2.1-1","repositories":{"sid":"1:2.3.4.1-5"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2013-2111":{"scope":"remote","description":"The IMAP functionality in Dovecot before 2.2.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via invalid APPEND parameters.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:2.3.4.1-5"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1:2.2.27-3+deb9u4","stretch":"1:2.2.27-3+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.2.13-12~deb8u4","jessie-security":"1:2.2.13-12~deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:2.3.4.1-5"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-4011":{"scope":"remote","description":"Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a \"memory aliasing issue.\"","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:2.3.4.1-5"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1:2.2.27-3+deb9u4","stretch":"1:2.2.27-3+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.2.13-12~deb8u4","jessie-security":"1:2.2.13-12~deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:2.3.4.1-5"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-3780":{"debianbug":599521,"scope":"remote","description":"Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.","releases":{"buster":{"fixed_version":"1:1.2.15-1","repositories":{"buster":"1:2.3.4.1-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.2.15-1","repositories":{"stretch-security":"1:2.2.27-3+deb9u4","stretch":"1:2.2.27-3+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:1.2.15-1","repositories":{"jessie":"1:2.2.13-12~deb8u4","jessie-security":"1:2.2.13-12~deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.2.15-1","repositories":{"sid":"1:2.3.4.1-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-3706":{"scope":"remote","description":"plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.","releases":{"buster":{"fixed_version":"1:1.2.15-1","repositories":{"buster":"1:2.3.4.1-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.2.15-1","repositories":{"stretch-security":"1:2.2.27-3+deb9u4","stretch":"1:2.2.27-3+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:1.2.15-1","repositories":{"jessie":"1:2.2.13-12~deb8u4","jessie-security":"1:2.2.13-12~deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.2.15-1","repositories":{"sid":"1:2.3.4.1-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-0535":{"scope":"remote","description":"Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:2.3.4.1-5"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1:2.2.27-3+deb9u4","stretch":"1:2.2.27-3+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.2.13-12~deb8u4","jessie-security":"1:2.2.13-12~deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:2.3.4.1-5"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-3304":{"scope":"remote","description":"The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.","releases":{"buster":{"fixed_version":"1.2.13-1","repositories":{"buster":"1:2.3.4.1-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.2.13-1","repositories":{"stretch-security":"1:2.2.27-3+deb9u4","stretch":"1:2.2.27-3+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.2.13-1","repositories":{"jessie":"1:2.2.13-12~deb8u4","jessie-security":"1:2.2.13-12~deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.2.13-1","repositories":{"sid":"1:2.3.4.1-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-3420":{"debianbug":783649,"scope":"remote","description":"The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures.","releases":{"buster":{"fixed_version":"1:2.2.13-12","repositories":{"buster":"1:2.3.4.1-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:2.2.13-12","repositories":{"stretch-security":"1:2.2.27-3+deb9u4","stretch":"1:2.2.27-3+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:2.2.13-12~deb8u1","repositories":{"jessie":"1:2.2.13-12~deb8u4","jessie-security":"1:2.2.13-12~deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:2.2.13-12","repositories":{"sid":"1:2.3.4.1-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-10691":{"scope":"remote","description":"The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username.","releases":{"buster":{"fixed_version":"1:2.3.4.1-4","repositories":{"buster":"1:2.3.4.1-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1:2.2.27-3+deb9u4","stretch":"1:2.2.27-3+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.2.13-12~deb8u4","jessie-security":"1:2.2.13-12~deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:2.3.4.1-4","repositories":{"sid":"1:2.3.4.1-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-3707":{"scope":"remote","description":"plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.","releases":{"buster":{"fixed_version":"1:1.2.15-1","repositories":{"buster":"1:2.3.4.1-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.2.15-1","repositories":{"stretch-security":"1:2.2.27-3+deb9u4","stretch":"1:2.2.27-3+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:1.2.15-1","repositories":{"jessie":"1:2.2.13-12~deb8u4","jessie-security":"1:2.2.13-12~deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.2.15-1","repositories":{"sid":"1:2.3.4.1-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-2166":{"scope":"remote","description":"script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script.","releases":{"buster":{"fixed_version":"1:2.0.13-1","repositories":{"buster":"1:2.3.4.1-5"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:2.0.13-1","repositories":{"stretch-security":"1:2.2.27-3+deb9u4","stretch":"1:2.2.27-3+deb9u4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:2.0.13-1","repositories":{"jessie":"1:2.2.13-12~deb8u4","jessie-security":"1:2.2.13-12~deb8u6"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:2.0.13-1","repositories":{"sid":"1:2.3.4.1-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-4983":{"releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:2.3.4.1-5"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1:2.2.27-3+deb9u4","stretch":"1:2.2.27-3+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.2.13-12~deb8u4","jessie-security":"1:2.2.13-12~deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:2.3.4.1-5"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-1199":{"debianbug":469457,"scope":"local","description":"Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.","releases":{"buster":{"fixed_version":"1:1.0.12-1","repositories":{"buster":"1:2.3.4.1-5"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1:1.0.12-1","repositories":{"stretch-security":"1:2.2.27-3+deb9u4","stretch":"1:2.2.27-3+deb9u4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1:1.0.12-1","repositories":{"jessie":"1:2.2.13-12~deb8u4","jessie-security":"1:2.2.13-12~deb8u6"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1:1.0.12-1","repositories":{"sid":"1:2.3.4.1-5"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2017-2669":{"debianbug":860049,"scope":"remote","description":"Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through var_expand() to perform %variable expansion. Sending specially crafted %variable fields could result in excessive memory usage causing the process to crash (and restart), or excessive CPU usage causing all authentications to hang.","releases":{"buster":{"fixed_version":"1:2.2.27-3","repositories":{"buster":"1:2.3.4.1-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:2.2.27-3","repositories":{"stretch-security":"1:2.2.27-3+deb9u4","stretch":"1:2.2.27-3+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.2.13-12~deb8u4","jessie-security":"1:2.2.13-12~deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:2.2.27-3","repositories":{"sid":"1:2.3.4.1-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-2167":{"scope":"remote","description":"script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.","releases":{"buster":{"fixed_version":"1:2.0.13-1","repositories":{"buster":"1:2.3.4.1-5"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:2.0.13-1","repositories":{"stretch-security":"1:2.2.27-3+deb9u4","stretch":"1:2.2.27-3+deb9u4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:2.0.13-1","repositories":{"jessie":"1:2.2.13-12~deb8u4","jessie-security":"1:2.2.13-12~deb8u6"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:2.0.13-1","repositories":{"sid":"1:2.3.4.1-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-3235":{"debianbug":546656,"scope":"remote","description":"Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.","releases":{"buster":{"fixed_version":"1:1.2.1-1","repositories":{"buster":"1:2.3.4.1-5"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1:1.2.1-1","repositories":{"stretch-security":"1:2.2.27-3+deb9u4","stretch":"1:2.2.27-3+deb9u4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1:1.2.1-1","repositories":{"jessie":"1:2.2.13-12~deb8u4","jessie-security":"1:2.2.13-12~deb8u6"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1:1.2.1-1","repositories":{"sid":"1:2.3.4.1-5"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2008-4907":{"scope":"remote","description":"The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka \"invalid message address parsing bug.\"","releases":{"buster":{"fixed_version":"1:1.1.7-1","repositories":{"buster":"1:2.3.4.1-5"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:1.1.7-1","repositories":{"stretch-security":"1:2.2.27-3+deb9u4","stretch":"1:2.2.27-3+deb9u4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:1.1.7-1","repositories":{"jessie":"1:2.2.13-12~deb8u4","jessie-security":"1:2.2.13-12~deb8u6"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:1.1.7-1","repositories":{"sid":"1:2.3.4.1-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2006-5973":{"scope":"remote","description":"Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to \"yes,\" allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.","releases":{"buster":{"fixed_version":"1.0.rc15-1","repositories":{"buster":"1:2.3.4.1-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.rc15-1","repositories":{"stretch-security":"1:2.2.27-3+deb9u4","stretch":"1:2.2.27-3+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.rc15-1","repositories":{"jessie":"1:2.2.13-12~deb8u4","jessie-security":"1:2.2.13-12~deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.rc15-1","repositories":{"sid":"1:2.3.4.1-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-3897":{"debianbug":557601,"scope":"local","description":"Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.","releases":{"buster":{"fixed_version":"1:1.2.8-1","repositories":{"buster":"1:2.3.4.1-5"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1:1.2.8-1","repositories":{"stretch-security":"1:2.2.27-3+deb9u4","stretch":"1:2.2.27-3+deb9u4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1:1.2.8-1","repositories":{"jessie":"1:2.2.13-12~deb8u4","jessie-security":"1:2.2.13-12~deb8u6"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1:1.2.8-1","repositories":{"sid":"1:2.3.4.1-5"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2008-1218":{"scope":"remote","description":"Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.","releases":{"buster":{"fixed_version":"1:1.0.13-1","repositories":{"buster":"1:2.3.4.1-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.0.13-1","repositories":{"stretch-security":"1:2.2.27-3+deb9u4","stretch":"1:2.2.27-3+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:1.0.13-1","repositories":{"jessie":"1:2.2.13-12~deb8u4","jessie-security":"1:2.2.13-12~deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.0.13-1","repositories":{"sid":"1:2.3.4.1-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-3430":{"debianbug":747549,"scope":"remote","description":"Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service (resource consumption) via an incomplete SSL/TLS handshake for an IMAP/POP3 connection.","releases":{"buster":{"fixed_version":"1:2.2.13~rc1-1","repositories":{"buster":"1:2.3.4.1-5"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:2.2.13~rc1-1","repositories":{"stretch-security":"1:2.2.27-3+deb9u4","stretch":"1:2.2.27-3+deb9u4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:2.2.13~rc1-1","repositories":{"jessie":"1:2.2.13-12~deb8u4","jessie-security":"1:2.2.13-12~deb8u6"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:2.2.13~rc1-1","repositories":{"sid":"1:2.3.4.1-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2019-3814":{"scope":"remote","description":"It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.","releases":{"buster":{"fixed_version":"1:2.3.4.1-1","repositories":{"buster":"1:2.3.4.1-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:2.2.27-3+deb9u3","repositories":{"stretch-security":"1:2.2.27-3+deb9u4","stretch":"1:2.2.27-3+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:2.2.13-12~deb8u5","repositories":{"jessie":"1:2.2.13-12~deb8u4","jessie-security":"1:2.2.13-12~deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:2.3.4.1-1","repositories":{"sid":"1:2.3.4.1-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-1929":{"debianbug":627443,"scope":"remote","description":"lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.","releases":{"buster":{"fixed_version":"1:2.0.13-1","repositories":{"buster":"1:2.3.4.1-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:2.0.13-1","repositories":{"stretch-security":"1:2.2.27-3+deb9u4","stretch":"1:2.2.27-3+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:2.0.13-1","repositories":{"jessie":"1:2.2.13-12~deb8u4","jessie-security":"1:2.2.13-12~deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:2.0.13-1","repositories":{"sid":"1:2.3.4.1-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-4211":{"scope":"remote","description":"The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.","releases":{"buster":{"fixed_version":"1:1.0.3-2","repositories":{"buster":"1:2.3.4.1-5"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:1.0.3-2","repositories":{"stretch-security":"1:2.2.27-3+deb9u4","stretch":"1:2.2.27-3+deb9u4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:1.0.3-2","repositories":{"jessie":"1:2.2.13-12~deb8u4","jessie-security":"1:2.2.13-12~deb8u6"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:1.0.3-2","repositories":{"sid":"1:2.3.4.1-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-2231":{"scope":"remote","description":"Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.","releases":{"buster":{"fixed_version":"1.0.rc29-1","repositories":{"buster":"1:2.3.4.1-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.rc29-1","repositories":{"stretch-security":"1:2.2.27-3+deb9u4","stretch":"1:2.2.27-3+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.rc29-1","repositories":{"jessie":"1:2.2.13-12~deb8u4","jessie-security":"1:2.2.13-12~deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.rc29-1","repositories":{"sid":"1:2.3.4.1-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-0745":{"scope":"remote","description":"Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.","releases":{"buster":{"fixed_version":"1:1.2.11-1","repositories":{"buster":"1:2.3.4.1-5"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:1.2.11-1","repositories":{"stretch-security":"1:2.2.27-3+deb9u4","stretch":"1:2.2.27-3+deb9u4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:1.2.11-1","repositories":{"jessie":"1:2.2.13-12~deb8u4","jessie-security":"1:2.2.13-12~deb8u6"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:1.2.11-1","repositories":{"sid":"1:2.3.4.1-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-3779":{"debianbug":599521,"scope":"remote","description":"Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.","releases":{"buster":{"fixed_version":"1:1.2.15-1","repositories":{"buster":"1:2.3.4.1-5"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1:1.2.15-1","repositories":{"stretch-security":"1:2.2.27-3+deb9u4","stretch":"1:2.2.27-3+deb9u4"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1:1.2.15-1","repositories":{"jessie":"1:2.2.13-12~deb8u4","jessie-security":"1:2.2.13-12~deb8u6"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1:1.2.15-1","repositories":{"sid":"1:2.3.4.1-5"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2007-6598":{"debianbug":458315,"scope":"remote","description":"Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.","releases":{"buster":{"fixed_version":"1:1.0.10-1","repositories":{"buster":"1:2.3.4.1-5"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:1.0.10-1","repositories":{"stretch-security":"1:2.2.27-3+deb9u4","stretch":"1:2.2.27-3+deb9u4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:1.0.10-1","repositories":{"jessie":"1:2.2.13-12~deb8u4","jessie-security":"1:2.2.13-12~deb8u6"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:1.0.10-1","repositories":{"sid":"1:2.3.4.1-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-2684":{"debianbug":633870,"scope":"local","description":"foo2zjs before 20110722dfsg-3ubuntu1 as packaged in Ubuntu, 20110722dfsg-1 as packaged in Debian unstable, and 20090908dfsg-5.1+squeeze0 as packaged in Debian squeeze create temporary files insecurely, which allows local users to write over arbitrary files via a symlink attack on /tmp/foo2zjs.","releases":{"buster":{"fixed_version":"20110722dfsg-1","repositories":{"buster":"20171202dfsg0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"20110722dfsg-1","repositories":{"stretch":"20160902dfsg0-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"20110722dfsg-1","repositories":{"jessie":"20140925dfsg0-3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"20110722dfsg-1","repositories":{"sid":"20171202dfsg0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-7569":{"debianbug":839282,"scope":"remote","description":"Directory traversal vulnerability in docker2aci before 0.13.0 allows remote attackers to write to arbitrary files via a .. (dot dot) in the embedded layer data in an image.","releases":{"buster":{"fixed_version":"0.14.0+dfsg-1","repositories":{"buster":"0.17.2+dfsg-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.14.0+dfsg-1","repositories":{"sid":"0.17.2+dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-8579":{"debianbug":840711,"scope":"local","description":"docker2aci <= 0.12.3 has an infinite loop when handling local images with cyclic dependency chain.","releases":{"buster":{"fixed_version":"0.12.3+dfsg-2","repositories":{"buster":"0.17.2+dfsg-2"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"0.12.3+dfsg-2","repositories":{"sid":"0.17.2+dfsg-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2015-0226":{"debianbug":777741,"scope":"remote","description":"Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via a series of crafted messages.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-2487.","releases":{"buster":{"fixed_version":"1.6.15-2","repositories":{"buster":"1.6.19-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.6.15-2","repositories":{"stretch":"1.6.15-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.6.15-2","repositories":{"jessie":"1.6.15-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.6.15-2","repositories":{"sid":"1.6.19-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-0227":{"debianbug":777741,"scope":"remote","description":"Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to \"wrapping attacks.\"","releases":{"buster":{"fixed_version":"1.6.15-2","repositories":{"buster":"1.6.19-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.6.15-2","repositories":{"stretch":"1.6.15-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.6.15-2","repositories":{"jessie":"1.6.15-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.6.15-2","repositories":{"sid":"1.6.19-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-2977":{"scope":"remote","description":"Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.13 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.7.7-9"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.2.10.0-8+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.2.10.0-5.1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.7.7-9"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-2978":{"scope":"remote","description":"The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers an out-of-bounds write.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.7.7-9"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.2.10.0-8+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.2.10.0-5.1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.7.7-9"},"urgency":"unimportant","status":"resolved"}}}}
{"TEMP-0000000-94515F":{"releases":{"buster":{"fixed_version":"2.0.4-2","repositories":{"buster":"2.4.14-7"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"2.0.4-2","repositories":{"stretch":"2.4.13-1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"2.0.4-2","repositories":{"jessie":"2.4.11-1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"2.0.4-2","repositories":{"sid":"2.4.14-7"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2017-14610":{"debianbug":877334,"scope":"local","description":"bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command.","releases":{"buster":{"nodsa":"Minor issue","repositories":{"buster":"16.2.6-5"},"urgency":"medium**","nodsa_reason":"","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"16.2.4-3+deb9u2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"14.2.1+20141017gitc6c5b56-3+deb8u3"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"17.2.7-2"},"urgency":"medium**","status":"open"}}}}
{"TEMP-0706099-FAF305":{"debianbug":706099,"releases":{"buster":{"fixed_version":"2.6+debian.3-1","repositories":{"buster":"2.6+debian.4-2"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"2.6+debian.3-1","repositories":{"stretch":"2.6+debian.4-1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"2.6+debian.3-1","repositories":{"jessie":"2.6+debian.4-1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"2.6+debian.3-1","repositories":{"sid":"2.6+debian.4-2"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2015-8971":{"debianbug":843434,"scope":"local","description":"Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063.","releases":{"buster":{"fixed_version":"0.7.0-2","repositories":{"buster":"1.3.2-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.7.0-1+deb8u1","repositories":{"jessie":"0.7.0-1+deb8u1","jessie-security":"0.7.0-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.7.0-2","repositories":{"sid":"1.3.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-20167":{"debianbug":916630,"scope":"remote","description":"Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe \"cat README.md\" command when \\e}pn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME types (/usr/share/applications). The control sequence defers unknown file types to the handle_unknown_media() function, which executes xdg-open against the filename specified in the sequence. The use of xdg-open for all unknown file types allows executable file formats with a registered shared MIME type to be executed. An attacker can achieve remote code execution by introducing an executable file and a plain text file containing the control sequence through a fake software project (e.g., in Git or a tarball). When the control sequence is rendered (such as with cat), the executable file will be run.","releases":{"buster":{"fixed_version":"1.3.1-1","repositories":{"buster":"1.3.2-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.7.0-1+deb8u1","jessie-security":"0.7.0-1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.3.1-1","repositories":{"sid":"1.3.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-16026":{"debianbug":901708,"scope":"remote","description":"Request is an http client. If a request is made using ```multipart```, and the body type is a ```number```, then the specified number of non-zero memory is passed in the body. This affects Request >=2.2.6 <2.47.0 || >2.51.0 <=2.67.0.","releases":{"buster":{"fixed_version":"2.88.1-1","repositories":{"buster":"2.88.1-2"},"urgency":"high**","status":"resolved"},"stretch":{"nodsa":"Nodejs in stretch not covered by security support","repositories":{"stretch":"2.26.1-1"},"urgency":"high**","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Nodejs in jessie not covered by security support","repositories":{"jessie":"2.26.1-1"},"urgency":"high**","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"2.88.1-1","repositories":{"sid":"2.88.1-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-6301":{"debianbug":401795,"scope":"remote","description":"DenyHosts 2.5 does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a login name containing certain strings with an IP address, which is not properly handled by a regular expression.","releases":{"sid":{"fixed_version":"2.6-1","repositories":{"sid":"2.10-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2007-5715":{"scope":"remote","description":"DenyHosts 2.6 processes OpenSSH sshd \"not listed in AllowUsers\" log messages with an incorrect regular expression that does not match an IP address, which might allow remote attackers to avoid detection and blocking when making invalid login attempts with a username not present in AllowUsers, as demonstrated by the root username, a different vulnerability than CVE-2007-4323.","releases":{"sid":{"fixed_version":"2.6-2","repositories":{"sid":"2.10-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-6890":{"scope":"remote","description":"denyhosts 2.6 uses an incorrect regular expression when analyzing authentication logs, which allows remote attackers to cause a denial of service (incorrect block of IP addresses) via crafted login names.","releases":{"sid":{"fixed_version":"2.6-10.1","repositories":{"sid":"2.10-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-4323":{"debianbug":438162,"scope":"remote","description":"DenyHosts 2.6 does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a client protocol version identification containing an IP address string, a different vector than CVE-2006-6301.","releases":{"sid":{"fixed_version":"2.6-2.1","repositories":{"sid":"2.10-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2002-1653":{"scope":"remote","description":"Farm9 Cryptcat, when started in server mode with the -e option, does not enable encryption, which allows clients to communicate without encryption despite intended configuration, and may allow remote attackers to sniff sensitive information.","releases":{"buster":{"fixed_version":"20031202-2","repositories":{"buster":"20031202-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"20031202-2","repositories":{"stretch":"20031202-4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"20031202-2","repositories":{"jessie":"20031202-4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"20031202-2","repositories":{"sid":"20031202-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-16907":{"debianbug":909739,"scope":"remote","description":"In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action.","releases":{"buster":{"fixed_version":"2.31.3+debian0-1","repositories":{"buster":"2.31.6+debian0-1"},"urgency":"low**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.27.6+debian1-2"},"urgency":"low**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"2.15.0+debian0-1+deb8u2","repositories":{"jessie":"2.15.0+debian0-1+deb8u1","jessie-security":"2.15.0+debian0-1+deb8u2"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2.31.3+debian0-1","repositories":{"sid":"2.31.6+debian0-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2015-8807":{"debianbug":813590,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via vectors involving numeric form fields.","releases":{"buster":{"fixed_version":"2.22.4+debian0-1","repositories":{"buster":"2.31.6+debian0-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.22.4+debian0-1","repositories":{"stretch":"2.27.6+debian1-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.15.0+debian0-1+deb8u1","repositories":{"jessie":"2.15.0+debian0-1+deb8u1","jessie-security":"2.15.0+debian0-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.22.4+debian0-1","repositories":{"sid":"2.31.6+debian0-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-4770":{"debianbug":513531,"scope":"remote","description":"The CMsgReader::readRect function in the VNC Viewer component in RealVNC VNC Free Edition 4.0 through 4.1.2, Enterprise Edition E4.0 through E4.4.2, and Personal Edition P4.0 through P4.4.2 allows remote VNC servers to execute arbitrary code via crafted RFB protocol data, related to \"encoding type.\"","releases":{"buster":{"fixed_version":"4.1.1+X4.3.0-31","repositories":{"buster":"4.1.1+X4.3.0+t-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"4.1.1+X4.3.0-31","repositories":{"stretch":"4.1.1+X4.3.0+t-1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"4.1.1+X4.3.0-31","repositories":{"jessie":"4.1.1+X4.3.0-37.6"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"4.1.1+X4.3.0-31","repositories":{"sid":"4.1.1+X4.3.0+t-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2009-3720":{"debianbug":551936,"scope":"remote","description":"The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"4.1.1+X4.3.0+t-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.1.1+X4.3.0+t-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.1.1+X4.3.0-37.6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"4.1.1+X4.3.0+t-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-6886":{"scope":"local","description":"RealVNC VNC 5.0.6 on Mac OS X, Linux, and UNIX allows local users to gain privileges via a crafted argument to the (1) vncserver, (2) vncserver-x11, or (3) Xvnc helper.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"4.1.1+X4.3.0+t-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.1.1+X4.3.0+t-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.1.1+X4.3.0-37.6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"4.1.1+X4.3.0+t-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-0011":{"releases":{"buster":{"fixed_version":"4.1.1+X4.3.0+t-1","repositories":{"buster":"4.1.1+X4.3.0+t-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"4.1.1+X4.3.0+t-1","repositories":{"stretch":"4.1.1+X4.3.0+t-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"4.1.1+X4.3.0-37.6"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"4.1.1+X4.3.0+t-1","repositories":{"sid":"4.1.1+X4.3.0+t-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-2305":{"debianbug":778389,"scope":"remote","description":"Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"4.1.1+X4.3.0+t-1","repositories":{"buster":"4.1.1+X4.3.0+t-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"4.1.1+X4.3.0+t-1","repositories":{"stretch":"4.1.1+X4.3.0+t-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"4.1.1+X4.3.0-37.6"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"4.1.1+X4.3.0+t-1","repositories":{"sid":"4.1.1+X4.3.0+t-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-3560":{"debianbug":560901,"scope":"remote","description":"The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"4.1.1+X4.3.0+t-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.1.1+X4.3.0+t-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.1.1+X4.3.0-37.6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"4.1.1+X4.3.0+t-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-2369":{"scope":"remote","description":"RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as \"Type 1 - None\", which is accepted even if it is not offered by the server, as originally demonstrated using a long password.","releases":{"buster":{"fixed_version":"4.1.1+X4.3.0-10","repositories":{"buster":"4.1.1+X4.3.0+t-1"},"urgency":"high","status":"resolved"},"stretch":{"fixed_version":"4.1.1+X4.3.0-10","repositories":{"stretch":"4.1.1+X4.3.0+t-1"},"urgency":"high","status":"resolved"},"jessie":{"fixed_version":"4.1.1+X4.3.0-10","repositories":{"jessie":"4.1.1+X4.3.0-37.6"},"urgency":"high","status":"resolved"},"sid":{"fixed_version":"4.1.1+X4.3.0-10","repositories":{"sid":"4.1.1+X4.3.0+t-1"},"urgency":"high","status":"resolved"}}}}
{"CVE-2014-5255":{"debianbug":756600,"releases":{"buster":{"fixed_version":"5.0.1-1","repositories":{"buster":"5.0.2-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"5.0.1-1","repositories":{"stretch":"5.0.2-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"4.3.8-1"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"5.0.1-1","repositories":{"sid":"5.0.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-5254":{"debianbug":756600,"releases":{"buster":{"fixed_version":"5.0.1-1","repositories":{"buster":"5.0.2-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"5.0.1-1","repositories":{"stretch":"5.0.2-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"4.3.8-1"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"5.0.1-1","repositories":{"sid":"5.0.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-1235":{"debianbug":819952,"scope":"remote","description":"The oarsh script in OAR before 2.5.7 allows remote authenticated users of a cluster to obtain sensitive information and possibly gain privileges via vectors related to OpenSSH options.","releases":{"buster":{"fixed_version":"2.5.7-1","repositories":{"buster":"2.5.8-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.5.7-1","repositories":{"stretch":"2.5.7-3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.5.4-2+deb8u1","repositories":{"jessie":"2.5.4-2+deb8u1","jessie-security":"2.5.4-2+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.5.7-1","repositories":{"sid":"2.5.8-1"},"urgency":"high**","status":"resolved"}}}}
{"TEMP-0832283-698CF7":{"debianbug":832283,"releases":{"buster":{"fixed_version":"2.6.7-1","repositories":{"buster":"2.10.11-2"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"2.6.7-1","repositories":{"stretch":"2.8.5-1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.3.15-2"},"urgency":"not yet assigned","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.6.7-1","repositories":{"sid":"2.10.11-2"},"urgency":"not yet assigned","status":"resolved"}}}}
{"TEMP-0000000-CFFE57":{"releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.10.11-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.8.5-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.3.15-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.10.11-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-4335":{"debianbug":606386,"scope":"remote","description":"The _validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted data[_Token][fields] value that is processed by the unserialize function, as demonstrated by modifying the file_map cache to execute arbitrary local files.","releases":{"buster":{"fixed_version":"1.3.2-1.1","repositories":{"buster":"2.10.11-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.3.2-1.1","repositories":{"stretch":"2.8.5-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.3.2-1.1","repositories":{"jessie":"1.3.15-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.3.2-1.1","repositories":{"sid":"2.10.11-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-4399":{"scope":"remote","description":"The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.10.11-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.8.5-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.3.15-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.10.11-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-4067":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in cake/libs/error.php in CakePHP before 1.1.7.3363 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in a 404 (\"Not Found\") error page.  NOTE: some of these details are obtained from third party information.","releases":{"buster":{"fixed_version":"1.1.13.4450-1","repositories":{"buster":"2.10.11-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.1.13.4450-1","repositories":{"stretch":"2.8.5-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.1.13.4450-1","repositories":{"jessie":"1.3.15-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.1.13.4450-1","repositories":{"sid":"2.10.11-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-5031":{"scope":"remote","description":"Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, followed by a filename ending with \"%00\" and a .js filename.","releases":{"buster":{"fixed_version":"1.1.13.4450-1","repositories":{"buster":"2.10.11-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.1.13.4450-1","repositories":{"stretch":"2.8.5-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.1.13.4450-1","repositories":{"jessie":"1.3.15-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.1.13.4450-1","repositories":{"sid":"2.10.11-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-11458":{"scope":"remote","description":"An issue was discovered in SmtpTransport in CakePHP 3.7.6. An unserialized object with modified internal properties can trigger arbitrary file overwriting upon destruction.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.10.11-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.8.5-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.3.15-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.10.11-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-4793":{"scope":"remote","description":"The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header.","releases":{"buster":{"fixed_version":"2.8.3-1","repositories":{"buster":"2.10.11-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.8.3-1","repositories":{"stretch":"2.8.5-1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.3.15-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.8.3-1","repositories":{"sid":"2.10.11-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8379":{"debianbug":832316,"scope":"remote","description":"CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the _method parameter.","releases":{"buster":{"fixed_version":"2.8.0-1","repositories":{"buster":"2.10.11-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.8.0-1","repositories":{"stretch":"2.8.5-1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.3.15-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.8.0-1","repositories":{"sid":"2.10.11-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-10908":{"scope":"remote","description":"H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header.","releases":{"buster":{"fixed_version":"2.2.4+dfsg-1","repositories":{"buster":"2.2.5+dfsg2-2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.2.4+dfsg-1","repositories":{"sid":"2.2.5+dfsg2-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2017-10872":{"scope":"remote","description":"H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via unspecified vectors.","releases":{"buster":{"fixed_version":"2.2.4+dfsg-1","repositories":{"buster":"2.2.5+dfsg2-2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.2.4+dfsg-1","repositories":{"sid":"2.2.5+dfsg2-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2016-7835":{"scope":"remote","description":"Use-after-free vulnerability in H2O allows remote attackers to cause a denial-of-service (DoS) or obtain server certificate private keys and possibly other information.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.2.5+dfsg2-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.2.5+dfsg2-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-4864":{"scope":"remote","description":"H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows remote attackers to cause a denial-of-service (DoS) via format string specifiers in a template file via fastcgi, mruby, proxy, redirect or reproxy.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.2.5+dfsg2-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.2.5+dfsg2-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-5638":{"scope":"remote","description":"Directory traversal vulnerability in H2O before 1.4.5 and 1.5.x before 1.5.0-beta2, when the file.dir directive is enabled, allows remote attackers to read arbitrary files via a crafted URL.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.2.5+dfsg2-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.2.5+dfsg2-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-0608":{"scope":"remote","description":"Buffer overflow in H2O version 2.2.4 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via unspecified vectors.","releases":{"buster":{"fixed_version":"2.2.5+dfsg1-1","repositories":{"buster":"2.2.5+dfsg2-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.2.5+dfsg1-1","repositories":{"sid":"2.2.5+dfsg2-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-10868":{"scope":"remote","description":"H2O version 2.2.2 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header.","releases":{"buster":{"fixed_version":"2.2.3+dfsg-1","repositories":{"buster":"2.2.5+dfsg2-2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.2.3+dfsg-1","repositories":{"sid":"2.2.5+dfsg2-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2017-10869":{"scope":"remote","description":"Buffer overflow in H2O version 2.2.2 and earlier allows remote attackers to cause a denial-of-service in the server via unspecified vectors.","releases":{"buster":{"fixed_version":"2.2.3+dfsg-1","repositories":{"buster":"2.2.5+dfsg2-2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.2.3+dfsg-1","repositories":{"sid":"2.2.5+dfsg2-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2016-4817":{"scope":"remote","description":"lib/http2/connection.c in H2O before 1.7.3 and 2.x before 2.0.0-beta5 mishandles HTTP/2 disconnection, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted packet.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.2.5+dfsg2-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.2.5+dfsg2-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-1133":{"scope":"remote","description":"CRLF injection vulnerability in the on_req function in lib/handler/redirect.c in H2O before 1.6.2 and 1.7.x before 1.7.0-beta3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URI.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.2.5+dfsg2-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.2.5+dfsg2-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-4357":{"debianbug":649322,"scope":"remote","description":"Format string vulnerability in the p_cgi_error function in python/neo_cgi.c in the Python CGI Kit (neo_cgi) module for Clearsilver 0.10.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers that are not properly handled when creating CGI error messages using the cgi_error API function.","releases":{"buster":{"fixed_version":"0.10.5-1.3","repositories":{"buster":"0.10.5-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.10.5-1.3","repositories":{"stretch":"0.10.5-1.6"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.10.5-1.3","repositories":{"jessie":"0.10.5-1.4"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.10.5-1.3","repositories":{"sid":"0.10.5-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-14332":{"scope":"local","description":"An issue was discovered in Clementine Music Player 1.3.1. Clementine.exe is vulnerable to a user mode write access violation due to a NULL pointer dereference in the Init call in the MoodbarPipeline::NewPadCallback function in moodbar/moodbarpipeline.cpp. The vulnerability is triggered when the user opens a malformed mp3 file.","releases":{"buster":{"repositories":{"buster":"1.3.1+git609-g623a53681+dfsg-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"1.3.1+git276-g3485bbe43+dfsg-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1.2.3+dfsg-2"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"1.3.1+git609-g623a53681+dfsg-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2014-8399":{"scope":"local","description":"The default configuration in systemd-shim 8 enables the Abandon debugging clause, which allows local users to cause a denial of service via unspecified vectors.","releases":{"stretch":{"fixed_version":"8-4","repositories":{"stretch":"10-3"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"8-4","repositories":{"jessie":"9-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-7226":{"debianbug":898453,"scope":"remote","description":"An issue was discovered in vcSetXCutTextProc() in VNConsole.c in LinuxVNC and VNCommand from the LibVNC/vncterm distribution through 0.9.10. Missing sanitization of the client-specified message length may cause integer overflow or possibly have unspecified other impact via a specially crafted VNC packet.","releases":{"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.9.10-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"0.9.10-2"},"urgency":"low","status":"open"}}}}
{"CVE-2007-3209":{"debianbug":428157,"scope":"remote","description":"Mail Notification 4.0, when WITH_SSL is set to 0 at compile time, uses unencrypted connections for accounts configured with SSL/TLS, which allows remote attackers to obtain sensitive information by sniffing the network.","releases":{"stretch":{"fixed_version":"4.0.dfsg.1-2","repositories":{"stretch":"5.4.dfsg.1-14"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"4.0.dfsg.1-2","repositories":{"jessie":"5.4.dfsg.1-13"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-3599":{"debianbug":644189,"scope":"remote","description":"The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack.","releases":{"buster":{"fixed_version":"1.17-3","repositories":{"buster":"1.17-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.17-3","repositories":{"stretch":"1.17-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1.17-3","repositories":{"jessie":"1.17-3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.17-3","repositories":{"sid":"1.17-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-14941":{"debianbug":880467,"scope":"remote","description":"Jaspersoft JasperReports 4.7 suffers from a saved credential disclosure vulnerability, which allows a remote authenticated user to retrieve stored Data Source passwords by accessing flow.html and reading the HTML source code of the page reached in an Edit action for a Data Source connector.","releases":{"stretch":{"repositories":{"stretch":"6.2.2-3"},"urgency":"medium**","status":"undetermined"},"jessie":{"nodsa":"no detailed information available, only needed as build-dependency for Spring","repositories":{"jessie":"4.1.3+dfsg-3"},"urgency":"medium**","nodsa_reason":"ignored","status":"undetermined"},"sid":{"repositories":{"sid":"6.3.1-2"},"urgency":"medium**","status":"undetermined"}}}}
{"CVE-2017-5533":{"debianbug":884131,"scope":"remote","description":"A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability which fails to prevent remote access to all the contents of the web application, including key configuration files. Affected releases are TIBCO JasperReports Server 6.4.0, TIBCO JasperReports Server Community Edition 6.4.0, TIBCO JasperReports Server for ActiveMatrix BPM 6.4.0, TIBCO Jaspersoft for AWS with Multi-Tenancy 6.4.0, TIBCO Jaspersoft Reporting and Analytics for AWS 6.4.0.","releases":{"stretch":{"repositories":{"stretch":"6.2.2-3"},"urgency":"medium**","status":"undetermined"},"jessie":{"nodsa":"no detailed information available, only needed as build-dependency for Spring","repositories":{"jessie":"4.1.3+dfsg-3"},"urgency":"medium**","nodsa_reason":"ignored","status":"undetermined"},"sid":{"repositories":{"sid":"6.3.1-2"},"urgency":"medium**","status":"undetermined"}}}}
{"CVE-2018-5431":{"scope":"remote","description":"The domain designer component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability which may allow, in the context of a non-default permissions configuration, persisted cross-site scripting (XSS) attacks. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2.","releases":{"stretch":{"repositories":{"stretch":"6.2.2-3"},"urgency":"low**","status":"undetermined"},"jessie":{"repositories":{"jessie":"4.1.3+dfsg-3"},"urgency":"end-of-life","status":"open"},"sid":{"repositories":{"sid":"6.3.1-2"},"urgency":"low**","status":"undetermined"}}}}
{"CVE-2018-5430":{"scope":"remote","description":"The Spring web flows of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contain a vulnerability which may allow any authenticated user read-only access to the contents of the web application, including key configuration files. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3;6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2.","releases":{"stretch":{"repositories":{"stretch":"6.2.2-3"},"urgency":"medium**","status":"undetermined"},"jessie":{"repositories":{"jessie":"4.1.3+dfsg-3"},"urgency":"end-of-life","status":"open"},"sid":{"repositories":{"sid":"6.3.1-2"},"urgency":"medium**","status":"undetermined"}}}}
{"CVE-2017-5532":{"debianbug":884131,"scope":"remote","description":"A vulnerability in the report renderer component of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS, TIBCO Jaspersoft Studio, and TIBCO Jaspersoft Studio for ActiveMatrix BPM may allow a subset of authorized users to perform persistent cross-site scripting (XSS) attacks. Affected releases are TIBCO JasperReports Server 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0, TIBCO JasperReports Server Community Edition 6.4.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM 6.4.0 and below, TIBCO JasperReports Library 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0; 6.4.1, TIBCO JasperReports Library for ActiveMatrix BPM 6.4.1 and below, TIBCO Jaspersoft for AWS with Multi-Tenancy 6.4.0 and below, TIBCO Jaspersoft Reporting and Analytics for AWS 6.4.0 and below, TIBCO Jaspersoft Studio 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0, and TIBCO Jaspersoft Studio for ActiveMatrix BPM 6.4.0 and below.","releases":{"stretch":{"repositories":{"stretch":"6.2.2-3"},"urgency":"low**","status":"undetermined"},"jessie":{"nodsa":"no detailed information available, only needed as build-dependency for Spring","repositories":{"jessie":"4.1.3+dfsg-3"},"urgency":"low**","nodsa_reason":"ignored","status":"undetermined"},"sid":{"repositories":{"sid":"6.3.1-2"},"urgency":"low**","status":"undetermined"}}}}
{"CVE-2018-5429":{"scope":"remote","description":"A vulnerability in the report scripting component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS, TIBCO Jaspersoft Studio, TIBCO Jaspersoft Studio Community Edition, and TIBCO Jaspersoft Studio for ActiveMatrix BPM may allow analytic reports that contain scripting to perform arbitrary code execution. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2;6.3.3; 6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO JasperReports Library: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.1; 6.4.2, TIBCO JasperReports Library Community Edition: versions up to and including 6.4.3, TIBCO JasperReports Library for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2, TIBCO Jaspersoft Studio: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.2, TIBCO Jaspersoft Studio Community Edition: versions up to and including 6.4.3, TIBCO Jaspersoft Studio for ActiveMatrix BPM: versions up to and including 6.4.2.","releases":{"stretch":{"repositories":{"stretch":"6.2.2-3"},"urgency":"medium**","status":"undetermined"},"jessie":{"repositories":{"jessie":"4.1.3+dfsg-3"},"urgency":"end-of-life","status":"open"},"sid":{"repositories":{"sid":"6.3.1-2"},"urgency":"medium**","status":"undetermined"}}}}
{"CVE-2017-5528":{"debianbug":880467,"scope":"remote","description":"Multiple JasperReports Server components contain vulnerabilities which may allow authorized users to perform cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks.  The impact of this vulnerability includes the theoretical disclosure of sensitive information.  Affects TIBCO JasperReports Server (versions 6.1.1 and below, 6.2.0, 6.2.1, and 6.3.0), TIBCO JasperReports Server Community Edition (versions 6.3.0 and below), TIBCO JasperReports Server for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO Jaspersoft for AWS with Multi-Tenancy (versions 6.2.0 and below), and TIBCO Jaspersoft Reporting and Analytics for AWS (versions 6.2.0 and below).","releases":{"stretch":{"repositories":{"stretch":"6.2.2-3"},"urgency":"medium**","status":"undetermined"},"jessie":{"nodsa":"no detailed information available, only needed as build-dependency for Spring","repositories":{"jessie":"4.1.3+dfsg-3"},"urgency":"medium**","nodsa_reason":"ignored","status":"undetermined"},"sid":{"repositories":{"sid":"6.3.1-2"},"urgency":"medium**","status":"undetermined"}}}}
{"CVE-2017-5529":{"debianbug":880467,"scope":"remote","description":"JasperReports library components contain an information disclosure vulnerability. This vulnerability includes the theoretical disclosure of any accessible information from the host file system. Affects TIBCO JasperReports Library Community Edition (versions 6.4.0 and below), TIBCO JasperReports Library for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO JasperReports Professional (versions 6.2.1 and below, and 6.3.0), TIBCO JasperReports Server (versions 6.1.1 and below, 6.2.0, 6.2.1, 6.3.0), TIBCO JasperReports Server Community Edition (versions 6.3.0 and below), TIBCO JasperReports Server for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO Jaspersoft for AWS with Multi-Tenancy (versions 6.3.0 and below), TIBCO Jaspersoft Reporting and Analytics for AWS (versions 6.3.0 and below), and TIBCO Jaspersoft Studio for ActiveMatrix BPM (versions 6.2.0 and below).","releases":{"stretch":{"repositories":{"stretch":"6.2.2-3"},"urgency":"medium**","status":"undetermined"},"jessie":{"nodsa":"no detailed information available, only needed as build-dependency for Spring","repositories":{"jessie":"4.1.3+dfsg-3"},"urgency":"medium**","nodsa_reason":"ignored","status":"undetermined"},"sid":{"repositories":{"sid":"6.3.1-2"},"urgency":"medium**","status":"undetermined"}}}}
{"CVE-2015-7700":{"debianbug":874109,"scope":"remote","description":"Double-free vulnerability in the sPLT chunk structure and png.c in pngcrush before 1.7.87 allows attackers to have unspecified impact via unknown vectors.","releases":{"buster":{"fixed_version":"1.8.13-0.1","repositories":{"buster":"1.8.13-0.1"},"urgency":"high**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.7.85-1"},"urgency":"high**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.7.65-0.1"},"urgency":"high**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.8.13-0.1","repositories":{"sid":"1.8.13-0.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-2158":{"scope":"remote","description":"Off-by-one error in the pngcrush_measure_idat function in pngcrush.c in pngcrush before 1.7.84 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.8.13-0.1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.7.85-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.7.65-0.1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.8.13-0.1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-11575":{"debianbug":869614,"scope":"remote","description":"FontForge 20161012 is vulnerable to a buffer over-read in strnmatch (char.c) resulting in DoS or code execution via a crafted otf file, related to a call from the readttfcopyrights function in parsettf.c.","releases":{"buster":{"fixed_version":"1:20170731~dfsg-1","repositories":{"buster":"1:20170731~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:20161005~dfsg-4+deb9u1","repositories":{"stretch-security":"1:20161005~dfsg-4+deb9u1","stretch":"1:20161005~dfsg-4+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"20120731.b-5+deb8u1","repositories":{"jessie":"20120731.b-5+deb8u1","jessie-security":"20120731.b-5+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:20170731~dfsg-1","repositories":{"sid":"1:20170731~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-4259":{"debianbug":605537,"scope":"remote","description":"Stack-based buffer overflow in FontForge 20100501 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long CHARSET_REGISTRY header in a BDF font file.","releases":{"buster":{"fixed_version":"0.0.20100501-4","repositories":{"buster":"1:20170731~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.0.20100501-4","repositories":{"stretch-security":"1:20161005~dfsg-4+deb9u1","stretch":"1:20161005~dfsg-4+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.0.20100501-4","repositories":{"jessie":"20120731.b-5+deb8u1","jessie-security":"20120731.b-5+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.0.20100501-4","repositories":{"sid":"1:20170731~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-11574":{"debianbug":869614,"scope":"remote","description":"FontForge 20161012 is vulnerable to a heap-based buffer overflow in readcffset (parsettf.c) resulting in DoS or code execution via a crafted otf file.","releases":{"buster":{"fixed_version":"1:20170731~dfsg-1","repositories":{"buster":"1:20170731~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:20161005~dfsg-4+deb9u1","repositories":{"stretch-security":"1:20161005~dfsg-4+deb9u1","stretch":"1:20161005~dfsg-4+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"20120731.b-5+deb8u1","repositories":{"jessie":"20120731.b-5+deb8u1","jessie-security":"20120731.b-5+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:20170731~dfsg-1","repositories":{"sid":"1:20170731~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-11577":{"debianbug":869614,"scope":"remote","description":"FontForge 20161012 is vulnerable to a buffer over-read in getsid (parsettf.c) resulting in DoS or code execution via a crafted otf file.","releases":{"buster":{"fixed_version":"1:20170731~dfsg-1","repositories":{"buster":"1:20170731~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:20161005~dfsg-4+deb9u1","repositories":{"stretch-security":"1:20161005~dfsg-4+deb9u1","stretch":"1:20161005~dfsg-4+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"20120731.b-5+deb8u1","repositories":{"jessie":"20120731.b-5+deb8u1","jessie-security":"20120731.b-5+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:20170731~dfsg-1","repositories":{"sid":"1:20170731~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-11576":{"debianbug":869614,"scope":"remote","description":"FontForge 20161012 does not ensure a positive size in a weight vector memcpy call in readcfftopdict (parsettf.c) resulting in DoS via a crafted otf file.","releases":{"buster":{"fixed_version":"1:20170731~dfsg-1","repositories":{"buster":"1:20170731~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:20161005~dfsg-4+deb9u1","repositories":{"stretch-security":"1:20161005~dfsg-4+deb9u1","stretch":"1:20161005~dfsg-4+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"20120731.b-5+deb8u1","repositories":{"jessie":"20120731.b-5+deb8u1","jessie-security":"20120731.b-5+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:20170731~dfsg-1","repositories":{"sid":"1:20170731~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-11571":{"debianbug":869614,"scope":"remote","description":"FontForge 20161012 is vulnerable to a stack-based buffer overflow in addnibble (parsettf.c) resulting in DoS or code execution via a crafted otf file.","releases":{"buster":{"fixed_version":"1:20170731~dfsg-1","repositories":{"buster":"1:20170731~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:20161005~dfsg-4+deb9u1","repositories":{"stretch-security":"1:20161005~dfsg-4+deb9u1","stretch":"1:20161005~dfsg-4+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"20120731.b-5+deb8u1","repositories":{"jessie":"20120731.b-5+deb8u1","jessie-security":"20120731.b-5+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:20170731~dfsg-1","repositories":{"sid":"1:20170731~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-11570":{"debianbug":873587,"scope":"remote","description":"FontForge 20161012 is vulnerable to a buffer over-read in umodenc (parsettf.c) resulting in DoS or code execution via a crafted otf file.","releases":{"buster":{"repositories":{"buster":"1:20170731~dfsg-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"1:20161005~dfsg-4+deb9u1","stretch":"1:20161005~dfsg-4+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"20120731.b-5+deb8u1","jessie-security":"20120731.b-5+deb8u1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"1:20170731~dfsg-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-11573":{"debianbug":873588,"scope":"remote","description":"FontForge 20161012 is vulnerable to a buffer over-read in ValidatePostScriptFontName (parsettf.c) resulting in DoS or code execution via a crafted otf file.","releases":{"buster":{"repositories":{"buster":"1:20170731~dfsg-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"1:20161005~dfsg-4+deb9u1","stretch":"1:20161005~dfsg-4+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"20120731.b-5+deb8u1","jessie-security":"20120731.b-5+deb8u1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"1:20170731~dfsg-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-11572":{"debianbug":869614,"scope":"remote","description":"FontForge 20161012 is vulnerable to a heap-based buffer over-read in readcfftopdicts (parsettf.c) resulting in DoS or code execution via a crafted otf file.","releases":{"buster":{"fixed_version":"1:20170731~dfsg-1","repositories":{"buster":"1:20170731~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:20161005~dfsg-4+deb9u1","repositories":{"stretch-security":"1:20161005~dfsg-4+deb9u1","stretch":"1:20161005~dfsg-4+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"20120731.b-5+deb8u1","repositories":{"jessie":"20120731.b-5+deb8u1","jessie-security":"20120731.b-5+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:20170731~dfsg-1","repositories":{"sid":"1:20170731~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-17521":{"scope":"remote","description":"uiutil.c in FontForge through 20170731 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17534.","releases":{"buster":{"repositories":{"buster":"1:20170731~dfsg-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"1:20161005~dfsg-4+deb9u1","stretch":"1:20161005~dfsg-4+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"20120731.b-5+deb8u1","jessie-security":"20120731.b-5+deb8u1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"1:20170731~dfsg-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-11568":{"debianbug":869614,"scope":"remote","description":"FontForge 20161012 is vulnerable to a heap-based buffer over-read in PSCharStringToSplines (psread.c) resulting in DoS or code execution via a crafted otf file.","releases":{"buster":{"fixed_version":"1:20170731~dfsg-1","repositories":{"buster":"1:20170731~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:20161005~dfsg-4+deb9u1","repositories":{"stretch-security":"1:20161005~dfsg-4+deb9u1","stretch":"1:20161005~dfsg-4+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"20120731.b-5+deb8u1","repositories":{"jessie":"20120731.b-5+deb8u1","jessie-security":"20120731.b-5+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:20170731~dfsg-1","repositories":{"sid":"1:20170731~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-11569":{"debianbug":869614,"scope":"remote","description":"FontForge 20161012 is vulnerable to a heap-based buffer over-read in readttfcopyrights (parsettf.c) resulting in DoS or code execution via a crafted otf file.","releases":{"buster":{"fixed_version":"1:20170731~dfsg-1","repositories":{"buster":"1:20170731~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:20161005~dfsg-4+deb9u1","repositories":{"stretch-security":"1:20161005~dfsg-4+deb9u1","stretch":"1:20161005~dfsg-4+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"20120731.b-5+deb8u1","repositories":{"jessie":"20120731.b-5+deb8u1","jessie-security":"20120731.b-5+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:20170731~dfsg-1","repositories":{"sid":"1:20170731~dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-5864":{"debianbug":398292,"scope":"remote","description":"Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the (1) DocumentMedia, (2) DocumentPaperSizes, and possibly (3) PageMedia and (4) PaperSize headers.  NOTE: this issue can be exploited through other products that use gv such as evince.","releases":{"buster":{"fixed_version":"1:3.6.2-3","repositories":{"buster":"1:3.7.4-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1:3.6.2-3","repositories":{"stretch":"1:3.7.4-1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1:3.6.2-3","repositories":{"jessie":"1:3.7.4-1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1:3.6.2-3","repositories":{"sid":"1:3.7.4-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2010-2056":{"scope":"local","description":"GNU gv before 3.7.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.","releases":{"buster":{"fixed_version":"1:3.7.1-1","repositories":{"buster":"1:3.7.4-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:3.7.1-1","repositories":{"stretch":"1:3.7.4-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:3.7.1-1","repositories":{"jessie":"1:3.7.4-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:3.7.1-1","repositories":{"sid":"1:3.7.4-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2002-1569":{"scope":"remote","description":"gv 3.5.8, and possibly earlier versions, allows remote attackers to execute arbitrary commands via shell metacharacters in the filename for (1) a PDF file or (2) a gzip file.","releases":{"buster":{"fixed_version":"1:3.5.8-27","repositories":{"buster":"1:3.7.4-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:3.5.8-27","repositories":{"stretch":"1:3.7.4-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:3.5.8-27","repositories":{"jessie":"1:3.7.4-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:3.5.8-27","repositories":{"sid":"1:3.7.4-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2002-0838":{"scope":"local","description":"Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and earlier, (3) ggv 1.99.90 and earlier, (4) gnome-gv, and (5) kghostview in kdegraphics 2.2.2 and earlier, allows attackers to execute arbitrary code via a malformed (a) PDF or (b) PostScript file, which is processed by an unsafe call to sscanf.","releases":{"buster":{"fixed_version":"1:3.5.8-27","repositories":{"buster":"1:3.7.4-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:3.5.8-27","repositories":{"stretch":"1:3.7.4-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:3.5.8-27","repositories":{"jessie":"1:3.7.4-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:3.5.8-27","repositories":{"sid":"1:3.7.4-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2004-1717":{"scope":"remote","description":"Multiple buffer overflows in the psscan function in ps.c for gv (ghostview) allow remote attackers to execute arbitrary code via a Postscript file with a long (1) BoundingBox, (2) comment, (3) Orientation, (4) PageOrder, or (5) Pages value.","releases":{"buster":{"fixed_version":"1:3.6.1-1","repositories":{"buster":"1:3.7.4-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:3.6.1-1","repositories":{"stretch":"1:3.7.4-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:3.6.1-1","repositories":{"jessie":"1:3.7.4-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:3.6.1-1","repositories":{"sid":"1:3.7.4-2"},"urgency":"high**","status":"resolved"}}}}
{"TEMP-0000000-56C871":{"releases":{"stretch":{"fixed_version":"0.9.3-3","repositories":{"stretch-security":"3.3.1-4+deb9u2","stretch":"3.3.1-4+deb9u2"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"0.9.3-3","repositories":{"sid":"4.0.1-2"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2017-18026":{"debianbug":887307,"scope":"remote","description":"Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary commands (through the Mercurial adapter) via vectors involving a branch whose name begins with a --config= or --debugger= substring, a related issue to CVE-2017-17536.","releases":{"stretch":{"fixed_version":"3.3.1-4+deb9u1","repositories":{"stretch-security":"3.3.1-4+deb9u2","stretch":"3.3.1-4+deb9u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.4.4-1","repositories":{"sid":"4.0.1-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-15573":{"scope":"remote","description":"In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because markup is mishandled in wiki content.","releases":{"stretch":{"fixed_version":"3.3.1-4+deb9u1","repositories":{"stretch-security":"3.3.1-4+deb9u2","stretch":"3.3.1-4+deb9u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.4.2-1","repositories":{"sid":"4.0.1-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-15572":{"scope":"remote","description":"In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by reading a Referer log, because account/lost_password does not use a redirect.","releases":{"stretch":{"fixed_version":"3.3.1-4+deb9u1","repositories":{"stretch-security":"3.3.1-4+deb9u2","stretch":"3.3.1-4+deb9u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.4.2-1","repositories":{"sid":"4.0.1-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-15571":{"debianbug":882548,"scope":"remote","description":"In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/issues/_list.html.erb via crafted column data.","releases":{"stretch":{"fixed_version":"3.3.1-4+deb9u1","repositories":{"stretch-security":"3.3.1-4+deb9u2","stretch":"3.3.1-4+deb9u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.4.4-1","repositories":{"sid":"4.0.1-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-15570":{"debianbug":882547,"scope":"remote","description":"In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/_list.html.erb via crafted column data.","releases":{"stretch":{"fixed_version":"3.3.1-4+deb9u1","repositories":{"stretch-security":"3.3.1-4+deb9u2","stretch":"3.3.1-4+deb9u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.4.4-1","repositories":{"sid":"4.0.1-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-1985":{"debianbug":743828,"scope":"remote","description":"Open redirect vulnerability in the redirect_back_or_default function in app/controllers/application_controller.rb in Redmine before 2.4.5 and 2.5.x before 2.5.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the back url (back_url parameter).","releases":{"stretch":{"fixed_version":"2.5.1-1","repositories":{"stretch-security":"3.3.1-4+deb9u2","stretch":"3.3.1-4+deb9u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.5.1-1","repositories":{"sid":"4.0.1-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-15569":{"debianbug":882545,"scope":"remote","description":"In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/queries_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of an issue list.","releases":{"stretch":{"fixed_version":"3.3.1-4+deb9u1","repositories":{"stretch-security":"3.3.1-4+deb9u2","stretch":"3.3.1-4+deb9u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.4.4-1","repositories":{"sid":"4.0.1-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-15568":{"debianbug":882544,"scope":"remote","description":"In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/application_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of issue history.","releases":{"stretch":{"fixed_version":"3.3.1-4+deb9u1","repositories":{"stretch-security":"3.3.1-4+deb9u2","stretch":"3.3.1-4+deb9u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.4.4-1","repositories":{"sid":"4.0.1-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-4459":{"debianbug":563940,"scope":"remote","description":"Redmine 0.8.7 and earlier uses the title tag before defining the character encoding in a meta tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks and inject arbitrary script via UTF-7 encoded values in the title parameter to a new issue page, which may be interpreted as script by Internet Explorer 7 and 8.","releases":{"stretch":{"fixed_version":"0.9.1-1","repositories":{"stretch-security":"3.3.1-4+deb9u2","stretch":"3.3.1-4+deb9u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.9.1-1","repositories":{"sid":"4.0.1-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-0327":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in Redmine before 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","releases":{"stretch":{"fixed_version":"1.3.2+dfsg1-1","repositories":{"stretch-security":"3.3.1-4+deb9u2","stretch":"3.3.1-4+deb9u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.3.2+dfsg1-1","repositories":{"sid":"4.0.1-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-4079":{"scope":"remote","description":"Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and earlier allows remote attackers to hijack the authentication of users for requests that delete a ticket via unspecified vectors.","releases":{"stretch":{"fixed_version":"0.9.0~svn2902-1","repositories":{"stretch-security":"3.3.1-4+deb9u2","stretch":"3.3.1-4+deb9u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.9.0~svn2902-1","repositories":{"sid":"4.0.1-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-4078":{"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in Redmine 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.","releases":{"stretch":{"fixed_version":"0.9.0~svn2902-1","repositories":{"stretch-security":"3.3.1-4+deb9u2","stretch":"3.3.1-4+deb9u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.9.0~svn2902-1","repositories":{"sid":"4.0.1-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-4929":{"debianbug":608397,"scope":"remote","description":"Unspecified vulnerability in the bazaar repository adapter in Redmine 0.9.x and 1.0.x before 1.0.5 allows remote attackers to execute arbitrary commands via unknown vectors.","releases":{"stretch":{"fixed_version":"1.0.5-1","repositories":{"stretch-security":"3.3.1-4+deb9u2","stretch":"3.3.1-4+deb9u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0.5-1","repositories":{"sid":"4.0.1-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-8346":{"debianbug":806376,"scope":"remote","description":"app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote attackers to obtain sensitive information about subjects of issues by viewing the time logging form.","releases":{"stretch":{"fixed_version":"3.2.0-1","repositories":{"stretch-security":"3.3.1-4+deb9u2","stretch":"3.3.1-4+deb9u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.2.0-1","repositories":{"sid":"4.0.1-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8537":{"debianbug":807826,"scope":"remote","description":"app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote attackers to obtain sensitive information by viewing an Atom feed.","releases":{"stretch":{"fixed_version":"3.2.0-1","repositories":{"stretch-security":"3.3.1-4+deb9u2","stretch":"3.3.1-4+deb9u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.2.0-1","repositories":{"sid":"4.0.1-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-2054":{"scope":"remote","description":"Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set attributes in the (1) Comment, (2) Document, (3) IssueCategory, (4) MembersController, (5) Message, (6) News, (7) TimeEntry, (8) Version, (9) Wiki, (10) UserPreference, or (11) Board model via a modified URL, related to a \"mass assignment\" vulnerability, a different vulnerability than CVE-2012-0327.","releases":{"stretch":{"fixed_version":"1.3.2+dfsg1-1","repositories":{"stretch-security":"3.3.1-4+deb9u2","stretch":"3.3.1-4+deb9u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.3.2+dfsg1-1","repositories":{"sid":"4.0.1-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-4927":{"debianbug":608397,"scope":"remote","description":"Unspecified vulnerability in the bazaar repository adapter in Redmine 1.0.x before 1.0.5 allows remote authenticated users to obtain sensitive information via unknown vectors.","releases":{"stretch":{"fixed_version":"1.0.5-1","repositories":{"stretch-security":"3.3.1-4+deb9u2","stretch":"3.3.1-4+deb9u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.5-1","repositories":{"sid":"4.0.1-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-4928":{"debianbug":608397,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in the textile formatter in Redmine before 1.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","releases":{"stretch":{"fixed_version":"1.0.5-1","repositories":{"stretch-security":"3.3.1-4+deb9u2","stretch":"3.3.1-4+deb9u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.5-1","repositories":{"sid":"4.0.1-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-10515":{"scope":"remote","description":"In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages.","releases":{"stretch":{"fixed_version":"3.2.3-1","repositories":{"stretch-security":"3.3.1-4+deb9u2","stretch":"3.3.1-4+deb9u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.2.3-1","repositories":{"sid":"4.0.1-2"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0000000-838979":{"releases":{"stretch":{"fixed_version":"0.9.3-3","repositories":{"stretch-security":"3.3.1-4+deb9u2","stretch":"3.3.1-4+deb9u2"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"0.9.3-3","repositories":{"sid":"4.0.1-2"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2017-16804":{"scope":"remote","description":"In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible, which allows remote authenticated users to obtain sensitive information by reading e-mail reminder messages.","releases":{"stretch":{"fixed_version":"3.3.1-4+deb9u1","repositories":{"stretch-security":"3.3.1-4+deb9u2","stretch":"3.3.1-4+deb9u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.4.2-1","repositories":{"sid":"4.0.1-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-15577":{"scope":"remote","description":"Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki links, which allows remote attackers to obtain sensitive information.","releases":{"stretch":{"fixed_version":"3.3.1-4+deb9u1","repositories":{"stretch-security":"3.3.1-4+deb9u2","stretch":"3.3.1-4+deb9u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.4.2-1","repositories":{"sid":"4.0.1-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-15576":{"scope":"remote","description":"Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information.","releases":{"stretch":{"fixed_version":"3.3.1-4+deb9u1","repositories":{"stretch-security":"3.3.1-4+deb9u2","stretch":"3.3.1-4+deb9u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.4.2-1","repositories":{"sid":"4.0.1-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-15575":{"scope":"remote","description":"In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a check for whether the Repository module is enabled in a project's settings, which might allow remote attackers to obtain sensitive differences information or possibly have unspecified other impact.","releases":{"stretch":{"fixed_version":"3.3.1-4+deb9u1","repositories":{"stretch-security":"3.3.1-4+deb9u2","stretch":"3.3.1-4+deb9u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.4.2-1","repositories":{"sid":"4.0.1-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-15574":{"scope":"remote","description":"In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible by using an SVG document as an attachment.","releases":{"stretch":{"fixed_version":"3.3.1-4+deb9u1","repositories":{"stretch-security":"3.3.1-4+deb9u2","stretch":"3.3.1-4+deb9u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.4.2-1","repositories":{"sid":"4.0.1-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8474":{"debianbug":807272,"scope":"remote","description":"Open redirect vulnerability in the valid_back_url function in app/controllers/application_controller.rb in Redmine before 2.6.7, 3.0.x before 3.0.5, and 3.1.x before 3.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted back_url parameter, as demonstrated by \"@attacker.com,\" a different vulnerability than CVE-2014-1985.","releases":{"stretch":{"fixed_version":"3.2.0-1","repositories":{"stretch-security":"3.3.1-4+deb9u2","stretch":"3.3.1-4+deb9u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.2.0-1","repositories":{"sid":"4.0.1-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8473":{"debianbug":807345,"scope":"remote","description":"The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects.","releases":{"stretch":{"fixed_version":"3.2.0-1","repositories":{"stretch-security":"3.3.1-4+deb9u2","stretch":"3.3.1-4+deb9u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.2.0-1","repositories":{"sid":"4.0.1-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8477":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in Redmine before 2.6.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving flash message rendering.","releases":{"stretch":{"fixed_version":"3.0~20140825-5","repositories":{"stretch-security":"3.3.1-4+deb9u2","stretch":"3.3.1-4+deb9u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"3.0~20140825-5","repositories":{"sid":"4.0.1-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-2450":{"debianbug":571631,"releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.0.4+dfsg1-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.0.4+dfsg1-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-3474":{"scope":"remote","description":"OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element's Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is designated for just one purpose, potentially weakening the intended security application of the certificate.","releases":{"buster":{"fixed_version":"3.0.2+dfsg1-2","repositories":{"buster":"3.0.4+dfsg1-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.0.2+dfsg1-2","repositories":{"sid":"3.0.4+dfsg1-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-3475":{"scope":"remote","description":"Internet2 Shibboleth Service Provider software 1.3.x before 1.3.3 and 2.x before 2.2.1, when using PKIX trust validation, does not properly handle a '\\0' character in the subject or subjectAltName fields of a certificate, which allows remote man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.","releases":{"buster":{"fixed_version":"3.0.2+dfsg1-2","repositories":{"buster":"3.0.4+dfsg1-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.0.2+dfsg1-2","repositories":{"sid":"3.0.4+dfsg1-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-3476":{"scope":"remote","description":"Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed encoded URL.","releases":{"buster":{"fixed_version":"3.0.2+dfsg1-2","repositories":{"buster":"3.0.4+dfsg1-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.0.2+dfsg1-2","repositories":{"sid":"3.0.4+dfsg1-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-3300":{"debianbug":555608,"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in the Identity Provider (IdP) 1.3.x before 1.3.4 and 2.x before 2.1.5, and the Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet2 Middleware Initiative Shibboleth allow remote attackers to inject arbitrary web script or HTML via URLs that are encountered in redirections, and appear in automatically generated forms.","releases":{"buster":{"fixed_version":"3.0.2+dfsg1-2","repositories":{"buster":"3.0.4+dfsg1-1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"3.0.2+dfsg1-2","repositories":{"sid":"3.0.4+dfsg1-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2010-2155":{"debianbug":583290,"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in zc/publisher/html.rb in ZoneCheck 2.1.0 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) xmlnode.value, (2) zc-error text, (3) $zc_version, (4) domainname in a zc-title row, different vulnerabilities than CVE-2009-4882.","releases":{"stretch":{"fixed_version":"2.1.1-1","repositories":{"stretch":"3.0.5-3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.1.1-1","repositories":{"jessie":"3.0.5-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-4882":{"debianbug":583290,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in zc/publisher/html.rb in ZoneCheck 2.0.4-13 and 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the ns parameter to zc.cgi.","releases":{"stretch":{"fixed_version":"2.1.1-1","repositories":{"stretch":"3.0.5-3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.1.1-1","repositories":{"jessie":"3.0.5-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-0373":{"scope":"remote","description":"Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.","releases":{"buster":{"fixed_version":"2.1.19.dfsg1-0sarge2","repositories":{"buster":"2.1.27+dfsg-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.1.19.dfsg1-0sarge2","repositories":{"stretch":"2.1.27~101-g0780600+dfsg-3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.1.19.dfsg1-0sarge2","repositories":{"jessie":"2.1.26.dfsg1-13+deb8u1","jessie-security":"2.1.26.dfsg1-13+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.1.19.dfsg1-0sarge2","repositories":{"sid":"2.1.27+dfsg-1"},"urgency":"high**","status":"resolved"}}}}
{"TEMP-0465561-A017B1":{"debianbug":465561,"releases":{"buster":{"fixed_version":"2.1.22.dfsg1-18","repositories":{"buster":"2.1.27+dfsg-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"2.1.22.dfsg1-18","repositories":{"stretch":"2.1.27~101-g0780600+dfsg-3"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"2.1.22.dfsg1-18","repositories":{"jessie":"2.1.26.dfsg1-13+deb8u1","jessie-security":"2.1.26.dfsg1-13+deb8u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"2.1.22.dfsg1-18","repositories":{"sid":"2.1.27+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2004-0884":{"debianbug":275431,"scope":"local","description":"The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASL_PATH to point to malicious programs.","releases":{"buster":{"fixed_version":"2.1.19-1.3","repositories":{"buster":"2.1.27+dfsg-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.1.19-1.3","repositories":{"stretch":"2.1.27~101-g0780600+dfsg-3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.1.19-1.3","repositories":{"jessie":"2.1.26.dfsg1-13+deb8u1","jessie-security":"2.1.26.dfsg1-13+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.1.19-1.3","repositories":{"sid":"2.1.27+dfsg-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-4122":{"debianbug":716835,"scope":"remote","description":"Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service (thread crash and consumption) via (1) an invalid salt or, when FIPS-140 is enabled, a (2) DES or (3) MD5 encrypted password, which triggers a NULL pointer dereference.","releases":{"buster":{"fixed_version":"2.1.26.dfsg1-14","repositories":{"buster":"2.1.27+dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.1.26.dfsg1-14","repositories":{"stretch":"2.1.27~101-g0780600+dfsg-3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.1.26.dfsg1-13+deb8u1","repositories":{"jessie":"2.1.26.dfsg1-13+deb8u1","jessie-security":"2.1.26.dfsg1-13+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.1.26.dfsg1-14","repositories":{"sid":"2.1.27+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-0688":{"debianbug":528749,"scope":"remote","description":"Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c.","releases":{"buster":{"fixed_version":"2.1.23.dfsg1-1","repositories":{"buster":"2.1.27+dfsg-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.1.23.dfsg1-1","repositories":{"stretch":"2.1.27~101-g0780600+dfsg-3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.1.23.dfsg1-1","repositories":{"jessie":"2.1.26.dfsg1-13+deb8u1","jessie-security":"2.1.26.dfsg1-13+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.1.23.dfsg1-1","repositories":{"sid":"2.1.27+dfsg-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2002-1347":{"scope":"remote","description":"Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string.","releases":{"buster":{"fixed_version":"2.1.10-1","repositories":{"buster":"2.1.27+dfsg-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.1.10-1","repositories":{"stretch":"2.1.27~101-g0780600+dfsg-3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.1.10-1","repositories":{"jessie":"2.1.26.dfsg1-13+deb8u1","jessie-security":"2.1.26.dfsg1-13+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.1.10-1","repositories":{"sid":"2.1.27+dfsg-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-1721":{"debianbug":361937,"scope":"remote","description":"digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer (SASL) library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service (segmentation fault) via malformed inputs in DIGEST-MD5 negotiation.","releases":{"buster":{"fixed_version":"2.1.19.dfsg1-0.2","repositories":{"buster":"2.1.27+dfsg-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.1.19.dfsg1-0.2","repositories":{"stretch":"2.1.27~101-g0780600+dfsg-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.1.19.dfsg1-0.2","repositories":{"jessie":"2.1.26.dfsg1-13+deb8u1","jessie-security":"2.1.26.dfsg1-13+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.1.19.dfsg1-0.2","repositories":{"sid":"2.1.27+dfsg-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-17497":{"scope":"remote","description":"In Tidy 5.7.0, the prvTidyTidyMetaCharset function in clean.c allows attackers to cause a denial of service (Segmentation Fault), because the currentNode variable in the \"children of the head\" processing feature is modified in the loop without validating the new value.","releases":{"buster":{"fixed_version":"2:5.6.0-3","repositories":{"buster":"2:5.6.0-10"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1:5.2.0-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2:5.6.0-3","repositories":{"sid":"2:5.6.0-10"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-13692":{"scope":"remote","description":"In Tidy 5.5.31, the IsURLCodePoint function in attrs.c allows attackers to cause a denial of service (Segmentation Fault), as demonstrated by an invalid ISALNUM argument.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2:5.6.0-10"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1:5.2.0-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2:5.6.0-10"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-2172":{"debianbug":720375,"scope":"remote","description":"jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak \"canonicalization algorithm to apply to the SignedInfo part of the Signature.\"","releases":{"buster":{"fixed_version":"1.5.5-2","repositories":{"buster":"2.0.10-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.5.5-2","repositories":{"stretch":"1.5.8-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.5.5-2","repositories":{"jessie":"1.5.6-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.5.5-2","repositories":{"sid":"2.0.10-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-8152":{"scope":"remote","description":"Apache Santuario XML Security for Java 2.0.x before 2.0.3 allows remote attackers to bypass the streaming XML signature protection mechanism via a crafted XML document.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.0.10-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.5.8-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.5.6-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.0.10-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-4517":{"debianbug":733938,"scope":"remote","description":"Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures.","releases":{"buster":{"fixed_version":"1.5.6-1","repositories":{"buster":"2.0.10-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.5.6-1","repositories":{"stretch":"1.5.8-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.5.6-1","repositories":{"jessie":"1.5.6-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.5.6-1","repositories":{"sid":"2.0.10-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-3231":{"debianbug":429174,"scope":"remote","description":"Buffer overflow in MeCab before 0.96 has unknown impact and attack vectors.","releases":{"buster":{"fixed_version":"0.95-1.1","repositories":{"buster":"0.996-6"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.95-1.1","repositories":{"stretch":"0.996-3.1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.95-1.1","repositories":{"jessie":"0.996-1.1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.95-1.1","repositories":{"sid":"0.996-6"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-3191":{"scope":"remote","description":"Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to obtain configuration information via a direct request to admin/adm/test.php, which calls the phpinfo function.","releases":{"jessie":{"fixed_version":"0.8.3dfsg.1-4","repositories":{"jessie":"0.9.3-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-3190":{"scope":"remote","description":"Multiple SQL injection vulnerabilities in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) pass parameters.","releases":{"jessie":{"fixed_version":"0.8.3dfsg.1-4","repositories":{"jessie":"0.9.3-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-3192":{"scope":"remote","description":"admin/setup.php in Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to read and modify configuration settings via a direct request.","releases":{"jessie":{"fixed_version":"0.8.3dfsg.1-4","repositories":{"jessie":"0.9.3-3"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2007-3189":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to inject arbitrary web script or HTML via the user parameter.","releases":{"jessie":{"fixed_version":"0.8.3dfsg.1-4","repositories":{"jessie":"0.9.3-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-4100":{"debianbug":492698,"scope":"remote","description":"GNU adns 1.4 and earlier uses a fixed source port and sequential transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.  NOTE: the vendor reports that this is intended behavior and is compatible with the product's intended role in a trusted environment.","releases":{"buster":{"fixed_version":"1.4-2","repositories":{"buster":"1.5.0~rc1-1.1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.4-2","repositories":{"stretch":"1.5.0~rc1-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1.4-2","repositories":{"jessie":"1.5.0~rc1-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.4-2","repositories":{"sid":"1.5.0~rc1-1.1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-1447":{"debianbug":490123,"scope":"remote","description":"The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka \"DNS Insufficient Socket Entropy Vulnerability\" or \"the Kaminsky bug.\"","releases":{"buster":{"fixed_version":"1.4-2","repositories":{"buster":"1.5.0~rc1-1.1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.4-2","repositories":{"stretch":"1.5.0~rc1-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1.4-2","repositories":{"jessie":"1.5.0~rc1-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.4-2","repositories":{"sid":"1.5.0~rc1-1.1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-3363":{"debianbug":598295,"scope":"local","description":"roarify in roaraudio 0.3 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.","releases":{"buster":{"fixed_version":"0.3-2","repositories":{"buster":"1.0~beta12-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.3-2","repositories":{"stretch":"1.0~beta11-9"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.3-2","repositories":{"jessie":"1.0~beta11-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.3-2","repositories":{"sid":"1.0~beta12-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-1164":{"debianbug":663644,"scope":"remote","description":"slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned.","releases":{"buster":{"fixed_version":"2.4.31-1","repositories":{"buster":"2.4.47+dfsg-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.4.31-1","repositories":{"stretch":"2.4.44+dfsg-5+deb9u2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.4.31-1","repositories":{"jessie":"2.4.40+dfsg-1+deb8u4","jessie-security":"2.4.40+dfsg-1+deb8u3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.4.31-1","repositories":{"sid":"2.4.47+dfsg-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-3276":{"scope":"remote","description":"The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.","releases":{"buster":{"repositories":{"buster":"2.4.47+dfsg-3"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"2.4.44+dfsg-5+deb9u2"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.4.40+dfsg-1+deb8u4","jessie-security":"2.4.40+dfsg-1+deb8u3"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2.4.47+dfsg-3"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-17740":{"scope":"remote","description":"contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.","releases":{"buster":{"repositories":{"buster":"2.4.47+dfsg-3"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"2.4.44+dfsg-5+deb9u2"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.4.40+dfsg-1+deb8u4","jessie-security":"2.4.40+dfsg-1+deb8u3"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2.4.47+dfsg-3"},"urgency":"unimportant","status":"open"}}}}
{"TEMP-0253838-2AD268":{"debianbug":253838,"releases":{"buster":{"fixed_version":"2.4.13","repositories":{"buster":"2.4.47+dfsg-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.4.13","repositories":{"stretch":"2.4.44+dfsg-5+deb9u2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.4.13","repositories":{"jessie":"2.4.40+dfsg-1+deb8u4","jessie-security":"2.4.40+dfsg-1+deb8u3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.4.13","repositories":{"sid":"2.4.47+dfsg-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-2668":{"scope":"remote","description":"libraries/libldap/tls_m.c in OpenLDAP, possibly 2.4.31 and earlier, when using the Mozilla NSS backend, always uses the default cipher suite even when TLSCipherSuite is set, which might cause OpenLDAP to use weaker ciphers than intended and make it easier for remote attackers to obtain sensitive information.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.4.47+dfsg-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.4.44+dfsg-5+deb9u2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.4.40+dfsg-1+deb8u4","jessie-security":"2.4.40+dfsg-1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.4.47+dfsg-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-6908":{"debianbug":798622,"scope":"remote","description":"The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.","releases":{"buster":{"fixed_version":"2.4.42+dfsg-2","repositories":{"buster":"2.4.47+dfsg-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.42+dfsg-2","repositories":{"stretch":"2.4.44+dfsg-5+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.40+dfsg-1+deb8u1","repositories":{"jessie":"2.4.40+dfsg-1+deb8u4","jessie-security":"2.4.40+dfsg-1+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.42+dfsg-2","repositories":{"sid":"2.4.47+dfsg-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-3767":{"debianbug":553432,"scope":"remote","description":"libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.","releases":{"buster":{"fixed_version":"2.4.17-2.1","repositories":{"buster":"2.4.47+dfsg-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.4.17-2.1","repositories":{"stretch":"2.4.44+dfsg-5+deb9u2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.4.17-2.1","repositories":{"jessie":"2.4.40+dfsg-1+deb8u4","jessie-security":"2.4.40+dfsg-1+deb8u3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.4.17-2.1","repositories":{"sid":"2.4.47+dfsg-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-9713":{"debianbug":761406,"scope":"remote","description":"The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified vectors.","releases":{"buster":{"fixed_version":"2.4.40-2","repositories":{"buster":"2.4.47+dfsg-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.40-2","repositories":{"stretch":"2.4.44+dfsg-5+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.40-2","repositories":{"jessie":"2.4.40+dfsg-1+deb8u4","jessie-security":"2.4.40+dfsg-1+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.40-2","repositories":{"sid":"2.4.47+dfsg-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-1025":{"debianbug":617606,"scope":"remote","description":"bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an arbitrary password.","releases":{"buster":{"fixed_version":"2.4.25-1","repositories":{"buster":"2.4.47+dfsg-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.4.25-1","repositories":{"stretch":"2.4.44+dfsg-5+deb9u2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.4.25-1","repositories":{"jessie":"2.4.40+dfsg-1+deb8u4","jessie-security":"2.4.40+dfsg-1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.4.25-1","repositories":{"sid":"2.4.47+dfsg-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-1024":{"debianbug":617606,"scope":"remote","description":"chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates (aka authentication-failure forwarding) is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server.","releases":{"buster":{"fixed_version":"2.4.25-1","repositories":{"buster":"2.4.47+dfsg-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.4.25-1","repositories":{"stretch":"2.4.44+dfsg-5+deb9u2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.4.25-1","repositories":{"jessie":"2.4.40+dfsg-1+deb8u4","jessie-security":"2.4.40+dfsg-1+deb8u3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.4.25-1","repositories":{"sid":"2.4.47+dfsg-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-4079":{"debianbug":647610,"scope":"remote","description":"Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.26 and earlier allows remote attackers to cause a denial of service (slapd crash) via a zero-length string that triggers a heap-based buffer overflow, as demonstrated using an empty postalAddressAttribute value in an LDIF entry.","releases":{"buster":{"fixed_version":"2.4.28-1","repositories":{"buster":"2.4.47+dfsg-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.4.28-1","repositories":{"stretch":"2.4.44+dfsg-5+deb9u2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.4.28-1","repositories":{"jessie":"2.4.40+dfsg-1+deb8u4","jessie-security":"2.4.40+dfsg-1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.4.28-1","repositories":{"sid":"2.4.47+dfsg-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-0211":{"scope":"remote","description":"The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite.","releases":{"buster":{"fixed_version":"2.4.23-1","repositories":{"buster":"2.4.47+dfsg-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.23-1","repositories":{"stretch":"2.4.44+dfsg-5+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.23-1","repositories":{"jessie":"2.4.40+dfsg-1+deb8u4","jessie-security":"2.4.40+dfsg-1+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.23-1","repositories":{"sid":"2.4.47+dfsg-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-4449":{"debianbug":729367,"scope":"remote","description":"The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search.","releases":{"buster":{"fixed_version":"2.4.39-1.1","repositories":{"buster":"2.4.47+dfsg-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.4.39-1.1","repositories":{"stretch":"2.4.44+dfsg-5+deb9u2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.4.39-1.1","repositories":{"jessie":"2.4.40+dfsg-1+deb8u4","jessie-security":"2.4.40+dfsg-1+deb8u3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.4.39-1.1","repositories":{"sid":"2.4.47+dfsg-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-14159":{"scope":"local","description":"slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.","releases":{"buster":{"repositories":{"buster":"2.4.47+dfsg-3"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"2.4.44+dfsg-5+deb9u2"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.4.40+dfsg-1+deb8u4","jessie-security":"2.4.40+dfsg-1+deb8u3"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2.4.47+dfsg-3"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-4984":{"scope":"local","description":"/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.4.47+dfsg-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.4.44+dfsg-5+deb9u2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.4.40+dfsg-1+deb8u4","jessie-security":"2.4.40+dfsg-1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.4.47+dfsg-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-2952":{"debianbug":488710,"scope":"remote","description":"liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams that trigger an assertion error.","releases":{"buster":{"fixed_version":"2.4.10-3","repositories":{"buster":"2.4.47+dfsg-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.4.10-3","repositories":{"stretch":"2.4.44+dfsg-5+deb9u2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.4.10-3","repositories":{"jessie":"2.4.40+dfsg-1+deb8u4","jessie-security":"2.4.40+dfsg-1+deb8u3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.4.10-3","repositories":{"sid":"2.4.47+dfsg-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-1081":{"debianbug":617606,"scope":"remote","description":"modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service (daemon crash) via a relative Distinguished Name (DN) modification request (aka MODRDN operation) that contains an empty value for the OldDN field.","releases":{"buster":{"fixed_version":"2.4.25-1","repositories":{"buster":"2.4.47+dfsg-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.4.25-1","repositories":{"stretch":"2.4.44+dfsg-5+deb9u2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.4.25-1","repositories":{"jessie":"2.4.40+dfsg-1+deb8u4","jessie-security":"2.4.40+dfsg-1+deb8u3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.4.25-1","repositories":{"sid":"2.4.47+dfsg-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-1546":{"debianbug":776991,"scope":"remote","description":"Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a matched values control.","releases":{"buster":{"fixed_version":"2.4.40-4","repositories":{"buster":"2.4.47+dfsg-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.40-4","repositories":{"stretch":"2.4.44+dfsg-5+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.40-4","repositories":{"jessie":"2.4.40+dfsg-1+deb8u4","jessie-security":"2.4.40+dfsg-1+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.40-4","repositories":{"sid":"2.4.47+dfsg-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-8182":{"releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.4.47+dfsg-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.4.44+dfsg-5+deb9u2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.4.40+dfsg-1+deb8u4","jessie-security":"2.4.40+dfsg-1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.4.47+dfsg-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-9287":{"debianbug":863563,"scope":"remote","description":"servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.","releases":{"buster":{"fixed_version":"2.4.44+dfsg-5","repositories":{"buster":"2.4.47+dfsg-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.44+dfsg-5","repositories":{"stretch":"2.4.44+dfsg-5+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.40+dfsg-1+deb8u3","repositories":{"jessie":"2.4.40+dfsg-1+deb8u4","jessie-security":"2.4.40+dfsg-1+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.44+dfsg-5","repositories":{"sid":"2.4.47+dfsg-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-1545":{"debianbug":776988,"scope":"remote","description":"The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request.","releases":{"buster":{"fixed_version":"2.4.40-4","repositories":{"buster":"2.4.47+dfsg-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.40-4","repositories":{"stretch":"2.4.44+dfsg-5+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.40-4","repositories":{"jessie":"2.4.40+dfsg-1+deb8u4","jessie-security":"2.4.40+dfsg-1+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.40-4","repositories":{"sid":"2.4.47+dfsg-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-0212":{"scope":"remote","description":"OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite.","releases":{"buster":{"fixed_version":"2.4.23-1","repositories":{"buster":"2.4.47+dfsg-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.23-1","repositories":{"stretch":"2.4.44+dfsg-5+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.23-1","repositories":{"jessie":"2.4.40+dfsg-1+deb8u4","jessie-security":"2.4.40+dfsg-1+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.23-1","repositories":{"sid":"2.4.47+dfsg-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-4339":{"debianbug":651917,"scope":"local","description":"ipmievd (aka the IPMI event daemon) in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux (RHEL) 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this file.","releases":{"buster":{"fixed_version":"1.8.11-5","repositories":{"buster":"1.8.18-6"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.8.11-5","repositories":{"stretch":"1.8.18-3"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.8.11-5","repositories":{"jessie":"1.8.14-4"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.8.11-5","repositories":{"sid":"1.8.18-6"},"urgency":"low**","status":"resolved"}}}}
{"TEMP-0000000-2A36A7":{"releases":{"buster":{"fixed_version":"0.8.7-1","repositories":{"buster":"0.9.0~rc3-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"0.8.7-1","repositories":{"stretch":"0.8.9-1.1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"0.8.7-1","repositories":{"jessie":"0.8.9-1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"0.8.7-1","repositories":{"sid":"0.9.0~rc3-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2013-4550":{"scope":"remote","description":"Bip before 0.8.9, when running as a daemon, writes SSL handshake errors to an unexpected file descriptor that was previously associated with stderr before stderr has been closed, which allows remote attackers to write to other sockets and have an unspecified impact via a failed SSL handshake, a different vulnerability than CVE-2011-5268. NOTE: some sources originally mapped this CVE to two different types of issues; this CVE has since been SPLIT, producing CVE-2011-5268.","releases":{"buster":{"fixed_version":"0.8.9-1","repositories":{"buster":"0.9.0~rc3-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.8.9-1","repositories":{"stretch":"0.8.9-1.1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.8.9-1","repositories":{"jessie":"0.8.9-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.8.9-1","repositories":{"sid":"0.9.0~rc3-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-3071":{"debianbug":595409,"scope":"remote","description":"bip before 0.8.6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an empty USER command.","releases":{"buster":{"fixed_version":"0.8.6-1","repositories":{"buster":"0.9.0~rc3-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.8.6-1","repositories":{"stretch":"0.8.9-1.1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.8.6-1","repositories":{"jessie":"0.8.9-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.8.6-1","repositories":{"sid":"0.9.0~rc3-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-5268":{"scope":"remote","description":"connection.c in Bip before 0.8.9 does not properly close sockets, which allows remote attackers to cause a denial of service (file descriptor consumption and crash) via multiple failed SSL handshakes, a different vulnerability than CVE-2013-4550.  NOTE: this issue was SPLIT from CVE-2013-4550 because it is a different type of issue.","releases":{"buster":{"fixed_version":"0.8.9-1","repositories":{"buster":"0.9.0~rc3-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.8.9-1","repositories":{"stretch":"0.8.9-1.1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.8.9-1","repositories":{"jessie":"0.8.9-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.8.9-1","repositories":{"sid":"0.9.0~rc3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-0806":{"debianbug":657217,"scope":"remote","description":"Buffer overflow in Bip 0.8.8 and earlier might allow remote authenticated users to execute arbitrary code via vectors involving a series of TCP connections that triggers use of many open file descriptors.","releases":{"buster":{"fixed_version":"0.8.8-2","repositories":{"buster":"0.9.0~rc3-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.8.8-2","repositories":{"stretch":"0.8.9-1.1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.8.8-2","repositories":{"jessie":"0.8.9-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.8.8-2","repositories":{"sid":"0.9.0~rc3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-4939":{"debianbug":496395,"scope":"local","description":"apertium 3.0.7 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/#####.lex.cc, (b) /tmp/#####.deformat.l, (c) /tmp/#####.reformat.l, (d) /tmp/#####docxorig, (e) /tmp/#####docxsalida.zip, (f) /tmp/#####xlsxembed, (g) /tmp/#####xlsxorig, and (h) /tmp/#####xslxsalida.zip temporary files, related to the (1) apertium-gen-deformat, (2) apertium-gen-reformat, and (3) apertium scripts.","releases":{"buster":{"fixed_version":"3.0.7+1-1.1","repositories":{"buster":"3.5.2-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.0.7+1-1.1","repositories":{"stretch":"3.4.0~r61013-5"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3.0.7+1-1.1","repositories":{"jessie":"3.1.0-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"3.0.7+1-1.1","repositories":{"sid":"3.5.2-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-9590":{"debianbug":851293,"scope":"remote","description":"puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage (swift). During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf file with world-readable permissions.","releases":{"buster":{"fixed_version":"9.4.4-1","repositories":{"buster":"13.1.0-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"9.4.4-1","repositories":{"stretch":"9.4.4-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"9.4.4-1","repositories":{"sid":"13.1.0-4"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0000000-3C6C99":{"releases":{"buster":{"fixed_version":"0.15-1","repositories":{"buster":"1.1-3.2"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"0.15-1","repositories":{"stretch":"1.1-3.2"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"0.15-1","repositories":{"jessie":"1.1-3.2"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"0.15-1","repositories":{"sid":"1.1-3.2"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2011-2911":{"scope":"remote","description":"Integer overflow in the CSoundFile::ReadWav function in src/load_wav.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted WAV file, which triggers a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"1:0.8.8.4-1","repositories":{"buster":"1:0.8.9.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:0.8.8.4-1","repositories":{"stretch":"1:0.8.8.5-3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:0.8.8.4-1","repositories":{"jessie":"1:0.8.8.4-4.1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:0.8.8.4-1","repositories":{"sid":"1:0.8.9.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-2915":{"scope":"remote","description":"Off-by-one error in the CSoundFile::ReadAMS2 function in src/load_ams.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a crafted AMS file with a large number of instruments.","releases":{"buster":{"fixed_version":"1:0.8.8.4-1","repositories":{"buster":"1:0.8.9.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:0.8.8.4-1","repositories":{"stretch":"1:0.8.8.5-3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:0.8.8.4-1","repositories":{"jessie":"1:0.8.8.4-4.1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:0.8.8.4-1","repositories":{"sid":"1:0.8.9.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-2914":{"scope":"remote","description":"Off-by-one error in the CSoundFile::ReadDSM function in src/load_dms.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a crafted DSM file with a large number of samples.","releases":{"buster":{"fixed_version":"1:0.8.8.4-1","repositories":{"buster":"1:0.8.9.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:0.8.8.4-1","repositories":{"stretch":"1:0.8.8.5-3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:0.8.8.4-1","repositories":{"jessie":"1:0.8.8.4-4.1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:0.8.8.4-1","repositories":{"sid":"1:0.8.9.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-4233":{"debianbug":719462,"scope":"remote","description":"Integer overflow in the abc_set_parts function in load_abc.cpp in libmodplug 0.8.8.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted P header in an ABC file, which triggers a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"1:0.8.8.4-4","repositories":{"buster":"1:0.8.9.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:0.8.8.4-4","repositories":{"stretch":"1:0.8.8.5-3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:0.8.8.4-4","repositories":{"jessie":"1:0.8.8.4-4.1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:0.8.8.4-4","repositories":{"sid":"1:0.8.9.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-2913":{"scope":"remote","description":"Off-by-one error in the CSoundFile::ReadAMS function in src/load_ams.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service (stack memory corruption) and possibly execute arbitrary code via a crafted AMS file with a large number of samples.","releases":{"buster":{"fixed_version":"1:0.8.8.4-1","repositories":{"buster":"1:0.8.9.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:0.8.8.4-1","repositories":{"stretch":"1:0.8.8.5-3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:0.8.8.4-1","repositories":{"jessie":"1:0.8.8.4-4.1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:0.8.8.4-1","repositories":{"sid":"1:0.8.9.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-4234":{"debianbug":719462,"scope":"remote","description":"Multiple heap-based buffer overflows in the (1) abc_MIDI_drum and (2) abc_MIDI_gchord functions in load_abc.cpp in libmodplug 0.8.8.4 and earlier allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted ABC.","releases":{"buster":{"fixed_version":"1:0.8.8.4-4","repositories":{"buster":"1:0.8.9.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:0.8.8.4-4","repositories":{"stretch":"1:0.8.8.5-3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:0.8.8.4-4","repositories":{"jessie":"1:0.8.8.4-4.1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:0.8.8.4-4","repositories":{"sid":"1:0.8.9.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-2912":{"scope":"remote","description":"Stack-based buffer overflow in the CSoundFile::ReadS3M function in src/load_s3m.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted S3M file with an invalid offset.","releases":{"buster":{"fixed_version":"1:0.8.8.4-1","repositories":{"buster":"1:0.8.9.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:0.8.8.4-1","repositories":{"stretch":"1:0.8.8.5-3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:0.8.8.4-1","repositories":{"jessie":"1:0.8.8.4-4.1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:0.8.8.4-1","repositories":{"sid":"1:0.8.9.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-1438":{"debianbug":526657,"scope":"remote","description":"Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins, TTPlayer, and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow, as exploited in the wild in August 2008.","releases":{"buster":{"fixed_version":"1:0.8.7-1","repositories":{"buster":"1:0.8.9.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:0.8.7-1","repositories":{"stretch":"1:0.8.8.5-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:0.8.7-1","repositories":{"jessie":"1:0.8.8.4-4.1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:0.8.7-1","repositories":{"sid":"1:0.8.9.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-1513":{"debianbug":526084,"scope":"remote","description":"Buffer overflow in the PATinst function in src/load_pat.cpp in libmodplug before 0.8.7 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long instrument name.","releases":{"buster":{"fixed_version":"1:0.8.7-1","repositories":{"buster":"1:0.8.9.0-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1:0.8.7-1","repositories":{"stretch":"1:0.8.8.5-3"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1:0.8.7-1","repositories":{"jessie":"1:0.8.8.4-4.1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1:0.8.7-1","repositories":{"sid":"1:0.8.9.0-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2006-4192":{"debianbug":383574,"scope":"remote","description":"Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products, allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the CSoundFile::ReadITProject function in soundlib/Load_it.cpp and (2) crafted modules used by the CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as demonstrated by crafted AMF files.","releases":{"buster":{"fixed_version":"1:0.7-5.2","repositories":{"buster":"1:0.8.9.0-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1:0.7-5.2","repositories":{"stretch":"1:0.8.8.5-3"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1:0.7-5.2","repositories":{"jessie":"1:0.8.8.4-4.1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1:0.7-5.2","repositories":{"sid":"1:0.8.9.0-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2011-1761":{"debianbug":625966,"scope":"remote","description":"Multiple stack-based buffer overflows in the (1) abc_new_macro and (2) abc_new_umacro functions in src/load_abc.cpp in libmodplug before 0.8.8.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ABC file.  NOTE: some of these details are obtained from third party information.","releases":{"buster":{"fixed_version":"1:0.8.8.4-1","repositories":{"buster":"1:0.8.9.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:0.8.8.4-1","repositories":{"stretch":"1:0.8.8.5-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:0.8.8.4-1","repositories":{"jessie":"1:0.8.8.4-4.1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:0.8.8.4-1","repositories":{"sid":"1:0.8.9.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-1574":{"debianbug":622091,"scope":"remote","description":"Stack-based buffer overflow in the ReadS3M method in load_s3m.cpp in libmodplug before 0.8.8.2 allows remote attackers to execute arbitrary code via a crafted S3M file.","releases":{"buster":{"fixed_version":"1:0.8.8.2-1","repositories":{"buster":"1:0.8.9.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:0.8.8.2-1","repositories":{"stretch":"1:0.8.8.5-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:0.8.8.2-1","repositories":{"jessie":"1:0.8.8.4-4.1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:0.8.8.2-1","repositories":{"sid":"1:0.8.9.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-4490":{"debianbug":840358,"scope":"remote","description":"Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.","releases":{"buster":{"fixed_version":"2.1.0+repack1-1","repositories":{"buster":"2.1.0+repack1-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.1.0+repack1-1","repositories":{"stretch":"2.1.0+repack1-2"},"urgency":"low","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.0.22-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.1.0+repack1-1","repositories":{"sid":"2.1.0+repack1-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-4489":{"debianbug":840358,"scope":"remote","description":"Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the \"demangling of virtual tables.\"","releases":{"buster":{"fixed_version":"2.1.0+repack1-1","repositories":{"buster":"2.1.0+repack1-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.1.0+repack1-1","repositories":{"stretch":"2.1.0+repack1-2"},"urgency":"low","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.0.22-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.1.0+repack1-1","repositories":{"sid":"2.1.0+repack1-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-2226":{"debianbug":840358,"scope":"remote","description":"Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.","releases":{"buster":{"fixed_version":"2.1.0+repack1-1","repositories":{"buster":"2.1.0+repack1-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.1.0+repack1-1","repositories":{"stretch":"2.1.0+repack1-2"},"urgency":"low","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.0.22-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.1.0+repack1-1","repositories":{"sid":"2.1.0+repack1-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-4488":{"debianbug":840358,"scope":"remote","description":"Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"ktypevec.\"","releases":{"buster":{"fixed_version":"2.1.0+repack1-1","repositories":{"buster":"2.1.0+repack1-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.1.0+repack1-1","repositories":{"stretch":"2.1.0+repack1-2"},"urgency":"low","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.0.22-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.1.0+repack1-1","repositories":{"sid":"2.1.0+repack1-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-4487":{"debianbug":840358,"scope":"remote","description":"Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"btypevec.\"","releases":{"buster":{"fixed_version":"2.1.0+repack1-1","repositories":{"buster":"2.1.0+repack1-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.1.0+repack1-1","repositories":{"stretch":"2.1.0+repack1-2"},"urgency":"low","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.0.22-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.1.0+repack1-1","repositories":{"sid":"2.1.0+repack1-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-4493":{"debianbug":840358,"scope":"remote","description":"The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.","releases":{"buster":{"fixed_version":"2.1.0+repack1-1","repositories":{"buster":"2.1.0+repack1-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.1.0+repack1-1","repositories":{"stretch":"2.1.0+repack1-2"},"urgency":"low","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.0.22-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.1.0+repack1-1","repositories":{"sid":"2.1.0+repack1-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2005-1545":{"debianbug":308587,"scope":"remote","description":"Integer overflow in the ELF parser in HT Editor before 0.8.0 allows remote attackers to execute arbitrary code via a crafted ELF file, which leads to a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"0.8.0-3","repositories":{"buster":"2.1.0+repack1-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.8.0-3","repositories":{"stretch":"2.1.0+repack1-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.8.0-3","repositories":{"jessie":"2.0.22-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.8.0-3","repositories":{"sid":"2.1.0+repack1-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-4492":{"debianbug":840358,"scope":"remote","description":"Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.","releases":{"buster":{"fixed_version":"2.1.0+repack1-1","repositories":{"buster":"2.1.0+repack1-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.1.0+repack1-1","repositories":{"stretch":"2.1.0+repack1-2"},"urgency":"low","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.0.22-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.1.0+repack1-1","repositories":{"sid":"2.1.0+repack1-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2005-1546":{"debianbug":308587,"scope":"remote","description":"Buffer overflow in the PE parser in HT Editor before 0.8.0 allows remote attackers to execute arbitrary code via a crafted PE file.","releases":{"buster":{"fixed_version":"0.8.0-3","repositories":{"buster":"2.1.0+repack1-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.8.0-3","repositories":{"stretch":"2.1.0+repack1-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.8.0-3","repositories":{"jessie":"2.0.22-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.8.0-3","repositories":{"sid":"2.1.0+repack1-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-6131":{"debianbug":840889,"scope":"remote","description":"The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types.","releases":{"buster":{"fixed_version":"2.1.0+repack1-2","repositories":{"buster":"2.1.0+repack1-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.1.0+repack1-2","repositories":{"stretch":"2.1.0+repack1-2"},"urgency":"low","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.0.22-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.1.0+repack1-2","repositories":{"sid":"2.1.0+repack1-3"},"urgency":"low","status":"resolved"}}}}
{"TEMP-0773308-EE1012":{"debianbug":773308,"releases":{"buster":{"fixed_version":"2.1.0-1","repositories":{"buster":"2.1.0+repack1-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.1.0-1","repositories":{"stretch":"2.1.0+repack1-2"},"urgency":"low","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.0.22-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.1.0-1","repositories":{"sid":"2.1.0+repack1-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-1000231":{"debianbug":882015,"scope":"remote","description":"A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors.","releases":{"buster":{"fixed_version":"1.7.0-4","repositories":{"buster":"1.7.0-4"},"urgency":"high**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.7.0-1"},"urgency":"high**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.6.17-5"},"urgency":"high**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.7.0-4","repositories":{"sid":"1.7.0-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-3209":{"debianbug":746758,"scope":"local","description":"The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file.","releases":{"buster":{"fixed_version":"1.6.17-4","repositories":{"buster":"1.7.0-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.6.17-4","repositories":{"stretch":"1.7.0-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.6.17-4","repositories":{"jessie":"1.6.17-5"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.6.17-4","repositories":{"sid":"1.7.0-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-3581":{"debianbug":647297,"scope":"remote","description":"Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns before 1.6.11 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Resource Record (RR) with an unknown type containing input that is longer than a specified length.","releases":{"buster":{"fixed_version":"1.6.11-1","repositories":{"buster":"1.7.0-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.6.11-1","repositories":{"stretch":"1.7.0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.6.11-1","repositories":{"jessie":"1.6.17-5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.6.11-1","repositories":{"sid":"1.7.0-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-1086":{"scope":"remote","description":"Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns 1.4.x allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a DNS resource record (RR) with a long (1) class field (clas variable) and possibly (2) TTL field.","releases":{"buster":{"fixed_version":"1.5.1-1","repositories":{"buster":"1.7.0-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.5.1-1","repositories":{"stretch":"1.7.0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.5.1-1","repositories":{"jessie":"1.6.17-5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.5.1-1","repositories":{"sid":"1.7.0-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-1000232":{"debianbug":882014,"scope":"remote","description":"A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors.","releases":{"buster":{"fixed_version":"1.7.0-4","repositories":{"buster":"1.7.0-4"},"urgency":"high**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.7.0-1"},"urgency":"high**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.6.17-5"},"urgency":"high**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.7.0-4","repositories":{"sid":"1.7.0-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-5444":{"scope":"remote","description":"Geary before 0.6.3 does not present the user with a warning when a TLS certificate error is detected, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted certificate.","releases":{"buster":{"fixed_version":"0.6.3-1","repositories":{"buster":"0.12.4-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.6.3-1","repositories":{"stretch":"0.11.3-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.6.3-1","repositories":{"jessie":"0.8.2-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.6.3-1","repositories":{"sid":"0.12.4-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-4652":{"scope":"remote","description":"The (1) Conn_GetCipherInfo and (2) Conn_UsesSSL functions in src/ngircd/conn.c in ngIRCd 13 and 14, when SSL/TLS support is present and standalone mode is disabled, allow remote attackers to cause a denial of service (application crash) by sending the MOTD command from another server in the same IRC network, possibly related to an array index error.","releases":{"buster":{"fixed_version":"15-0.1","repositories":{"buster":"25-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"15-0.1","repositories":{"stretch":"24-1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"15-0.1","repositories":{"jessie":"22-2"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"15-0.1","repositories":{"sid":"25-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2007-6062":{"debianbug":451875,"scope":"remote","description":"irc-channel.c in ngIRCd before 0.10.3 allows remote attackers to cause a denial of service (crash) via a JOIN command without a channel argument.","releases":{"buster":{"fixed_version":"0.10.3-1","repositories":{"buster":"25-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.10.3-1","repositories":{"stretch":"24-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.10.3-1","repositories":{"jessie":"22-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.10.3-1","repositories":{"sid":"25-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-5580":{"scope":"remote","description":"The (1) Conn_StartLogin and (2) cb_Read_Resolver_Result functions in conn.c in ngIRCd 18 through 20.2, when the configuration option NoticeAuth is enabled, does not properly handle the return code for the Handle_Write function, which allows remote attackers to cause a denial of service (assertion failure and server crash) via unspecified vectors, related to a \"notice auth\" message not being sent to a new client.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"25-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"24-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"22-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"25-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-0285":{"debianbug":461067,"scope":"remote","description":"ngIRCd 0.10.x before 0.10.4 and 0.11.0 before 0.11.0-pre2 allows remote attackers to cause a denial of service (crash) via crafted IRC PART message, which triggers an invalid dereference.","releases":{"buster":{"fixed_version":"0.10.3-2","repositories":{"buster":"25-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.10.3-2","repositories":{"stretch":"24-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.10.3-2","repositories":{"jessie":"22-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.10.3-2","repositories":{"sid":"25-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-1747":{"scope":"remote","description":"channel.c in ngIRCd 20 and 20.1 allows remote attackers to cause a denial of service (assertion failure and crash) via a KICK command for a user who is not on the associated channel.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"25-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"24-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"22-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"25-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-10857":{"scope":"remote","description":"git-annex is vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the git-annex repository, or content from a private web server on localhost or the LAN.","releases":{"buster":{"fixed_version":"6.20180626-1","repositories":{"buster":"7.20190129-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"6.20170101-1+deb9u2","repositories":{"stretch-security":"6.20170101-1+deb9u1","stretch":"6.20170101-1+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"5.20141125+oops-1+deb8u2","repositories":{"jessie":"5.20141125+deb8u1","jessie-security":"5.20141125+oops-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"6.20180626-1","repositories":{"sid":"7.20190129-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-6274":{"releases":{"buster":{"fixed_version":"5.20140919","repositories":{"buster":"7.20190129-3"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"5.20140919","repositories":{"stretch-security":"6.20170101-1+deb9u1","stretch":"6.20170101-1+deb9u2"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"5.20140919","repositories":{"jessie":"5.20141125+deb8u1","jessie-security":"5.20141125+oops-1+deb8u2"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"5.20140919","repositories":{"sid":"7.20190129-3"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-10859":{"scope":"remote","description":"git-annex is vulnerable to an Information Exposure when decrypting files. A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user's gpg key. This attack could be used to expose encrypted data that was never stored in git-annex","releases":{"buster":{"fixed_version":"6.20180626-1","repositories":{"buster":"7.20190129-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"6.20170101-1+deb9u2","repositories":{"stretch-security":"6.20170101-1+deb9u1","stretch":"6.20170101-1+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"5.20141125+oops-1+deb8u2","repositories":{"jessie":"5.20141125+deb8u1","jessie-security":"5.20141125+oops-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"6.20180626-1","repositories":{"sid":"7.20190129-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-12976":{"debianbug":873088,"scope":"remote","description":"git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117.","releases":{"buster":{"fixed_version":"6.20170818-1","repositories":{"buster":"7.20190129-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"6.20170101-1+deb9u1","repositories":{"stretch-security":"6.20170101-1+deb9u1","stretch":"6.20170101-1+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"5.20141125+oops-1+deb8u2","repositories":{"jessie":"5.20141125+deb8u1","jessie-security":"5.20141125+oops-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"6.20170818-1","repositories":{"sid":"7.20190129-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-1799":{"debianbug":432007,"scope":"remote","description":"Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.3 only checks for the \"..\" string, which allows remote attackers to overwrite arbitrary files via modified \"..\" sequences in a torrent filename, as demonstrated by \"../\" sequences, due to an incomplete fix for CVE-2007-1384.","releases":{"buster":{"fixed_version":"2.1.4.dfsg.1-1","repositories":{"buster":"5.1.1-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.1.4.dfsg.1-1","repositories":{"stretch":"4.3.1-5"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.1.4.dfsg.1-1","repositories":{"jessie":"4.3.1-2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.1.4.dfsg.1-1","repositories":{"sid":"5.1.1-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2007-1384":{"debianbug":414832,"scope":"remote","description":"Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.2 allows remote attackers to overwrite arbitrary files via \"..\" sequences in a torrent filename.","releases":{"buster":{"fixed_version":"2.0.3+dfsg1-2.1","repositories":{"buster":"5.1.1-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.0.3+dfsg1-2.1","repositories":{"stretch":"4.3.1-5"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.0.3+dfsg1-2.1","repositories":{"jessie":"4.3.1-2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.0.3+dfsg1-2.1","repositories":{"sid":"5.1.1-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2008-5905":{"debianbug":504178,"scope":"remote","description":"The web interface plugin in KTorrent before 3.1.4 allows remote attackers to bypass intended access restrictions and upload arbitrary torrent files, and trigger the start of downloads and seeding, via a crafted HTTP POST request.","releases":{"buster":{"fixed_version":"3.1.4+dfsg.1-1","repositories":{"buster":"5.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.1.4+dfsg.1-1","repositories":{"stretch":"4.3.1-5"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.1.4+dfsg.1-1","repositories":{"jessie":"4.3.1-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.1.4+dfsg.1-1","repositories":{"sid":"5.1.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-1385":{"debianbug":414832,"scope":"remote","description":"chunkcounter.cpp in KTorrent before 2.1.2 allows remote attackers to cause a denial of service (crash) and heap corruption via a negative or large idx value.","releases":{"buster":{"fixed_version":"2.0.3+dfsg1-2.1","repositories":{"buster":"5.1.1-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.0.3+dfsg1-2.1","repositories":{"stretch":"4.3.1-5"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.0.3+dfsg1-2.1","repositories":{"jessie":"4.3.1-2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.0.3+dfsg1-2.1","repositories":{"sid":"5.1.1-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2008-5906":{"debianbug":504178,"scope":"remote","description":"Eval injection vulnerability in the web interface plugin in KTorrent before 3.1.4 allows remote attackers to execute arbitrary PHP code via unspecified parameters to this interface's PHP scripts.","releases":{"buster":{"fixed_version":"3.1.4+dfsg.1-1","repositories":{"buster":"5.1.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.1.4+dfsg.1-1","repositories":{"stretch":"4.3.1-5"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.1.4+dfsg.1-1","repositories":{"jessie":"4.3.1-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.1.4+dfsg.1-1","repositories":{"sid":"5.1.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-4768":{"scope":"remote","description":"Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized.","releases":{"buster":{"fixed_version":"2.14.3-1","repositories":{"buster":"2.58.3-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.3-1","repositories":{"stretch":"2.50.3-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.14.3-1","repositories":{"jessie":"2.42.1-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.14.3-1","repositories":{"sid":"2.58.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-4767":{"scope":"remote","description":"Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly compute the length of (1) a \\p sequence, (2) a \\P sequence, or (3) a \\P{x} sequence, which allows context-dependent attackers to cause a denial of service (infinite loop or crash) or execute arbitrary code.","releases":{"buster":{"fixed_version":"2.14.3-1","repositories":{"buster":"2.58.3-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.3-1","repositories":{"stretch":"2.50.3-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.14.3-1","repositories":{"jessie":"2.42.1-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.14.3-1","repositories":{"sid":"2.58.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-4766":{"scope":"remote","description":"Multiple integer overflows in Perl-Compatible Regular Expression (PCRE) library before 7.3 allow context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via unspecified escape (backslash) sequences.","releases":{"buster":{"fixed_version":"2.14.3-1","repositories":{"buster":"2.58.3-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.3-1","repositories":{"stretch":"2.50.3-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.14.3-1","repositories":{"jessie":"2.42.1-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.14.3-1","repositories":{"sid":"2.58.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-1659":{"scope":"remote","description":"Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via regex patterns containing unmatched \"\\Q\\E\" sequences with orphan \"\\E\" codes.","releases":{"buster":{"fixed_version":"2.14.3-1","repositories":{"buster":"2.58.3-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.3-1","repositories":{"stretch":"2.50.3-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.14.3-1","repositories":{"jessie":"2.42.1-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.14.3-1","repositories":{"sid":"2.58.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-3524":{"debianbug":689070,"scope":"local","description":"libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable.  NOTE: libdbus maintainers state that this is a vulnerability in the applications that do not cleanse environment variables, not in libdbus itself: \"we do not support use of libdbus in setuid binaries that do not sanitize their environment before their first call into libdbus.\"","releases":{"buster":{"fixed_version":"2.33.12+really2.32.4-2","repositories":{"buster":"2.58.3-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.33.12+really2.32.4-2","repositories":{"stretch":"2.50.3-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.33.12+really2.32.4-2","repositories":{"jessie":"2.42.1-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.33.12+really2.32.4-2","repositories":{"sid":"2.58.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-7225":{"scope":"remote","description":"Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to cause a denial of service (error or crash) via a regular expression that involves a \"malformed POSIX character class\", as demonstrated via an invalid character after a [[ sequence.","releases":{"buster":{"fixed_version":"2.14.3-1","repositories":{"buster":"2.58.3-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.3-1","repositories":{"stretch":"2.50.3-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.14.3-1","repositories":{"jessie":"2.42.1-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.14.3-1","repositories":{"sid":"2.58.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-9633":{"scope":"remote","description":"gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mishandling and application crash) via a crafted web site, as demonstrated by GNOME Web (aka Epiphany).","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.58.3-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.50.3-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.42.1-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.58.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-7226":{"scope":"remote","description":"Perl-Compatible Regular Expression (PCRE) library before 6.7 does not properly calculate the compiled memory allocation for regular expressions that involve a quantified \"subpattern containing a named recursion or subroutine reference,\" which allows context-dependent attackers to cause a denial of service (error or crash).","releases":{"buster":{"fixed_version":"2.14.3-1","repositories":{"buster":"2.58.3-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.3-1","repositories":{"stretch":"2.50.3-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.14.3-1","repositories":{"jessie":"2.42.1-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.14.3-1","repositories":{"sid":"2.58.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-16428":{"scope":"remote","description":"In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference.","releases":{"buster":{"fixed_version":"2.58.0-1","repositories":{"buster":"2.58.3-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.50.3-2"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.42.1-1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.58.0-1","repositories":{"sid":"2.58.3-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-0039":{"debianbug":655044,"scope":"remote","description":"** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.  NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application.","releases":{"buster":{"repositories":{"buster":"2.58.3-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"2.50.3-2"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.42.1-1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2.58.3-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2018-16429":{"scope":"remote","description":"GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str().","releases":{"buster":{"fixed_version":"2.58.0-1","repositories":{"buster":"2.58.3-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.50.3-2"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.42.1-1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.58.0-1","repositories":{"sid":"2.58.3-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-3289":{"scope":"local","description":"The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory.","releases":{"buster":{"fixed_version":"2.22.0-1","repositories":{"buster":"2.58.3-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.22.0-1","repositories":{"stretch":"2.50.3-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.22.0-1","repositories":{"jessie":"2.42.1-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.22.0-1","repositories":{"sid":"2.58.3-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-4316":{"debianbug":520046,"scope":"local","description":"Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers to execute arbitrary code via a long string that is converted either (1) from or (2) to a base64 representation.","releases":{"buster":{"fixed_version":"2.20.0-1","repositories":{"buster":"2.58.3-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.20.0-1","repositories":{"stretch":"2.50.3-2"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.20.0-1","repositories":{"jessie":"2.42.1-1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.20.0-1","repositories":{"sid":"2.58.3-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2007-1662":{"scope":"remote","description":"Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service (crash), possibly involving forward references.","releases":{"buster":{"fixed_version":"2.14.3-1","repositories":{"buster":"2.58.3-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.3-1","repositories":{"stretch":"2.50.3-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.14.3-1","repositories":{"jessie":"2.42.1-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.14.3-1","repositories":{"sid":"2.58.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-1660":{"scope":"remote","description":"Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate sizes for unspecified \"multiple forms of character class\", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code.","releases":{"buster":{"fixed_version":"2.14.3-1","repositories":{"buster":"2.58.3-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.3-1","repositories":{"stretch":"2.50.3-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.14.3-1","repositories":{"jessie":"2.42.1-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.14.3-1","repositories":{"sid":"2.58.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-1661":{"scope":"remote","description":"Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the \"\\X?\\d\" and \"\\P{L}?\\d\" patterns.","releases":{"buster":{"fixed_version":"2.14.3-1","repositories":{"buster":"2.58.3-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.14.3-1","repositories":{"stretch":"2.50.3-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.14.3-1","repositories":{"jessie":"2.42.1-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.14.3-1","repositories":{"sid":"2.58.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-3758":{"scope":"remote","description":"Multiple buffer overflows in libdex/OptInvocation.cpp in DexClassLoader in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to gain privileges via a crafted application that provides a long filename, aka internal bug 27840771.","releases":{"buster":{"fixed_version":"6.0.1+r55-1","repositories":{"buster":"8.1.0+r23-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"6.0.1+r55-1","repositories":{"stretch":"7.0.0+r33-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"6.0.1+r55-1","repositories":{"sid":"8.1.0+r23-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-0053":{"debianbug":359661,"scope":"remote","description":"Imager (libimager-perl) before 0.50 allows user-assisted attackers to cause a denial of service (segmentation fault) by writing a 2- or 4-channel JPEG image (or a 2-channel TGA image) to a scalar, which triggers a NULL pointer dereference.","releases":{"buster":{"fixed_version":"0.50-1","repositories":{"buster":"1.010+dfsg-1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"0.50-1","repositories":{"stretch":"1.005+dfsg-2"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"0.50-1","repositories":{"jessie":"1.000+dfsg-2"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"0.50-1","repositories":{"sid":"1.010+dfsg-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2007-2459":{"debianbug":421582,"scope":"remote","description":"Heap-based buffer overflow in the BMP reader (bmp.c) in Imager perl module (libimager-perl) 0.45 through 0.56 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted 8-bit/pixel compressed BMP files.","releases":{"buster":{"fixed_version":"0.58-1","repositories":{"buster":"1.010+dfsg-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.58-1","repositories":{"stretch":"1.005+dfsg-2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.58-1","repositories":{"jessie":"1.000+dfsg-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.58-1","repositories":{"sid":"1.010+dfsg-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-1928":{"scope":"remote","description":"Buffer overflow in Imager 0.42 through 0.63 allows attackers to cause a denial of service (crash) via an image based fill in which the number of input channels is different from the number of output channels.","releases":{"buster":{"fixed_version":"0.64-1","repositories":{"buster":"1.010+dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.64-1","repositories":{"stretch":"1.005+dfsg-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.64-1","repositories":{"jessie":"1.000+dfsg-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.64-1","repositories":{"sid":"1.010+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-3740":{"debianbug":893610,"scope":"remote","description":"A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element.","releases":{"buster":{"fixed_version":"4.6.6-1","repositories":{"buster":"4.6.6-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.1.0-2+deb9u1","repositories":{"stretch-security":"2.1.0-2+deb9u1","stretch":"2.1.0-2+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Only occurs with libxml2 >= 2.9.2, jessie has 2.9.1","repositories":{"jessie":"2.1.0-1"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"4.6.6-1","repositories":{"sid":"4.6.6-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-17513":{"scope":"remote","description":"TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to linked_scripts/context/stubs/unix/mtxrun, texmf-dist/scripts/context/stubs/mswin/mtxrun.lua, and texmf-dist/tex/luatex/lualibs/lualibs-os.lua.","releases":{"buster":{"repositories":{"buster":"2018.04.04.20181118-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"2016.05.17.20160523-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2014.05.21.20140528-2"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2018.04.04.20181118-2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2014-3207":{"debianbug":746626,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in wserver.ml in SKS Keyserver before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to pks/lookup/undefined1.","releases":{"buster":{"fixed_version":"1.1.5-1","repositories":{"buster":"1.1.6-14"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.1.5-1","repositories":{"stretch":"1.1.6-4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.1.5-1","repositories":{"jessie":"1.1.5-3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.1.5-1","repositories":{"sid":"1.1.6-14"},"urgency":"low","status":"resolved"}}}}
{"CVE-2006-4046":{"debianbug":381098,"scope":"remote","description":"Multiple stack-based buffer overflows in Open Cubic Player 2.6.0pre6 and earlier for Windows, and 0.1.10_rc5 and earlier on Linux/BSD, allow remote attackers to execute arbitrary code via (1) a large .S3M file handled by the mpLoadS3M function, (2) a crafted .IT file handled by the itplayerclass::module::load function, (3) a crafted .ULT file handled by the mpLoadULT function, or (4) a crafted .AMS file handled by the mpLoadAMS function.","releases":{"buster":{"fixed_version":"0.1.10rc6-1","repositories":{"buster":"1:0.1.21-5"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"0.1.10rc6-1","repositories":{"jessie":"1:0.1.21-1.1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"0.1.10rc6-1","repositories":{"sid":"1:0.1.21-5"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2017-14623":{"debianbug":876404,"scope":"remote","description":"In the ldap.v2 (aka go-ldap) package through 2.5.0 for Go, an attacker may be able to login with an empty password. This issue affects an application using this package if these conditions are met: (1) it relies only on the return error of the Bind function call to determine whether a user is authorized (i.e., a nil return value is interpreted as successful authorization) and (2) it is used with an LDAP server allowing unauthenticated bind.","releases":{"buster":{"fixed_version":"2.5.1-1","repositories":{"buster":"2.5.1-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.4.1-1+deb9u1","repositories":{"stretch":"2.4.1-1+deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.5.1-1","repositories":{"sid":"2.5.1-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-5662":{"debianbug":706547,"scope":"remote","description":"x3270 before 3.3.12ga12 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.","releases":{"buster":{"fixed_version":"3.3.14ga11-1","repositories":{"buster":"3.6ga4-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.3.14ga11-1","repositories":{"stretch":"3.3.14ga11-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.3.14ga11-1","repositories":{"jessie":"3.3.14ga11-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.3.14ga11-1","repositories":{"sid":"3.6ga4-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-2099":{"debianbug":708530,"scope":"remote","description":"Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate.","releases":{"buster":{"fixed_version":"8.5-1","repositories":{"buster":"9.4.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"8.5-1","repositories":{"stretch":"9.3-4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"8.5-1","repositories":{"jessie":"9.3-1+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"8.5-1","repositories":{"sid":"9.4.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2002-1395":{"scope":"local","description":"Internet Message (IM) 141-18 and earlier uses predictable file and directory names, which allows local users to (1) obtain unauthorized directory permissions via a temporary directory used by impwagent, and (2) overwrite and create arbitrary files via immknmz.","releases":{"buster":{"fixed_version":"1:141-20","repositories":{"buster":"1:153-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1:141-20","repositories":{"stretch":"1:153-1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1:141-20","repositories":{"jessie":"1:151-3"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1:141-20","repositories":{"sid":"1:153-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2006-1010":{"scope":"remote","description":"Buffer overflow in socket/request.c in CrossFire before 1.9.0, when oldsocketmode is enabled, allows remote attackers to cause a denial of service (segmentation fault) and possibly execute code by sending the server a large request.","releases":{"buster":{"fixed_version":"1.9.0-1","repositories":{"buster":"1.71.0+dfsg1-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.9.0-1","repositories":{"stretch":"1.71.0+dfsg1-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.9.0-1","repositories":{"jessie":"1.71.0+dfsg1-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.9.0-1","repositories":{"sid":"1.71.0+dfsg1-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-1236":{"scope":"remote","description":"Buffer overflow in the SetUp function in socket/request.c in CrossFire 1.9.0 allows remote attackers to execute arbitrary code via a long setup sound command, a different vulnerability than CVE-2006-1010.","releases":{"buster":{"fixed_version":"1.9.0-2","repositories":{"buster":"1.71.0+dfsg1-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.9.0-2","repositories":{"stretch":"1.71.0+dfsg1-1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.9.0-2","repositories":{"jessie":"1.71.0+dfsg1-1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.9.0-2","repositories":{"sid":"1.71.0+dfsg1-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2014-6070":{"debianbug":760372,"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in Adiscon LogAnalyzer before 3.6.6 allow remote attackers to inject arbitrary web script or HTML via the hostname in (1) index.php or (2) detail.php.","releases":{"buster":{"fixed_version":"3.6.6+dfsg-1","repositories":{"buster":"4.1.5+dfsg-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.6.6+dfsg-1","repositories":{"jessie":"3.6.6+dfsg-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.6.6+dfsg-1","repositories":{"sid":"4.1.5+dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-9838":{"debianbug":895472,"scope":"remote","description":"The caml_ba_deserialize function in byterun/bigarray.c in the standard library in OCaml 4.06.0 has an integer overflow which, in situations where marshalled data is accepted from an untrusted source, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted object.","releases":{"buster":{"fixed_version":"4.05.0-11","repositories":{"buster":"4.05.0-11"},"urgency":"high**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"4.02.3-9"},"urgency":"high**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"4.01.0-5"},"urgency":"high**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"4.05.0-11","repositories":{"sid":"4.05.0-11"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-8869":{"debianbug":824139,"scope":"remote","description":"OCaml before 4.03.0 does not properly handle sign extensions, which allows remote attackers to conduct buffer overflow attacks or obtain sensitive information as demonstrated by a long string to the String.copy function.","releases":{"buster":{"fixed_version":"4.02.3-9","repositories":{"buster":"4.05.0-11"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.02.3-9","repositories":{"stretch":"4.02.3-9"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue; can be fixed via point release and sheduling binNMUs there","repositories":{"jessie":"4.01.0-5"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"4.02.3-9","repositories":{"sid":"4.05.0-11"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-9779":{"debianbug":874700,"scope":"local","description":"OCaml compiler allows attackers to have unspecified impact via unknown vectors, a similar issue to CVE-2017-9772 \"but with much less impact.\"","releases":{"buster":{"fixed_version":"4.05.0-9","repositories":{"buster":"4.05.0-11"},"urgency":"high**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"4.02.3-9"},"urgency":"high**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"4.01.0-5"},"urgency":"high**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"4.05.0-9","repositories":{"sid":"4.05.0-11"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-9772":{"scope":"remote","description":"Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1 allows external code to be executed with raised privilege in binaries marked as setuid, by setting the CAML_CPLUGINS, CAML_NATIVE_CPLUGINS, or CAML_BYTE_CPLUGINS environment variable.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"4.05.0-11"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.02.3-9"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.01.0-5"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"4.05.0-11"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-0839":{"debianbug":659149,"scope":"remote","description":"OCaml 3.12.1 and earlier computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.","releases":{"buster":{"fixed_version":"4.00.0~beta2-1","repositories":{"buster":"4.05.0-11"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"4.00.0~beta2-1","repositories":{"stretch":"4.02.3-9"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"4.00.0~beta2-1","repositories":{"jessie":"4.01.0-5"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"4.00.0~beta2-1","repositories":{"sid":"4.05.0-11"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-10906":{"debianbug":904439,"scope":"local","description":"In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects.","releases":{"buster":{"fixed_version":"3.2.6-1","repositories":{"buster":"3.4.1-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.2.6-1","repositories":{"sid":"3.4.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-15865":{"scope":"remote","description":"bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in Cumulus Linux before 3.4.3 and other products, allows remote attackers to obtain sensitive information via a malformed BGP UPDATE packet from a connected peer, which triggers transmission of up to a few thousand unintended bytes because of a mishandled attribute length, aka RN-690 (CM-18492).","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"6.0.2-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"6.0.2-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-5892":{"scope":"remote","description":"bgpd in FRRouting FRR (aka Free Range Routing) 2.x and 3.x before 3.0.4, 4.x before 4.0.1, 5.x before 5.0.2, and 6.x before 6.0.2 (not affecting Cumulus Linux or VyOS), when ENABLE_BGP_VNC is used for Virtual Network Control, allows remote attackers to cause a denial of service (peering session flap) via attribute 255 in a BGP UPDATE packet. This occurred during Disco in January 2019 because FRR does not implement RFC 7606, and therefore the packets with 255 were considered invalid VNC data and the BGP session was closed.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"6.0.2-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"6.0.2-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-1000010":{"scope":"remote","description":"Audacity version 2.1.2 is vulnerable to Dll HIjacking in the avformat-55.dll resulting arbitrary code execution","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.2.2-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.1.2-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.0.6-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.2.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-3720":{"debianbug":551936,"scope":"remote","description":"The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.","releases":{"buster":{"fixed_version":"1.3.2-1","repositories":{"buster":"2.2.2-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.3.2-1","repositories":{"stretch":"2.1.2-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1.3.2-1","repositories":{"jessie":"2.0.6-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.3.2-1","repositories":{"sid":"2.2.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-6061":{"debianbug":453283,"scope":"remote","description":"Audacity 1.3.2 creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service (recording deadlock) by creating the directory before Audacity is run.  NOTE: this issue can be leveraged to delete arbitrary files or directories via a symlink attack.","releases":{"buster":{"fixed_version":"1.3.4-1.1","repositories":{"buster":"2.2.2-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.3.4-1.1","repositories":{"stretch":"2.1.2-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.3.4-1.1","repositories":{"jessie":"2.0.6-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.3.4-1.1","repositories":{"sid":"2.2.2-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-2540":{"scope":"remote","description":"Audacity before 2.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted FORMATCHUNK structure.","releases":{"buster":{"fixed_version":"2.1.2-1","repositories":{"buster":"2.2.2-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.1.2-1","repositories":{"stretch":"2.1.2-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"2.0.6-2"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.1.2-1","repositories":{"sid":"2.2.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-3560":{"debianbug":560901,"scope":"remote","description":"The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.","releases":{"buster":{"fixed_version":"1.3.2-1","repositories":{"buster":"2.2.2-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.3.2-1","repositories":{"stretch":"2.1.2-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1.3.2-1","repositories":{"jessie":"2.0.6-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.3.2-1","repositories":{"sid":"2.2.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-2541":{"scope":"remote","description":"Audacity before 2.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted MP2 file.","releases":{"buster":{"fixed_version":"2.1.2-1","repositories":{"buster":"2.2.2-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.1.2-1","repositories":{"stretch":"2.1.2-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.0.6-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.1.2-1","repositories":{"sid":"2.2.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-0490":{"debianbug":514138,"scope":"remote","description":"Stack-based buffer overflow in the String_parse::get_nonspace_quoted function in lib-src/allegro/strparse.cpp in Audacity 1.2.6 and other versions before 1.3.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .gro file containing a long string.","releases":{"buster":{"fixed_version":"1.3.6-1","repositories":{"buster":"2.2.2-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.3.6-1","repositories":{"stretch":"2.1.2-2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.3.6-1","repositories":{"jessie":"2.0.6-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.3.6-1","repositories":{"sid":"2.2.2-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-3954":{"debianbug":891220,"scope":"local","description":"web2py before 2.14.2 allows remote attackers to obtain the session_cookie_key value via a direct request to examples/simple_examples/status.  NOTE: this issue can be leveraged by remote attackers to execute arbitrary code using CVE-2016-3957.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1.99.7-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-3957":{"debianbug":891220,"scope":"remote","description":"The secure_load function in gluon/utils.py in web2py before 2.14.2 uses pickle.loads to deserialize session information stored in cookies, which might allow remote attackers to execute arbitrary code by leveraging knowledge of encryption_key.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1.99.7-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-2311":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in static/js/share.js (aka the social bookmarking widget) in Web2py before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1.99.7-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-3952":{"debianbug":891220,"scope":"local","description":"web2py before 2.14.1, when using the standalone version, allows remote attackers to obtain environment variable values via a direct request to examples/template_examples/beautify.  NOTE: this issue can be leveraged by remote attackers to gain administrative access.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1.99.7-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-3953":{"debianbug":891220,"scope":"remote","description":"The sample web application in web2py before 2.14.2 might allow remote attackers to execute arbitrary code via vectors involving use of a hardcoded encryption key when calling the session.connect function.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1.99.7-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-10321":{"debianbug":860038,"scope":"remote","description":"web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks.","releases":{"jessie":{"nodsa":"Minor issue; issue in web admin interface which has no need to be used in production","repositories":{"jessie":"1.99.7-1"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"}}}}
{"CVE-2016-4806":{"debianbug":856127,"scope":"remote","description":"Web2py versions 2.14.5 and below was affected by Local File Inclusion vulnerability, which allows a malicious intended user to read/access web server sensitive files.","releases":{"jessie":{"nodsa":"Minor issue; issue in web admin interface which has no need to be used in production","repositories":{"jessie":"1.99.7-1"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"}}}}
{"CVE-2016-4808":{"debianbug":856127,"scope":"remote","description":"Web2py versions 2.14.5 and below was affected by CSRF (Cross Site Request Forgery) vulnerability, which allows an attacker to trick a logged in user to perform some unwanted actions i.e An attacker can trick an victim to disable the installed application just by sending a URL to victim.","releases":{"jessie":{"nodsa":"Minor issue; issue in web admin interface which has no need to be used in production","repositories":{"jessie":"1.99.7-1"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"}}}}
{"CVE-2015-6961":{"scope":"remote","description":"Open redirect vulnerability in gluon/tools.py in Web2py 2.9.11 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the _next parameter to user/logout.","releases":{"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.99.7-1"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"}}}}
{"CVE-2016-4807":{"debianbug":856127,"scope":"remote","description":"Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user (admin).","releases":{"jessie":{"nodsa":"Minor issue; issue in web admin interface which has no need to be used in production","repositories":{"jessie":"1.99.7-1"},"urgency":"low**","nodsa_reason":"ignored","status":"open"}}}}
{"CVE-2013-6837":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in the setTimeout function in js/jquery.prettyPhoto.js in prettyPhoto 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted PATH_INTO to the default URI.","releases":{"jessie":{"repositories":{"jessie":"1.99.7-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-6596":{"debianbug":857966,"scope":"remote","description":"partclone.chkimg in partclone 0.2.89 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the partclone image header. An attacker may be able to launch a 'Denial of Service attack' in the context of the user running the affected application.","releases":{"buster":{"fixed_version":"0.2.89-3","repositories":{"buster":"0.3.11-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.2.89-3","repositories":{"stretch":"0.2.89-4"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.2.73-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.2.89-3","repositories":{"sid":"0.3.11-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-10722":{"scope":"remote","description":"partclone.fat in Partclone before 0.2.88 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the FAT superblock, related to the mark_reserved_sectors function. An attacker may be able to execute arbitrary code in the context of the user running the affected application.","releases":{"buster":{"fixed_version":"0.2.88-1","repositories":{"buster":"0.3.11-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.2.88-1","repositories":{"stretch":"0.2.89-4"},"urgency":"high**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.2.73-2"},"urgency":"high**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.2.88-1","repositories":{"sid":"0.3.11-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-10721":{"scope":"remote","description":"partclone.restore in Partclone 0.2.87 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the partclone image header. An attacker may be able to execute arbitrary code in the context of the user running the affected application.","releases":{"buster":{"fixed_version":"0.2.88-1","repositories":{"buster":"0.3.11-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.2.88-1","repositories":{"stretch":"0.2.89-4"},"urgency":"high**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.2.73-2"},"urgency":"high**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.2.88-1","repositories":{"sid":"0.3.11-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-12291":{"debianbug":901293,"scope":"remote","description":"The on_get_missing_events function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the get_missing_events federation API where event visibility rules were not applied correctly.","releases":{"buster":{"fixed_version":"0.31.1+dfsg-1","repositories":{"buster":"0.99.2-5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.31.1+dfsg-1","repositories":{"sid":"0.99.2-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-10657":{"scope":"remote","description":"Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable, related to federation/federation_base.py and handlers/message.py, as exploited in the wild in April 2018.","releases":{"buster":{"fixed_version":"0.28.1+dfsg-1","repositories":{"buster":"0.99.2-5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.28.1+dfsg-1","repositories":{"sid":"0.99.2-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-11842":{"scope":"remote","description":"An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID.","releases":{"buster":{"fixed_version":"0.99.2-5","repositories":{"buster":"0.99.2-5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.99.2-5","repositories":{"sid":"0.99.2-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-5885":{"scope":"remote","description":"Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users.","releases":{"buster":{"fixed_version":"0.34.1.1-1","repositories":{"buster":"0.99.2-5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.34.1.1-1","repositories":{"sid":"0.99.2-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-16515":{"debianbug":908044,"scope":"remote","description":"Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.","releases":{"buster":{"fixed_version":"0.33.3.1-1","repositories":{"buster":"0.99.2-5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.33.3.1-1","repositories":{"sid":"0.99.2-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-12423":{"debianbug":901549,"scope":"remote","description":"In Synapse before 0.31.2, unauthorised users can hijack rooms when there is no m.room.power_levels event in force.","releases":{"buster":{"fixed_version":"0.31.2+dfsg-1","repositories":{"buster":"0.99.2-5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.31.2+dfsg-1","repositories":{"sid":"0.99.2-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-4510":{"scope":"remote","description":"cups-pk-helper before 0.2.3 does not properly wrap the (1) cupsGetFile and (2) cupsPutFile function calls, which allows user-assisted remote attackers to read or overwrite sensitive files using CUPS resources.","releases":{"buster":{"fixed_version":"0.2.3-1","repositories":{"buster":"0.2.6-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.2.3-1","repositories":{"stretch":"0.2.6-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.2.3-1","repositories":{"jessie":"0.2.5-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.2.3-1","repositories":{"sid":"0.2.6-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-1828":{"scope":"remote","description":"The Ruby http gem before 0.7.3 does not verify hostnames in SSL connections, which might allow remote attackers to obtain sensitive information via a man-in-the-middle-attack.","releases":{"buster":{"fixed_version":"1.0.2-2","repositories":{"buster":"3.3.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.2-2","repositories":{"stretch":"1.0.2-4"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.6.1-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.0.2-2","repositories":{"sid":"3.3.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-0885":{"debianbug":780139,"scope":"remote","description":"checkpw 1.02 and earlier allows remote attackers to cause a denial of service (infinite loop) via a -- (dash dash) in a username.","releases":{"buster":{"fixed_version":"1.02-1.1","repositories":{"buster":"1.02-1.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.02-1.1","repositories":{"stretch":"1.02-1.1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.02-1.1","repositories":{"jessie":"1.02-1.1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.02-1.1","repositories":{"sid":"1.02-1.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-3456":{"debianbug":684004,"scope":"remote","description":"Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document.  NOTE: this is the same vulnerability as CVE-2012-3455, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.","releases":{"jessie":{"fixed_version":"0.4.2.dfsg.1-9.1","repositories":{"jessie":"0.4.2.dfsg.2-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2006-2197":{"scope":"remote","description":"Integer overflow in wv2 before 0.2.3 might allow context-dependent attackers to execute arbitrary code via a crafted Microsoft Word document.","releases":{"jessie":{"fixed_version":"0.2.2-6","repositories":{"jessie":"0.4.2.dfsg.2-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2017-1002150":{"scope":"remote","description":"python-fedora 0.8.0 and lower is vulnerable to an open redirect resulting in loss of CSRF protection","releases":{"buster":{"fixed_version":"0.9.0-1","repositories":{"buster":"0.10.0-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.8.0-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.3.36-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.9.0-1","repositories":{"sid":"0.10.0-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-16384":{"debianbug":924352,"scope":"remote","description":"A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity-crs) through v3.1.0-rc3 via {`a`b} where a is a special function name (such as \"if\") and b is the SQL statement to be executed.","releases":{"buster":{"nodsa":"Minor issue","repositories":{"buster":"3.1.0-1"},"urgency":"low","nodsa_reason":"","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"3.0.0-3"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.2.9-1+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"3.1.0-1"},"urgency":"low","status":"open"}}}}
{"CVE-2019-11387":{"debianbug":928053,"scope":"remote","description":"An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with nested repetition operators.","releases":{"buster":{"repositories":{"buster":"3.1.0-1"},"urgency":"medium**","status":"open"},"stretch":{"repositories":{"stretch":"3.0.0-3"},"urgency":"medium**","status":"open"},"jessie":{"repositories":{"jessie":"2.2.9-1+deb8u1"},"urgency":"medium**","status":"open"},"sid":{"repositories":{"sid":"3.1.0-1"},"urgency":"medium**","status":"open"}}}}
{"CVE-2019-11388":{"debianbug":928053,"scope":"remote","description":"An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with nested repetition operators.","releases":{"buster":{"repositories":{"buster":"3.1.0-1"},"urgency":"medium**","status":"open"},"stretch":{"repositories":{"stretch":"3.0.0-3"},"urgency":"medium**","status":"open"},"jessie":{"repositories":{"jessie":"2.2.9-1+deb8u1"},"urgency":"medium**","status":"open"},"sid":{"repositories":{"sid":"3.1.0-1"},"urgency":"medium**","status":"open"}}}}
{"CVE-2019-11389":{"debianbug":928053,"scope":"remote","description":"An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with next# at the beginning and nested repetition operators.","releases":{"buster":{"repositories":{"buster":"3.1.0-1"},"urgency":"medium**","status":"open"},"stretch":{"repositories":{"stretch":"3.0.0-3"},"urgency":"medium**","status":"open"},"jessie":{"repositories":{"jessie":"2.2.9-1+deb8u1"},"urgency":"medium**","status":"open"},"sid":{"repositories":{"sid":"3.1.0-1"},"urgency":"medium**","status":"open"}}}}
{"CVE-2019-11390":{"debianbug":928053,"scope":"remote","description":"An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with set_error_handler# at the beginning and nested repetition operators.","releases":{"buster":{"repositories":{"buster":"3.1.0-1"},"urgency":"medium**","status":"open"},"stretch":{"repositories":{"stretch":"3.0.0-3"},"urgency":"medium**","status":"open"},"jessie":{"repositories":{"jessie":"2.2.9-1+deb8u1"},"urgency":"medium**","status":"open"},"sid":{"repositories":{"sid":"3.1.0-1"},"urgency":"medium**","status":"open"}}}}
{"CVE-2019-11391":{"debianbug":928053,"scope":"remote","description":"An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with $a# at the beginning and nested repetition operators.","releases":{"buster":{"repositories":{"buster":"3.1.0-1"},"urgency":"medium**","status":"open"},"stretch":{"repositories":{"stretch":"3.0.0-3"},"urgency":"medium**","status":"open"},"jessie":{"repositories":{"jessie":"2.2.9-1+deb8u1"},"urgency":"medium**","status":"open"},"sid":{"repositories":{"sid":"3.1.0-1"},"urgency":"medium**","status":"open"}}}}
{"CVE-2005-1120":{"debianbug":304525,"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in IlohaMail 0.8.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the e-mail (1) body, (2) filename, or (3) MIME type.","releases":{"jessie":{"fixed_version":"0.8.14-0rc3sarge1","repositories":{"jessie":"0.8.14-0rc3sid6.2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2004-2500":{"scope":"remote","description":"Unknown vulnerability in IlohaMail before 0.8.14-rc1 has unknown impact and attack vectors.","releases":{"jessie":{"fixed_version":"0.8.14-0rc1","repositories":{"jessie":"0.8.14-0rc3sid6.2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2003-0612":{"scope":"local","description":"Multiple buffer overflows in main.c for Crafty 19.3 allow local users to gain group \"games\" privileges via long command line arguments to crafty.bin.","releases":{"buster":{"fixed_version":"19.3-1","repositories":{"buster":"23.4-7"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"19.3-1","repositories":{"stretch":"23.4-7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"19.3-1","repositories":{"jessie":"23.4-6+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"19.3-1","repositories":{"sid":"23.4-7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-3736":{"debianbug":559797,"scope":"local","description":"ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.","releases":{"buster":{"fixed_version":"1:0.8.1-1","repositories":{"buster":"1:0.8.1-4.1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:0.8.1-1","repositories":{"stretch":"1:0.8.1-4.1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:0.8.1-1","repositories":{"jessie":"1:0.8.1-4"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:0.8.1-1","repositories":{"sid":"1:0.8.1-4.1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-10728":{"scope":"remote","description":"An issue was discovered in Suricata before 3.1.2. If an ICMPv4 error packet is received as the first packet on a flow in the to_client direction, it confuses the rule grouping lookup logic. The toclient inspection will then continue with the wrong rule group. This can lead to missed detection.","releases":{"buster":{"fixed_version":"3.1.2-1","repositories":{"buster":"1:4.1.2-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.1.2-1","repositories":{"stretch":"3.2.1-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.0.7-2+deb8u2","repositories":{"jessie":"2.0.7-2+deb8u1","jessie-security":"2.0.7-2+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.1.2-1","repositories":{"sid":"1:4.1.4-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-10050":{"scope":"remote","description":"A buffer over-read issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the decode-mpls.c function DecodeMPLS is composed only of a packet of source address and destination address plus the correct type field and the right number for shim, an attacker can manipulate the control flow, such that the condition to leave the loop is true. After leaving the loop, the network packet has a length of 2 bytes. There is no validation of this length. Later on, the code tries to read at an empty position, leading to a crash.","releases":{"buster":{"repositories":{"buster":"1:4.1.2-2"},"urgency":"medium**","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"3.2.1-1+deb9u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.0.7-2+deb8u1","jessie-security":"2.0.7-2+deb8u4"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1:4.1.4-1","repositories":{"sid":"1:4.1.4-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-10053":{"scope":"remote","description":"An issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the function SSHParseBanner is composed only of a \\n character, then the program runs into a heap-based buffer over-read. This occurs because the erroneous search for \\r results in an integer underflow.","releases":{"buster":{"repositories":{"buster":"1:4.1.2-2"},"urgency":"high**","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"3.2.1-1+deb9u1"},"urgency":"high**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.0.7-2+deb8u1","jessie-security":"2.0.7-2+deb8u4"},"urgency":"high**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1:4.1.4-1","repositories":{"sid":"1:4.1.4-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-8954":{"debianbug":777523,"scope":"remote","description":"The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the first byte from comparisons, which might allow remote attackers to bypass intrusion-prevention functionality via a crafted HTTP request.","releases":{"buster":{"fixed_version":"2.0.6-1","repositories":{"buster":"1:4.1.2-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.0.6-1","repositories":{"stretch":"3.2.1-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.0.6-1","repositories":{"jessie":"2.0.7-2+deb8u1","jessie-security":"2.0.7-2+deb8u4"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.0.6-1","repositories":{"sid":"1:4.1.4-2"},"urgency":"high**","status":"resolved"}}}}
{"TEMP-0000000-C04FE8":{"releases":{"buster":{"fixed_version":"2.0.7-1","repositories":{"buster":"1:4.1.2-2"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"2.0.7-1","repositories":{"stretch":"3.2.1-1+deb9u1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"2.0.7-1","repositories":{"jessie":"2.0.7-2+deb8u1","jessie-security":"2.0.7-2+deb8u4"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"2.0.7-1","repositories":{"sid":"1:4.1.4-2"},"urgency":"not yet assigned","status":"resolved"}}}}
{"TEMP-0856648-2BC2C9":{"debianbug":856648,"releases":{"buster":{"fixed_version":"3.2.1-1","repositories":{"buster":"1:4.1.2-2"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"3.2.1-1","repositories":{"stretch":"3.2.1-1+deb9u1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"2.0.7-2+deb8u3","repositories":{"jessie":"2.0.7-2+deb8u1","jessie-security":"2.0.7-2+deb8u4"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"3.2.1-1","repositories":{"sid":"1:4.1.4-2"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-6794":{"debianbug":889842,"scope":"remote","description":"Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server will be accepted by web clients such as a web browser or Linux CLI utilities, but ignored by Suricata IDS signatures. This mostly affects IDS signatures for the HTTP protocol and TCP stream content; signatures for TCP packets will inspect such network traffic as usual.","releases":{"buster":{"fixed_version":"1:4.0.4-1","repositories":{"buster":"1:4.1.2-2"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"3.2.1-1+deb9u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"2.0.7-2+deb8u3","repositories":{"jessie":"2.0.7-2+deb8u1","jessie-security":"2.0.7-2+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:4.0.4-1","repositories":{"sid":"1:4.1.4-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-6603":{"debianbug":762828,"scope":"remote","description":"The SSHParseBanner function in SSH parser (app-layer-ssh.c) in Suricata before 2.0.4 allows remote attackers to bypass SSH rules, cause a denial of service (crash), or possibly have unspecified other impact via a crafted banner, which triggers a large memory allocation or an out-of-bounds write.","releases":{"buster":{"fixed_version":"2.0.4-1","repositories":{"buster":"1:4.1.2-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.0.4-1","repositories":{"stretch":"3.2.1-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.0.4-1","repositories":{"jessie":"2.0.7-2+deb8u1","jessie-security":"2.0.7-2+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.0.4-1","repositories":{"sid":"1:4.1.4-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-0928":{"scope":"remote","description":"libhtp 0.5.15 allows remote attackers to cause a denial of service (NULL pointer dereference).","releases":{"buster":{"fixed_version":"2.0.7-1","repositories":{"buster":"1:4.1.2-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.0.7-1","repositories":{"stretch":"3.2.1-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.0.7-1","repositories":{"jessie":"2.0.7-2+deb8u1","jessie-security":"2.0.7-2+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.0.7-1","repositories":{"sid":"1:4.1.4-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7177":{"debianbug":856649,"scope":"remote","description":"Suricata before 3.2.1 has an IPv4 defragmentation evasion issue caused by lack of a check for the IP protocol during fragment matching.","releases":{"buster":{"fixed_version":"3.2.1-1","repositories":{"buster":"1:4.1.2-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.2.1-1","repositories":{"stretch":"3.2.1-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.0.7-2+deb8u3","repositories":{"jessie":"2.0.7-2+deb8u1","jessie-security":"2.0.7-2+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.2.1-1","repositories":{"sid":"1:4.1.4-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-15377":{"scope":"remote","description":"In Suricata before 4.x, it was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of DetectEngineContentInspection in detect-engine-content-inspection.c. The search engine doesn't stop when it should after no match is found; instead, it stops only upon reaching inspection-recursion-limit (3000 by default).","releases":{"buster":{"fixed_version":"1:4.0.0-1","repositories":{"buster":"1:4.1.2-2"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"3.2.1-1+deb9u1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"2.0.7-2+deb8u3","repositories":{"jessie":"2.0.7-2+deb8u1","jessie-security":"2.0.7-2+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:4.0.0-1","repositories":{"sid":"1:4.1.4-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-5919":{"debianbug":751658,"scope":"remote","description":"Suricata before 1.4.6 allows remote attackers to cause a denial of service (crash) via a malformed SSL record.","releases":{"buster":{"fixed_version":"2.0-1","repositories":{"buster":"1:4.1.2-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.0-1","repositories":{"stretch":"3.2.1-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.0-1","repositories":{"jessie":"2.0.7-2+deb8u1","jessie-security":"2.0.7-2+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.0-1","repositories":{"sid":"1:4.1.4-2"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0783007-4C0B51":{"debianbug":783007,"releases":{"buster":{"fixed_version":"2.0.7-1","repositories":{"buster":"1:4.1.2-2"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"2.0.7-1","repositories":{"stretch":"3.2.1-1+deb9u1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"2.0.7-1","repositories":{"jessie":"2.0.7-2+deb8u1","jessie-security":"2.0.7-2+deb8u4"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"2.0.7-1","repositories":{"sid":"1:4.1.4-2"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-18956":{"scope":"remote","description":"The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x before 4.0.6 allows remote attackers to cause a denial of service (segfault and daemon crash) via crafted input to the SMTP parser, as exploited in the wild in November 2018.","releases":{"buster":{"fixed_version":"1:4.0.6-1","repositories":{"buster":"1:4.1.2-2"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"3.2.1-1+deb9u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.0.7-2+deb8u1","jessie-security":"2.0.7-2+deb8u4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:4.0.6-1","repositories":{"sid":"1:4.1.4-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-14568":{"scope":"remote","description":"Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST from a server. This allows detection bypass because Windows TCP clients proceed with normal processing of TCP data that arrives shortly after an RST (i.e., they act as if the RST had not yet been received).","releases":{"buster":{"fixed_version":"1:4.0.5-1","repositories":{"buster":"1:4.1.2-2"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"3.2.1-1+deb9u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.0.7-2+deb8u1","jessie-security":"2.0.7-2+deb8u4"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1:4.0.5-1","repositories":{"sid":"1:4.1.4-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-0971":{"scope":"remote","description":"The DER parser in Suricata before 2.0.8 allows remote attackers to cause a denial of service (crash) via vectors related to SSL/TLS certificates.","releases":{"buster":{"fixed_version":"2.0.8-1","repositories":{"buster":"1:4.1.2-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.0.8-1","repositories":{"stretch":"3.2.1-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.0.7-2+deb8u1","repositories":{"jessie":"2.0.7-2+deb8u1","jessie-security":"2.0.7-2+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.0.8-1","repositories":{"sid":"1:4.1.4-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-10244":{"scope":"remote","description":"Suricata version 4.0.4 incorrectly handles the parsing of an EtherNet/IP PDU. A malformed PDU can cause the parsing code to read beyond the allocated data because DecodeENIPPDU in app-layer-enip-commmon.c has an integer overflow during a length check.","releases":{"buster":{"fixed_version":"1:4.0.5-1","repositories":{"buster":"1:4.1.2-2"},"urgency":"high**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"3.2.1-1+deb9u1"},"urgency":"high**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.0.7-2+deb8u1","jessie-security":"2.0.7-2+deb8u4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:4.0.5-1","repositories":{"sid":"1:4.1.4-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-10243":{"scope":"remote","description":"htp_parse_authorization_digest in htp_parsers.c in LibHTP 0.5.26 allows remote attackers to cause a heap-based buffer over-read via an authorization digest header.","releases":{"buster":{"fixed_version":"1:4.0.0-1","repositories":{"buster":"1:4.1.2-2"},"urgency":"high**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"3.2.1-1+deb9u1"},"urgency":"high**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"2.0.7-2+deb8u4","repositories":{"jessie":"2.0.7-2+deb8u1","jessie-security":"2.0.7-2+deb8u4"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:4.0.0-1","repositories":{"sid":"1:4.1.4-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-10242":{"scope":"remote","description":"Suricata version 4.0.4 incorrectly handles the parsing of the SSH banner. A malformed SSH banner can cause the parsing code to read beyond the allocated data because SSHParseBanner in app-layer-ssh.c lacks a length check.","releases":{"buster":{"fixed_version":"1:4.0.5-1","repositories":{"buster":"1:4.1.2-2"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"3.2.1-1+deb9u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"2.0.7-2+deb8u4","repositories":{"jessie":"2.0.7-2+deb8u1","jessie-security":"2.0.7-2+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:4.0.5-1","repositories":{"sid":"1:4.1.4-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7443":{"debianbug":858739,"scope":"remote","description":"apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newline characters, related to lack of blocking for the %0[ad] regular expression.","releases":{"buster":{"fixed_version":"2-2","repositories":{"buster":"3.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2-2","repositories":{"stretch":"2-2"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.8.0-3"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3-1","repositories":{"sid":"3.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-4510":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in job.cc in apt-cacher-ng 0.7.26 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.","releases":{"buster":{"fixed_version":"0.7.26-2","repositories":{"buster":"3.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.7.26-2","repositories":{"stretch":"2-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.7.26-2","repositories":{"jessie":"0.8.0-3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.7.26-2","repositories":{"sid":"3.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-1522":{"debianbug":622674,"scope":"remote","description":"Multiple SQL injection vulnerabilities in the Doctrine\\DBAL\\Platforms\\AbstractPlatform::modifyLimitQuery function in Doctrine 1.x before 1.2.4 and 2.x before 2.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset field.","releases":{"buster":{"fixed_version":"1.2.4-1","repositories":{"buster":"2.6.3+dfsg-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.2.4-1","repositories":{"stretch":"2.5.4+dfsg-2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.2.4-1","repositories":{"jessie":"2.4.6-1+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.2.4-1","repositories":{"sid":"2.6.3+dfsg-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-5723":{"scope":"local","description":"Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code.","releases":{"buster":{"fixed_version":"2.4.8-1","repositories":{"buster":"2.6.3+dfsg-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.4.8-1","repositories":{"stretch":"2.5.4+dfsg-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.4.6-1+deb8u1","repositories":{"jessie":"2.4.6-1+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.4.8-1","repositories":{"sid":"2.6.3+dfsg-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-8640":{"scope":"remote","description":"A SQL injection vulnerability in pycsw all versions before 2.0.2, 1.10.5 and 1.8.6 that leads to read and extract of any data from any table in the pycsw database that the database user has access to. Also on PostgreSQL (at least) it is possible to perform updates/inserts/deletes and database modifications to any table the database user has access to.","releases":{"buster":{"fixed_version":"2.0.2+dfsg-1","repositories":{"buster":"2.2.0+dfsg-6"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.0.2+dfsg-1","repositories":{"stretch":"2.0.2+dfsg-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.0.2+dfsg-1","repositories":{"sid":"2.2.0+dfsg-6"},"urgency":"high**","status":"resolved"}}}}
{"TEMP-0000000-F090BB":{"releases":{"buster":{"fixed_version":"0.4.4-1","repositories":{"buster":"0.4.4-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"0.4.4-1","repositories":{"stretch":"0.4.4-1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.4.3-1"},"urgency":"not yet assigned","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.4.4-1","repositories":{"sid":"0.4.4-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2013-4420":{"debianbug":731860,"scope":"remote","description":"Multiple directory traversal vulnerabilities in the (1) tar_extract_glob and (2) tar_extract_all functions in libtar 1.2.20 and earlier allow remote attackers to overwrite arbitrary files via a .. (dot dot) in a crafted tar file.","releases":{"buster":{"fixed_version":"1.2.20-2","repositories":{"buster":"1.2.20-7"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.2.20-2","repositories":{"stretch":"1.2.20-7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.2.20-2","repositories":{"jessie":"1.2.20-4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.2.20-2","repositories":{"sid":"1.2.20-7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-4397":{"debianbug":725938,"scope":"remote","description":"Multiple integer overflows in the th_read function in lib/block.c in libtar before 1.2.20 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) name or (2) link in an archive, which triggers a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"1.2.20-1","repositories":{"buster":"1.2.20-7"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.2.20-1","repositories":{"stretch":"1.2.20-7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.2.20-1","repositories":{"jessie":"1.2.20-4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.2.20-1","repositories":{"sid":"1.2.20-7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-18651":{"scope":"remote","description":"An issue was discovered in Xpdf 4.00. catalog->getNumPages() in AcroForm.cc allows attackers to launch a denial of service (hang caused by large loop) via a specific pdf file, as demonstrated by pdftohtml. This is mainly caused by a large number after the /Count field in the file.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.04-13"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"3.04-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.03-17"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.04-13"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-18650":{"scope":"remote","description":"An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows attackers to launch a denial of service (Integer Overflow) via a crafted /Size value in a pdf file, as demonstrated by pdftohtml. This is mainly caused by the program attempting a malloc operation for a large amount of memory.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.04-13"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"3.04-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.03-17"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.04-13"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-3606":{"debianbug":551287,"scope":"remote","description":"Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf before 3.02pl4, and Poppler 0.x, as used in kdegraphics KPDF, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"3.02-2","repositories":{"buster":"3.04-13"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"3.02-2","repositories":{"stretch":"3.04-4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"3.02-2","repositories":{"jessie":"3.03-17"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"3.02-2","repositories":{"sid":"3.04-13"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2009-3608":{"debianbug":551287,"scope":"remote","description":"Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"3.02-2","repositories":{"buster":"3.04-13"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"3.02-2","repositories":{"stretch":"3.04-4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"3.02-2","repositories":{"jessie":"3.03-17"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"3.02-2","repositories":{"sid":"3.04-13"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2009-3609":{"debianbug":551287,"scope":"remote","description":"Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read.","releases":{"buster":{"fixed_version":"3.02-2","repositories":{"buster":"3.04-13"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"3.02-2","repositories":{"stretch":"3.04-4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"3.02-2","repositories":{"jessie":"3.03-17"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"3.02-2","repositories":{"sid":"3.04-13"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2009-3603":{"debianbug":551287,"scope":"remote","description":"Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.  NOTE: some of these details are obtained from third party information.  NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1188.","releases":{"buster":{"fixed_version":"3.02-2","repositories":{"buster":"3.04-13"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"3.02-2","repositories":{"stretch":"3.04-4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"3.02-2","repositories":{"jessie":"3.03-17"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"3.02-2","repositories":{"sid":"3.04-13"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2009-3604":{"debianbug":551287,"scope":"remote","description":"The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"3.02-2","repositories":{"buster":"3.04-13"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"3.02-2","repositories":{"stretch":"3.04-4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"3.02-2","repositories":{"jessie":"3.03-17"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"3.02-2","repositories":{"sid":"3.04-13"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2009-1144":{"scope":"local","description":"Untrusted search path vulnerability in the Gentoo package of Xpdf before 3.02-r2 allows local users to gain privileges via a Trojan horse xpdfrc file in the current working directory, related to an unset SYSTEM_XPDFRC macro in a Gentoo build process that uses the poppler library.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.04-13"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"3.04-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.03-17"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.04-13"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-4654":{"releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.04-13"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"3.04-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.03-17"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.04-13"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-1244":{"scope":"remote","description":"Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc.  NOTE: this description is based on Debian advisory DSA 979, which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE-2005-3624 through CVE-2005-3628 were fixed.  Some of these newer fixes appear to be security-relevant, although it is not clear if they fix specific issues or are defensive in nature.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.04-13"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"3.04-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.03-17"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.04-13"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-4653":{"releases":{"buster":{"fixed_version":"3.02-9","repositories":{"buster":"3.04-13"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"3.02-9","repositories":{"stretch":"3.04-4"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"3.02-9","repositories":{"jessie":"3.03-17"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"3.02-9","repositories":{"sid":"3.04-13"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-7173":{"scope":"remote","description":"A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to inappropriate decoding.","releases":{"buster":{"repositories":{"buster":"3.04-13"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.04-4"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.03-17"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.04-13"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2018-7174":{"scope":"remote","description":"An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an attacker to cause denial of service because loop detection exists only for tables, not streams.","releases":{"buster":{"repositories":{"buster":"3.04-13"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.04-4"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.03-17"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.04-13"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2018-7175":{"scope":"remote","description":"An issue was discovered in xpdf 4.00. A NULL pointer dereference in readCodestream allows an attacker to cause denial of service via a JPX image with zero components.","releases":{"buster":{"repositories":{"buster":"3.04-13"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.04-4"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.03-17"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.04-13"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2018-7452":{"scope":"remote","description":"A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.","releases":{"buster":{"repositories":{"buster":"3.04-13"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.04-4"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.03-17"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.04-13"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2018-7453":{"scope":"remote","description":"Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file due to lack of loop checking, as demonstrated by pdftohtml.","releases":{"buster":{"repositories":{"buster":"3.04-13"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.04-4"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.03-17"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.04-13"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2018-7454":{"scope":"remote","description":"A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.","releases":{"buster":{"repositories":{"buster":"3.04-13"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.04-4"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.03-17"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.04-13"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2018-7455":{"scope":"remote","description":"An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.","releases":{"buster":{"repositories":{"buster":"3.04-13"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.04-4"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.03-17"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.04-13"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2004-1125":{"scope":"remote","description":"Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded.","releases":{"buster":{"fixed_version":"3.00-11","repositories":{"buster":"3.04-13"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.00-11","repositories":{"stretch":"3.04-4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.00-11","repositories":{"jessie":"3.03-17"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.00-11","repositories":{"sid":"3.04-13"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-1554":{"scope":"remote","description":"Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764.","releases":{"buster":{"fixed_version":"3.02-9","repositories":{"buster":"3.04-13"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.02-9","repositories":{"stretch":"3.04-4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.02-9","repositories":{"jessie":"3.03-17"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.02-9","repositories":{"sid":"3.04-13"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-1553":{"scope":"remote","description":"Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory write, a different vulnerability than CVE-2011-0764.","releases":{"buster":{"fixed_version":"3.02-9","repositories":{"buster":"3.04-13"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.02-9","repositories":{"stretch":"3.04-4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.02-9","repositories":{"jessie":"3.03-17"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.02-9","repositories":{"sid":"3.04-13"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-1552":{"scope":"remote","description":"t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764.","releases":{"buster":{"fixed_version":"3.02-9","repositories":{"buster":"3.04-13"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.02-9","repositories":{"stretch":"3.04-4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.02-9","repositories":{"jessie":"3.03-17"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.02-9","repositories":{"sid":"3.04-13"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-0301":{"debianbug":350783,"scope":"remote","description":"Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap.","releases":{"buster":{"fixed_version":"3.01-6","repositories":{"buster":"3.04-13"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"3.01-6","repositories":{"stretch":"3.04-4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"3.01-6","repositories":{"jessie":"3.03-17"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"3.01-6","repositories":{"sid":"3.04-13"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2010-0207":{"releases":{"buster":{"repositories":{"buster":"3.04-13"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.04-4"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.03-17"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.04-13"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2007-4352":{"debianbug":450628,"scope":"remote","description":"Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file.","releases":{"buster":{"fixed_version":"3.02-1.3","repositories":{"buster":"3.04-13"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"3.02-1.3","repositories":{"stretch":"3.04-4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"3.02-1.3","repositories":{"jessie":"3.03-17"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"3.02-1.3","repositories":{"sid":"3.04-13"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2010-0206":{"releases":{"buster":{"repositories":{"buster":"3.04-13"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.04-4"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.03-17"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.04-13"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2005-0206":{"scope":"remote","description":"The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.04-13"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"3.04-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.03-17"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.04-13"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-3387":{"debianbug":435460,"scope":"remote","description":"Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.","releases":{"buster":{"fixed_version":"3.02-1.1","repositories":{"buster":"3.04-13"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.02-1.1","repositories":{"stretch":"3.04-4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.02-1.1","repositories":{"jessie":"3.03-17"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.02-1.1","repositories":{"sid":"3.04-13"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-2142":{"debianbug":487773,"releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.04-13"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"3.04-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.03-17"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.04-13"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-0104":{"debianbug":406852,"scope":"remote","description":"The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.","releases":{"buster":{"fixed_version":"3.02","repositories":{"buster":"3.04-13"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"3.02","repositories":{"stretch":"3.04-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"3.02","repositories":{"jessie":"3.03-17"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"3.02","repositories":{"sid":"3.04-13"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-0195":{"debianbug":524809,"scope":"remote","description":"Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary segments.","releases":{"buster":{"fixed_version":"3.02-1.4+lenny1","repositories":{"buster":"3.04-13"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"3.02-1.4+lenny1","repositories":{"stretch":"3.04-4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"3.02-1.4+lenny1","repositories":{"jessie":"3.03-17"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"3.02-1.4+lenny1","repositories":{"sid":"3.04-13"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2009-4035":{"scope":"remote","description":"The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf 2.8.2, kpdf in kdegraphics 3.3.1, and possibly other libraries and versions, does not check the return value of the getNextLine function, which allows context-dependent attackers to execute arbitrary code via a PDF file with a crafted Type 1 font that can produce a negative value, leading to a signed-to-unsigned integer conversion error and a buffer overflow.","releases":{"buster":{"fixed_version":"3.01-1","repositories":{"buster":"3.04-13"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.01-1","repositories":{"stretch":"3.04-4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.01-1","repositories":{"jessie":"3.03-17"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.01-1","repositories":{"sid":"3.04-13"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-11033":{"scope":"remote","description":"The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in xpdf before 4.00 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JPEG data.","releases":{"buster":{"repositories":{"buster":"3.04-13"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.04-4"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.03-17"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.04-13"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2011-2902":{"debianbug":635849,"scope":"remote","description":"zxpdf in xpdf before 3.02-19 as packaged in Debian unstable and 3.02-12+squeeze1 as packaged in Debian squeeze deletes temporary files insecurely, which allows remote attackers to delete arbitrary files via a crafted .pdf.gz file name.","releases":{"buster":{"fixed_version":"3.02-19","repositories":{"buster":"3.04-13"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.02-19","repositories":{"stretch":"3.04-4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3.02-19","repositories":{"jessie":"3.03-17"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"3.02-19","repositories":{"sid":"3.04-13"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-0800":{"debianbug":524806,"scope":"remote","description":"Multiple \"input validation flaws\" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.","releases":{"buster":{"fixed_version":"3.02-1.4+lenny1","repositories":{"buster":"3.04-13"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"3.02-1.4+lenny1","repositories":{"stretch":"3.04-4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"3.02-1.4+lenny1","repositories":{"jessie":"3.03-17"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"3.02-1.4+lenny1","repositories":{"sid":"3.04-13"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2009-1179":{"debianbug":524806,"scope":"remote","description":"Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file.","releases":{"buster":{"fixed_version":"3.02-1.4+lenny1","repositories":{"buster":"3.04-13"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"3.02-1.4+lenny1","repositories":{"stretch":"3.04-4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"3.02-1.4+lenny1","repositories":{"jessie":"3.03-17"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"3.02-1.4+lenny1","repositories":{"sid":"3.04-13"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2018-18454":{"scope":"remote","description":"CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.","releases":{"buster":{"repositories":{"buster":"3.04-13"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.04-4"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.03-17"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.04-13"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2019-10020":{"scope":"remote","description":"An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.04-13"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"3.04-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.03-17"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.04-13"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2005-2097":{"debianbug":322458,"scope":"local","description":"xpdf and kpdf do not properly validate the \"loca\" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a \"broken\" loca table, which causes a large temporary file to be created when xpdf attempts to reconstruct the information.","releases":{"buster":{"fixed_version":"3.00-15","repositories":{"buster":"3.04-13"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.00-15","repositories":{"stretch":"3.04-4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3.00-15","repositories":{"jessie":"3.03-17"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"3.00-15","repositories":{"sid":"3.04-13"},"urgency":"low","status":"resolved"}}}}
{"CVE-2019-10022":{"scope":"remote","description":"An issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in the function Gfx::opSetExtGState in Gfx.cc.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.04-13"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"3.04-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.03-17"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.04-13"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-10021":{"scope":"remote","description":"An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.04-13"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"3.04-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.03-17"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.04-13"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-10024":{"scope":"remote","description":"An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for y Bresenham parameters.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.04-13"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"3.04-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.03-17"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.04-13"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-10023":{"scope":"remote","description":"An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.04-13"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"3.04-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.03-17"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.04-13"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-10026":{"scope":"remote","description":"An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec in Function.cc for the psOpRoll case.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.04-13"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"3.04-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.03-17"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.04-13"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-2950":{"debianbug":489756,"scope":"remote","description":"The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and earlier deletes a pageWidgets object even if it is not initialized by a Page constructor, which allows remote attackers to execute arbitrary code via a crafted PDF document.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.04-13"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"3.04-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.03-17"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.04-13"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-10025":{"scope":"remote","description":"An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nBits.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.04-13"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"3.04-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.03-17"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.04-13"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-4472":{"scope":"local","description":"The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.","releases":{"buster":{"repositories":{"buster":"3.04-13"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.04-4"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.03-17"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.04-13"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2009-1188":{"debianbug":524806,"scope":"remote","description":"Integer overflow in the JBIG2 decoding feature in the SplashBitmap::SplashBitmap function in SplashBitmap.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.10.6, as used in GPdf and kdegraphics KPDF, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.","releases":{"buster":{"fixed_version":"3.02-2","repositories":{"buster":"3.04-13"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.02-2","repositories":{"stretch":"3.04-4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.02-2","repositories":{"jessie":"3.03-17"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.02-2","repositories":{"sid":"3.04-13"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-3628":{"debianbug":342286,"scope":"remote","description":"Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via unknown attack vectors.","releases":{"buster":{"fixed_version":"3.01-4","repositories":{"buster":"3.04-13"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.01-4","repositories":{"stretch":"3.04-4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.01-4","repositories":{"jessie":"3.03-17"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.01-4","repositories":{"sid":"3.04-13"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-8100":{"scope":"remote","description":"The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a specific pdf file, as demonstrated by pdftohtml.","releases":{"buster":{"repositories":{"buster":"3.04-13"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.04-4"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.03-17"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.04-13"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2018-8101":{"scope":"remote","description":"The JPXStream::inverseTransformLevel function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.","releases":{"buster":{"repositories":{"buster":"3.04-13"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.04-4"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.03-17"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.04-13"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2018-8102":{"scope":"remote","description":"The JBIG2MMRDecoder::getBlackCode function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.","releases":{"buster":{"repositories":{"buster":"3.04-13"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.04-4"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.03-17"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.04-13"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2009-1180":{"debianbug":524806,"scope":"remote","description":"The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data.","releases":{"buster":{"fixed_version":"3.02-1.4+lenny1","repositories":{"buster":"3.04-13"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"3.02-1.4+lenny1","repositories":{"stretch":"3.04-4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"3.02-1.4+lenny1","repositories":{"jessie":"3.03-17"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"3.02-1.4+lenny1","repositories":{"sid":"3.04-13"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2018-8103":{"scope":"remote","description":"The JBIG2Stream::readGenericBitmap function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.","releases":{"buster":{"repositories":{"buster":"3.04-13"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.04-4"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.03-17"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.04-13"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2018-8104":{"scope":"remote","description":"The BufStream::lookChar function in Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.","releases":{"buster":{"repositories":{"buster":"3.04-13"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.04-4"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.03-17"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.04-13"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2002-1384":{"scope":"local","description":"Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, and CUPS before 1.1.18, allows local users to execute arbitrary code via a ColorSpace entry with a large number of elements, as demonstrated by cups-pdf.","releases":{"buster":{"fixed_version":"2.01-2","repositories":{"buster":"3.04-13"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.01-2","repositories":{"stretch":"3.04-4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.01-2","repositories":{"jessie":"3.03-17"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.01-2","repositories":{"sid":"3.04-13"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-8105":{"scope":"remote","description":"The JPXStream::fillReadBuf function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.","releases":{"buster":{"repositories":{"buster":"3.04-13"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.04-4"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.03-17"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.04-13"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2005-3625":{"debianbug":342286,"scope":"remote","description":"Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka \"Infinite CPU spins.\"","releases":{"buster":{"fixed_version":"3.01-4","repositories":{"buster":"3.04-13"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.01-4","repositories":{"stretch":"3.04-4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.01-4","repositories":{"jessie":"3.03-17"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.01-4","repositories":{"sid":"3.04-13"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-8106":{"scope":"remote","description":"The JPXStream::readTilePartData function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.","releases":{"buster":{"repositories":{"buster":"3.04-13"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.04-4"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.03-17"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.04-13"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2005-3624":{"debianbug":342286,"scope":"remote","description":"The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.","releases":{"buster":{"fixed_version":"3.01-4","repositories":{"buster":"3.04-13"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.01-4","repositories":{"stretch":"3.04-4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.01-4","repositories":{"jessie":"3.03-17"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.01-4","repositories":{"sid":"3.04-13"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-8107":{"scope":"remote","description":"The JPXStream::close function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.","releases":{"buster":{"repositories":{"buster":"3.04-13"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.04-4"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.03-17"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.04-13"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2009-1183":{"debianbug":524806,"scope":"remote","description":"The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file.","releases":{"buster":{"fixed_version":"3.02-1.4+lenny1","repositories":{"buster":"3.04-13"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"3.02-1.4+lenny1","repositories":{"stretch":"3.04-4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"3.02-1.4+lenny1","repositories":{"jessie":"3.03-17"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"3.02-1.4+lenny1","repositories":{"sid":"3.04-13"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2005-3627":{"debianbug":342286,"scope":"remote","description":"Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large \"number of components\" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large \"Huffman table index\" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo.","releases":{"buster":{"fixed_version":"3.01-4","repositories":{"buster":"3.04-13"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.01-4","repositories":{"stretch":"3.04-4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.01-4","repositories":{"jessie":"3.03-17"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.01-4","repositories":{"sid":"3.04-13"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-1182":{"debianbug":524806,"scope":"remote","description":"Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.","releases":{"buster":{"fixed_version":"3.02-1.4+lenny1","repositories":{"buster":"3.04-13"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"3.02-1.4+lenny1","repositories":{"stretch":"3.04-4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"3.02-1.4+lenny1","repositories":{"jessie":"3.03-17"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"3.02-1.4+lenny1","repositories":{"sid":"3.04-13"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2005-3626":{"debianbug":342286,"scope":"remote","description":"Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.","releases":{"buster":{"fixed_version":"3.01-4","repositories":{"buster":"3.04-13"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.01-4","repositories":{"stretch":"3.04-4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.01-4","repositories":{"jessie":"3.03-17"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.01-4","repositories":{"sid":"3.04-13"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-1181":{"debianbug":524806,"scope":"remote","description":"The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference.","releases":{"buster":{"fixed_version":"3.02-1.4+lenny1","repositories":{"buster":"3.04-13"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"3.02-1.4+lenny1","repositories":{"stretch":"3.04-4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"3.02-1.4+lenny1","repositories":{"jessie":"3.03-17"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"3.02-1.4+lenny1","repositories":{"sid":"3.04-13"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2008-1693":{"debianbug":476842,"scope":"remote","description":"The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, related to dereferencing a function pointer associated with the type of this font object.","releases":{"buster":{"fixed_version":"3.02","repositories":{"buster":"3.04-13"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.02","repositories":{"stretch":"3.04-4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.02","repositories":{"jessie":"3.03-17"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.02","repositories":{"sid":"3.04-13"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-3191":{"debianbug":342281,"scope":"remote","description":"Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, as used in products such as (a) Poppler, (b) teTeX, (c) KDE kpdf, (d) pdftohtml, (e) KOffice KWord, (f) CUPS, and (g) libextractor allow user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index.","releases":{"buster":{"fixed_version":"3.01-3","repositories":{"buster":"3.04-13"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"3.01-3","repositories":{"stretch":"3.04-4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"3.01-3","repositories":{"jessie":"3.03-17"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"3.01-3","repositories":{"sid":"3.04-13"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2005-3193":{"debianbug":342281,"scope":"remote","description":"Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, (4) CUPS, and (5) libextractor allows user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated.","releases":{"buster":{"fixed_version":"3.01-3","repositories":{"buster":"3.04-13"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"3.01-3","repositories":{"stretch":"3.04-4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"3.01-3","repositories":{"jessie":"3.03-17"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"3.01-3","repositories":{"sid":"3.04-13"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2005-3192":{"debianbug":342281,"scope":"remote","description":"Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, and (4) pdftohtml, (5) KOffice KWord, (6) CUPS, and (7) libextractor allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field.","releases":{"buster":{"fixed_version":"3.01-3","repositories":{"buster":"3.04-13"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"3.01-3","repositories":{"stretch":"3.04-4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"3.01-3","repositories":{"jessie":"3.03-17"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"3.01-3","repositories":{"sid":"3.04-13"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2009-0147":{"debianbug":524806,"scope":"remote","description":"Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.","releases":{"buster":{"fixed_version":"3.02-1.4+lenny1","repositories":{"buster":"3.04-13"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"3.02-1.4+lenny1","repositories":{"stretch":"3.04-4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"3.02-1.4+lenny1","repositories":{"jessie":"3.03-17"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"3.02-1.4+lenny1","repositories":{"sid":"3.04-13"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2009-0146":{"debianbug":524806,"scope":"remote","description":"Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg.","releases":{"buster":{"fixed_version":"3.02-1.4+lenny1","repositories":{"buster":"3.04-13"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"3.02-1.4+lenny1","repositories":{"stretch":"3.04-4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"3.02-1.4+lenny1","repositories":{"jessie":"3.03-17"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"3.02-1.4+lenny1","repositories":{"sid":"3.04-13"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2018-18459":{"scope":"remote","description":"The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.","releases":{"buster":{"repositories":{"buster":"3.04-13"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.04-4"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.03-17"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.04-13"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2018-18458":{"scope":"remote","description":"The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.","releases":{"buster":{"repositories":{"buster":"3.04-13"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.04-4"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.03-17"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.04-13"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2018-18457":{"scope":"remote","description":"The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.","releases":{"buster":{"repositories":{"buster":"3.04-13"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.04-4"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.03-17"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.04-13"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2018-18456":{"scope":"remote","description":"The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.","releases":{"buster":{"repositories":{"buster":"3.04-13"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.04-4"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.03-17"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.04-13"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2018-18455":{"scope":"remote","description":"The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.","releases":{"buster":{"repositories":{"buster":"3.04-13"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.04-4"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.03-17"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.04-13"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2019-9587":{"scope":"remote","description":"There is a stack consumption issue in md5Round1() located in Decrypt.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to Catalog::countPageTree.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.04-13"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"3.04-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.03-17"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.04-13"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2003-0434":{"scope":"remote","description":"Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.","releases":{"buster":{"fixed_version":"2.02pl1-1","repositories":{"buster":"3.04-13"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.02pl1-1","repositories":{"stretch":"3.04-4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.02pl1-1","repositories":{"jessie":"3.03-17"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.02pl1-1","repositories":{"sid":"3.04-13"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-0799":{"debianbug":524806,"scope":"remote","description":"The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read.","releases":{"buster":{"fixed_version":"3.02-1.4+lenny1","repositories":{"buster":"3.04-13"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"3.02-1.4+lenny1","repositories":{"stretch":"3.04-4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"3.02-1.4+lenny1","repositories":{"jessie":"3.03-17"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"3.02-1.4+lenny1","repositories":{"sid":"3.04-13"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2004-0889":{"scope":"remote","description":"Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.","releases":{"buster":{"fixed_version":"3.00-10","repositories":{"buster":"3.04-13"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"3.00-10","repositories":{"stretch":"3.04-4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"3.00-10","repositories":{"jessie":"3.03-17"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"3.00-10","repositories":{"sid":"3.04-13"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2004-0888":{"debianbug":280373,"scope":"remote","description":"Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.","releases":{"buster":{"fixed_version":"3.00-9","repositories":{"buster":"3.04-13"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.00-9","repositories":{"stretch":"3.04-4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.00-9","repositories":{"jessie":"3.03-17"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.00-9","repositories":{"sid":"3.04-13"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2019-9589":{"scope":"remote","description":"There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources() located in PSOutputDev.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.04-13"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"3.04-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.03-17"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.04-13"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-9588":{"scope":"remote","description":"There is an Invalid memory access in gAtomicIncrement() located at GMutex.h in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.04-13"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"3.04-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.03-17"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.04-13"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-5392":{"debianbug":450628,"scope":"remote","description":"Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"3.02-1.3","repositories":{"buster":"3.04-13"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"3.02-1.3","repositories":{"stretch":"3.04-4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"3.02-1.3","repositories":{"jessie":"3.03-17"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"3.02-1.3","repositories":{"sid":"3.04-13"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2007-5393":{"debianbug":450628,"scope":"remote","description":"Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter.","releases":{"buster":{"fixed_version":"3.02-1.3","repositories":{"buster":"3.04-13"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"3.02-1.3","repositories":{"stretch":"3.04-4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"3.02-1.3","repositories":{"jessie":"3.03-17"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"3.02-1.3","repositories":{"sid":"3.04-13"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2010-3704":{"debianbug":599165,"scope":"remote","description":"The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption.","releases":{"buster":{"fixed_version":"3.02-9","repositories":{"buster":"3.04-13"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.02-9","repositories":{"stretch":"3.04-4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.02-9","repositories":{"jessie":"3.03-17"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.02-9","repositories":{"sid":"3.04-13"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-16369":{"scope":"remote","description":"XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (stack consumption) via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE: this might overlap CVE-2018-7453.","releases":{"buster":{"repositories":{"buster":"3.04-13"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.04-4"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.03-17"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.04-13"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2010-3703":{"debianbug":599165,"scope":"remote","description":"The PostScriptFunction::PostScriptFunction function in poppler/Function.cc in the PDF parser in poppler 0.8.7 and possibly other versions up to 0.15.1, and possibly other products, allows context-dependent attackers to cause a denial of service (crash) via a PDF file that triggers an uninitialized pointer dereference.","releases":{"buster":{"fixed_version":"3.02-9","repositories":{"buster":"3.04-13"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.02-9","repositories":{"stretch":"3.04-4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.02-9","repositories":{"jessie":"3.03-17"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.02-9","repositories":{"sid":"3.04-13"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-3702":{"debianbug":599165,"scope":"remote","description":"The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.","releases":{"buster":{"fixed_version":"3.02-9","repositories":{"buster":"3.04-13"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.02-9","repositories":{"stretch":"3.04-4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.02-9","repositories":{"jessie":"3.03-17"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.02-9","repositories":{"sid":"3.04-13"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-16368":{"scope":"remote","description":"SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.","releases":{"buster":{"repositories":{"buster":"3.04-13"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.04-4"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.03-17"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.04-13"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2011-0764":{"scope":"remote","description":"t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a crafted Type 1 font in a PDF document, as demonstrated by testz.2184122398.pdf.","releases":{"buster":{"fixed_version":"3.02-9","repositories":{"buster":"3.04-13"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.02-9","repositories":{"stretch":"3.04-4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.02-9","repositories":{"jessie":"3.03-17"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.02-9","repositories":{"sid":"3.04-13"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-0064":{"debianbug":324459,"scope":"remote","description":"Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value.","releases":{"buster":{"fixed_version":"3.00-13","repositories":{"buster":"3.04-13"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.00-13","repositories":{"stretch":"3.04-4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.00-13","repositories":{"jessie":"3.03-17"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.00-13","repositories":{"sid":"3.04-13"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2019-9878":{"scope":"remote","description":"There is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase() located in GfxState.cc in Xpdf 4.0.0, as used in pdfalto 0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.04-13"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"3.04-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.03-17"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.04-13"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-10019":{"scope":"remote","description":"An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.04-13"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"3.04-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.03-17"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.04-13"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-9877":{"scope":"remote","description":"There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev.c in Xpdf 4.01, which can (for example) be triggered by sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.04-13"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"3.04-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.03-17"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.04-13"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-0165":{"debianbug":524809,"scope":"remote","description":"Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to \"g*allocn.\"","releases":{"buster":{"fixed_version":"3.02-1.4+lenny1","repositories":{"buster":"3.04-13"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.02-1.4+lenny1","repositories":{"stretch":"3.04-4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3.02-1.4+lenny1","repositories":{"jessie":"3.03-17"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"3.02-1.4+lenny1","repositories":{"sid":"3.04-13"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-0166":{"debianbug":524806,"scope":"remote","description":"The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory.","releases":{"buster":{"fixed_version":"3.02-1.4+lenny1","repositories":{"buster":"3.04-13"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"3.02-1.4+lenny1","repositories":{"stretch":"3.04-4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"3.02-1.4+lenny1","repositories":{"jessie":"3.03-17"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"3.02-1.4+lenny1","repositories":{"sid":"3.04-13"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2018-10932":{"debianbug":905901,"scope":"remote","description":"lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal.","releases":{"buster":{"fixed_version":"1.0.1+git20180808.4e642bd-1","repositories":{"buster":"1.0.1+git20180808.4e642bd-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"0.9.46-3.1"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"1.0.1+git20180808.4e642bd-1","repositories":{"sid":"1.0.1+git20180808.4e642bd-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-2305":{"debianbug":778389,"scope":"remote","description":"Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.4-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.4-3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.4-3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.4-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-4074":{"debianbug":822456,"scope":"remote","description":"The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file.","releases":{"buster":{"fixed_version":"1.5+dfsg-1.1","repositories":{"buster":"1.5+dfsg-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.5+dfsg-1.1","repositories":{"stretch":"1.5+dfsg-1.3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.4-2.1+deb8u1","repositories":{"jessie":"1.4-2.1+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.5+dfsg-1.1","repositories":{"sid":"1.5+dfsg-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-8863":{"debianbug":802231,"scope":"remote","description":"Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number, which triggers a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"1.5+dfsg-1.1","repositories":{"buster":"1.5+dfsg-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.5+dfsg-1.1","repositories":{"stretch":"1.5+dfsg-1.3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.4-2.1+deb8u1","repositories":{"jessie":"1.4-2.1+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.5+dfsg-1.1","repositories":{"sid":"1.5+dfsg-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-1916":{"scope":"remote","description":"The dynamic configuration feature in Xinha WYSIWYG editor 0.96 Beta 2 and earlier, as used in Serendipity 1.5.2 and earlier, allows remote attackers to bypass intended access restrictions and modify the configuration of arbitrary plugins via (1) crafted backend_config_secret_key_location and backend_config_hash parameters that are used in a SHA1 hash of a shared secret that can be known or externally influenced, which are not properly handled by the \"Deprecated config passing\" feature; or (2) crafted backend_data and backend_data[key_location] variables, which are not properly handled by the xinha_read_passed_data function.  NOTE: this can be leveraged to upload and possibly execute arbitrary files via config.inc.php in the ImageManager plugin.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"2.5.0+dfsg2-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.5.0+dfsg2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"TEMP-0000000-3B586F":{"releases":{"stretch":{"fixed_version":"2.5.0+dfsg-2","repositories":{"stretch":"2.5.0+dfsg2-1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"2.5.0+dfsg-2","repositories":{"jessie":"2.5.0+dfsg2-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2011-1135":{"debianbug":611661,"releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"2.5.0+dfsg2-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.5.0+dfsg2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-1134":{"debianbug":611661,"releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"2.5.0+dfsg2-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.5.0+dfsg2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-1133":{"debianbug":611661,"releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"2.5.0+dfsg2-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.5.0+dfsg2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-1843":{"debianbug":627503,"scope":"remote","description":"Integer overflow in conf.c in Tinyproxy before 1.8.3 might allow remote attackers to bypass intended access restrictions in opportunistic circumstances via a TCP connection, related to improper handling of invalid port numbers.","releases":{"buster":{"fixed_version":"1.8.2-2","repositories":{"buster":"1.10.0-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.8.2-2","repositories":{"stretch":"1.8.4-3~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1.8.2-2","repositories":{"jessie":"1.8.3-3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.8.2-2","repositories":{"sid":"1.10.0-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2002-0847":{"scope":"remote","description":"tinyproxy HTTP proxy 1.5.0, 1.4.3, and earlier allows remote attackers to execute arbitrary code via memory that is freed twice (double-free).","releases":{"buster":{"fixed_version":"1.4.3-3","repositories":{"buster":"1.10.0-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.4.3-3","repositories":{"stretch":"1.8.4-3~deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.4.3-3","repositories":{"jessie":"1.8.3-3"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.4.3-3","repositories":{"sid":"1.10.0-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-11747":{"debianbug":870307,"scope":"local","description":"main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tinyproxy.pid modification before a root script executes a \"kill `cat /run/tinyproxy/tinyproxy.pid`\" command.","releases":{"buster":{"fixed_version":"1.10.0-1","repositories":{"buster":"1.10.0-2"},"urgency":"low**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.8.4-3~deb9u1"},"urgency":"low**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.8.3-3"},"urgency":"low**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.10.0-1","repositories":{"sid":"1.10.0-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2012-3505":{"debianbug":685281,"scope":"remote","description":"Tinyproxy 1.8.3 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via (1) a large number of headers or (2) a large number of forged headers that trigger hash collisions predictably.  bucket.","releases":{"buster":{"fixed_version":"1.8.3-3","repositories":{"buster":"1.10.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.8.3-3","repositories":{"stretch":"1.8.4-3~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.8.3-3","repositories":{"jessie":"1.8.3-3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.8.3-3","repositories":{"sid":"1.10.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-1499":{"debianbug":621493,"scope":"remote","description":"acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server.","releases":{"buster":{"fixed_version":"1.8.2-2","repositories":{"buster":"1.10.0-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.8.2-2","repositories":{"stretch":"1.8.4-3~deb9u1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.8.2-2","repositories":{"jessie":"1.8.3-3"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.8.2-2","repositories":{"sid":"1.10.0-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-1000808":{"scope":"remote","description":"Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploitable via Depends upon calling application, however it could be as simple as initiating a TLS connection. Anything that would cause the calling application to reload certificates from a PKCS #12 store.. This vulnerability appears to have been fixed in 17.5.0.","releases":{"buster":{"fixed_version":"17.5.0-1","repositories":{"buster":"19.0.0-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"16.2.0-1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue, but also requires at least cryptography 2.1.4 which exposes the X509_up_ref method","repositories":{"jessie":"0.14-1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"17.5.0-1","repositories":{"sid":"19.0.0-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-4314":{"debianbug":722055,"scope":"remote","description":"The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.","releases":{"buster":{"fixed_version":"0.13-2.1","repositories":{"buster":"19.0.0-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.13-2.1","repositories":{"stretch":"16.2.0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.13-2.1","repositories":{"jessie":"0.14-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.13-2.1","repositories":{"sid":"19.0.0-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-1000807":{"scope":"remote","description":"Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on the calling application and if it retains a reference to the memory.. This vulnerability appears to have been fixed in 17.5.0.","releases":{"buster":{"fixed_version":"17.5.0-1","repositories":{"buster":"19.0.0-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"16.2.0-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue, but also requires at least cryptography 2.1.4 which exposes the X509_up_ref method","repositories":{"jessie":"0.14-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"17.5.0-1","repositories":{"sid":"19.0.0-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-9650":{"scope":"remote","description":"CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions.","releases":{"buster":{"fixed_version":"3.4.1-1","repositories":{"buster":"3.7.8-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.4.1-1","repositories":{"stretch":"3.6.6-1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.3.5-1.1+deb8u1","jessie-security":"3.3.5-1.1+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3.4.1-1","repositories":{"sid":"3.7.8-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9877":{"debianbug":849849,"scope":"remote","description":"An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected.","releases":{"buster":{"fixed_version":"3.6.6-1","repositories":{"buster":"3.7.8-4"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.6.6-1","repositories":{"stretch":"3.6.6-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.3.5-1.1+deb8u1","repositories":{"jessie":"3.3.5-1.1+deb8u1","jessie-security":"3.3.5-1.1+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.6.6-1","repositories":{"sid":"3.7.8-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-9494":{"debianbug":773134,"scope":"remote","description":"RabbitMQ before 3.4.0 allows remote attackers to bypass the loopback_users restriction via a crafted X-Forwareded-For header.","releases":{"buster":{"fixed_version":"3.4.1-1","repositories":{"buster":"3.7.8-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.4.1-1","repositories":{"stretch":"3.6.6-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.3.5-1.1","repositories":{"jessie":"3.3.5-1.1+deb8u1","jessie-security":"3.3.5-1.1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.4.1-1","repositories":{"sid":"3.7.8-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-4966":{"debianbug":863586,"scope":"local","description":"An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management UI stores signed-in user credentials in a browser's local storage without expiration, making it possible to retrieve them using a chained attack.","releases":{"buster":{"fixed_version":"3.6.10-1","repositories":{"buster":"3.7.8-4"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"3.6.6-1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.3.5-1.1+deb8u1","jessie-security":"3.3.5-1.1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"3.6.10-1","repositories":{"sid":"3.7.8-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-0862":{"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in the management web UI in the RabbitMQ management plugin before 3.4.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) message details when a message is unqueued, such as headers or arguments; (2) policy names, which are not properly handled when viewing policies; (3) details for AMQP network clients, such as the version; allow remote authenticated administrators to inject arbitrary web script or HTML via (4) user names, (5) the cluster name; or allow RabbitMQ cluster administrators to (6) modify unspecified content.","releases":{"buster":{"fixed_version":"3.4.3-1","repositories":{"buster":"3.7.8-4"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"3.4.3-1","repositories":{"stretch":"3.6.6-1"},"urgency":"low**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.3.5-1.1+deb8u1","jessie-security":"3.3.5-1.1+deb8u1"},"urgency":"low**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3.4.3-1","repositories":{"sid":"3.7.8-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-4965":{"debianbug":863586,"scope":"remote","description":"An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks.","releases":{"buster":{"fixed_version":"3.6.10-1","repositories":{"buster":"3.7.8-4"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"3.6.6-1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.3.5-1.1+deb8u1","jessie-security":"3.3.5-1.1+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3.6.10-1","repositories":{"sid":"3.7.8-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-4967":{"debianbug":863586,"scope":"remote","description":"An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks.","releases":{"buster":{"fixed_version":"3.6.10-1","repositories":{"buster":"3.7.8-4"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"3.6.6-1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.3.5-1.1+deb8u1","jessie-security":"3.3.5-1.1+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3.6.10-1","repositories":{"sid":"3.7.8-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-1279":{"scope":"remote","description":"Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports on any server in the MQ cluster can use this cookie to gain full control over the entire cluster.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.7.8-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"3.6.6-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.3.5-1.1+deb8u1","jessie-security":"3.3.5-1.1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.7.8-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-9649":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled in an error message.","releases":{"buster":{"fixed_version":"3.4.1-1","repositories":{"buster":"3.7.8-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.4.1-1","repositories":{"stretch":"3.6.6-1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.3.5-1.1+deb8u1","jessie-security":"3.3.5-1.1+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3.4.1-1","repositories":{"sid":"3.7.8-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8786":{"scope":"remote","description":"The Management plugin in RabbitMQ before 3.6.1 allows remote authenticated users with certain privileges to cause a denial of service (resource consumption) via the (1) lengths_age or (2) lengths_incr parameter.","releases":{"buster":{"fixed_version":"3.6.5-1","repositories":{"buster":"3.7.8-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.6.5-1","repositories":{"stretch":"3.6.6-1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.3.5-1.1+deb8u1","jessie-security":"3.3.5-1.1+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3.6.5-1","repositories":{"sid":"3.7.8-4"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0414480-089D8A":{"debianbug":414480,"releases":{"buster":{"fixed_version":"0.2.8-1","repositories":{"buster":"0.5.17-1.2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.2.8-1","repositories":{"stretch":"0.5.17-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.2.8-1","repositories":{"jessie":"0.5.17-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.2.8-1","repositories":{"sid":"0.5.17-1.2"},"urgency":"low","status":"resolved"}}}}
{"TEMP-0414482-5BA32C":{"debianbug":414482,"releases":{"buster":{"fixed_version":"0.2.8-1","repositories":{"buster":"0.5.17-1.2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.2.8-1","repositories":{"stretch":"0.5.17-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.2.8-1","repositories":{"jessie":"0.5.17-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.2.8-1","repositories":{"sid":"0.5.17-1.2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-4011":{"releases":{"buster":{"fixed_version":"0.5.4-1","repositories":{"buster":"0.5.17-1.2"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"0.5.4-1","repositories":{"stretch":"0.5.17-1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"0.5.4-1","repositories":{"jessie":"0.5.17-1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"0.5.4-1","repositories":{"sid":"0.5.17-1.2"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2017-1000494":{"debianbug":887129,"scope":"local","description":"Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse.c) in miniupnpd < 2.0 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact","releases":{"buster":{"fixed_version":"2.0.20171212-1","repositories":{"buster":"2.1-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.8.20140523-4.1+deb9u1","repositories":{"stretch":"1.8.20140523-4.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.8.20140523-4"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.0.20171212-1","repositories":{"sid":"2.1-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-12110":{"scope":"remote","description":"An AddPortMapping Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in upnpredirect.c.","releases":{"buster":{"repositories":{"buster":"2.1-5"},"urgency":"medium**","status":"open"},"stretch":{"repositories":{"stretch":"1.8.20140523-4.1+deb9u1"},"urgency":"medium**","status":"open"},"jessie":{"repositories":{"jessie":"1.8.20140523-4"},"urgency":"medium**","status":"open"},"sid":{"repositories":{"sid":"2.1-5"},"urgency":"medium**","status":"open"}}}}
{"CVE-2013-2600":{"debianbug":716936,"releases":{"buster":{"fixed_version":"1.8.20130730-1","repositories":{"buster":"2.1-5"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"1.8.20130730-1","repositories":{"stretch":"1.8.20140523-4.1+deb9u1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"1.8.20130730-1","repositories":{"jessie":"1.8.20140523-4"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"1.8.20130730-1","repositories":{"sid":"2.1-5"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2013-1462":{"scope":"remote","description":"Integer signedness error in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to cause a denial of service (incorrect memory copy) via a SOAPAction header that lacks a \" (double quote) character, a different vulnerability than CVE-2013-0230.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.1-5"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.8.20140523-4.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.8.20140523-4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.1-5"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-1461":{"scope":"remote","description":"The ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to cause a denial of service (NULL pointer dereference and service crash) via a SOAPAction header that lacks a # (pound sign) character, a different vulnerability than CVE-2013-0230.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.1-5"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.8.20140523-4.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.8.20140523-4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.1-5"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-0230":{"scope":"remote","description":"Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to execute arbitrary code via a long quoted method.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.1-5"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.8.20140523-4.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.8.20140523-4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.1-5"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-12111":{"scope":"remote","description":"A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in copyIPv6IfDifferent in pcpserver.c.","releases":{"buster":{"repositories":{"buster":"2.1-5"},"urgency":"medium**","status":"open"},"stretch":{"repositories":{"stretch":"1.8.20140523-4.1+deb9u1"},"urgency":"medium**","status":"open"},"jessie":{"repositories":{"jessie":"1.8.20140523-4"},"urgency":"medium**","status":"open"},"sid":{"repositories":{"sid":"2.1-5"},"urgency":"medium**","status":"open"}}}}
{"CVE-2019-12107":{"scope":"remote","description":"The upnp_event_prepare function in upnpevents.c in MiniUPnP MiniUPnPd through 2.1 allows a remote attacker to leak information from the heap due to improper validation of an snprintf return value.","releases":{"buster":{"repositories":{"buster":"2.1-5"},"urgency":"medium**","status":"open"},"stretch":{"repositories":{"stretch":"1.8.20140523-4.1+deb9u1"},"urgency":"medium**","status":"open"},"jessie":{"repositories":{"jessie":"1.8.20140523-4"},"urgency":"medium**","status":"open"},"sid":{"repositories":{"sid":"2.1-5"},"urgency":"medium**","status":"open"}}}}
{"CVE-2019-12108":{"scope":"remote","description":"A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for int_port.","releases":{"buster":{"repositories":{"buster":"2.1-5"},"urgency":"medium**","status":"open"},"stretch":{"repositories":{"stretch":"1.8.20140523-4.1+deb9u1"},"urgency":"medium**","status":"open"},"jessie":{"repositories":{"jessie":"1.8.20140523-4"},"urgency":"medium**","status":"open"},"sid":{"repositories":{"sid":"2.1-5"},"urgency":"medium**","status":"open"}}}}
{"CVE-2019-12109":{"scope":"remote","description":"A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in GetOutboundPinholeTimeout in upnpsoap.c for rem_port.","releases":{"buster":{"repositories":{"buster":"2.1-5"},"urgency":"medium**","status":"open"},"stretch":{"repositories":{"stretch":"1.8.20140523-4.1+deb9u1"},"urgency":"medium**","status":"open"},"jessie":{"repositories":{"jessie":"1.8.20140523-4"},"urgency":"medium**","status":"open"},"sid":{"repositories":{"sid":"2.1-5"},"urgency":"medium**","status":"open"}}}}
{"CVE-2013-0229":{"scope":"remote","description":"The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd before 1.4 allows remote attackers to cause a denial of service (service crash) via a crafted request that triggers a buffer over-read.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.1-5"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.8.20140523-4.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.8.20140523-4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.1-5"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-3995":{"debianbug":575742,"scope":"remote","description":"Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file.  NOTE: some of these details are obtained from third party information.","releases":{"buster":{"fixed_version":"3.1.11-6.2","repositories":{"buster":"3.3.11.1-4"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.1.11-6.2","repositories":{"stretch":"3.3.10-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.1.11-6.2","repositories":{"jessie":"3.3.7-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.1.11-6.2","repositories":{"sid":"3.3.11.1-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-2971":{"scope":"remote","description":"loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly account for the larger size of name##env relative to name##tick and name##node, which allows remote attackers to trigger a buffer over-read and possibly have unspecified other impact via a crafted Impulse Tracker file, a related issue to CVE-2010-2546.  NOTE: this issue exists because of an incomplete fix for CVE-2009-3995.","releases":{"buster":{"fixed_version":"3.1.11-6.3","repositories":{"buster":"3.3.11.1-4"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.1.11-6.3","repositories":{"stretch":"3.3.10-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.1.11-6.3","repositories":{"jessie":"3.3.7-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.1.11-6.3","repositories":{"sid":"3.3.11.1-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-3996":{"debianbug":575742,"scope":"remote","description":"Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via an Ultratracker file.","releases":{"buster":{"fixed_version":"3.1.11-6.2","repositories":{"buster":"3.3.11.1-4"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.1.11-6.2","repositories":{"stretch":"3.3.10-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.1.11-6.2","repositories":{"jessie":"3.3.7-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.1.11-6.2","repositories":{"sid":"3.3.11.1-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-0179":{"debianbug":476339,"scope":"remote","description":"libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other products, allows user-assisted attackers to cause a denial of service (application crash) by loading an XM file.","releases":{"buster":{"fixed_version":"3.1.11-6.1","repositories":{"buster":"3.3.11.1-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.1.11-6.1","repositories":{"stretch":"3.3.10-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3.1.11-6.1","repositories":{"jessie":"3.3.7-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"3.1.11-6.1","repositories":{"sid":"3.3.11.1-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-6720":{"debianbug":422021,"scope":"remote","description":"libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain playback calculations, which allows user-assisted attackers to cause a denial of service (application crash) by loading multiple songs (aka MOD files) with different numbers of channels.","releases":{"buster":{"fixed_version":"3.1.11-6.1","repositories":{"buster":"3.3.11.1-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.1.11-6.1","repositories":{"stretch":"3.3.10-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3.1.11-6.1","repositories":{"jessie":"3.3.7-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"3.1.11-6.1","repositories":{"sid":"3.3.11.1-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2006-3879":{"scope":"remote","description":"Integer overflow in the loadChunk function in loaders/load_gt2.c in libmikmod in Mikmod Sound System 3.2.2 allows remote attackers to cause a denial of service via a GRAOUMF TRACKER (GT2) module file with a large (0xffffffff) comment length value in an XCOM chunk.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.3.11.1-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"3.3.10-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.3.7-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.3.11.1-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-2546":{"scope":"remote","description":"Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope.  NOTE: some of these details are obtained from third party information.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995.","releases":{"buster":{"fixed_version":"3.1.11-6.3","repositories":{"buster":"3.3.11.1-4"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.1.11-6.3","repositories":{"stretch":"3.3.10-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.1.11-6.3","repositories":{"jessie":"3.3.7-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.1.11-6.3","repositories":{"sid":"3.3.11.1-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-2347":{"scope":"remote","description":"Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive.","releases":{"buster":{"fixed_version":"0.3.1-1","repositories":{"buster":"0.3.1-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.3.1-1","repositories":{"stretch":"0.3.1-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.2.0+git3fe46-1+deb8u1","repositories":{"jessie":"0.2.0+git3fe46-1+deb8u1","jessie-security":"0.2.0+git3fe46-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.3.1-1","repositories":{"sid":"0.3.1-3"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0000000-5337A6":{"releases":{"buster":{"fixed_version":"0.2.0-1","repositories":{"buster":"0.3.1-3"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"0.2.0-1","repositories":{"stretch":"0.3.1-2"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"0.2.0-1","repositories":{"jessie":"0.2.0+git3fe46-1+deb8u1","jessie-security":"0.2.0+git3fe46-1+deb8u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"0.2.0-1","repositories":{"sid":"0.3.1-3"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2017-1000494":{"debianbug":887129,"scope":"local","description":"Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse.c) in miniupnpd < 2.0 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact","releases":{"buster":{"fixed_version":"2.0.20171212-3","repositories":{"buster":"2.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"1.9.20140610-4"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1.9.20140610-2+deb8u1","jessie-security":"1.9.20140610-2+deb8u1"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.0.20171212-3","repositories":{"sid":"2.1-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-8798":{"debianbug":862273,"scope":"remote","description":"Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact.","releases":{"buster":{"fixed_version":"1.9.20140610-3","repositories":{"buster":"2.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.9.20140610-3","repositories":{"stretch":"1.9.20140610-4"},"urgency":"high**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.9.20140610-2+deb8u1","jessie-security":"1.9.20140610-2+deb8u1"},"urgency":"high**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.9.20140610-3","repositories":{"sid":"2.1-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-6031":{"debianbug":802650,"scope":"remote","description":"Buffer overflow in the IGDstartelt function in igd_desc_parse.c in the MiniUPnP client (aka MiniUPnPc) before 1.9.20150917 allows remote UPNP servers to cause a denial of service (application crash) and possibly execute arbitrary code via an \"oversized\" XML element name.","releases":{"buster":{"fixed_version":"1.9.20140610-2.1","repositories":{"buster":"2.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.9.20140610-2.1","repositories":{"stretch":"1.9.20140610-4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.9.20140610-2+deb8u1","repositories":{"jessie":"1.9.20140610-2+deb8u1","jessie-security":"1.9.20140610-2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.9.20140610-2.1","repositories":{"sid":"2.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-3985":{"debianbug":748913,"scope":"remote","description":"The getHTTPResponse function in miniwget.c in MiniUPnP 1.9 allows remote attackers to cause a denial of service (crash) via crafted headers that trigger an out-of-bounds read.","releases":{"buster":{"fixed_version":"1.6-4","repositories":{"buster":"2.1-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.6-4","repositories":{"stretch":"1.9.20140610-4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.6-4","repositories":{"jessie":"1.9.20140610-2+deb8u1","jessie-security":"1.9.20140610-2+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.6-4","repositories":{"sid":"2.1-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-6519":{"debianbug":838017,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in the \"Shares\" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the \"Create Share\" form.","releases":{"buster":{"fixed_version":"2.5.1-0","repositories":{"buster":"2.16.0-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2.5.1-0","repositories":{"stretch":"2.5.1-0"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2.5.1-0","repositories":{"sid":"2.16.0-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2003-0648":{"debianbug":203871,"scope":"remote","description":"Multiple buffer overflows in vfte, based on FTE, before 0.50, allow local users to execute arbitrary code.","releases":{"buster":{"fixed_version":"0.50.0-1.1","repositories":{"buster":"0.50.2b6-20110708-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.50.0-1.1","repositories":{"stretch":"0.50.2b6-20110708-2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.50.0-1.1","repositories":{"jessie":"0.50.2b6-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.50.0-1.1","repositories":{"sid":"0.50.2b6-20110708-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-3196":{"debianbug":491182,"scope":"remote","description":"skeleton.c in yacc does not properly handle reduction of a rule with an empty right hand side, which allows context-dependent attackers to cause an out-of-bounds stack access when the yacc stack pointer points to the end of the stack.","releases":{"buster":{"fixed_version":"20070509-1.1","repositories":{"buster":"20140715-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"20070509-1.1","repositories":{"stretch":"20140715-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"20070509-1.1","repositories":{"jessie":"20140715-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"20070509-1.1","repositories":{"sid":"20140715-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-8154":{"debianbug":775913,"scope":"remote","description":"The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which trigger a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.42.5-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"0.34.7-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.42.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-10523":{"scope":"remote","description":"MQTT before 3.4.6 and 4.0.x before 4.0.5 allows specifically crafted MQTT packets to crash the application, making a DoS attack feasible with very little bandwidth.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"6.0.0-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"6.0.0-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-5432":{"debianbug":928673,"scope":"remote","description":"A specifically malformed MQTT Subscribe packet crashes MQTT Brokers using the mqtt-packet module versions < 3.5.1, 4.0.0 - 4.1.3, 5.0.0 - 5.6.1, 6.0.0 - 6.1.2 for decoding.","releases":{"buster":{"fixed_version":"6.0.0-2","repositories":{"buster":"6.0.0-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"6.0.0-2","repositories":{"sid":"6.0.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-12087":{"debianbug":882508,"scope":"remote","description":"An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A specially crafted packet can make the library overwrite an arbitrary amount of data on the heap with attacker controlled values. An attacker needs send a dns packet to trigger this vulnerability.","releases":{"buster":{"fixed_version":"3.1.4-1","repositories":{"buster":"3.2.2-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.8.6-1"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"3.1.4-1","repositories":{"sid":"3.2.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-6188":{"debianbug":855705,"scope":"local","description":"Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upper_limit GET parameters allows overwriting any file accessible to the www-data user.","releases":{"buster":{"fixed_version":"2.0.31-1","repositories":{"buster":"2.0.47-1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2.0.31-1","repositories":{"stretch":"2.0.33-1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"2.0.25-1+deb8u1","repositories":{"jessie":"2.0.25-1+deb8u3","jessie-security":"2.0.25-1+deb8u3"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2.0.31-1","repositories":{"sid":"2.0.49-1"},"urgency":"low**","status":"resolved"}}}}
{"TEMP-0682869-4EFB12":{"debianbug":682869,"releases":{"buster":{"fixed_version":"2.0.5-1","repositories":{"buster":"2.0.47-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"2.0.5-1","repositories":{"stretch":"2.0.33-1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"2.0.5-1","repositories":{"jessie":"2.0.25-1+deb8u3","jessie-security":"2.0.25-1+deb8u3"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"2.0.5-1","repositories":{"sid":"2.0.49-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2013-6359":{"scope":"remote","description":"Munin::Master::Node in Munin before 2.0.18 allows remote attackers to cause a denial of service (abort data collection for node) via a plugin that uses \"multigraph\" as a multigraph service name.","releases":{"buster":{"fixed_version":"2.0.18-1","repositories":{"buster":"2.0.47-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.0.18-1","repositories":{"stretch":"2.0.33-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.0.18-1","repositories":{"jessie":"2.0.25-1+deb8u3","jessie-security":"2.0.25-1+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.0.18-1","repositories":{"sid":"2.0.49-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-2147":{"debianbug":670811,"scope":"remote","description":"munin-cgi-graph in Munin 2.0 rc4 allows remote attackers to cause a denial of service (disk or memory consumption) via many image requests with large values in the (1) size_x or (2) size_y parameters.","releases":{"buster":{"fixed_version":"2.0~rc6-1","repositories":{"buster":"2.0.47-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.0~rc6-1","repositories":{"stretch":"2.0.33-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.0~rc6-1","repositories":{"jessie":"2.0.25-1+deb8u3","jessie-security":"2.0.25-1+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.0~rc6-1","repositories":{"sid":"2.0.49-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-2103":{"debianbug":668778,"scope":"local","description":"The qmailscan plugin for Munin 1.4.5 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.","releases":{"buster":{"fixed_version":"2.0~rc6-1","repositories":{"buster":"2.0.47-1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2.0~rc6-1","repositories":{"stretch":"2.0.33-1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"2.0~rc6-1","repositories":{"jessie":"2.0.25-1+deb8u3","jessie-security":"2.0.25-1+deb8u3"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2.0~rc6-1","repositories":{"sid":"2.0.49-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2012-3513":{"debianbug":684076,"scope":"remote","description":"munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.","releases":{"buster":{"fixed_version":"2.0.6-1","repositories":{"buster":"2.0.47-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.0.6-1","repositories":{"stretch":"2.0.33-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.0.6-1","repositories":{"jessie":"2.0.25-1+deb8u3","jessie-security":"2.0.25-1+deb8u3"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.0.6-1","repositories":{"sid":"2.0.49-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-2104":{"debianbug":668666,"scope":"remote","description":"cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to inject terminal emulator escape sequences and execute arbitrary commands or delete arbitrary files via a crafted HTTP request.","releases":{"buster":{"fixed_version":"2.0~rc6-1","repositories":{"buster":"2.0.47-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.0~rc6-1","repositories":{"stretch":"2.0.33-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.0~rc6-1","repositories":{"jessie":"2.0.25-1+deb8u3","jessie-security":"2.0.25-1+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.0~rc6-1","repositories":{"sid":"2.0.49-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-3512":{"debianbug":684075,"scope":"local","description":"Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart_ plugin.","releases":{"buster":{"fixed_version":"2.0.6-1","repositories":{"buster":"2.0.47-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.0.6-1","repositories":{"stretch":"2.0.33-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.0.6-1","repositories":{"jessie":"2.0.25-1+deb8u3","jessie-security":"2.0.25-1+deb8u3"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.0.6-1","repositories":{"sid":"2.0.49-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-6048":{"scope":"remote","description":"The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process) via crafted multigraph data.","releases":{"buster":{"fixed_version":"2.0.18-1","repositories":{"buster":"2.0.47-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.0.18-1","repositories":{"stretch":"2.0.33-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.0.18-1","repositories":{"jessie":"2.0.25-1+deb8u3","jessie-security":"2.0.25-1+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.0.18-1","repositories":{"sid":"2.0.49-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-4678":{"debianbug":668667,"scope":"remote","description":"munin-cgi-graph for Munin 2.0 rc4 does not delete temporary files, which allows remote attackers to cause a denial of service (disk consumption) via many requests to an image with unique parameters.","releases":{"buster":{"fixed_version":"2.0~rc6-1","repositories":{"buster":"2.0.47-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.0~rc6-1","repositories":{"stretch":"2.0.33-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.0~rc6-1","repositories":{"jessie":"2.0.25-1+deb8u3","jessie-security":"2.0.25-1+deb8u3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.0~rc6-1","repositories":{"sid":"2.0.49-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-2653":{"debianbug":674715,"scope":"remote","description":"arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerabilities in the daemon.","releases":{"buster":{"fixed_version":"2.1a15-1.2","repositories":{"buster":"2.1a15-7"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.1a15-1.2","repositories":{"stretch":"2.1a15-2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.1a15-1.2","repositories":{"jessie":"2.1a15-1.3"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.1a15-1.2","repositories":{"sid":"2.1a15-7"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-14450":{"scope":"remote","description":"An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the \"update dimension region's chunks\" feature of the function gig::Region::UpdateChunks in gig.cpp.","releases":{"buster":{"repositories":{"buster":"4.1.0~repack-2"},"urgency":"medium**","status":"undetermined"},"stretch":{"repositories":{"stretch":"3.3.0-5"},"urgency":"medium**","status":"undetermined"},"jessie":{"repositories":{"jessie":"3.3.0-3"},"urgency":"medium**","status":"undetermined"},"sid":{"repositories":{"sid":"4.1.0~repack-2"},"urgency":"medium**","status":"undetermined"}}}}
{"CVE-2018-18197":{"scope":"remote","description":"An issue was discovered in libgig 4.1.0. There is an operator new[] failure (due to a big pSampleLoops heap request) in DLS::Sampler::Sampler in DLS.cpp.","releases":{"buster":{"repositories":{"buster":"4.1.0~repack-2"},"urgency":"high**","status":"undetermined"},"stretch":{"repositories":{"stretch":"3.3.0-5"},"urgency":"high**","status":"undetermined"},"jessie":{"repositories":{"jessie":"3.3.0-3"},"urgency":"high**","status":"undetermined"},"sid":{"repositories":{"sid":"4.1.0~repack-2"},"urgency":"high**","status":"undetermined"}}}}
{"CVE-2018-18196":{"scope":"remote","description":"An issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in RIFF::List::GetListTypeString in RIFF.cpp.","releases":{"buster":{"repositories":{"buster":"4.1.0~repack-2"},"urgency":"medium**","status":"undetermined"},"stretch":{"repositories":{"stretch":"3.3.0-5"},"urgency":"medium**","status":"undetermined"},"jessie":{"repositories":{"jessie":"3.3.0-3"},"urgency":"medium**","status":"undetermined"},"sid":{"repositories":{"sid":"4.1.0~repack-2"},"urgency":"medium**","status":"undetermined"}}}}
{"CVE-2018-18195":{"scope":"remote","description":"An issue was discovered in libgig 4.1.0. There is an FPE (divide-by-zero error) in DLS::Sample::Sample in DLS.cpp.","releases":{"buster":{"repositories":{"buster":"4.1.0~repack-2"},"urgency":"medium**","status":"undetermined"},"stretch":{"repositories":{"stretch":"3.3.0-5"},"urgency":"medium**","status":"undetermined"},"jessie":{"repositories":{"jessie":"3.3.0-3"},"urgency":"medium**","status":"undetermined"},"sid":{"repositories":{"sid":"4.1.0~repack-2"},"urgency":"medium**","status":"undetermined"}}}}
{"CVE-2018-18194":{"scope":"remote","description":"An issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in DLS::Region::GetSample() in DLS.cpp.","releases":{"buster":{"repositories":{"buster":"4.1.0~repack-2"},"urgency":"medium**","status":"undetermined"},"stretch":{"repositories":{"stretch":"3.3.0-5"},"urgency":"medium**","status":"undetermined"},"jessie":{"repositories":{"jessie":"3.3.0-3"},"urgency":"medium**","status":"undetermined"},"sid":{"repositories":{"sid":"4.1.0~repack-2"},"urgency":"medium**","status":"undetermined"}}}}
{"CVE-2018-18193":{"scope":"remote","description":"An issue was discovered in libgig 4.1.0. There is operator new[] failure (due to a big pWavePoolTable heap request) in DLS::File::File in DLS.cpp.","releases":{"buster":{"repositories":{"buster":"4.1.0~repack-2"},"urgency":"medium**","status":"undetermined"},"stretch":{"repositories":{"stretch":"3.3.0-5"},"urgency":"medium**","status":"undetermined"},"jessie":{"repositories":{"jessie":"3.3.0-3"},"urgency":"medium**","status":"undetermined"},"sid":{"repositories":{"sid":"4.1.0~repack-2"},"urgency":"medium**","status":"undetermined"}}}}
{"CVE-2018-18192":{"scope":"remote","description":"An issue was discovered in libgig 4.1.0. There is a NULL pointer dereference in the function DLS::File::GetFirstSample() in DLS.cpp.","releases":{"buster":{"repositories":{"buster":"4.1.0~repack-2"},"urgency":"medium**","status":"undetermined"},"stretch":{"repositories":{"stretch":"3.3.0-5"},"urgency":"medium**","status":"undetermined"},"jessie":{"repositories":{"jessie":"3.3.0-3"},"urgency":"medium**","status":"undetermined"},"sid":{"repositories":{"sid":"4.1.0~repack-2"},"urgency":"medium**","status":"undetermined"}}}}
{"CVE-2017-12951":{"debianbug":877651,"scope":"remote","description":"The gig::DimensionRegion::CreateVelocityTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted gig file.","releases":{"buster":{"fixed_version":"4.0.0-5","repositories":{"buster":"4.1.0~repack-2"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"3.3.0-5"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.3.0-3"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"4.0.0-5","repositories":{"sid":"4.1.0~repack-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-12952":{"debianbug":873718,"scope":"remote","description":"The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file.","releases":{"buster":{"fixed_version":"4.0.0-4","repositories":{"buster":"4.1.0~repack-2"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"3.3.0-5"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.3.0-3"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"4.0.0-4","repositories":{"sid":"4.1.0~repack-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-12950":{"debianbug":873718,"scope":"remote","description":"The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file.","releases":{"buster":{"fixed_version":"4.0.0-4","repositories":{"buster":"4.1.0~repack-2"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"3.3.0-5"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.3.0-3"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"4.0.0-4","repositories":{"sid":"4.1.0~repack-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-14449":{"scope":"remote","description":"An issue was discovered in libgig 4.1.0. There is an out of bounds read in gig::File::UpdateChunks in gig.cpp.","releases":{"buster":{"repositories":{"buster":"4.1.0~repack-2"},"urgency":"medium**","status":"undetermined"},"stretch":{"repositories":{"stretch":"3.3.0-5"},"urgency":"medium**","status":"undetermined"},"jessie":{"repositories":{"jessie":"3.3.0-3"},"urgency":"medium**","status":"undetermined"},"sid":{"repositories":{"sid":"4.1.0~repack-2"},"urgency":"medium**","status":"undetermined"}}}}
{"CVE-2018-14459":{"scope":"remote","description":"An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store16 in helper.h.","releases":{"buster":{"repositories":{"buster":"4.1.0~repack-2"},"urgency":"medium**","status":"undetermined"},"stretch":{"repositories":{"stretch":"3.3.0-5"},"urgency":"medium**","status":"undetermined"},"jessie":{"repositories":{"jessie":"3.3.0-3"},"urgency":"medium**","status":"undetermined"},"sid":{"repositories":{"sid":"4.1.0~repack-2"},"urgency":"medium**","status":"undetermined"}}}}
{"CVE-2018-14456":{"scope":"remote","description":"An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::SaveString in DLS.cpp.","releases":{"buster":{"repositories":{"buster":"4.1.0~repack-2"},"urgency":"medium**","status":"undetermined"},"stretch":{"repositories":{"stretch":"3.3.0-5"},"urgency":"medium**","status":"undetermined"},"jessie":{"repositories":{"jessie":"3.3.0-3"},"urgency":"medium**","status":"undetermined"},"sid":{"repositories":{"sid":"4.1.0~repack-2"},"urgency":"medium**","status":"undetermined"}}}}
{"CVE-2018-14455":{"scope":"remote","description":"An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store32 in helper.h.","releases":{"buster":{"repositories":{"buster":"4.1.0~repack-2"},"urgency":"medium**","status":"undetermined"},"stretch":{"repositories":{"stretch":"3.3.0-5"},"urgency":"medium**","status":"undetermined"},"jessie":{"repositories":{"jessie":"3.3.0-3"},"urgency":"medium**","status":"undetermined"},"sid":{"repositories":{"sid":"4.1.0~repack-2"},"urgency":"medium**","status":"undetermined"}}}}
{"CVE-2018-14458":{"scope":"remote","description":"An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store32 in helper.h.","releases":{"buster":{"repositories":{"buster":"4.1.0~repack-2"},"urgency":"medium**","status":"undetermined"},"stretch":{"repositories":{"stretch":"3.3.0-5"},"urgency":"medium**","status":"undetermined"},"jessie":{"repositories":{"jessie":"3.3.0-3"},"urgency":"medium**","status":"undetermined"},"sid":{"repositories":{"sid":"4.1.0~repack-2"},"urgency":"medium**","status":"undetermined"}}}}
{"CVE-2018-14457":{"scope":"remote","description":"An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::UpdateChunks in DLS.cpp.","releases":{"buster":{"repositories":{"buster":"4.1.0~repack-2"},"urgency":"medium**","status":"undetermined"},"stretch":{"repositories":{"stretch":"3.3.0-5"},"urgency":"medium**","status":"undetermined"},"jessie":{"repositories":{"jessie":"3.3.0-3"},"urgency":"medium**","status":"undetermined"},"sid":{"repositories":{"sid":"4.1.0~repack-2"},"urgency":"medium**","status":"undetermined"}}}}
{"CVE-2018-14452":{"scope":"remote","description":"An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the \"always assign the sample of the first dimension region of this region\" feature of the function gig::Region::UpdateChunks in gig.cpp.","releases":{"buster":{"repositories":{"buster":"4.1.0~repack-2"},"urgency":"medium**","status":"undetermined"},"stretch":{"repositories":{"stretch":"3.3.0-5"},"urgency":"medium**","status":"undetermined"},"jessie":{"repositories":{"jessie":"3.3.0-3"},"urgency":"medium**","status":"undetermined"},"sid":{"repositories":{"sid":"4.1.0~repack-2"},"urgency":"medium**","status":"undetermined"}}}}
{"CVE-2018-14451":{"scope":"remote","description":"An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in the function RIFF::Chunk::Read in RIFF.cpp.","releases":{"buster":{"repositories":{"buster":"4.1.0~repack-2"},"urgency":"medium**","status":"undetermined"},"stretch":{"repositories":{"stretch":"3.3.0-5"},"urgency":"medium**","status":"undetermined"},"jessie":{"repositories":{"jessie":"3.3.0-3"},"urgency":"medium**","status":"undetermined"},"sid":{"repositories":{"sid":"4.1.0~repack-2"},"urgency":"medium**","status":"undetermined"}}}}
{"CVE-2017-12953":{"debianbug":873718,"scope":"remote","description":"The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory write and application crash) via a crafted gig file.","releases":{"buster":{"fixed_version":"4.0.0-4","repositories":{"buster":"4.1.0~repack-2"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"3.3.0-5"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.3.0-3"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"4.0.0-4","repositories":{"sid":"4.1.0~repack-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-14454":{"scope":"remote","description":"An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the function RIFF::Chunk::Read in RIFF.cpp.","releases":{"buster":{"repositories":{"buster":"4.1.0~repack-2"},"urgency":"medium**","status":"undetermined"},"stretch":{"repositories":{"stretch":"3.3.0-5"},"urgency":"medium**","status":"undetermined"},"jessie":{"repositories":{"jessie":"3.3.0-3"},"urgency":"medium**","status":"undetermined"},"sid":{"repositories":{"sid":"4.1.0~repack-2"},"urgency":"medium**","status":"undetermined"}}}}
{"CVE-2017-12954":{"debianbug":877652,"scope":"remote","description":"The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted gig file.","releases":{"buster":{"fixed_version":"4.0.0-5","repositories":{"buster":"4.1.0~repack-2"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"3.3.0-5"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.3.0-3"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"4.0.0-5","repositories":{"sid":"4.1.0~repack-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-14453":{"scope":"remote","description":"An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store16 in helper.h.","releases":{"buster":{"repositories":{"buster":"4.1.0~repack-2"},"urgency":"medium**","status":"undetermined"},"stretch":{"repositories":{"stretch":"3.3.0-5"},"urgency":"medium**","status":"undetermined"},"jessie":{"repositories":{"jessie":"3.3.0-3"},"urgency":"medium**","status":"undetermined"},"sid":{"repositories":{"sid":"4.1.0~repack-2"},"urgency":"medium**","status":"undetermined"}}}}
{"CVE-2005-3535":{"scope":"remote","description":"Buffer overflow in KETM 0.0.6 allows local users to execute arbitrary code via unknown vectors.","releases":{"buster":{"fixed_version":"0.0.6-17sarge1","repositories":{"buster":"0.0.6-24"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.0.6-17sarge1","repositories":{"stretch":"0.0.6-24"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.0.6-17sarge1","repositories":{"jessie":"0.0.6-22"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.0.6-17sarge1","repositories":{"sid":"0.0.6-24"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-1049":{"debianbug":700098,"scope":"remote","description":"Buffer overflow in the RFC1413 (ident) client in cfingerd 1.4.3-3 allows remote IDENT servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted response.","releases":{"buster":{"fixed_version":"1.4.3-3.1","repositories":{"buster":"1.4.3-3.2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.4.3-3.1","repositories":{"stretch":"1.4.3-3.2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.4.3-3.1","repositories":{"jessie":"1.4.3-3.1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.4.3-3.1","repositories":{"sid":"1.4.3-3.2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2001-0735":{"debianbug":104394,"scope":"local","description":"Buffer overflow in cfingerd 1.4.3 and earlier with the ALLOW_LINE_PARSING option enabled allows local users to execute arbitrary code via a long line in the .nofinger file.","releases":{"buster":{"fixed_version":"1.4.3-1.1","repositories":{"buster":"1.4.3-3.2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.4.3-1.1","repositories":{"stretch":"1.4.3-3.2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.4.3-1.1","repositories":{"jessie":"1.4.3-3.1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.4.3-1.1","repositories":{"sid":"1.4.3-3.2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2019-12046":{"debianbug":928944,"releases":{"buster":{"fixed_version":"2.0.2+ds-7+deb10u1","repositories":{"buster":"2.0.2+ds-7+deb10u1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"1.9.7-3+deb9u1","repositories":{"stretch-security":"1.9.7-3+deb9u1","stretch":"1.9.7-3"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"1.3.3-1+deb8u1","repositories":{"jessie":"1.3.3-1","jessie-security":"1.3.3-1+deb8u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"2.0.2+ds-7+deb10u1","repositories":{"sid":"2.0.2+ds-7+deb10u1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2012-6426":{"debianbug":696329,"scope":"remote","description":"LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass intended access-control restrictions via crafted SAML data.","releases":{"buster":{"fixed_version":"1.2.2-3","repositories":{"buster":"2.0.2+ds-7+deb10u1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.2.2-3","repositories":{"stretch-security":"1.9.7-3+deb9u1","stretch":"1.9.7-3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.2.2-3","repositories":{"jessie":"1.3.3-1","jessie-security":"1.3.3-1+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.2.2-3","repositories":{"sid":"2.0.2+ds-7+deb10u1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-2722":{"debianbug":635549,"scope":"local","description":"The send_data_to_stdout function in prnt/hpijs/hpcupsfax.cpp in HP Linux Imaging and Printing (HPLIP) 3.x before 3.11.10 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hpcupsfax.out temporary file.","releases":{"buster":{"fixed_version":"3.11.10-1","repositories":{"buster":"3.18.12+dfsg0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.11.10-1","repositories":{"stretch":"3.16.11+repack0-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3.11.10-1","repositories":{"jessie":"3.14.6-1+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"3.11.10-1","repositories":{"sid":"3.18.12+dfsg0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-6108":{"scope":"local","description":"HP Linux Imaging and Printing (HPLIP) before 3.13.2 uses world-writable permissions for /var/log/hp and /var/log/hp/tmp, which allows local users to delete log files via standard filesystem operations.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.18.12+dfsg0-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"3.16.11+repack0-3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.14.6-1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.18.12+dfsg0-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-5208":{"debianbug":447341,"scope":"remote","description":"hpssd in Hewlett-Packard Linux Imaging and Printing Project (hplip) 1.x and 2.x before 2.7.10 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a from address, which is not properly handled when invoking sendmail.","releases":{"buster":{"fixed_version":"1.6.10-4.3","repositories":{"buster":"3.18.12+dfsg0-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.6.10-4.3","repositories":{"stretch":"3.16.11+repack0-3"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.6.10-4.3","repositories":{"jessie":"3.14.6-1+deb8u1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.6.10-4.3","repositories":{"sid":"3.18.12+dfsg0-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2008-2940":{"debianbug":499842,"scope":"local","description":"The alert-mailing implementation in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to gain privileges and send e-mail messages from the root account via vectors related to the setalerts message, and lack of validation of the device URI associated with an event message.","releases":{"buster":{"fixed_version":"2.8.6-1","repositories":{"buster":"3.18.12+dfsg0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.8.6-1","repositories":{"stretch":"3.16.11+repack0-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.8.6-1","repositories":{"jessie":"3.14.6-1+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.8.6-1","repositories":{"sid":"3.18.12+dfsg0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-2697":{"debianbug":635549,"scope":"remote","description":"foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3.11.5 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file.","releases":{"buster":{"fixed_version":"3.10.6-2","repositories":{"buster":"3.18.12+dfsg0-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"3.10.6-2","repositories":{"stretch":"3.16.11+repack0-3"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"3.10.6-2","repositories":{"jessie":"3.14.6-1+deb8u1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"3.10.6-2","repositories":{"sid":"3.18.12+dfsg0-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2015-0839":{"debianbug":787353,"scope":"remote","description":"The hp-plugin utility in HP Linux Imaging and Printing (HPLIP) makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging use of a short GPG key id from a keyserver to verify print plugin downloads.","releases":{"buster":{"fixed_version":"3.15.11+repack0-1","repositories":{"buster":"3.18.12+dfsg0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.15.11+repack0-1","repositories":{"stretch":"3.16.11+repack0-3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.14.6-1+deb8u1","repositories":{"jessie":"3.14.6-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.15.11+repack0-1","repositories":{"sid":"3.18.12+dfsg0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-0200":{"debianbug":701185,"scope":"local","description":"HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3) /tmp/hpcups_job#.out, (4) /tmp/hpijs_#####.out, or (5) /tmp/hpps_job#.out temporary file, a different vulnerability than CVE-2011-2722.","releases":{"buster":{"fixed_version":"3.12.6-3.1","repositories":{"buster":"3.18.12+dfsg0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.12.6-3.1","repositories":{"stretch":"3.16.11+repack0-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3.12.6-3.1","repositories":{"jessie":"3.14.6-1+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"3.12.6-3.1","repositories":{"sid":"3.18.12+dfsg0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-4325":{"debianbug":723716,"scope":"local","description":"The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process.","releases":{"buster":{"fixed_version":"3.13.9-1","repositories":{"buster":"3.18.12+dfsg0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.13.9-1","repositories":{"stretch":"3.16.11+repack0-3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.13.9-1","repositories":{"jessie":"3.14.6-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.13.9-1","repositories":{"sid":"3.18.12+dfsg0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-6427":{"debianbug":731480,"scope":"remote","description":"upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing (HPLIP) 3.x through 3.13.11 launches a program from an http URL, which allows man-in-the-middle attackers to execute arbitrary code by gaining control over the client-server data stream.","releases":{"buster":{"fixed_version":"3.13.11-2","repositories":{"buster":"3.18.12+dfsg0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.13.11-2","repositories":{"stretch":"3.16.11+repack0-3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.13.11-2","repositories":{"jessie":"3.14.6-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.13.11-2","repositories":{"sid":"3.18.12+dfsg0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-4267":{"debianbug":610960,"scope":"remote","description":"Stack-based buffer overflow in the hpmud_get_pml function in io/hpmud/pml.c in Hewlett-Packard Linux Imaging and Printing (HPLIP) 1.6.7, 3.9.8, 3.10.9, and probably other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SNMP response with a large length value.","releases":{"buster":{"fixed_version":"3.10.6-2","repositories":{"buster":"3.18.12+dfsg0-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.10.6-2","repositories":{"stretch":"3.16.11+repack0-3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.10.6-2","repositories":{"jessie":"3.14.6-1+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.10.6-2","repositories":{"sid":"3.18.12+dfsg0-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-6402":{"debianbug":725876,"scope":"local","description":"base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file.","releases":{"buster":{"fixed_version":"3.13.11-2.1","repositories":{"buster":"3.18.12+dfsg0-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"3.13.11-2.1","repositories":{"stretch":"3.16.11+repack0-3"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"3.13.11-2.1","repositories":{"jessie":"3.14.6-1+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"3.13.11-2.1","repositories":{"sid":"3.18.12+dfsg0-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2008-2941":{"debianbug":499842,"scope":"local","description":"The hpssd message parser in hpssd.py in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to cause a denial of service (process stop) via a crafted packet, as demonstrated by sending \"msg=0\" to TCP port 2207.","releases":{"buster":{"fixed_version":"2.8.6-1","repositories":{"buster":"3.18.12+dfsg0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.8.6-1","repositories":{"stretch":"3.16.11+repack0-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.8.6-1","repositories":{"jessie":"3.14.6-1+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.8.6-1","repositories":{"sid":"3.18.12+dfsg0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-0122":{"scope":"local","description":"hplip.postinst in HP Linux Imaging and Printing (HPLIP) 2.7.7 and 2.8.2 on Ubuntu allows local users to change the ownership of arbitrary files via unspecified manipulations in advance of an HPLIP installation or upgrade by an administrator, related to the product's attempt to correct the ownership of its configuration files within home directories.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.18.12+dfsg0-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"3.16.11+repack0-3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.14.6-1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.18.12+dfsg0-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-2839":{"debianbug":431893,"scope":"local","description":"gfax 0.4.2 and probably other versions creates temporary files insecurely, which allows local users to execute arbitrary commands via unknown vectors.","releases":{"jessie":{"fixed_version":"0.6","repositories":{"jessie":"0.7.7+ds-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-8371":{"releases":{"buster":{"fixed_version":"1.0.0~alpha11-3","repositories":{"buster":"1.8.4-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"1.0.0~alpha11-3","repositories":{"stretch":"1.2.2-1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"1.0.0~alpha11-3","repositories":{"sid":"1.8.4-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2008-1688":{"scope":"remote","description":"Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option.  NOTE: it is not clear when this issue crosses privilege boundaries.","releases":{"buster":{"repositories":{"buster":"1.4.18-2"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"1.4.18-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1.4.17-4"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"1.4.18-2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2008-1687":{"scope":"remote","description":"The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename.","releases":{"buster":{"repositories":{"buster":"1.4.18-2"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"1.4.18-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1.4.17-4"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"1.4.18-2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2008-6398":{"debianbug":496407,"scope":"local","description":"sng_regress in SNG 1.0.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/recompiled$$.png, (2) /tmp/decompiled$$.sng, and (3) /tmp/canonicalized$$.sng temporary files.","releases":{"buster":{"fixed_version":"1.0.2-6","repositories":{"buster":"1.1.0-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.0.2-6","repositories":{"stretch":"1.1.0-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1.0.2-6","repositories":{"jessie":"1.0.2-7"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.0.2-6","repositories":{"sid":"1.1.0-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-7747":{"debianbug":801102,"releases":{"buster":{"fixed_version":"0.3.6-3","repositories":{"buster":"0.3.6-5"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"0.3.6-3","repositories":{"stretch":"0.3.6-4+deb9u1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"0.3.6-2+deb8u1","repositories":{"jessie":"0.3.6-2+deb8u2","jessie-security":"0.3.6-2+deb8u2"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"0.3.6-3","repositories":{"sid":"0.3.6-5"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-17095":{"debianbug":913166,"scope":"remote","description":"An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert.","releases":{"buster":{"fixed_version":"0.3.6-5","repositories":{"buster":"0.3.6-5"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.3.6-4+deb9u1","repositories":{"stretch":"0.3.6-4+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Can be fixed along in future DLA","repositories":{"jessie":"0.3.6-2+deb8u2","jessie-security":"0.3.6-2+deb8u2"},"urgency":"low","nodsa_reason":"postponed","status":"open"},"sid":{"fixed_version":"0.3.6-5","repositories":{"sid":"0.3.6-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-6835":{"debianbug":857651,"scope":"remote","description":"The reset1 function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file.","releases":{"buster":{"fixed_version":"0.3.6-4","repositories":{"buster":"0.3.6-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.3.6-4","repositories":{"stretch":"0.3.6-4+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.3.6-2+deb8u2","repositories":{"jessie":"0.3.6-2+deb8u2","jessie-security":"0.3.6-2+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.3.6-4","repositories":{"sid":"0.3.6-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6836":{"debianbug":857651,"scope":"remote","description":"Heap-based buffer overflow in the Expand3To4Module::run function in libaudiofile/modules/SimpleModule.h in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.","releases":{"buster":{"fixed_version":"0.3.6-4","repositories":{"buster":"0.3.6-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.3.6-4","repositories":{"stretch":"0.3.6-4+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.3.6-2+deb8u2","repositories":{"jessie":"0.3.6-2+deb8u2","jessie-security":"0.3.6-2+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.3.6-4","repositories":{"sid":"0.3.6-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6833":{"debianbug":857651,"scope":"remote","description":"The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file.","releases":{"buster":{"fixed_version":"0.3.6-4","repositories":{"buster":"0.3.6-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.3.6-4","repositories":{"stretch":"0.3.6-4+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.3.6-2+deb8u2","repositories":{"jessie":"0.3.6-2+deb8u2","jessie-security":"0.3.6-2+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.3.6-4","repositories":{"sid":"0.3.6-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6834":{"debianbug":857651,"scope":"remote","description":"Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.","releases":{"buster":{"fixed_version":"0.3.6-4","repositories":{"buster":"0.3.6-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.3.6-4","repositories":{"stretch":"0.3.6-4+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.3.6-2+deb8u2","repositories":{"jessie":"0.3.6-2+deb8u2","jessie-security":"0.3.6-2+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.3.6-4","repositories":{"sid":"0.3.6-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6828":{"debianbug":857651,"scope":"remote","description":"Heap-based buffer overflow in the readValue function in FileHandle.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted WAV file.","releases":{"buster":{"fixed_version":"0.3.6-4","repositories":{"buster":"0.3.6-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.3.6-4","repositories":{"stretch":"0.3.6-4+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.3.6-2+deb8u2","repositories":{"jessie":"0.3.6-2+deb8u2","jessie-security":"0.3.6-2+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.3.6-4","repositories":{"sid":"0.3.6-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6839":{"debianbug":857651,"scope":"remote","description":"Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.","releases":{"buster":{"fixed_version":"0.3.6-4","repositories":{"buster":"0.3.6-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.3.6-4","repositories":{"stretch":"0.3.6-4+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.3.6-2+deb8u2","repositories":{"jessie":"0.3.6-2+deb8u2","jessie-security":"0.3.6-2+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.3.6-4","repositories":{"sid":"0.3.6-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6829":{"debianbug":857651,"scope":"remote","description":"The decodeSample function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.","releases":{"buster":{"fixed_version":"0.3.6-4","repositories":{"buster":"0.3.6-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.3.6-4","repositories":{"stretch":"0.3.6-4+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.3.6-2+deb8u2","repositories":{"jessie":"0.3.6-2+deb8u2","jessie-security":"0.3.6-2+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.3.6-4","repositories":{"sid":"0.3.6-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6837":{"debianbug":857651,"scope":"remote","description":"WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via vectors related to a large number of coefficients.","releases":{"buster":{"fixed_version":"0.3.6-4","repositories":{"buster":"0.3.6-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.3.6-4","repositories":{"stretch":"0.3.6-4+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.3.6-2+deb8u2","repositories":{"jessie":"0.3.6-2+deb8u2","jessie-security":"0.3.6-2+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.3.6-4","repositories":{"sid":"0.3.6-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6827":{"debianbug":857651,"scope":"remote","description":"Heap-based buffer overflow in the MSADPCM::initializeCoefficients function in MSADPCM.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted audio file.","releases":{"buster":{"fixed_version":"0.3.6-4","repositories":{"buster":"0.3.6-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.3.6-4","repositories":{"stretch":"0.3.6-4+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.3.6-2+deb8u2","repositories":{"jessie":"0.3.6-2+deb8u2","jessie-security":"0.3.6-2+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.3.6-4","repositories":{"sid":"0.3.6-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6838":{"debianbug":857651,"scope":"remote","description":"Integer overflow in sfcommands/sfconvert.c in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.","releases":{"buster":{"fixed_version":"0.3.6-4","repositories":{"buster":"0.3.6-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.3.6-4","repositories":{"stretch":"0.3.6-4+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.3.6-2+deb8u2","repositories":{"jessie":"0.3.6-2+deb8u2","jessie-security":"0.3.6-2+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.3.6-4","repositories":{"sid":"0.3.6-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6831":{"debianbug":857651,"scope":"remote","description":"Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.","releases":{"buster":{"fixed_version":"0.3.6-4","repositories":{"buster":"0.3.6-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.3.6-4","repositories":{"stretch":"0.3.6-4+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.3.6-2+deb8u2","repositories":{"jessie":"0.3.6-2+deb8u2","jessie-security":"0.3.6-2+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.3.6-4","repositories":{"sid":"0.3.6-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6832":{"debianbug":857651,"scope":"remote","description":"Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.","releases":{"buster":{"fixed_version":"0.3.6-4","repositories":{"buster":"0.3.6-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.3.6-4","repositories":{"stretch":"0.3.6-4+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.3.6-2+deb8u2","repositories":{"jessie":"0.3.6-2+deb8u2","jessie-security":"0.3.6-2+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.3.6-4","repositories":{"sid":"0.3.6-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6830":{"debianbug":857651,"scope":"remote","description":"Heap-based buffer overflow in the alaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.","releases":{"buster":{"fixed_version":"0.3.6-4","repositories":{"buster":"0.3.6-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.3.6-4","repositories":{"stretch":"0.3.6-4+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.3.6-2+deb8u2","repositories":{"jessie":"0.3.6-2+deb8u2","jessie-security":"0.3.6-2+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.3.6-4","repositories":{"sid":"0.3.6-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-5824":{"debianbug":510205,"scope":"remote","description":"Heap-based buffer overflow in msadpcm.c in libaudiofile in audiofile 0.2.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WAV file.","releases":{"buster":{"fixed_version":"0.2.6-7.1","repositories":{"buster":"0.3.6-5"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"0.2.6-7.1","repositories":{"stretch":"0.3.6-4+deb9u1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"0.2.6-7.1","repositories":{"jessie":"0.3.6-2+deb8u2","jessie-security":"0.3.6-2+deb8u2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"0.2.6-7.1","repositories":{"sid":"0.3.6-5"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2018-13440":{"debianbug":903499,"scope":"remote","description":"The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert.","releases":{"buster":{"fixed_version":"0.3.6-5","repositories":{"buster":"0.3.6-5"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.3.6-4+deb9u1","repositories":{"stretch":"0.3.6-4+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.3.6-2+deb8u2","jessie-security":"0.3.6-2+deb8u2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.3.6-5","repositories":{"sid":"0.3.6-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-3350":{"debianbug":598284,"scope":"local","description":"bareFTP 0.3.4 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.","releases":{"stretch":{"fixed_version":"0.3.4-1.1","repositories":{"stretch":"0.3.9-3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.3.4-1.1","repositories":{"jessie":"0.3.9-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-0252":{"debianbug":780827,"scope":"remote","description":"internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data.","releases":{"buster":{"fixed_version":"3.1.1-5.1","repositories":{"buster":"3.2.2+debian-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.1.1-5.1","repositories":{"stretch":"3.1.4+debian-2+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.1.1-5.1","repositories":{"jessie":"3.1.1-5.1+deb8u4","jessie-security":"3.1.1-5.1+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.1.1-5.1","repositories":{"sid":"3.2.2+debian-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-1885":{"debianbug":540297,"scope":"remote","description":"Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in \"simply nested DTD structures,\" as demonstrated by the Codenomicon XML fuzzing framework.","releases":{"buster":{"fixed_version":"3.0.1-2","repositories":{"buster":"3.2.2+debian-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.0.1-2","repositories":{"stretch":"3.1.4+debian-2+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3.0.1-2","repositories":{"jessie":"3.1.1-5.1+deb8u4","jessie-security":"3.1.1-5.1+deb8u3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"3.0.1-2","repositories":{"sid":"3.2.2+debian-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-4463":{"debianbug":828990,"scope":"remote","description":"Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD.","releases":{"buster":{"fixed_version":"3.1.3+debian-2.1","repositories":{"buster":"3.2.2+debian-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.1.3+debian-2.1","repositories":{"stretch":"3.1.4+debian-2+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.1.1-5.1+deb8u3","repositories":{"jessie":"3.1.1-5.1+deb8u4","jessie-security":"3.1.1-5.1+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.1.3+debian-2.1","repositories":{"sid":"3.2.2+debian-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2099":{"debianbug":823863,"scope":"remote","description":"Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impact via an invalid character in an XML document.","releases":{"buster":{"fixed_version":"3.1.3+debian-2","repositories":{"buster":"3.2.2+debian-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.1.3+debian-2","repositories":{"stretch":"3.1.4+debian-2+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.1.1-5.1+deb8u2","repositories":{"jessie":"3.1.1-5.1+deb8u4","jessie-security":"3.1.1-5.1+deb8u3"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.1.3+debian-2","repositories":{"sid":"3.2.2+debian-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-12627":{"debianbug":894050,"scope":"remote","description":"In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions.","releases":{"buster":{"fixed_version":"3.2.1+debian-1","repositories":{"buster":"3.2.2+debian-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.1.4+debian-2+deb9u1","repositories":{"stretch":"3.1.4+debian-2+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.1.1-5.1+deb8u4","repositories":{"jessie":"3.1.1-5.1+deb8u4","jessie-security":"3.1.1-5.1+deb8u3"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.2.1+debian-1","repositories":{"sid":"3.2.2+debian-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-0880":{"scope":"remote","description":"Apache Xerces-C++ allows remote attackers to cause a denial of service (CPU consumption) via a crafted message sent to an XML service that causes hash table collisions.","releases":{"buster":{"repositories":{"buster":"3.2.2+debian-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.1.4+debian-2+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.1.1-5.1+deb8u4","jessie-security":"3.1.1-5.1+deb8u3"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.2.2+debian-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-0729":{"debianbug":815907,"scope":"remote","description":"Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp, and (3) util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denial of service (segmentation fault or memory corruption) or possibly execute arbitrary code via a crafted document.","releases":{"buster":{"fixed_version":"3.1.3+debian-1","repositories":{"buster":"3.2.2+debian-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.1.3+debian-1","repositories":{"stretch":"3.1.4+debian-2+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.1.1-5.1+deb8u1","repositories":{"jessie":"3.1.1-5.1+deb8u4","jessie-security":"3.1.1-5.1+deb8u3"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.1.3+debian-1","repositories":{"sid":"3.2.2+debian-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-2515":{"releases":{"buster":{"fixed_version":"0.6.17-1","repositories":{"buster":"1.1.12-5"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"0.6.17-1","repositories":{"stretch-security":"1.1.5-2+deb9u1","stretch":"1.1.5-2+deb9u1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"0.6.17-1","repositories":{"jessie":"1.0.1-2"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"0.6.17-1","repositories":{"sid":"1.1.12-5"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2013-1764":{"scope":"local","description":"The Zypper (aka zypp) backend in PackageKit before 0.8.8 allows local users to downgrade packages via the \"install updates\" method.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.1.12-5"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1.1.5-2+deb9u1","stretch":"1.1.5-2+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.0.1-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.1.12-5"},"urgency":"unimportant","status":"resolved"}}}}
{"TEMP-0678189-8A5546":{"debianbug":678189,"releases":{"buster":{"fixed_version":"0.7.6-1","repositories":{"buster":"1.1.12-5"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"0.7.6-1","repositories":{"stretch-security":"1.1.5-2+deb9u1","stretch":"1.1.5-2+deb9u1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"0.7.6-1","repositories":{"jessie":"1.0.1-2"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"0.7.6-1","repositories":{"sid":"1.1.12-5"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-1106":{"debianbug":896703,"scope":"local","description":"An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system.","releases":{"buster":{"fixed_version":"1.1.10-1","repositories":{"buster":"1.1.12-5"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.1.5-2+deb9u1","repositories":{"stretch-security":"1.1.5-2+deb9u1","stretch":"1.1.5-2+deb9u1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.0.1-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.1.10-1","repositories":{"sid":"1.1.12-5"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-15612":{"debianbug":879098,"scope":"remote","description":"mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\\nscript:) or a crafted email address, related to the escape and autolink functions.","releases":{"buster":{"fixed_version":"0.8-1","repositories":{"buster":"0.8.4-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.7.3-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.8-1","repositories":{"sid":"0.8.4-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-16876":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the \"key\" argument.","releases":{"buster":{"fixed_version":"0.8.1-1","repositories":{"buster":"0.8.4-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.7.3-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.8.1-1","repositories":{"sid":"0.8.4-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-0724":{"scope":"remote","description":"The Live DVD for Edubuntu 9.10, 10.04 LTS, and 10.10 does not correctly regenerate iTALC private keys after installation, which causes each installation to have the same fixed key, which allows remote attackers to gain privileges.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"1:3.0.3+dfsg1-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.0.2+dfsg1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-6394":{"scope":"remote","description":"visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using \"public-restricted\" under a \"public\" directory.","releases":{"buster":{"fixed_version":"0.9.4-1","repositories":{"buster":"0.16.2-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.9.4-1","repositories":{"stretch":"0.9.4-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.9.4-1","repositories":{"jessie":"0.9.4-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.9.4-1","repositories":{"sid":"0.16.2-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-8859":{"scope":"remote","description":"The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors.","releases":{"buster":{"fixed_version":"0.16.2-1","repositories":{"buster":"0.16.2-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"0.9.4-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"0.9.4-1"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"0.16.2-1","repositories":{"sid":"0.16.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"TEMP-0000000-FD1F92":{"releases":{"buster":{"fixed_version":"0.16.2-1","repositories":{"buster":"0.16.2-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"0.9.4-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"0.9.4-1"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"0.16.2-1","repositories":{"sid":"0.16.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2005-0072":{"debianbug":292210,"scope":"local","description":"zhcon before 0.2 does not drop privileges before reading a user configuration file, which allows local users to read arbitrary files.","releases":{"buster":{"fixed_version":"1:0.2.3-8.1","repositories":{"buster":"1:0.2.6-16"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1:0.2.3-8.1","repositories":{"stretch":"1:0.2.6-11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1:0.2.3-8.1","repositories":{"jessie":"1:0.2.6-10"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1:0.2.3-8.1","repositories":{"sid":"1:0.2.6-16"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2012-0881":{"scope":"remote","description":"Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions.","releases":{"buster":{"repositories":{"buster":"2.12.0-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"2.11.0-7"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.11.0-7"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2.12.0-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2009-2625":{"debianbug":542210,"scope":"remote","description":"XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.","releases":{"buster":{"fixed_version":"2.9.1-4.1","repositories":{"buster":"2.12.0-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.9.1-4.1","repositories":{"stretch":"2.11.0-7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.9.1-4.1","repositories":{"jessie":"2.11.0-7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.9.1-4.1","repositories":{"sid":"2.12.0-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-2667":{"scope":"local","description":"Untrusted search path vulnerability in GNS3 1.2.3 allows local users to gain privileges via a Trojan horse uuid.dll in an unspecified directory.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"0.8.7-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.8.7-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.8.7-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-4297":{"debianbug":500781,"scope":"remote","description":"Mercurial before 1.0.2 does not enforce the allowpull permission setting for a pull operation from hgweb, which allows remote attackers to read arbitrary files from a repository via an \"hg pull\" request.","releases":{"buster":{"fixed_version":"1.0.1-5.1","repositories":{"buster":"4.8.2-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.0.1-5.1","repositories":{"stretch-security":"4.0-1+deb9u1","stretch":"4.0-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.0.1-5.1","repositories":{"jessie":"3.1.2-2+deb8u4","jessie-security":"3.1.2-2+deb8u7"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.0.1-5.1","repositories":{"sid":"4.9-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-3068":{"debianbug":819504,"scope":"remote","description":"Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.","releases":{"buster":{"fixed_version":"3.7.3-1","repositories":{"buster":"4.8.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.7.3-1","repositories":{"stretch-security":"4.0-1+deb9u1","stretch":"4.0-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.1.2-2+deb8u2","repositories":{"jessie":"3.1.2-2+deb8u4","jessie-security":"3.1.2-2+deb8u7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.7.3-1","repositories":{"sid":"4.9-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-3630":{"debianbug":819504,"scope":"remote","description":"The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records.","releases":{"buster":{"fixed_version":"3.7.3-1","repositories":{"buster":"4.8.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.7.3-1","repositories":{"stretch-security":"4.0-1+deb9u1","stretch":"4.0-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.1.2-2+deb8u2","repositories":{"jessie":"3.1.2-2+deb8u4","jessie-security":"3.1.2-2+deb8u7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.7.3-1","repositories":{"sid":"4.9-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-3069":{"debianbug":819504,"scope":"remote","description":"Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.","releases":{"buster":{"fixed_version":"3.7.3-1","repositories":{"buster":"4.8.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.7.3-1","repositories":{"stretch-security":"4.0-1+deb9u1","stretch":"4.0-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.1.2-2+deb8u2","repositories":{"jessie":"3.1.2-2+deb8u4","jessie-security":"3.1.2-2+deb8u7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.7.3-1","repositories":{"sid":"4.9-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-4237":{"debianbug":598841,"releases":{"buster":{"fixed_version":"1.6.4-1","repositories":{"buster":"4.8.2-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.6.4-1","repositories":{"stretch-security":"4.0-1+deb9u1","stretch":"4.0-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.6.4-1","repositories":{"jessie":"3.1.2-2+deb8u4","jessie-security":"3.1.2-2+deb8u7"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.6.4-1","repositories":{"sid":"4.9-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-1000132":{"debianbug":892964,"scope":"remote","description":"Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1.","releases":{"buster":{"fixed_version":"4.5.2-1","repositories":{"buster":"4.8.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"repositories":{"stretch-security":"4.0-1+deb9u1","stretch":"4.0-1+deb9u1"},"urgency":"medium**","status":"open"},"jessie":{"fixed_version":"3.1.2-2+deb8u5","repositories":{"jessie":"3.1.2-2+deb8u4","jessie-security":"3.1.2-2+deb8u7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.5.2-1","repositories":{"sid":"4.9-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-13348":{"debianbug":901050,"scope":"remote","description":"The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001.","releases":{"buster":{"fixed_version":"4.6.1-1","repositories":{"buster":"4.8.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"repositories":{"stretch-security":"4.0-1+deb9u1","stretch":"4.0-1+deb9u1"},"urgency":"medium**","status":"open"},"jessie":{"fixed_version":"3.1.2-2+deb8u5","repositories":{"jessie":"3.1.2-2+deb8u4","jessie-security":"3.1.2-2+deb8u7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.6.1-1","repositories":{"sid":"4.9-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-9462":{"debianbug":783237,"scope":"remote","description":"The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command.","releases":{"buster":{"fixed_version":"3.4-1","repositories":{"buster":"4.8.2-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.4-1","repositories":{"stretch-security":"4.0-1+deb9u1","stretch":"4.0-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.1.2-2+deb8u1","repositories":{"jessie":"3.1.2-2+deb8u4","jessie-security":"3.1.2-2+deb8u7"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.4-1","repositories":{"sid":"4.9-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-2942":{"debianbug":488628,"scope":"remote","description":"Directory traversal vulnerability in patch.py in Mercurial 1.0.1 allows user-assisted attackers to modify arbitrary files via \"..\" (dot dot) sequences in a patch file.","releases":{"buster":{"fixed_version":"1.0.1-2","repositories":{"buster":"4.8.2-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.0.1-2","repositories":{"stretch-security":"4.0-1+deb9u1","stretch":"4.0-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.0.1-2","repositories":{"jessie":"3.1.2-2+deb8u4","jessie-security":"3.1.2-2+deb8u7"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.0.1-2","repositories":{"sid":"4.9-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-3105":{"scope":"remote","description":"The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name.","releases":{"buster":{"fixed_version":"3.8.1-1","repositories":{"buster":"4.8.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.8.1-1","repositories":{"stretch-security":"4.0-1+deb9u1","stretch":"4.0-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.1.2-2+deb8u3","repositories":{"jessie":"3.1.2-2+deb8u4","jessie-security":"3.1.2-2+deb8u7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.8.1-1","repositories":{"sid":"4.9-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-3902":{"debianbug":927674,"scope":"remote","description":"A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.","releases":{"buster":{"repositories":{"buster":"4.8.2-1"},"urgency":"medium**","status":"open"},"stretch":{"repositories":{"stretch-security":"4.0-1+deb9u1","stretch":"4.0-1+deb9u1"},"urgency":"medium**","status":"open"},"jessie":{"fixed_version":"3.1.2-2+deb8u7","repositories":{"jessie":"3.1.2-2+deb8u4","jessie-security":"3.1.2-2+deb8u7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.9-1","repositories":{"sid":"4.9-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-9462":{"debianbug":861243,"scope":"remote","description":"In Mercurial before 4.1.3, \"hg serve --stdio\" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.","releases":{"buster":{"fixed_version":"4.3.1-1","repositories":{"buster":"4.8.2-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.0-1+deb9u1","repositories":{"stretch-security":"4.0-1+deb9u1","stretch":"4.0-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.1.2-2+deb8u5","repositories":{"jessie":"3.1.2-2+deb8u4","jessie-security":"3.1.2-2+deb8u7"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.3.1-1","repositories":{"sid":"4.9-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-1000115":{"debianbug":871709,"scope":"remote","description":"Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository","releases":{"buster":{"fixed_version":"4.3.1-1","repositories":{"buster":"4.8.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.0-1+deb9u1","repositories":{"stretch-security":"4.0-1+deb9u1","stretch":"4.0-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.1.2-2+deb8u4","repositories":{"jessie":"3.1.2-2+deb8u4","jessie-security":"3.1.2-2+deb8u7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.3.1-1","repositories":{"sid":"4.9-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-13346":{"debianbug":901050,"scope":"remote","description":"The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004.","releases":{"buster":{"fixed_version":"4.6.1-1","repositories":{"buster":"4.8.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"repositories":{"stretch-security":"4.0-1+deb9u1","stretch":"4.0-1+deb9u1"},"urgency":"medium**","status":"open"},"jessie":{"fixed_version":"3.1.2-2+deb8u5","repositories":{"jessie":"3.1.2-2+deb8u4","jessie-security":"3.1.2-2+deb8u7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.6.1-1","repositories":{"sid":"4.9-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-1000116":{"debianbug":871710,"scope":"remote","description":"Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.","releases":{"buster":{"fixed_version":"4.3.1-1","repositories":{"buster":"4.8.2-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.0-1+deb9u1","repositories":{"stretch-security":"4.0-1+deb9u1","stretch":"4.0-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.1.2-2+deb8u4","repositories":{"jessie":"3.1.2-2+deb8u4","jessie-security":"3.1.2-2+deb8u7"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.3.1-1","repositories":{"sid":"4.9-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-17458":{"scope":"remote","description":"In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but they can be created programmatically.","releases":{"buster":{"fixed_version":"4.4.1-1","repositories":{"buster":"4.8.2-1"},"urgency":"high**","status":"resolved"},"stretch":{"repositories":{"stretch-security":"4.0-1+deb9u1","stretch":"4.0-1+deb9u1"},"urgency":"high**","status":"open"},"jessie":{"fixed_version":"3.1.2-2+deb8u6","repositories":{"jessie":"3.1.2-2+deb8u4","jessie-security":"3.1.2-2+deb8u7"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.4.1-1","repositories":{"sid":"4.9-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-13347":{"debianbug":901050,"scope":"remote","description":"mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002.","releases":{"buster":{"fixed_version":"4.6.1-1","repositories":{"buster":"4.8.2-1"},"urgency":"high**","status":"resolved"},"stretch":{"repositories":{"stretch-security":"4.0-1+deb9u1","stretch":"4.0-1+deb9u1"},"urgency":"high**","status":"open"},"jessie":{"fixed_version":"3.1.2-2+deb8u5","repositories":{"jessie":"3.1.2-2+deb8u4","jessie-security":"3.1.2-2+deb8u7"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.6.1-1","repositories":{"sid":"4.9-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-17983":{"scope":"remote","description":"cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry.","releases":{"buster":{"fixed_version":"4.7.2-1","repositories":{"buster":"4.8.2-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch-security":"4.0-1+deb9u1","stretch":"4.0-1+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.1.2-2+deb8u4","jessie-security":"3.1.2-2+deb8u7"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"4.7.2-1","repositories":{"sid":"4.9-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-9390":{"debianbug":773640,"releases":{"buster":{"fixed_version":"3.1.2-2","repositories":{"buster":"4.8.2-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"3.1.2-2","repositories":{"stretch-security":"4.0-1+deb9u1","stretch":"4.0-1+deb9u1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"3.1.2-2","repositories":{"jessie":"3.1.2-2+deb8u4","jessie-security":"3.1.2-2+deb8u7"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"3.1.2-2","repositories":{"sid":"4.9-2"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2007-1263":{"debianbug":413922,"scope":"remote","description":"GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection.","releases":{"buster":{"fixed_version":"1.1.2-3","repositories":{"buster":"1.12.0-6"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.1.2-3","repositories":{"stretch":"1.8.0-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.1.2-3","repositories":{"jessie":"1.5.1-6"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.1.2-3","repositories":{"sid":"1.12.0-6"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-3564":{"debianbug":756651,"scope":"remote","description":"Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to \"different line lengths in a specific order.\"","releases":{"buster":{"fixed_version":"1.5.1-1","repositories":{"buster":"1.12.0-6"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.5.1-1","repositories":{"stretch":"1.8.0-3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.5.1-1","repositories":{"jessie":"1.5.1-6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.5.1-1","repositories":{"sid":"1.12.0-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-6581":{"debianbug":833467,"scope":"remote","description":"A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called \"HPACK Bomb\" attack. This attack occurs when an attacker inserts a header field that is exactly the size of the HPACK dynamic header table into the dynamic header table. The attacker can then send a header block that is simply repeated requests to expand that field in the dynamic table. This can lead to a gigantic compression ratio of 4,096 or better, meaning that 16kB of data can decompress to 64MB of data on the target machine.","releases":{"buster":{"fixed_version":"2.3.0-1","repositories":{"buster":"3.0.0-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.3.0-1","repositories":{"stretch":"2.3.0-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.3.0-1","repositories":{"sid":"3.0.0-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-4949":{"debianbug":496412,"scope":"local","description":"dist 3.5 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/cil#####, (b) /tmp/pdo#####, and (c) /tmp/pdn##### temporary files, related to the (1) patcil and (2) patdiff scripts.","releases":{"buster":{"fixed_version":"1:3.5-17-2","repositories":{"buster":"1:3.5-236-0.1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:3.5-17-2","repositories":{"stretch":"1:3.5-36.0001-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:3.5-17-2","repositories":{"jessie":"1:3.5-36-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:3.5-17-2","repositories":{"sid":"1:3.5-236-0.1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-5711":{"debianbug":887485,"scope":"remote","description":"gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx.","releases":{"jessie":{"fixed_version":"5.6.33+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-0238":{"scope":"remote","description":"The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long.","releases":{"jessie":{"fixed_version":"5.6.0~beta4+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-1148":{"scope":"remote","description":"Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments.","releases":{"jessie":{"fixed_version":"5.4.0-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-4388":{"scope":"remote","description":"The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1398.","releases":{"jessie":{"fixed_version":"5.4.1~rc1-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-7568":{"debianbug":839659,"scope":"remote","description":"Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls.","releases":{"jessie":{"fixed_version":"5.6.27+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-3981":{"scope":"local","description":"acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file.","releases":{"jessie":{"fixed_version":"5.6.0~rc1+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-3622":{"releases":{"jessie":{"fixed_version":"5.6.1+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-0237":{"scope":"remote","description":"The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls.","releases":{"jessie":{"fixed_version":"5.6.0~beta4+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-7002":{"scope":"local","description":"PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir restrictions for certain functions, which might allow local users to bypass intended access restrictions and call programs outside of the intended directory via the (1) exec, (2) system, (3) shell_exec, (4) passthru, or (5) popen functions, possibly involving pathnames such as \"C:\" drive notation.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2011-1144":{"scope":"local","description":"The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1072.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-0236":{"scope":"remote","description":"file before 5.18, as used in the Fileinfo component in PHP before 5.6.0, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a zero root_storage value in a CDF file, related to cdf.c and readcdf.c.","releases":{"jessie":{"fixed_version":"5.6.0~beta4+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5385":{"scope":"remote","description":"PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an \"httpoxy\" issue.","releases":{"jessie":{"fixed_version":"5.6.24+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-1904":{"scope":"remote","description":"Multiple integer overflows in ext/standard/exec.c in PHP 7.x before 7.0.2 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a long string to the (1) php_escape_shell_cmd or (2) php_escape_shell_arg function, leading to a heap-based buffer overflow.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-1903":{"debianbug":835032,"scope":"remote","description":"The gdImageRotateInterpolated function in ext/gd/libgd/gd_interpolation.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a large bgd_color argument to the imagerotate function.","releases":{"jessie":{"fixed_version":"5.6.14+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-5712":{"scope":"remote","description":"An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.","releases":{"jessie":{"fixed_version":"5.6.33+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-3709":{"debianbug":603751,"scope":"remote","description":"The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive.","releases":{"jessie":{"fixed_version":"5.3.3-4","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-1153":{"scope":"remote","description":"Multiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly execute arbitrary code via format string specifiers in an argument to a class method, leading to an incorrect zend_throw_exception_ex call.","releases":{"jessie":{"fixed_version":"5.3.6-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-2483":{"debianbug":631283,"scope":"remote","description":"crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.","releases":{"jessie":{"fixed_version":"5.3.6-13","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-3074":{"debianbug":822242,"scope":"remote","description":"Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow.","releases":{"jessie":{"fixed_version":"5.6.22+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-4625":{"debianbug":391281,"scope":"local","description":"PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.","releases":{"jessie":{"fixed_version":"5.2.0-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-1398":{"scope":"remote","description":"The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome.","releases":{"jessie":{"fixed_version":"5.4.0~rc5-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-9118":{"scope":"remote","description":"PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-9119":{"scope":"remote","description":"The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations on array data structures.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2006-2563":{"debianbug":370165,"scope":"local","description":"The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters.","releases":{"jessie":{"fixed_version":"5.1.6-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-4596":{"scope":"remote","description":"The perl extension in PHP does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code via the Perl eval function.  NOTE: this might only be a vulnerability in limited environments.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2018-14851":{"scope":"remote","description":"exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.","releases":{"jessie":{"fixed_version":"5.6.37+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-3710":{"debianbug":601619,"scope":"remote","description":"Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string.","releases":{"jessie":{"fixed_version":"5.3.3-3","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-6527":{"scope":"remote","description":"The php_str_replace_in_subject function in ext/standard/string.c in PHP 7.x before 7.0.0 allows remote attackers to execute arbitrary code via a crafted value in the third argument to the str_ireplace function.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-5706":{"scope":"local","description":"Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local users to bypass open_basedir restrictions and perform unspecified actions via unspecified vectors involving the (1) chdir and (2) tempnam functions.  NOTE: the tempnam vector might overlap CVE-2006-1494.","releases":{"jessie":{"fixed_version":"5.2.0-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-0905":{"debianbug":410561,"scope":"remote","description":"PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir restrictions via unspecified vectors in the session extension.  NOTE: it is possible that this issue is a duplicate of CVE-2006-6383.","releases":{"jessie":{"fixed_version":"5.2.0-9","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-0907":{"debianbug":410561,"scope":"remote","description":"Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function.","releases":{"jessie":{"fixed_version":"5.2.0-9","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2007-0906":{"debianbug":410561,"scope":"remote","description":"Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user functions.  NOTE: vector 6 might actually be an integer overflow (CVE-2007-1885).  NOTE: as of 20070411, vector (3) might involve the imap_mail_compose function (CVE-2007-1825).","releases":{"jessie":{"fixed_version":"5.2.0-9","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2016-3185":{"scope":"remote","description":"The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (type confusion and application crash) via crafted serialized _cookies data, related to the SoapClient::__call method in ext/soap/soap.c.","releases":{"jessie":{"fixed_version":"5.6.12+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-0909":{"debianbug":410561,"scope":"remote","description":"Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to (1) all of the *print functions on 64-bit systems, and (2) the odbc_result_all function.","releases":{"jessie":{"fixed_version":"5.2.0-9","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2007-0908":{"scope":"remote","description":"The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name before a numerical variable.","releases":{"jessie":{"fixed_version":"5.2.0-9","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-2531":{"scope":"remote","description":"The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if display_errors is off, which allows remote attackers to obtain sensitive information by causing the application to exceed limits for memory, execution time, or recursion.","releases":{"jessie":{"fixed_version":"5.3.3-2","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-3294":{"scope":"remote","description":"Multiple buffer overflows in libtidy, as used in the Tidy extension for PHP 5.2.3 and possibly other products, allow context-dependent attackers to execute arbitrary code via (1) a long second argument to the tidy_parse_string function or (2) an unspecified vector to the tidy_repair_string function.  NOTE: this might only be an issue in environments where vsnprintf is implemented as a wrapper for vsprintf.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"TEMP-0000000-A9D025":{"releases":{"jessie":{"fixed_version":"5.6.19+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-12882":{"scope":"remote","description":"exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-9120":{"scope":"remote","description":"PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-1824":{"scope":"remote","description":"The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions.","releases":{"jessie":{"fixed_version":"5.4.4-14","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8935":{"scope":"remote","description":"The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer by leveraging (1) %0A%20 or (2) %0D%0A%20 mishandling in the header function.","releases":{"jessie":{"fixed_version":"5.6.6+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-6113":{"scope":"remote","description":"The openssl_encrypt function in ext/openssl/openssl.c in PHP 5.3.9 through 5.3.13 does not initialize a certain variable, which allows remote attackers to obtain sensitive information from process memory by providing zero bytes of input data.","releases":{"jessie":{"fixed_version":"5.4.0~beta2-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-0207":{"scope":"remote","description":"The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.","releases":{"jessie":{"fixed_version":"5.6.0~beta4+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-7413":{"scope":"remote","description":"Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset field element, leading to mishandling in a wddx_deserialize call.","releases":{"jessie":{"fixed_version":"5.6.26+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-7414":{"scope":"remote","description":"The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c.","releases":{"jessie":{"fixed_version":"5.6.26+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-4885":{"scope":"remote","description":"PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.","releases":{"jessie":{"fixed_version":"5.3.9-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-7411":{"scope":"remote","description":"ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object.","releases":{"jessie":{"fixed_version":"5.6.26+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-7412":{"scope":"remote","description":"ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.","releases":{"jessie":{"fixed_version":"5.6.26+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5114":{"scope":"remote","description":"sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, which allows attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and buffer overflow) via a long string, as demonstrated by a long URI in a configuration with custom REQUEST_URI logging.","releases":{"jessie":{"fixed_version":"5.6.17+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-3710":{"debianbug":768806,"scope":"remote","description":"The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.","releases":{"jessie":{"fixed_version":"5.6.3+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-2660":{"scope":"local","description":"Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 and 4.x before 4.4.3 allows local users to bypass restrictions and create PHP files with fixed names in other directories via a pathname argument longer than MAXPATHLEN, which prevents a unique string from being appended to the filename.","releases":{"jessie":{"fixed_version":"5.1.6-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-7417":{"scope":"remote","description":"ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data.","releases":{"jessie":{"fixed_version":"5.6.26+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-7418":{"scope":"remote","description":"The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call.","releases":{"jessie":{"fixed_version":"5.6.26+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5116":{"scope":"remote","description":"gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application crash) via a long name.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-6207":{"scope":"remote","description":"Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors.","releases":{"jessie":{"fixed_version":"5.6.24+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-7416":{"scope":"remote","description":"ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument.","releases":{"jessie":{"fixed_version":"5.6.26+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-5381":{"scope":"local","description":"** DISPUTED ** Untrusted search path vulnerability in the installation functionality in PHP 5.3.17, when installed in the top-level C:\\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\\PHP directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the \"IKE and AuthIP IPsec Keying Modules\" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview.  NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the PHP installation.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-4255":{"scope":"remote","description":"Buffer overflow in the mSQL extension in PHP 5.2.3 allows context-dependent attackers to execute arbitrary code via a long first argument to the msql_connect function.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2007-4010":{"scope":"remote","description":"The win32std extension in PHP 5.2.3 does not follow safe_mode and disable_functions restrictions, which allows remote attackers to execute arbitrary commands via the win_shell_execute function.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-4700":{"scope":"remote","description":"The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqli_fetch_assoc function, which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input that had been properly handled in earlier PHP versions.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-5899":{"debianbug":453295,"scope":"remote","description":"The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a local session ID.","releases":{"jessie":{"fixed_version":"5.2.5-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-7345":{"debianbug":703993,"scope":"remote","description":"The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters.","releases":{"jessie":{"fixed_version":"5.6.0+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-3668":{"scope":"remote","description":"Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation.","releases":{"jessie":{"fixed_version":"5.6.2+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-3669":{"scope":"remote","description":"Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value.","releases":{"jessie":{"fixed_version":"5.6.2+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-1860":{"scope":"remote","description":"The html_entity_decode function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal call, related to the call time pass by reference feature.","releases":{"jessie":{"fixed_version":"5.3.3-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-2950":{"scope":"remote","description":"Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the phar_stream_flush function, leading to errors in the php_stream_wrapper_log_error function.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2094.","releases":{"jessie":{"fixed_version":"5.3.3-2","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-1861":{"scope":"remote","description":"The sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to write to arbitrary memory addresses by using an object's __sleep function to interrupt an internal call to the shm_put_var function, which triggers access of a freed resource.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2013-7226":{"scope":"remote","description":"Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an imagecrop function call with a large x dimension value, leading to a heap-based buffer overflow.","releases":{"jessie":{"fixed_version":"5.5.9+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-5653":{"scope":"remote","description":"The Component Object Model (COM) functions in PHP 5.x on Windows do not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by executing objects with the kill bit set in the corresponding ActiveX control Compatibility Flags, executing programs via a function in compatUI.dll, invoking wscript.shell via wscript.exe, invoking Scripting.FileSystemObject via wshom.ocx, and adding users via a function in shgina.dll, related to the com_load_typelib function.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-1868":{"scope":"remote","description":"The (1) sqlite_single_query and (2) sqlite_array_query functions in ext/sqlite/sqlite.c in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to execute arbitrary code by calling these functions with an empty SQL query, which triggers access of uninitialized memory.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2018-14884":{"scope":"remote","description":"An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because http_header_value in ext/standard/http_fopen_wrapper.c can be a NULL value that is mishandled in an atoi call.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-4441":{"scope":"local","description":"Buffer overflow in php_win32std.dll in the win32std extension for PHP 5.2.0 and earlier allows context-dependent attackers to execute arbitrary code via a long string in the filename argument to the win_browse_file function.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-1866":{"scope":"remote","description":"The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chunked encoding stream, allows context-dependent attackers to cause a denial of service (crash) and possibly trigger memory corruption via a negative chunk size, which bypasses a signed comparison, related to an integer overflow in the chunk size decoder.","releases":{"jessie":{"fixed_version":"5.3.3-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-5898":{"debianbug":453295,"scope":"remote","description":"The (1) htmlentities and (2) htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465.","releases":{"jessie":{"fixed_version":"5.2.5-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-12933":{"scope":"remote","description":"The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP.","releases":{"jessie":{"fixed_version":"5.6.33+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-1864":{"scope":"remote","description":"The addcslashes function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature.","releases":{"jessie":{"fixed_version":"5.3.3-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-14883":{"scope":"remote","description":"An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c.","releases":{"jessie":{"fixed_version":"5.6.37+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-1862":{"scope":"remote","description":"The chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2015-4598":{"scope":"remote","description":"PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument save method or (2) the GD imagepsloadfont function, as demonstrated by a filename\\0.html attack that bypasses an intended configuration in which client users may write to only .html files.","releases":{"jessie":{"fixed_version":"5.6.12+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-8835":{"scope":"remote","description":"The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a denial of service (NULL pointer dereference, type confusion, and application crash) or possibly execute arbitrary code via crafted serialized data representing a numerically indexed _cookies array, related to the SoapClient::__call method in ext/soap/soap.c.","releases":{"jessie":{"fixed_version":"5.6.12+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-4599":{"scope":"remote","description":"The SoapFault::__toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of service (application crash), or possibly execute arbitrary code via an unexpected data type, related to a \"type confusion\" issue.","releases":{"jessie":{"fixed_version":"5.6.9+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-3538":{"scope":"remote","description":"file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345.","releases":{"jessie":{"fixed_version":"5.6.0~rc4+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-4116":{"scope":"remote","description":"Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation.","releases":{"jessie":{"fixed_version":"5.6.12+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-8838":{"scope":"remote","description":"ext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152.","releases":{"jessie":{"fixed_version":"5.6.12+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-10159":{"scope":"remote","description":"Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive.","releases":{"jessie":{"fixed_version":"5.6.30+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9933":{"debianbug":849038,"scope":"remote","description":"Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.","releases":{"jessie":{"fixed_version":"5.6.28+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-10158":{"scope":"remote","description":"The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1.","releases":{"jessie":{"fixed_version":"5.6.30+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-3379":{"scope":"remote","description":"The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders.","releases":{"jessie":{"fixed_version":"5.3.9-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-10397":{"scope":"remote","description":"In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:80#@good.example.com/ and evil.example.com:80?@good.example.com/ inputs to the parse_url function (implemented in the php_url_parse_ex function in ext/standard/url.c).","releases":{"jessie":{"fixed_version":"5.6.28+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-10161":{"scope":"remote","description":"The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call.","releases":{"jessie":{"fixed_version":"5.6.30+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-10160":{"scope":"remote","description":"Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch.","releases":{"jessie":{"fixed_version":"5.6.30+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-2687":{"debianbug":535888,"scope":"remote","description":"The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353.","releases":{"jessie":{"fixed_version":"5.2.10.dfsg.1-2","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-1072":{"debianbug":546164,"scope":"local","description":"The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnerability than CVE-2007-2519.","releases":{"jessie":{"fixed_version":"5.3.6-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-0831":{"scope":"remote","description":"PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c.","releases":{"jessie":{"fixed_version":"5.3.10-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9935":{"scope":"remote","description":"The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document.","releases":{"jessie":{"fixed_version":"5.6.29+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-9934":{"scope":"remote","description":"ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.","releases":{"jessie":{"fixed_version":"5.6.28+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-0830":{"scope":"remote","description":"The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885.","releases":{"jessie":{"fixed_version":"5.3.10-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-1285":{"scope":"remote","description":"The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.","releases":{"jessie":{"fixed_version":"5.2.2-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-4670":{"scope":"remote","description":"Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an \"Improved fix for MOPB-03-2007,\" probably a variant of CVE-2007-1285.","releases":{"jessie":{"fixed_version":"5.2.4-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-2829":{"scope":"remote","description":"php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long IMAP request, which triggers an \"rfc822.c legacy routine buffer overflow\" error message, related to the rfc822_write_address function.","releases":{"jessie":{"fixed_version":"5.2.6-2","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-1286":{"scope":"remote","description":"Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter.","releases":{"jessie":{"fixed_version":"5.2.0-11","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-4026":{"scope":"remote","description":"The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \\x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.","releases":{"jessie":{"fixed_version":"5.6.9+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-4147":{"scope":"remote","description":"The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_headers is an array, which allows remote attackers to execute arbitrary code by providing crafted serialized data with an unexpected data type, related to a \"type confusion\" issue.","releases":{"jessie":{"fixed_version":"5.6.7+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-4148":{"scope":"remote","description":"The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a \"type confusion\" issue.","releases":{"jessie":{"fixed_version":"5.6.7+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8866":{"scope":"remote","description":"ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161.","releases":{"jessie":{"fixed_version":"5.6.6+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8867":{"scope":"remote","description":"The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.","releases":{"jessie":{"fixed_version":"5.6.12+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-10168":{"scope":"remote","description":"Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.","releases":{"jessie":{"fixed_version":"5.6.30+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-1549":{"debianbug":361854,"scope":"local","description":"PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation fault) by defining and executing a recursive function.  NOTE: it has been reported by a reliable third party that some later versions are also affected.","releases":{"jessie":{"fixed_version":"5.1.4-0.1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-10167":{"scope":"remote","description":"The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.","releases":{"jessie":{"fixed_version":"5.6.30+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-4812":{"debianbug":391586,"scope":"remote","description":"Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function (Zend/zend_alloc.c).","releases":{"jessie":{"fixed_version":"5.1.6-5","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-4473":{"scope":"remote","description":"/ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code.  NOTE: Introduced as part of an incomplete fix to CVE-2015-6833.","releases":{"jessie":{"fixed_version":"5.6.23+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-3141":{"scope":"remote","description":"Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element.","releases":{"jessie":{"fixed_version":"5.6.19+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-3142":{"scope":"remote","description":"The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\\x05\\x06 signature at an invalid location.","releases":{"jessie":{"fixed_version":"5.6.19+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-3546":{"debianbug":552534,"scope":"remote","description":"The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-7328":{"scope":"remote","description":"Multiple integer signedness errors in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allow remote attackers to cause a denial of service (application crash) or obtain sensitive information via an imagecrop function call with a negative value for the (1) x or (2) y dimension, a different vulnerability than CVE-2013-7226.","releases":{"jessie":{"fixed_version":"5.5.9+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-7327":{"scope":"remote","description":"The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return values, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via invalid imagecrop arguments that lead to use of a NULL pointer as a return value, a different vulnerability than CVE-2013-7226.","releases":{"jessie":{"fixed_version":"5.5.9+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-5590":{"scope":"remote","description":"Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as demonstrated by mishandling of an e-mail attachment by the imap PHP extension.","releases":{"jessie":{"fixed_version":"5.6.12+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"TEMP-0000000-B391CA":{"releases":{"jessie":{"fixed_version":"5.6.19+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2015-4021":{"scope":"remote","description":"The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \\0 character, which allows remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive.","releases":{"jessie":{"fixed_version":"5.6.9+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-4022":{"scope":"remote","description":"Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow.","releases":{"jessie":{"fixed_version":"5.6.9+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-8865":{"debianbug":827377,"scope":"remote","description":"The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.","releases":{"jessie":{"fixed_version":"5.6.20+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-3378":{"scope":"remote","description":"The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execute arbitrary commands, as demonstrated using (a) php_value, (b) php_flag, and (c) directives in .htaccess.","releases":{"jessie":{"fixed_version":"5.2.4-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-4024":{"scope":"remote","description":"Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome.","releases":{"jessie":{"fixed_version":"5.6.9+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-4025":{"scope":"remote","description":"PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \\x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or (4) readlink.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.","releases":{"jessie":{"fixed_version":"5.6.9+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-5589":{"scope":"remote","description":"The phar_convert_to_other function in ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 does not validate a file pointer before a close operation, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted TAR archive that is mishandled in a Phar::convertToData call.","releases":{"jessie":{"fixed_version":"5.6.12+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-3007":{"scope":"remote","description":"PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string.  NOTE: this issue might also involve the realpath function.","releases":{"jessie":{"fixed_version":"5.2.3-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-0208":{"debianbug":354682,"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message.","releases":{"jessie":{"fixed_version":"5.1.2-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2014-4721":{"scope":"remote","description":"The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent attackers to obtain sensitive information from process memory by using the integer data type with crafted values, related to a \"type confusion\" vulnerability, as demonstrated by reading a private SSL key in an Apache HTTP Server web-hosting environment with mod_ssl and a PHP 5.3.x mod_php.","releases":{"jessie":{"fixed_version":"5.6.0~rc1+dfsg-2","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2019-9637":{"scope":"remote","description":"An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data.","releases":{"jessie":{"fixed_version":"5.6.40+dfsg-0+deb8u2","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-4342":{"scope":"remote","description":"ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive.","releases":{"jessie":{"fixed_version":"5.6.19+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-4566":{"scope":"remote","description":"Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708.","releases":{"jessie":{"fixed_version":"5.3.9-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-4343":{"scope":"remote","description":"The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive.","releases":{"jessie":{"fixed_version":"5.6.18+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-9639":{"scope":"remote","description":"An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.","releases":{"jessie":{"fixed_version":"5.6.40+dfsg-0+deb8u2","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-4344":{"scope":"remote","description":"Integer overflow in the xml_utf8_encode function in ext/xml/xml.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long argument to the utf8_encode function, leading to a heap-based buffer overflow.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-9638":{"scope":"remote","description":"An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len.","releases":{"jessie":{"fixed_version":"5.6.40+dfsg-0+deb8u2","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-0207":{"debianbug":347894,"scope":"remote","description":"Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the (1) session extension (aka ext/session) and the (2) header function.","releases":{"jessie":{"fixed_version":"5.1.2-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-1823":{"scope":"remote","description":"sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.","releases":{"jessie":{"fixed_version":"5.4.3-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-4345":{"scope":"remote","description":"Integer overflow in the php_filter_encode_url function in ext/filter/sanitizing_filters.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-0200":{"debianbug":347894,"scope":"remote","description":"Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL error messages.","releases":{"jessie":{"fixed_version":"5.1.2-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-3558":{"scope":"remote","description":"The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file.","releases":{"jessie":{"fixed_version":"5.2.12.dfsg.1-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-3515":{"scope":"remote","description":"The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to \"type confusion\" issues in (1) ArrayObject and (2) SPLObjectStorage.","releases":{"jessie":{"fixed_version":"5.6.0~rc2+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-3559":{"scope":"remote","description":"** DISPUTED **  main/streams/plain_wrapper.c in PHP 5.3.x before 5.3.1 does not recognize the safe_mode_include_dir directive, which allows context-dependent attackers to have an unknown impact by triggering the failure of PHP scripts that perform include or require operations, as demonstrated by a script that attempts to perform a require_once on a file in a standard library directory.  NOTE: a reliable third party reports that this is not a vulnerability, because it results in a more restrictive security policy.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2009-3557":{"scope":"remote","description":"The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass safe_mode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments.","releases":{"jessie":{"fixed_version":"5.2.12.dfsg.1-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-4346":{"scope":"remote","description":"Integer overflow in the str_pad function in ext/standard/string.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"TEMP-0000000-D591DC":{"releases":{"jessie":{"fixed_version":"5.6.19+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2013-7456":{"scope":"remote","description":"gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1, as used in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted image that is mishandled by the imagescale function.","releases":{"jessie":{"fixed_version":"5.6.22+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-5424":{"scope":"remote","description":"The disable_functions feature in PHP 4 and 5 allows attackers to bypass intended restrictions by using an alias, as demonstrated by using ini_alter when ini_set is disabled.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-7272":{"scope":"remote","description":"PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function.","releases":{"jessie":{"nodsa":"Never applied to PHP 5 by upstream, breaks existing applications","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"}}}}
{"CVE-2019-9640":{"scope":"remote","description":"An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn.","releases":{"jessie":{"fixed_version":"5.6.40+dfsg-0+deb8u2","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-4889":{"scope":"remote","description":"The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2007-3799":{"debianbug":441433,"scope":"remote","description":"The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207.","releases":{"jessie":{"fixed_version":"5.2.4-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-4600":{"scope":"remote","description":"The SoapClient implementation in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to \"type confusion\" issues in the (1) SoapClient::__getLastRequest, (2) SoapClient::__getLastResponse, (3) SoapClient::__getLastRequestHeaders, (4) SoapClient::__getLastResponseHeaders, (5) SoapClient::__getCookies, and (6) SoapClient::__setCookie methods.","releases":{"jessie":{"fixed_version":"5.6.9+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2019-9641":{"scope":"remote","description":"An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.","releases":{"jessie":{"fixed_version":"5.6.40+dfsg-0+deb8u2","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-4601":{"scope":"remote","description":"PHP before 5.6.7 might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to \"type confusion\" issues in (1) ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3) ext/soap/soap.c, a different issue than CVE-2015-4600.","releases":{"jessie":{"fixed_version":"5.6.9+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-4887":{"scope":"remote","description":"The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter.  NOTE: there are limited usage scenarios under which this would be a vulnerability.","releases":{"jessie":{"fixed_version":"5.2.5-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-4602":{"scope":"remote","description":"The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to a \"type confusion\" issue.","releases":{"jessie":{"fixed_version":"5.6.9+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-4603":{"scope":"remote","description":"The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an unexpected data type, related to a \"type confusion\" issue.","releases":{"jessie":{"fixed_version":"5.6.9+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-4604":{"debianbug":783099,"scope":"remote","description":"The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a \"Python script text executable\" rule.","releases":{"jessie":{"fixed_version":"5.6.9+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-4605":{"debianbug":783099,"scope":"remote","description":"The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a \"Python script text executable\" rule.","releases":{"jessie":{"fixed_version":"5.6.9+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-8117":{"debianbug":773148,"scope":"remote","description":"softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors.","releases":{"jessie":{"fixed_version":"5.6.4+dfsg-2","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-8116":{"debianbug":773148,"scope":"remote","description":"The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities.","releases":{"jessie":{"fixed_version":"5.6.4+dfsg-2","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-2305":{"debianbug":778389,"scope":"remote","description":"Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.","releases":{"jessie":{"fixed_version":"5.6.6+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-3790":{"scope":"remote","description":"The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 allows context-dependent attackers to cause a denial of service via a long argument.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-2787":{"scope":"remote","description":"Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231.","releases":{"jessie":{"fixed_version":"5.6.7+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-1376":{"scope":"remote","description":"The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x series, do not verify that their arguments correspond to a shmop resource, which allows context-dependent attackers to read and write arbitrary memory locations via arguments associated with an inappropriate resource, as demonstrated by a GD Image resource.","releases":{"jessie":{"fixed_version":"5.2.0-11","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-2301":{"scope":"remote","description":"Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file.","releases":{"jessie":{"fixed_version":"5.6.6+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-4657":{"releases":{"jessie":{"fixed_version":"5.4.4-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-1375":{"scope":"remote","description":"Integer overflow in the substr_compare function in PHP 5.2.1 and earlier allows context-dependent attackers to read sensitive memory via a large value in the length argument, a different vulnerability than CVE-2006-1991.","releases":{"jessie":{"fixed_version":"5.2.0-11","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-2783":{"scope":"remote","description":"ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions.","releases":{"jessie":{"fixed_version":"5.6.9+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5094":{"scope":"remote","description":"Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from the htmlspecialchars function.","releases":{"jessie":{"fixed_version":"5.6.22+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-5093":{"scope":"remote","description":"The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensure the presence of a '\\0' character, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted locale_get_primary_language call.","releases":{"jessie":{"fixed_version":"5.6.22+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-5096":{"scope":"remote","description":"Integer overflow in the fread function in ext/standard/file.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer in the second argument.","releases":{"jessie":{"fixed_version":"5.6.22+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-5095":{"scope":"remote","description":"Integer overflow in the php_escape_html_entities_ex function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from a FILTER_SANITIZE_FULL_SPECIAL_CHARS filter_var call.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-5094.","releases":{"jessie":{"fixed_version":"5.6.22+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-1990":{"debianbug":365311,"scope":"remote","description":"Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and 5.1.2 might allow context-dependent attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, which triggers a heap-based buffer overflow in a memcpy function call, a different vulnerability than CVE-2002-1396.","releases":{"jessie":{"fixed_version":"5.1.4-0.1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-2100":{"scope":"remote","description":"The (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) http_build_query, (5) strpbrk, and (6) strtr functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2010-2101":{"scope":"remote","description":"The (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) str_word_count, and (6) str_pad functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2006-1991":{"debianbug":365312,"scope":"remote","description":"The substr_compare function in string.c in PHP 5.1.2 allows context-dependent attackers to cause a denial of service (memory access violation) via an out-of-bounds offset argument.","releases":{"jessie":{"fixed_version":"5.1.4-0.1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium","status":"resolved"}}}}
{"TEMP-0000000-5909B0":{"releases":{"jessie":{"fixed_version":"5.6.17+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2010-1130":{"scope":"remote","description":"session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; (semicolon) characters in the argument to the session_save_path function, which allows context-dependent attackers to bypass open_basedir and safe_mode restrictions via an argument that contains multiple ; characters in conjunction with a .. (dot dot).","releases":{"jessie":{"fixed_version":"5.3.2-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-4409":{"scope":"remote","description":"Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5.3.3 and earlier allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument.","releases":{"jessie":{"fixed_version":"5.3.3-6","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-0231":{"scope":"remote","description":"Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142.","releases":{"jessie":{"fixed_version":"5.6.5+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-3436":{"scope":"remote","description":"fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote attackers to bypass open_basedir restrictions via vectors related to the length of a filename.","releases":{"jessie":{"fixed_version":"5.3.3-4","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-2225":{"scope":"remote","description":"Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data, related to the PHP unserialize function.","releases":{"jessie":{"fixed_version":"5.3.3-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2005-3319":{"debianbug":336004,"scope":"local","description":"The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.","releases":{"jessie":{"fixed_version":"5.1.1-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-1484":{"scope":"local","description":"The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x up to 5.2.1, makes erroneous calls to zval_dtor, which triggers memory corruption and allows local users to bypass safe_mode and execute arbitrary code via a certain unset operation after array_user_key_compare has been called.","releases":{"jessie":{"fixed_version":"5.2.2-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-0232":{"scope":"remote","description":"The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image.","releases":{"jessie":{"fixed_version":"5.6.5+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-4645":{"scope":"remote","description":"strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU registers, as demonstrated using 2.2250738585072011e-308.","releases":{"jessie":{"fixed_version":"5.3.3-7","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high","status":"resolved"}}}}
{"CVE-2015-1351":{"debianbug":777033,"scope":"remote","description":"Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.","releases":{"jessie":{"fixed_version":"5.6.6+dfsg-2","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-1352":{"debianbug":777036,"scope":"remote","description":"The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name.","releases":{"jessie":{"fixed_version":"5.6.6+dfsg-2","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-2051":{"scope":"remote","description":"The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to \"incomplete multibyte chars.\"","releases":{"jessie":{"fixed_version":"5.2.6-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-6292":{"scope":"remote","description":"The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image.","releases":{"jessie":{"fixed_version":"5.6.24+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-6295":{"scope":"remote","description":"ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via crafted serialized data, a related issue to CVE-2016-5773.","releases":{"jessie":{"fixed_version":"5.6.24+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1943":{"debianbug":738832,"scope":"remote","description":"Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.","releases":{"jessie":{"fixed_version":"5.5.10+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-2050":{"scope":"remote","description":"Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before 5.2.6 has unknown impact and attack vectors.","releases":{"jessie":{"fixed_version":"5.2.6-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-6294":{"scope":"remote","description":"The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument.","releases":{"jessie":{"fixed_version":"5.6.24+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-6291":{"scope":"remote","description":"The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive information from process memory, or possibly have unspecified other impact via a crafted JPEG image.","releases":{"jessie":{"fixed_version":"5.6.24+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2005-3883":{"debianbug":341368,"scope":"remote","description":"CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the \"To\" address argument.","releases":{"jessie":{"fixed_version":"5.1.1-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2016-6290":{"scope":"remote","description":"ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to session deserialization.","releases":{"jessie":{"fixed_version":"5.6.24+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-3267":{"scope":"remote","description":"PHP before 5.3.7 does not properly implement the error_log function, which allows context-dependent attackers to cause a denial of service (application crash) via unspecified vectors.","releases":{"jessie":{"fixed_version":"5.3.7-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-3268":{"scope":"remote","description":"Buffer overflow in the crypt function in PHP before 5.3.7 allows context-dependent attackers to have an unspecified impact via a long salt argument, a different vulnerability than CVE-2011-2483.","releases":{"jessie":{"fixed_version":"5.3.8-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-0754":{"debianbug":523049,"scope":"local","description":"PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.","releases":{"jessie":{"fixed_version":"5.2.9.dfsg.1-2","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-9427":{"scope":"remote","description":"sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character, which causes an out-of-bounds read and might (1) allow remote attackers to obtain sensitive information from php-cgi process memory by leveraging the ability to upload a .php file or (2) trigger unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping.","releases":{"jessie":{"fixed_version":"5.6.5+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-6297":{"scope":"remote","description":"Integer overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted zip:// URL.","releases":{"jessie":{"fixed_version":"5.6.24+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-6296":{"debianbug":832959,"scope":"remote","description":"Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a long first argument to the PHP xmlrpc_encode_request function.","releases":{"jessie":{"fixed_version":"5.6.24+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-9425":{"debianbug":774154,"scope":"remote","description":"Double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zend Engine in PHP through 5.5.20 and 5.6.x through 5.6.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2007-4662":{"scope":"remote","description":"Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4 has unknown impact and attack vectors.","releases":{"jessie":{"fixed_version":"5.2.4-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-4783":{"debianbug":441972,"scope":"remote","description":"The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2) a denial of service (temporary application hang) via a long string in the str parameter.  NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.","releases":{"jessie":{"fixed_version":"5.2.5-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-4782":{"scope":"remote","description":"PHP before 5.2.3 allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the pattern parameter to the glob function; or (2) a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined characteristics, as demonstrated by a \"*[1]e\" value.  NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.","releases":{"jessie":{"fixed_version":"5.2.3-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-4661":{"scope":"remote","description":"The chunk_split function in string.c in PHP 5.2.3 does not properly calculate the needed buffer size due to precision loss when performing integer arithmetic with floating point numbers, which has unknown attack vectors and impact, possibly resulting in a heap-based buffer overflow.  NOTE: this is due to an incomplete fix for CVE-2007-2872.","releases":{"jessie":{"fixed_version":"5.2.4-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-4660":{"scope":"remote","description":"Unspecified vulnerability in the chunk_split function in PHP before 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation.","releases":{"jessie":{"fixed_version":"5.2.4-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-11628":{"scope":"remote","description":"In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input (instead of the system's php.ini file) for the parse_ini_string or parse_ini_file function, e.g., a web application for syntax validation of php.ini directives.","releases":{"jessie":{"fixed_version":"5.6.33+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-1399":{"scope":"remote","description":"Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or blog pingback.","releases":{"jessie":{"fixed_version":"5.2.2-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2015-3412":{"scope":"remote","description":"PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read arbitrary files via crafted input to an application that calls the stream_resolve_include_path function in ext/standard/streamsfuncs.c, as demonstrated by a filename\\0.extension attack that bypasses an intended configuration in which client users may read files with only one specific extension.","releases":{"jessie":{"fixed_version":"5.6.9+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-1396":{"scope":"remote","description":"The import_request_variables function in PHP 4.0.7 through 4.4.6, and 5.x before 5.2.2, when called without a prefix, does not prevent the (1) GET, (2) POST, (3) COOKIE, (4) FILES, (5) SERVER, (6) SESSION, and other superglobals from being overwritten, which allows remote attackers to spoof source IP address and Referer data, and have other unspecified impact.  NOTE: it could be argued that this is a design limitation of PHP and that only the misuse of this feature, i.e. implementation bugs in applications, should be included in CVE. However, it has been fixed by the vendor.","releases":{"jessie":{"fixed_version":"5.2.2-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-3411":{"scope":"remote","description":"PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the xmlwriter_open_uri function, (3) the finfo_file function, or (4) the hash_hmac_file function, as demonstrated by a filename\\0.xml attack that bypasses an intended configuration in which client users may read only .xml files.","releases":{"jessie":{"fixed_version":"5.6.9+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-4663":{"scope":"remote","description":"Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass open_basedir restrictions via unspecified vectors involving the glob function.","releases":{"jessie":{"fixed_version":"5.2.4-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-4784":{"debianbug":441972,"scope":"remote","description":"The setlocale function in PHP before 5.2.4 allows context-dependent attackers to cause a denial of service (application crash) via a long string in the locale parameter.  NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless this issue can be demonstrated for code execution.","releases":{"jessie":{"fixed_version":"5.2.5-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-4659":{"scope":"remote","description":"The zend_alter_ini_entry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memory_limit violation, which has unknown impact and attack vectors.","releases":{"jessie":{"fixed_version":"5.2.4-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-7130":{"scope":"remote","description":"The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid base64 binary value, as demonstrated by a wddx_deserialize call that mishandles a binary element in a wddxPacket XML document.","releases":{"jessie":{"fixed_version":"5.6.26+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-4658":{"scope":"remote","description":"The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability.","releases":{"jessie":{"fixed_version":"5.2.4-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-7131":{"scope":"remote","description":"ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via a malformed wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a tag that lacks a < (less than) character.","releases":{"jessie":{"fixed_version":"5.6.26+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-4657":{"scope":"remote","description":"Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read.  NOTE: this affects different product versions than CVE-2007-3996.","releases":{"jessie":{"fixed_version":"5.2.4-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2019-9675":{"scope":"remote","description":"** DISPUTED ** An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot happen: \"This issue allows theoretical compromise of security, but a practical attack is usually impossible.\"","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2007-3205":{"scope":"remote","description":"The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed.  NOTE: it is not clear whether this is a design limitation of the function or a bug in PHP, although it is likely to be regarded as a bug in Hardened-PHP and Suhosin.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2008-5557":{"debianbug":511493,"scope":"remote","description":"Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion, related to the (1) mb_convert_encoding, (2) mb_check_encoding, (3) mb_convert_variables, and (4) mb_parse_str functions.","releases":{"jessie":{"fixed_version":"5.2.6.dfsg.1-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-6289":{"scope":"remote","description":"Integer overflow in the virtual_file_ex function in TSRM/tsrm_virtual_cwd.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted extract operation on a ZIP archive.","releases":{"jessie":{"fixed_version":"5.6.24+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-7134":{"scope":"remote","description":"ext/curl/interface.c in PHP 7.x before 7.0.10 does not work around a libcurl integer overflow, which allows remote attackers to cause a denial of service (allocation error and heap-based buffer overflow) or possibly have unspecified other impact via a long string that is mishandled in a curl_escape call.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-20783":{"scope":"remote","description":"In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to phar_parse_pharfile in ext/phar/phar.c.","releases":{"jessie":{"fixed_version":"5.6.39+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-7132":{"scope":"remote","description":"ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a stray element inside a boolean element, leading to incorrect pop processing.","releases":{"jessie":{"fixed_version":"5.6.26+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-6288":{"scope":"remote","description":"The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data type.","releases":{"jessie":{"fixed_version":"5.6.15+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-7133":{"scope":"remote","description":"Zend/zend_alloc.c in PHP 7.x before 7.0.10, when open_basedir is enabled, mishandles huge realloc operations, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a long pathname.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"TEMP-0000000-F1CA5F":{"releases":{"jessie":{"fixed_version":"5.6.17+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2014-9653":{"debianbug":777585,"scope":"remote","description":"readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-2484":{"scope":"remote","description":"The strrchr function in PHP 5.2 before 5.2.14 allows context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal function or handler.","releases":{"jessie":{"fixed_version":"5.3.3-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-1380":{"scope":"remote","description":"The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read.","releases":{"jessie":{"fixed_version":"5.2.0-11","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-9652":{"scope":"remote","description":"The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file.","releases":{"jessie":{"fixed_version":"5.6.5+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-1092":{"scope":"remote","description":"Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (crash) and possibly read sensitive memory via a large third argument to the shmop_read function.","releases":{"jessie":{"fixed_version":"5.4.0-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-4107":{"debianbug":500087,"scope":"remote","description":"The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset functionality in Joomla! 1.5.x and WordPress before 2.6.2, a different vulnerability than CVE-2008-2107, CVE-2008-2108, and CVE-2008-4102.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2007-1381":{"scope":"remote","description":"The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and 1.119.2.10.2.13 in PHP 5, as modified in CVS on 20070224 and fixed on 20070304, calls strlcpy where strlcat was intended and uses improper arguments, which allows context-dependent attackers to execute arbitrary code via a WDDX packet with a malformed overlap of a STRING element, which triggers a buffer overflow.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-4652":{"scope":"local","description":"The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink.","releases":{"jessie":{"fixed_version":"5.2.4-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-4642":{"scope":"remote","description":"The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 on Windows allows remote attackers to execute arbitrary OS commands via a crafted string to an application that accepts command-line arguments for a call to the PHP system function.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-4643":{"scope":"remote","description":"Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022.","releases":{"jessie":{"fixed_version":"5.6.12+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-3998":{"scope":"remote","description":"The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, \"\"' argument set.","releases":{"jessie":{"fixed_version":"5.2.4-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-4644":{"scope":"remote","description":"The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1352.","releases":{"jessie":{"fixed_version":"5.6.12+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-3997":{"scope":"remote","description":"The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE.","releases":{"jessie":{"fixed_version":"5.2.4-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-1608":{"debianbug":361856,"scope":"local","description":"The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass safe mode and read arbitrary files via a source argument containing a compress.zlib:// URI.","releases":{"jessie":{"fixed_version":"5.1.4-0.1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-7127":{"scope":"remote","description":"The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by providing different signs for the second and third arguments.","releases":{"jessie":{"fixed_version":"5.6.26+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-17082":{"scope":"remote","description":"The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a \"Transfer-Encoding: chunked\" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c.","releases":{"jessie":{"fixed_version":"5.6.38+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-0996":{"debianbug":361853,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed.","releases":{"jessie":{"fixed_version":"5.1.4-0.1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-7128":{"scope":"remote","description":"The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.","releases":{"jessie":{"fixed_version":"5.6.26+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-7125":{"scope":"remote","description":"ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection.","releases":{"jessie":{"fixed_version":"5.6.26+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-7126":{"scope":"remote","description":"The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of service (select_colors allocation error and out-of-bounds write) or possibly have unspecified other impact via a large value in the third argument.","releases":{"jessie":{"fixed_version":"5.6.26+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-7124":{"scope":"remote","description":"ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call.","releases":{"jessie":{"fixed_version":"5.6.26+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-0789":{"scope":"remote","description":"Memory leak in the timezone functionality in PHP before 5.3.9 allows remote attackers to cause a denial of service (memory consumption) by triggering many strtotime function calls, which are not properly handled by the php_date_parse_tzfile cache.","releases":{"jessie":{"fixed_version":"5.3.9-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-0788":{"scope":"remote","description":"The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.","releases":{"jessie":{"fixed_version":"5.3.9-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-7129":{"scope":"remote","description":"The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddx_deserialize call that mishandles a dateTime element in a wddxPacket XML document.","releases":{"jessie":{"fixed_version":"5.6.26+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-4113":{"debianbug":717139,"scope":"remote","description":"ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function.","releases":{"jessie":{"fixed_version":"5.5.0+dfsg-15","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-2498":{"debianbug":323347,"scope":"remote","description":"Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921.","releases":{"jessie":{"fixed_version":"5.0.5-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high","status":"resolved"}}}}
{"CVE-2015-2348":{"scope":"remote","description":"The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \\x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected names via a crafted second argument.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.","releases":{"jessie":{"fixed_version":"5.6.7+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-1453":{"scope":"remote","description":"Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering extension (ext/filter) in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by calling filter_var with certain modes such as FILTER_VALIDATE_INT, which causes filter to write a null byte in whitespace that precedes the buffer.","releases":{"jessie":{"fixed_version":"5.2.0-11","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2012-0781":{"scope":"remote","description":"The tidy_diagnose function in PHP 5.3.8 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that attempts to perform Tidy::diagnose operations on invalid objects, a different vulnerability than CVE-2011-4153.","releases":{"jessie":{"fixed_version":"5.3.9-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-1454":{"scope":"remote","description":"ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the FILTER_FLAG_STRIP_LOW flag, does not properly strip HTML tags, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML with a '<' character followed by certain whitespace characters, which passes one filter but is collapsed into a valid tag, as demonstrated using %0b.","releases":{"jessie":{"fixed_version":"5.2.0-11","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2007-1452":{"scope":"remote","description":"The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement the input filtering hooks for ext/filter, which allows remote attackers to bypass web site filters via an application/vnd.fdf formatted POST.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-2331":{"debianbug":780713,"scope":"remote","description":"Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow.","releases":{"jessie":{"fixed_version":"5.6.7+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-0273":{"scope":"remote","description":"Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function.","releases":{"jessie":{"fixed_version":"5.6.6+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-5498":{"scope":"remote","description":"Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2005-3353":{"debianbug":336654,"scope":"remote","description":"The exif_read_data function in the Exif module in PHP before 4.4.1 allows remote attackers to cause a denial of service (infinite loop) via a malformed JPEG image.","releases":{"jessie":{"fixed_version":"5.1.1-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2018-19396":{"scope":"remote","description":"ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service (application crash) via an unserialize call for the com, dotnet, or variant class.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-19395":{"scope":"remote","description":"ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereference and application crash) because com and com_safearray_proxy return NULL in com_properties_get in ext/com_dotnet/com_handlers.c, as demonstrated by a serialize call on COM(\"WScript.Shell\").","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-7479":{"scope":"remote","description":"In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution.","releases":{"jessie":{"fixed_version":"5.6.30+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-6420":{"debianbug":731895,"scope":"remote","description":"The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.","releases":{"jessie":{"fixed_version":"5.5.6+dfsg-2","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-7478":{"scope":"remote","description":"Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876.","releases":{"jessie":{"fixed_version":"5.6.28+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-7205":{"scope":"remote","description":"The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 allows context-dependent attackers to cause a denial of service (memory consumption) via a large num value.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2013-4248":{"debianbug":719765,"scope":"remote","description":"The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.","releases":{"jessie":{"fixed_version":"5.5.3+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-3870":{"debianbug":603751,"scope":"remote","description":"The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string.","releases":{"jessie":{"fixed_version":"5.3.3-4","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-8142":{"scope":"remote","description":"Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019.","releases":{"jessie":{"fixed_version":"5.6.5+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-3307":{"scope":"remote","description":"The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (heap metadata corruption) or possibly have unspecified other impact via a crafted tar archive.","releases":{"jessie":{"fixed_version":"5.6.9+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-4070":{"debianbug":835032,"scope":"remote","description":"** DISPUTED ** Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says \"Not sure if this qualifies as security issue (probably not).\"","releases":{"jessie":{"fixed_version":"5.6.20+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-3211":{"scope":"local","description":"php-fpm allows local users to write to or create arbitrary files via a symlink attack.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-4071":{"scope":"remote","description":"Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via format string specifiers in an SNMP::get call.","releases":{"jessie":{"fixed_version":"5.6.20+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-4072":{"scope":"remote","description":"The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \\0 characters by the phar_analyze_path function in ext/phar/phar.c.","releases":{"jessie":{"fixed_version":"5.6.20+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-3330":{"scope":"remote","description":"The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a \"deconfigured interpreter.\"","releases":{"jessie":{"fixed_version":"5.6.7+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-4073":{"scope":"remote","description":"Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call.","releases":{"jessie":{"fixed_version":"5.6.20+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-3189":{"scope":"remote","description":"The crypt function in PHP 5.3.7, when the MD5 hash type is used, returns the value of the salt argument instead of the hashed string, which might allow remote attackers to bypass authentication via an arbitrary password, a different vulnerability than CVE-2011-2483.","releases":{"jessie":{"fixed_version":"5.3.8-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-10546":{"scope":"remote","description":"An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences.","releases":{"jessie":{"fixed_version":"5.6.36+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-0397":{"debianbug":573573,"scope":"remote","description":"The xmlrpc extension in PHP 5.3.1 does not properly handle a missing methodName element in the first argument to the xmlrpc_decode_request function, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly have unspecified other impact via a crafted argument.","releases":{"jessie":{"fixed_version":"5.3.2-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2011-3182":{"scope":"remote","description":"PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveraging the ability to provide an arbitrary value for a function argument, related to (1) ext/curl/interface.c, (2) ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6) ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10) TSRM/tsrm_win32.c, and (11) the strtotime function.","releases":{"jessie":{"fixed_version":"5.3.7-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-10545":{"scope":"local","description":"An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environment) to obtain sensitive information from the process memory of a second user's PHP applications by running gcore on the PID of the PHP-FPM worker process.","releases":{"jessie":{"fixed_version":"5.6.36+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2011-4153":{"scope":"remote","description":"PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php_open_temporary_file.c.","releases":{"jessie":{"fixed_version":"5.3.9-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-10549":{"scope":"remote","description":"An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a MakerNote that lacks a final '\\0' character.","releases":{"jessie":{"fixed_version":"5.6.36+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-10548":{"scope":"remote","description":"An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value.","releases":{"jessie":{"fixed_version":"5.6.36+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-10547":{"scope":"remote","description":"An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712.","releases":{"jessie":{"fixed_version":"5.6.36+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-1000888":{"debianbug":919147,"scope":"remote","description":"PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. There are several file operations with `$v_header['filename']` as parameter (such as file_exists, is_file, is_dir, etc). When extract is called without a specific prefix path, we can trigger unserialization by crafting a tar file with `phar://[path_to_malicious_phar_file]` as path. Object injection can be used to trigger destruct in the loaded PHP classes, e.g. the Archive_Tar class itself. With Archive_Tar object injection, arbitrary file deletion can occur because `@unlink($this->_temp_tarname)` is called. If another class with useful gadget is loaded, it may possible to cause remote code execution that can result in files being deleted or possibly modified. This vulnerability appears to have been fixed in 1.4.4.","releases":{"jessie":{"fixed_version":"5.6.39+dfsg-0+deb8u2","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-1129":{"scope":"remote","description":"The safe_mode implementation in PHP before 5.2.13 does not properly handle directory pathnames that lack a trailing / (slash) character, which allows context-dependent attackers to bypass intended access restrictions via vectors related to use of the tempnam function.","releases":{"jessie":{"fixed_version":"5.3.2-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-1128":{"scope":"remote","description":"The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid function.","releases":{"jessie":{"fixed_version":"5.3.2-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-6832":{"scope":"remote","description":"Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field.","releases":{"jessie":{"fixed_version":"5.6.12+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-6831":{"scope":"remote","description":"Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization.","releases":{"jessie":{"fixed_version":"5.6.12+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-6834":{"scope":"remote","description":"Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization.","releases":{"jessie":{"fixed_version":"5.6.13+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-6833":{"scope":"remote","description":"Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call.","releases":{"jessie":{"fixed_version":"5.6.12+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-6836":{"scope":"remote","description":"The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary code via crafted serialized data that triggers a \"type confusion\" in the serialize_function_call function.","releases":{"jessie":{"fixed_version":"5.6.13+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-7804":{"scope":"remote","description":"Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (uninitialized pointer dereference and application crash) by including the / filename in a .zip PHAR archive.","releases":{"jessie":{"fixed_version":"5.6.14+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-6835":{"scope":"remote","description":"The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple php_var_unserialize calls, which allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted session content.","releases":{"jessie":{"fixed_version":"5.6.13+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-7803":{"scope":"remote","description":"The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that does not exist.","releases":{"jessie":{"fixed_version":"5.6.14+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-6838":{"scope":"remote","description":"The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument loop, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6837.","releases":{"jessie":{"fixed_version":"5.6.13+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-6837":{"scope":"remote","description":"The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation during initial error checking, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6838.","releases":{"jessie":{"fixed_version":"5.6.13+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5399":{"scope":"remote","description":"The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.","releases":{"jessie":{"fixed_version":"5.6.24+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-2626":{"debianbug":540605,"scope":"remote","description":"The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable.","releases":{"jessie":{"fixed_version":"5.2.11.dfsg.1-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2006-5178":{"debianbug":391281,"scope":"local","description":"Race condition in the symlink function in PHP 5.1.6 and earlier allows local users to bypass the open_basedir restriction by using a combination of symlink, mkdir, and unlink functions to change the file path after the open_basedir check and before the file is opened by the underlying system, as demonstrated by symlinking a symlink into a subdirectory, to point to a parent directory via .. (dot dot) sequences, and then unlinking the resulting symlink.","releases":{"jessie":{"fixed_version":"5.2.0-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"TEMP-0000000-F647EF":{"releases":{"jessie":{"fixed_version":"5.0.5-2","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-6128":{"debianbug":829062,"scope":"remote","description":"The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.","releases":{"jessie":{"fixed_version":"5.6.26+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-1581":{"scope":"remote","description":"The resource system in PHP 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting the hash_update_file function via a userspace (1) error or (2) stream handler, which can then be used to destroy and modify internal resources.  NOTE: it was later reported that PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 are also affected.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2007-1460":{"scope":"remote","description":"The zip:// URL wrapper provided by the PECL zip extension in PHP before 4.4.7, and 5.2.0 and 5.2.1, does not implement safemode or open_basedir checks, which allows remote attackers to read ZIP archives located outside of the intended directories.","releases":{"jessie":{"fixed_version":"5.2.2-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-3329":{"scope":"remote","description":"Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.","releases":{"jessie":{"fixed_version":"5.6.9+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-6383":{"scope":"local","description":"PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a \";\" in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.save_path to the malicious path.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2007-1582":{"scope":"remote","description":"The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting certain functions in the GD (ext/gd) extension and unspecified other extensions via a userspace error handler, which can be used to destroy and modify internal resources.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2007-1461":{"scope":"remote","description":"The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP before 4.4.7, and 5.x before 5.2.2, does not implement safemode or open_basedir checks, which allows remote attackers to read bzip2 archives located outside of the intended directories.","releases":{"jessie":{"fixed_version":"5.2.2-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-1583":{"scope":"remote","description":"The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal register_globals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with register_globals functionality that is not detectable by these scripts, as demonstrated by forcing a memory_limit violation.","releases":{"jessie":{"fixed_version":"5.2.0-11","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2007-4850":{"scope":"remote","description":"curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \\x00 sequence, a different vulnerability than CVE-2006-2563.","releases":{"jessie":{"fixed_version":"5.2.6-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-1413":{"scope":"remote","description":"Buffer overflow in the snmpget function in the snmp extension in PHP 5.2.3 and earlier, including PHP 4.4.6 and probably other PHP 4 versions, allows context-dependent attackers to execute arbitrary code via a long value in the third argument (object id).","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2007-1777":{"scope":"remote","description":"Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 allows remote attackers to execute arbitrary code via a ZIP archive that contains an entry with a length value of 0xffffffff, which is incremented before use in an emalloc call, triggering a heap overflow.","releases":{"jessie":{"fixed_version":"5.2.0-11","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2007-1411":{"scope":"remote","description":"Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 versions, allows local and possibly remote attackers to execute arbitrary code via long server name arguments to the (1) mssql_connect and (2) mssql_pconnect functions.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-1412":{"scope":"remote","description":"The cpdf_open function in the ClibPDF (cpdf) extension in PHP 4.4.6 allows context-dependent attackers to obtain sensitive information (script source code) via a long string in the second argument.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-2748":{"scope":"remote","description":"The substr_count function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-0448":{"scope":"remote","description":"The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2005-3388":{"debianbug":336645,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a \"stacked array assignment.\"","releases":{"jessie":{"fixed_version":"5.1.1-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-5624":{"debianbug":508021,"scope":"remote","description":"PHP 5 before 5.2.7 does not properly initialize the page_uid and page_gid global variables for use by the SAPI php_getuid function, which allows context-dependent attackers to bypass safe_mode restrictions via variable settings that are intended to be restricted to root, as demonstrated by a setting of /etc for the error_log variable.","releases":{"jessie":{"fixed_version":"5.2.6.dfsg.1-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2010-2191":{"scope":"remote","description":"The (1) parse_str, (2) preg_match, (3) unpack, and (4) pack functions; the (5) ZEND_FETCH_RW, (6) ZEND_CONCAT, and (7) ZEND_ASSIGN_CONCAT opcodes; and the (8) ArrayObject::uasort method in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal function or handler.  NOTE: vectors 2 through 4 are related to the call time pass by reference feature.","releases":{"jessie":{"fixed_version":"5.3.3-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-2509":{"scope":"remote","description":"CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands.","releases":{"jessie":{"fixed_version":"5.2.2-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-1384":{"scope":"remote","description":"Integer overflow in PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service and possibly have unspecified other impact via a printf format parameter with a large width specifier, related to the php_sprintf_appendstring function in formatted_print.c and probably other functions for formatted strings (aka *printf functions).","releases":{"jessie":{"fixed_version":"5.2.6-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-2190":{"scope":"remote","description":"The (1) trim, (2) ltrim, (3) rtrim, and (4) substr_replace functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2014-5120":{"scope":"remote","description":"gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function.","releases":{"jessie":{"fixed_version":"5.4.0-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-4017":{"scope":"remote","description":"PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive.","releases":{"jessie":{"fixed_version":"5.2.11.dfsg.1-2","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2009-4018":{"scope":"remote","description":"The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH environment variable.","releases":{"jessie":{"fixed_version":"5.2.11.dfsg.1-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-11362":{"scope":"remote","description":"In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ext/intl/msgformat/msgformat_parse.c does not restrict the locale length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact within International Components for Unicode (ICU) for C/C++ via a long first argument to the msgfmt_parse_message function.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-2554":{"scope":"remote","description":"Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive.","releases":{"jessie":{"fixed_version":"5.6.19+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-5625":{"scope":"remote","description":"PHP 5 before 5.2.7 does not enforce the error_log safe_mode restrictions when safe_mode is enabled through a php_admin_flag setting in httpd.conf, which allows context-dependent attackers to write to arbitrary files by placing a \"php_value error_log\" entry in a .htaccess file.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2005-3389":{"debianbug":336645,"scope":"remote","description":"The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting, which causes PHP to set an internal flag that enables register_globals and allows attackers to exploit vulnerabilities in PHP applications that would otherwise be protected.","releases":{"jessie":{"fixed_version":"5.1.1-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-1890":{"scope":"remote","description":"Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1, on FreeBSD and possibly other platforms, allows context-dependent attackers to execute arbitrary code via certain maxsize values, as demonstrated by 0xffffffff.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2011-1938":{"scope":"remote","description":"Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket.","releases":{"jessie":{"fixed_version":"5.3.6-13","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-1887":{"debianbug":420456,"scope":"remote","description":"Buffer overflow in the sqlite_decode_binary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonstrated by calling the sqlite_udf_decode_binary function with a 0x01 character.","releases":{"jessie":{"fixed_version":"5.2.0-11","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2005-3392":{"debianbug":336645,"scope":"remote","description":"Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.","releases":{"jessie":{"fixed_version":"5.1.1-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-1521":{"scope":"remote","description":"Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a memory limit violation.","releases":{"jessie":{"fixed_version":"5.2.0-11","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2007-1522":{"scope":"remote","description":"Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which calls the session identifier generator with an improper environment, leading to code execution when the generator is interrupted, as demonstrated by triggering a memory limit violation or certain PHP errors.","releases":{"jessie":{"fixed_version":"5.2.2-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2007-1649":{"scope":"remote","description":"PHP 5.2.1 allows context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with S:, which does not properly track the number of input bytes being processed.","releases":{"jessie":{"fixed_version":"5.2.2-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-1889":{"scope":"remote","description":"Integer signedness error in the _zend_mm_alloc_int function in the Zend Memory Manager in PHP 5.2.0 allows remote attackers to execute arbitrary code via a large emalloc request, related to an incorrect signed long cast, as demonstrated via the HTTP SOAP client in PHP, and via a call to msg_receive with the largest positive integer value of maxsize.","releases":{"jessie":{"fixed_version":"5.2.0-11","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2006-7243":{"scope":"remote","description":"PHP before 5.3.4 accepts the \\0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\\0.jpg at the end of the argument to the file_exists function.","releases":{"jessie":{"fixed_version":"5.3.3-6","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-8626":{"scope":"remote","description":"Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC encoding.","releases":{"jessie":{"fixed_version":"5.2.9.dfsg.1-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2005-3391":{"debianbug":336645,"scope":"remote","description":"Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to bypass safe_mode and open_basedir restrictions via unknown attack vectors in (1) ext/curl and (2) ext/gd.","releases":{"jessie":{"fixed_version":"5.1.1-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2005-3390":{"debianbug":336645,"scope":"remote","description":"The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a \"GLOBALS\" fileupload field.","releases":{"jessie":{"fixed_version":"5.1.1-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-2108":{"scope":"remote","description":"The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force attacks against protection mechanisms that use the rand and mt_rand functions.","releases":{"jessie":{"fixed_version":"5.2.2-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-6501":{"scope":"local","description":"The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL injection attacks by creating a file under /tmp with a predictable filename that is used by the get_sdl function in ext/soap/php_sdl.c.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2008-2107":{"scope":"remote","description":"The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and mt_rand functions and possibly bypass protection mechanisms that rely on an unknown initial seed.","releases":{"jessie":{"fixed_version":"5.2.2-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-7584":{"scope":"remote","description":"In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in copying a large string.","releases":{"jessie":{"fixed_version":"5.6.36+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-3293":{"scope":"remote","description":"Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect \"sanity check for the color index.\"","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-3294":{"scope":"remote","description":"The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11 and 5.3.x before 5.3.1, when running on certain Windows operating systems, allows context-dependent attackers to cause a denial of service (crash) via a crafted (1) \"e\" or (2) \"er\" string in the second argument (aka mode), possibly related to the _fdopen function in the Microsoft C runtime library. NOTE: this might not cross privilege boundaries except in rare cases in which the mode argument is accessible to an attacker outside of an application that uses the popen function.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-4143":{"scope":"remote","description":"PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive.","releases":{"jessie":{"fixed_version":"5.2.12.dfsg.1-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-4142":{"scope":"remote","description":"The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character.","releases":{"jessie":{"fixed_version":"5.2.12.dfsg.1-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2007-1883":{"scope":"remote","description":"PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to read arbitrary memory locations via an interruption that triggers a user space error handler that changes a parameter to an arbitrary pointer, as demonstrated via the iptcembed function, which calls certain convert_to_* functions with its input parameters.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2009-3291":{"scope":"remote","description":"The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates.","releases":{"jessie":{"fixed_version":"5.2.11.dfsg.1-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-3292":{"scope":"remote","description":"Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attack vectors related to \"missing sanity checks around exif processing.\"","releases":{"jessie":{"fixed_version":"5.2.11.dfsg.1-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2019-9024":{"scope":"remote","description":"An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c.","releases":{"jessie":{"fixed_version":"5.6.40+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-9023":{"scope":"remote","description":"An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regexec.c, ext/mbstring/oniguruma/regparse.c, ext/mbstring/oniguruma/enc/unicode.c, and ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences.","releases":{"jessie":{"fixed_version":"5.6.40+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-3660":{"scope":"remote","description":"PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php.","releases":{"jessie":{"fixed_version":"5.2.6-4","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2019-9020":{"scope":"remote","description":"An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c.","releases":{"jessie":{"fixed_version":"5.6.40+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-9709":{"debianbug":835032,"scope":"remote","description":"The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function.","releases":{"jessie":{"fixed_version":"5.6.5+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-9022":{"scope":"remote","description":"An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parserr in ext/standard/dns.c for DNS_CAA and DNS_ANY queries.","releases":{"jessie":{"fixed_version":"5.6.40+dfsg-0+deb8u2","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-4825":{"scope":"remote","description":"Directory traversal vulnerability in PHP 5.2.4 and earlier allows attackers to bypass open_basedir restrictions and possibly execute arbitrary code via a .. (dot dot) in the dl function.","releases":{"jessie":{"fixed_version":"5.2.5-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-9021":{"scope":"remote","description":"An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c.","releases":{"jessie":{"fixed_version":"5.6.40+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-5844":{"scope":"remote","description":"PHP 5.2.7 contains an incorrect change to the FILTER_UNSAFE_RAW functionality, and unintentionally disables magic_quotes_gpc regardless of the actual magic_quotes_gpc setting, which might make it easier for context-dependent attackers to conduct SQL injection attacks and unspecified other attacks.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-2094":{"scope":"remote","description":"Multiple format string vulnerabilities in the phar extension in PHP 5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the (1) phar_stream_flush, (2) phar_wrapper_unlink, (3) phar_parse_url, or (4) phar_wrapper_open_url functions in ext/phar/stream.c; and the (5) phar_wrapper_open_dir function in ext/phar/dirstream.c, which triggers errors in the php_stream_wrapper_log_error function.","releases":{"jessie":{"fixed_version":"5.3.3-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-3063":{"scope":"remote","description":"The php_mysqlnd_read_error_from_line function in the Mysqlnd extension in PHP 5.3 through 5.3.2 does not properly calculate a buffer length, which allows context-dependent attackers to trigger a heap-based buffer overflow via crafted inputs that cause a negative length value to be used.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2006-0931":{"debianbug":368545,"scope":"remote","description":"Directory traversal vulnerability in PEAR::Archive_Tar 1.2, and other versions before 1.3.2, allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a TAR archive.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2010-3062":{"scope":"remote","description":"mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows remote attackers to (1) read sensitive memory via a modified length value, which is not properly handled by the php_mysqlnd_ok_read function; or (2) trigger a heap-based buffer overflow via a modified length value, which is not properly handled by the php_mysqlnd_rset_header_read function.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2014-9705":{"scope":"remote","description":"Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries.","releases":{"jessie":{"fixed_version":"5.6.6+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-4150":{"scope":"remote","description":"Double free vulnerability in the imap_do_open function in the IMAP extension (ext/imap/php_imap.c) in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.","releases":{"jessie":{"fixed_version":"5.3.3-7","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-2093":{"scope":"remote","description":"Use-after-free vulnerability in the request shutdown functionality in PHP 5.2 before 5.2.13 and 5.3 before 5.3.2 allows context-dependent attackers to cause a denial of service (crash) via a stream context structure that is freed before destruction occurs.","releases":{"jessie":{"fixed_version":"5.3.3-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-6712":{"debianbug":731112,"scope":"remote","description":"The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification.","releases":{"jessie":{"fixed_version":"5.5.6+dfsg-2","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-4156":{"debianbug":603751,"scope":"remote","description":"The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through 5.3.3, allows context-dependent attackers to obtain potentially sensitive information via a large value of the third parameter (aka the length parameter).","releases":{"jessie":{"fixed_version":"5.3.3-4","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-2110":{"scope":"remote","description":"Heap-based buffer overflow in the php_quot_print_encode function in ext/standard/quot_print.c in PHP before 5.3.26 and 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted argument to the quoted_printable_encode function.","releases":{"jessie":{"fixed_version":"5.5.0~rc3+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-3065":{"scope":"remote","description":"The default session serializer in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 does not properly handle the PS_UNDEF_MARKER marker, which allows context-dependent attackers to modify arbitrary session variables via a crafted session variable name.","releases":{"jessie":{"fixed_version":"5.3.3-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-2097":{"scope":"remote","description":"The (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2010-3064":{"scope":"remote","description":"Stack-based buffer overflow in the php_mysqlnd_auth_write function in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) username or (2) database name argument to the (a) mysql_connect or (b) mysqli_connect function.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2011-0708":{"scope":"remote","description":"exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read.","releases":{"jessie":{"fixed_version":"5.3.6-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-15132":{"scope":"remote","description":"An issue was discovered in ext/standard/link_win32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. The linkinfo function on Windows doesn't implement the open_basedir check. This could be abused to find files on paths outside of the allowed directories.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-2511":{"scope":"local","description":"Buffer overflow in the user_filter_factory_create function in PHP before 5.2.2 has unknown impact and local attack vectors.","releases":{"jessie":{"fixed_version":"5.2.2-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-2311":{"debianbug":671880,"scope":"remote","description":"sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.","releases":{"jessie":{"fixed_version":"5.4.3-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-2317":{"debianbug":581170,"scope":"remote","description":"The Debian php_crypt_revamped.patch patch for PHP 5.3.x, as used in the php5 package before 5.3.3-7+squeeze4 in Debian GNU/Linux squeeze, the php5 package before 5.3.2-1ubuntu4.17 in Ubuntu 10.04 LTS, and the php5 package before 5.3.5-1ubuntu7.10 in Ubuntu 11.04, does not properly handle an empty salt string, which might allow remote attackers to bypass authentication by leveraging an application that relies on the PHP crypt function to choose a salt for password hashing.","releases":{"jessie":{"fixed_version":"5.3.6-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-2519":{"debianbug":441433,"scope":"remote","description":"Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attribute in the file element in package.xml 1.0 or the (2) as attribute in the install element in package.xml 2.0.  NOTE: it could be argued that this does not cross privilege boundaries in typical installations, since the code being installed could perform the same actions.","releases":{"jessie":{"fixed_version":"5.2.3-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-5459":{"debianbug":682157,"scope":"local","description":"The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2009-5016":{"scope":"remote","description":"Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in PHP before 5.2.11 makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string that uses overlong UTF-8 encoding, a different vulnerability than CVE-2010-3870.","releases":{"jessie":{"fixed_version":"5.3.3-4","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-3658":{"scope":"remote","description":"Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.","releases":{"jessie":{"fixed_version":"5.2.6-4","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2008-3659":{"scope":"remote","description":"Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via the delimiter argument to the explode function.  NOTE: the scope of this issue is limited since most applications would not use an attacker-controlled delimiter, but local attacks against safe_mode are feasible.","releases":{"jessie":{"fixed_version":"5.2.6-4","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2007-2872":{"scope":"remote","description":"Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) chunks, (2) srclen, and (3) chunklen arguments.","releases":{"jessie":{"fixed_version":"5.2.3-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-2510":{"scope":"remote","description":"Buffer overflow in the make_http_soap_request function in PHP before 5.2.2 has unknown impact and remote attack vectors, possibly related to \"/\" (slash) characters.","releases":{"jessie":{"fixed_version":"5.2.2-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2005-4154":{"scope":"remote","description":"Unspecified vulnerability in PEAR installer 1.4.2 and earlier allows user-assisted attackers to execute arbitrary code via a crafted package that can execute code when the pear command is executed or when the Web/Gtk frontend is loaded.","releases":{"jessie":{"fixed_version":"5.1.1-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-2688":{"debianbug":683274,"scope":"remote","description":"Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an \"overflow.\"","releases":{"jessie":{"fixed_version":"5.4.4-4","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-2329":{"scope":"remote","description":"Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.","releases":{"jessie":{"fixed_version":"5.4.3-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-9767":{"scope":"remote","description":"Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive.","releases":{"jessie":{"fixed_version":"5.6.13+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-4699":{"scope":"remote","description":"The iconv_mime_decode_headers function in the Iconv extension in PHP before 5.3.4 does not properly handle encodings that are unrecognized by the iconv and mbstring (aka Multibyte String) implementations, which allows remote attackers to trigger an incomplete output array, and possibly bypass spam detection or have unspecified other impact, via a crafted Subject header in an e-mail message, as demonstrated by the ks_c_5601-1987 character set.","releases":{"jessie":{"fixed_version":"5.3.5-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-4635":{"scope":"remote","description":"Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service (application hang) via a large argument to the jdtojewish function.","releases":{"jessie":{"fixed_version":"5.5.0+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-4698":{"scope":"remote","description":"Stack-based buffer overflow in the GD extension in PHP before 5.2.15 and 5.3.x before 5.3.4 allows context-dependent attackers to cause a denial of service (application crash) via a large number of anti-aliasing steps in an argument to the imagepstext function.","releases":{"jessie":{"fixed_version":"5.3.3-7","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-4636":{"scope":"remote","description":"The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via an MP3 file that triggers incorrect MIME type detection during access to an finfo object.","releases":{"jessie":{"fixed_version":"5.5.0+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-4697":{"scope":"remote","description":"Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 and 5.3.x before 5.3.4 might allow context-dependent attackers to cause a denial of service (heap memory corruption) or have unspecified other impact via vectors related to use of __set, __get, __isset, and __unset methods on objects accessed by a reference.","releases":{"jessie":{"fixed_version":"5.3.5-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-9253":{"scope":"remote","description":"An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, or system) with a non-blocking STDIN stream, causing this master process to consume 100% of the CPU, and consume disk space with a large volume of error logs, as demonstrated by an attack by a customer of a shared-hosting facility.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-10712":{"scope":"remote","description":"In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For example, a \"$uri = stream_get_meta_data(fopen($file, \"r\"))['uri']\" call mishandles the case where $file is data:text/plain;uri=eviluri, -- in other words, metadata can be set by an attacker.","releases":{"jessie":{"fixed_version":"5.6.19+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-2336":{"scope":"remote","description":"sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.","releases":{"jessie":{"fixed_version":"5.4.3","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-9138":{"scope":"remote","description":"PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::__toString with DateInterval::__wakeup.","releases":{"jessie":{"fixed_version":"5.6.28+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-9137":{"scope":"remote","description":"Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing.","releases":{"jessie":{"fixed_version":"5.6.27+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"TEMP-0000000-EA5272":{"releases":{"jessie":{"fixed_version":"5.6.19+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2011-0420":{"scope":"remote","description":"The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference.","releases":{"jessie":{"fixed_version":"5.3.6-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-0421":{"scope":"remote","description":"The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation.","releases":{"jessie":{"fixed_version":"5.3.6-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-4023":{"debianbug":382257,"scope":"remote","description":"The ip2long function in PHP 5.1.4 and earlier may incorrectly validate an arbitrary string and return a valid network IP address, which allows remote attackers to obtain network information and facilitate other attacks, as demonstrated using SQL injection in the X-FORWARDED-FOR Header in index.php in MiniBB 2.0.  NOTE: it could be argued that the ip2long behavior represents a risk for security-relevant issues in a way that is similar to strcpy's role in buffer overflows, in which case this would be a class of implementation bugs that would require separate CVE items for each PHP application that uses ip2long in a security-relevant manner.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2006-4020":{"debianbug":382256,"scope":"local","description":"scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows context-dependent attackers to execute arbitrary code via a sscanf PHP function call that performs argument swapping, which increments an index past the end of an array and triggers a buffer over-read.","releases":{"jessie":{"fixed_version":"5.1.6-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-5630":{"scope":"remote","description":"PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2008-5658":{"debianbug":507857,"scope":"remote","description":"Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.","releases":{"jessie":{"fixed_version":"5.2.6.dfsg.1-3","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-0755":{"scope":"remote","description":"Integer overflow in the mt_rand function in PHP before 5.3.4 might make it easier for context-dependent attackers to predict the return values by leveraging a script's use of a large max parameter, as demonstrated by a value that exceeds mt_getrandmax.","releases":{"jessie":{"fixed_version":"5.3.5-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-2844":{"scope":"remote","description":"PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, does not ensure thread safety for libc crypt function calls using protection schemes such as a mutex, which creates race conditions that allow remote attackers to overwrite internal program memory and gain system access.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-0754":{"scope":"local","description":"The SplFileInfo::getType function in the Standard PHP Library (SPL) extension in PHP before 5.3.4 on Windows does not properly detect symbolic links, which might make it easier for local users to conduct symlink attacks by leveraging cross-platform differences in the stat structure, related to lack of a FILE_ATTRIBUTE_REPARSE_POINT check.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-0753":{"scope":"remote","description":"Race condition in the PCNTL extension in PHP before 5.3.4, when a user-defined signal handler exists, might allow context-dependent attackers to cause a denial of service (memory corruption) via a large number of concurrent signals.","releases":{"jessie":{"fixed_version":"5.3.5-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-0752":{"scope":"remote","description":"The extract function in PHP before 5.2.15 does not prevent use of the EXTR_OVERWRITE parameter to overwrite (1) the GLOBALS superglobal array and (2) the this variable, which allows context-dependent attackers to bypass intended access restrictions by modifying data structures that were not intended to depend on external input, a related issue to CVE-2005-2691 and CVE-2006-3758.","releases":{"jessie":{"fixed_version":"5.3.3-7","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-2727":{"scope":"remote","description":"The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls php_rand_r with an uninitialized seed variable and therefore always generates the same initialization vector (IV), which might allow context-dependent attackers to decrypt certain data more easily because of the guessable encryption keys.","releases":{"jessie":{"fixed_version":"5.2.2-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-2728":{"scope":"remote","description":"The soap extension in PHP calls php_rand_r with an uninitialized seed variable, which has unknown impact and attack vectors, a related issue to the mcrypt_create_iv issue covered by CVE-2007-2727.","releases":{"jessie":{"fixed_version":"5.2.3-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-9621":{"scope":"remote","description":"The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string.","releases":{"jessie":{"fixed_version":"5.6.5+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-9620":{"scope":"remote","description":"The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-11145":{"scope":"remote","description":"In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an error in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: the correct fix is in the e8b7698f5ee757ce2c8bd10a192a491a498f891c commit, not the bd77ac90d3bdf31ce2a5251ad92e9e75 gist.","releases":{"jessie":{"fixed_version":"5.6.33+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-11147":{"scope":"remote","description":"In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c.","releases":{"jessie":{"fixed_version":"5.6.30+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-5465":{"debianbug":396764,"scope":"remote","description":"Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions.","releases":{"jessie":{"fixed_version":"5.1.6-6","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high","status":"resolved"}}}}
{"CVE-2017-11142":{"scope":"remote","description":"In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/php_variables.c.","releases":{"jessie":{"fixed_version":"5.6.33+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-11144":{"scope":"remote","description":"In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission.","releases":{"jessie":{"fixed_version":"5.6.33+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-11143":{"scope":"remote","description":"In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c.","releases":{"jessie":{"fixed_version":"5.6.33+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-19518":{"debianbug":913775,"scope":"remote","description":"University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a \"-oProxyCommand\" argument.","releases":{"jessie":{"fixed_version":"5.6.39+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-1864":{"scope":"remote","description":"Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors.","releases":{"jessie":{"fixed_version":"5.2.2-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2005-3054":{"debianbug":353585,"scope":"local","description":"fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not properly restrict access to other directories when the open_basedir directive includes a trailing slash, which allows PHP scripts in one directory to access files in other directories whose names are substrings of the original directory.","releases":{"jessie":{"fixed_version":"5.0.5-2","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2014-4049":{"debianbug":751364,"scope":"remote","description":"Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function.","releases":{"jessie":{"fixed_version":"5.6.0~beta4+dfsg-3","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-3806":{"debianbug":441433,"scope":"remote","description":"The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initialization for a glob structure.","releases":{"jessie":{"fixed_version":"5.2.4-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2006-4486":{"scope":"remote","description":"Integer overflow in memory allocation routines in PHP before 5.1.6, when running on a 64-bit system, allows context-dependent attackers to bypass the memory_limit restriction.","releases":{"jessie":{"fixed_version":"5.1.6-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2002-1954":{"debianbug":336654,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the query string argument, as demonstrated using soinfo.php.","releases":{"jessie":{"fixed_version":"5.1.1-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2006-4485":{"scope":"remote","description":"The stripos function in PHP before 5.1.5 has unknown impact and attack vectors related to an out-of-bounds read.","releases":{"jessie":{"fixed_version":"5.1.6-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-4482":{"scope":"remote","description":"Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext/standard/string.c in PHP before 5.1.5, when used on a 64-bit system, have unspecified impact and attack vectors, a different vulnerability than CVE-2006-1990.","releases":{"jessie":{"fixed_version":"5.1.6-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2006-4483":{"scope":"remote","description":"The cURL extension files (1) ext/curl/interface.c and (2) ext/curl/streams.c in PHP before 5.1.5 permit the CURLOPT_FOLLOWLOCATION option when open_basedir or safe_mode is enabled, which allows attackers to perform unauthorized actions, possibly related to the realpath cache.","releases":{"jessie":{"fixed_version":"5.1.6-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-4481":{"scope":"local","description":"The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings.  NOTE: the error_log function is covered by CVE-2006-3011, and the imap_open function is covered by CVE-2006-1017.","releases":{"jessie":{"fixed_version":"5.1.6-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-0057":{"debianbug":656308,"scope":"remote","description":"PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension.","releases":{"jessie":{"fixed_version":"5.3.9-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-11035":{"scope":"remote","description":"When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"open"}}}}
{"CVE-2019-11036":{"debianbug":928421,"scope":"remote","description":"When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"open"}}}}
{"CVE-2019-11034":{"scope":"remote","description":"When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"open"}}}}
{"CVE-2014-3587":{"scope":"remote","description":"Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571.","releases":{"jessie":{"fixed_version":"5.6.0+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-2497":{"debianbug":744719,"scope":"remote","description":"The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.","releases":{"jessie":{"fixed_version":"5.6.0~rc4+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-4418":{"scope":"remote","description":"The unserialize function in PHP 5.3.0 and earlier allows context-dependent attackers to cause a denial of service (resource consumption) via a deeply nested serialized variable, as demonstrated by a string beginning with a:1: followed by many {a:1: sequences.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2014-4670":{"scope":"local","description":"Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments.","releases":{"jessie":{"fixed_version":"5.6.0~rc3+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-3450":{"debianbug":683694,"scope":"remote","description":"pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value.","releases":{"jessie":{"fixed_version":"5.4.4-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2015-8879":{"scope":"remote","description":"The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table.","releases":{"jessie":{"fixed_version":"5.6.12+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8877":{"scope":"remote","description":"The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function.","releases":{"jessie":{"fixed_version":"5.6.12+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8878":{"scope":"remote","description":"main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before 5.6.12 does not ensure thread safety, which allows remote attackers to cause a denial of service (race condition and heap memory corruption) by leveraging an application that performs many temporary-file accesses.","releases":{"jessie":{"fixed_version":"5.6.12+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-2376":{"scope":"remote","description":"Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types, as exploited in the wild in May 2012.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-5773":{"scope":"remote","description":"php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data containing a ZipArchive object.","releases":{"jessie":{"fixed_version":"5.6.23+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-5772":{"scope":"remote","description":"Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call.","releases":{"jessie":{"fixed_version":"5.6.23+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-3018":{"scope":"remote","description":"Unspecified vulnerability in the session extension functionality in PHP before 5.1.3 has unknown impact and attack vectors related to heap corruption.","releases":{"jessie":{"fixed_version":"5.1.4-0.1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-3016":{"debianbug":382259,"scope":"remote","description":"Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to \"certain characters in session names,\" including special characters that are frequently associated with CRLF injection, SQL injection, cross-site scripting (XSS), and HTTP response splitting vulnerabilities.  NOTE: while the nature of the vulnerability is unspecified, it is likely that this is related to a violation of an expectation by PHP applications that the session name is alphanumeric, as implied in the PHP manual for session_name().","releases":{"jessie":{"fixed_version":"5.1.4-0.1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-5771":{"scope":"remote","description":"spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.","releases":{"jessie":{"fixed_version":"5.6.23+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-3017":{"debianbug":381998,"scope":"remote","description":"zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations.","releases":{"jessie":{"fixed_version":"5.1.4-0.1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2016-5770":{"scope":"remote","description":"Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer argument, a related issue to CVE-2016-5096.","releases":{"jessie":{"fixed_version":"5.6.23+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-14107":{"debianbug":874010,"scope":"remote","description":"The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mishandles EOCD records, which allows remote attackers to cause a denial of service (memory allocation failure in _zip_cdir_grow in zip_dirent.c) via a crafted ZIP archive.","releases":{"jessie":{"fixed_version":"5.6.33+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-3011":{"scope":"local","description":"The error_log function in basic_functions.c in PHP before 4.4.4 and 5.x before 5.1.5 allows local users to bypass safe mode and open_basedir restrictions via a \"php://\" or other scheme in the third argument, which disables safe mode.","releases":{"jessie":{"fixed_version":"5.1.6-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-0185":{"scope":"local","description":"sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client.","releases":{"jessie":{"fixed_version":"5.5.12+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-16642":{"scope":"remote","description":"In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145.","releases":{"jessie":{"fixed_version":"5.6.33+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-1272":{"scope":"remote","description":"The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x before 5.2.9 allows context-dependent attackers to cause a denial of service (crash) via a ZIP file that contains filenames with relative paths, which is not properly handled during extraction.","releases":{"jessie":{"fixed_version":"5.2.6.dfsg.1-3","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-1271":{"scope":"remote","description":"The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function.","releases":{"jessie":{"fixed_version":"5.2.9.dfsg.1-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8876":{"scope":"remote","description":"Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not validate certain Exception objects, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger unintended method execution via crafted serialized data.","releases":{"jessie":{"fixed_version":"5.6.12+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-8994":{"scope":"remote","description":"An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/mod_php or php-fpm with OpCache enabled. With 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a non-default configuration with the opcache.validate_permission=1 setting. The vulnerability details are as follows. In PHP SAPIs where PHP interpreters share a common parent process, Zend OpCache creates a shared memory object owned by the common parent during initialization. Child PHP processes inherit the SHM descriptor, using it to cache and retrieve compiled script bytecode (\"opcode\" in PHP jargon). Cache keys vary depending on configuration, but filename is a central key component, and compiled opcode can generally be run if a script's filename is known or can be guessed. Many common shared-hosting configurations change EUID in child processes to enforce privilege separation among hosted users (for example using mod_ruid2 for the Apache HTTP Server, or php-fpm user settings). In these scenarios, the default Zend OpCache behavior defeats script file permissions by sharing a single SHM cache among all child PHP processes. PHP scripts often contain sensitive information: Think of CMS configurations where reading or running another user's script usually means gaining privileges to the CMS database.","releases":{"jessie":{"fixed_version":"5.6.29+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8873":{"scope":"remote","description":"Stack consumption vulnerability in Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service (segmentation fault) via recursive method calls.","releases":{"jessie":{"fixed_version":"5.6.12+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8874":{"debianbug":824627,"scope":"remote","description":"Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call.","releases":{"jessie":{"fixed_version":"5.6.12+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-1710":{"scope":"local","description":"The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files by referring to local files with a certain URL syntax instead of a pathname syntax, as demonstrated by a filename preceded a \"php://../../\" sequence.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2007-1711":{"scope":"remote","description":"Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables pointing to (1) the GLOBALS array or (2) the session data in _SESSION.  NOTE: this issue was introduced when attempting to patch CVE-2007-1701 (MOPB-31-2007).","releases":{"jessie":{"fixed_version":"5.2.0-9","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-2143":{"scope":"remote","description":"The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.","releases":{"jessie":{"fixed_version":"5.3.3-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-2386":{"scope":"remote","description":"Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow.","releases":{"jessie":{"fixed_version":"5.4.4~rc1-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-1835":{"scope":"local","description":"PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session save path (session.save_path), uses the TMPDIR default after checking the restrictions, which allows local users to bypass open_basedir restrictions.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2007-0988":{"scope":"remote","description":"The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a negative value, as demonstrated by an \"a:2147483649:{\" argument.","releases":{"jessie":{"fixed_version":"5.2.0-9","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-1718":{"scope":"remote","description":"CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the (1) Subject or (2) To parameter, as demonstrated by a parameter containing a \"\\r\\n\\t\\n\" sequence, related to an increment bug in the SKIP_LONG_HEADER_SEP macro.","releases":{"jessie":{"fixed_version":"5.2.0-11","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2008-0674":{"scope":"remote","description":"Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-1717":{"scope":"remote","description":"The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 truncates e-mail messages at the first ASCIIZ ('\\0') byte, which might allow context-dependent attackers to prevent intended information from being delivered in e-mail messages.  NOTE: this issue might be security-relevant in cases when the trailing contents of e-mail messages are important, such as logging information or if the message is expected to be well-formed.","releases":{"jessie":{"fixed_version":"5.2.2-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-7068":{"debianbug":507101,"scope":"remote","description":"The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) via a key with the NULL byte.  NOTE: this might only be a vulnerability in limited circumstances in which the attacker can modify or add database entries but does not have permissions to truncate the file.","releases":{"jessie":{"fixed_version":"5.2.6.dfsg.1-3","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-0097":{"scope":"remote","description":"Stack-based buffer overflow in the create_named_pipe function in libmysql.c in PHP 4.3.10 and 4.4.x before 4.4.3 for Windows allows attackers to execute arbitrary code via a long (1) arg_host or (2) arg_unix_socket argument, as demonstrated by a long named pipe variable in the host argument to the mysql_connect function.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-5769":{"scope":"remote","description":"Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted length value, related to the (1) mcrypt_generic and (2) mdecrypt_generic functions.","releases":{"jessie":{"fixed_version":"5.6.23+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-5766":{"debianbug":829014,"scope":"remote","description":"Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.","releases":{"jessie":{"fixed_version":"5.6.23+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5768":{"scope":"remote","description":"Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by leveraging a callback exception.","releases":{"jessie":{"fixed_version":"5.6.23+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-5767":{"scope":"remote","description":"Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted image dimensions.","releases":{"jessie":{"fixed_version":"5.6.23+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-1171":{"scope":"remote","description":"The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the open_basedir protection mechanism and read arbitrary files via vectors involving a stream_close method call during use of a custom stream wrapper.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2012-1172":{"debianbug":663760,"scope":"remote","description":"The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions.","releases":{"jessie":{"fixed_version":"5.4.0-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-1657":{"scope":"remote","description":"The (1) ZipArchive::addGlob and (2) ZipArchive::addPattern functions in ext/zip/php_zip.c in PHP 5.3.6 allow context-dependent attackers to cause a denial of service (application crash) via certain flags arguments, as demonstrated by (a) GLOB_ALTDIRFUNC and (b) GLOB_APPEND.","releases":{"jessie":{"fixed_version":"5.3.7-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-1700":{"scope":"remote","description":"The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, calculates the reference count for the session variables without considering the internal pointer from the session globals, which allows context-dependent attackers to execute arbitrary code via a crafted string in the session_register after unsetting HTTP_SESSION_VARS and _SESSION, which destroys the session data Hashtable.","releases":{"jessie":{"fixed_version":"5.2.0-9","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-3365":{"scope":"remote","description":"The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2007-1824":{"scope":"remote","description":"Buffer overflow in the php_stream_filter_create function in PHP 5 before 5.2.1 allows remote attackers to cause a denial of service (application crash) via a php://filter/ URL that has a name ending in the '.' character.","releases":{"jessie":{"fixed_version":"5.2.0-11","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium","status":"resolved"}}}}
{"TEMP-0000000-F26C42":{"releases":{"jessie":{"fixed_version":"5.6.19+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2007-1701":{"scope":"remote","description":"PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling session_decode on a string beginning with \"_SESSION|s:39:\".","releases":{"jessie":{"fixed_version":"5.2.0-9","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-4541":{"scope":"remote","description":"The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset.","releases":{"jessie":{"fixed_version":"5.6.22+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-4540":{"scope":"remote","description":"The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset.","releases":{"jessie":{"fixed_version":"5.6.22+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-4543":{"scope":"remote","description":"The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.","releases":{"jessie":{"fixed_version":"5.6.22+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-4542":{"scope":"remote","description":"The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.","releases":{"jessie":{"fixed_version":"5.6.22+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-0441":{"debianbug":618489,"scope":"local","description":"The Debian GNU/Linux /etc/cron.d/php5 cron job for PHP 5.3.5 allows local users to delete arbitrary files via a symlink attack on a directory under /var/lib/php5/.","releases":{"jessie":{"fixed_version":"5.3.6-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-4544":{"scope":"remote","description":"The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.","releases":{"jessie":{"fixed_version":"5.6.22+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-3670":{"scope":"remote","description":"The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted JPEG image with TIFF thumbnail data that is improperly handled by the exif_thumbnail function.","releases":{"jessie":{"fixed_version":"5.6.2+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-6039":{"debianbug":453295,"scope":"local","description":"PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in (1) the domain parameter to the dgettext function, the message parameter to the (2) dcgettext or (3) gettext function, the msgid1 parameter to the (4) dngettext or (5) ngettext function, or (6) the classname parameter to the stream_wrapper_register function.  NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless this issue can be demonstrated for code execution.","releases":{"jessie":{"fixed_version":"5.2.5-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-3735":{"scope":"remote","description":"** DISPUTED ** The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 before RC2, does not properly determine whether a parser error occurred, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted function definition, as demonstrated by an attack within a shared web-hosting environment.  NOTE: the vendor's http://php.net/security-note.php page says \"for critical security situations you should be using OS-level security by running multiple web servers each as their own user id.\"","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2011-1469":{"scope":"remote","description":"Unspecified vulnerability in the Streams component in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) by accessing an ftp:// URL during use of an HTTP proxy with the FTP wrapper.","releases":{"jessie":{"fixed_version":"5.3.6-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-1468":{"scope":"remote","description":"Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 might allow remote attackers to cause a denial of service (memory consumption) via (1) plaintext data to the openssl_encrypt function or (2) ciphertext data to the openssl_decrypt function.","releases":{"jessie":{"fixed_version":"5.3.6-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-1467":{"scope":"remote","description":"Unspecified vulnerability in the NumberFormatter::setSymbol (aka numfmt_set_symbol) function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument, a related issue to CVE-2010-4409.","releases":{"jessie":{"fixed_version":"5.3.6-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-6977":{"debianbug":920645,"scope":"remote","description":"gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2011-1466":{"scope":"remote","description":"Integer overflow in the SdnToJulian function in the Calendar extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a large integer in the first argument to the cal_from_jd function.","releases":{"jessie":{"fixed_version":"5.3.6-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0540606-8877D9":{"debianbug":540606,"releases":{"jessie":{"fixed_version":"5.3.1-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-1464":{"scope":"remote","description":"Buffer overflow in the strval function in PHP before 5.3.6, when the precision configuration option has a large value, might allow context-dependent attackers to cause a denial of service (application crash) via a small numerical value in the argument.","releases":{"jessie":{"fixed_version":"5.3.6-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-4538":{"scope":"remote","description":"The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without considering whether they are copies of the _zero_, _one_, or _two_ global variable, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call.","releases":{"jessie":{"fixed_version":"5.6.22+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-4433":{"scope":"remote","description":"PHP before 4.4.3 and 5.x before 5.1.4 does not limit the character set of the session identifier (PHPSESSID) for third party session handlers, which might make it easier for remote attackers to exploit other vulnerabilities by inserting PHP code into the PHPSESSID, which is stored in the session file.  NOTE: it could be argued that this not a vulnerability in PHP itself, rather a design limitation that enables certain attacks against session handlers that do not account for this limitation.","releases":{"jessie":{"fixed_version":"5.1.4-0.1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-4537":{"scope":"remote","description":"The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer for the scale argument, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call.","releases":{"jessie":{"fixed_version":"5.6.22+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-4539":{"debianbug":835032,"scope":"remote","description":"The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in the second argument, leading to a parser level of zero.","releases":{"jessie":{"fixed_version":"5.6.22+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-1643":{"debianbug":702221,"scope":"remote","description":"The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-1824.","releases":{"jessie":{"fixed_version":"5.4.4-14","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-19935":{"scope":"remote","description":"ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function.","releases":{"jessie":{"fixed_version":"5.6.39+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-0910":{"debianbug":410561,"scope":"remote","description":"Unspecified vulnerability in PHP before 5.2.1 allows attackers to \"clobber\" certain super-global variables via unspecified vectors.","releases":{"jessie":{"fixed_version":"5.2.0-9","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2007-0911":{"debianbug":410561,"scope":"remote","description":"Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service (crash).","releases":{"jessie":{"fixed_version":"5.2.2-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2008-2665":{"scope":"remote","description":"Directory traversal vulnerability in the posix_access function in PHP 5.2.6 and earlier allows remote attackers to bypass safe_mode restrictions via a .. (dot dot) in an http URL, which results in the URL being canonicalized to a local filename after the safe_mode check has successfully run.","releases":{"jessie":{"fixed_version":"5.2.6.dfsg.1-3","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-1471":{"scope":"remote","description":"Integer signedness error in zip_stream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive file that triggers errors in zip_fread function calls.","releases":{"jessie":{"fixed_version":"5.3.6-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-1470":{"scope":"remote","description":"The Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a ziparchive stream that is not properly handled by the stream_get_contents function.","releases":{"jessie":{"fixed_version":"5.3.6-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-2202":{"scope":"remote","description":"The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a \"file path injection vulnerability.\"","releases":{"jessie":{"fixed_version":"5.3.6-12","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-9912":{"scope":"remote","description":"The get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not properly restrict calls to the ICU uresbund.cpp component, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a locale_get_display_name call with a long first argument.","releases":{"jessie":{"fixed_version":"5.6.0+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-2666":{"scope":"remote","description":"Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier allow context-dependent attackers to bypass safe_mode restrictions by creating a subdirectory named http: and then placing ../ (dot dot slash) sequences in an http URL argument to the (1) chdir or (2) ftok function.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2008-5814":{"debianbug":523028,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.  NOTE: because of the lack of details, it is unclear whether this is related to CVE-2006-0208.","releases":{"jessie":{"fixed_version":"5.2.11.dfsg.1-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"TEMP-0800564-79703B":{"debianbug":800564,"releases":{"jessie":{"nodsa":"Too intrusive to backport","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"not yet assigned","nodsa_reason":"ignored","status":"open"}}}}
{"CVE-2017-7890":{"debianbug":869263,"scope":"remote","description":"The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"TEMP-0000000-FE3BD0":{"releases":{"jessie":{"fixed_version":"5.6.17+dfsg-0+deb8u1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2011-4718":{"scope":"remote","description":"Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID.","releases":{"jessie":{"fixed_version":"5.5.2+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-1917":{"scope":"remote","description":"Stack consumption vulnerability in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (PHP crash) via a crafted first argument to the fnmatch function, as demonstrated using a long string.","releases":{"jessie":{"fixed_version":"5.3.3-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-1914":{"scope":"remote","description":"The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information by interrupting the handler for the (1) ZEND_BW_XOR opcode (shift_left_function), (2) ZEND_SL opcode (bitwise_xor_function), or (3) ZEND_SR opcode (shift_right_function), related to the convert_to_long_base function.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2010-1915":{"scope":"remote","description":"The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature, modification of ZVALs whose values are not updated in the associated local variables, and access of previously-freed memory.","releases":{"jessie":{"repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2014-4698":{"scope":"local","description":"Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments.","releases":{"jessie":{"fixed_version":"5.6.0~rc3+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-3487":{"scope":"remote","description":"The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.","releases":{"jessie":{"fixed_version":"5.6.0~rc1+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-2270":{"debianbug":740960,"scope":"remote","description":"softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.","releases":{"jessie":{"fixed_version":"5.5.10+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-3480":{"scope":"remote","description":"The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.","releases":{"jessie":{"fixed_version":"5.6.0~rc1+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-0599":{"scope":"remote","description":"The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.","releases":{"jessie":{"fixed_version":"5.2.6-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-1900":{"scope":"remote","description":"CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\\n' character, which causes a regular expression to ignore the subsequent part of the address string.","releases":{"jessie":{"fixed_version":"5.2.0-11","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-3478":{"scope":"remote","description":"Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion.","releases":{"jessie":{"fixed_version":"5.6.0~rc1+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-3597":{"scope":"remote","description":"Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function.  NOTE: this issue exists because of an incomplete fix for CVE-2014-4049.","releases":{"jessie":{"fixed_version":"5.6.0+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-1015":{"debianbug":368592,"scope":"remote","description":"Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mail function, allows remote attackers to read and create arbitrary files via the sendmail -C and -X arguments.  NOTE: it could be argued that this is a class of technology-specific vulnerability, instead of a particular instance; if so, then this should not be included in CVE.","releases":{"jessie":{"fixed_version":"5.1.4-0.1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-1014":{"debianbug":368592,"scope":"local","description":"Argument injection vulnerability in certain PHP 4.x and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mb_send_mail function, allows context-dependent attackers to read and create arbitrary files by providing extra -C and -X arguments to sendmail.  NOTE: it could be argued that this is a class of technology-specific vulnerability, instead of a particular instance; if so, then this should not be included in CVE.","releases":{"jessie":{"fixed_version":"5.1.4-0.1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-3479":{"scope":"remote","description":"The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.","releases":{"jessie":{"fixed_version":"5.6.0~rc1+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-1494":{"debianbug":361855,"scope":"remote","description":"Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass open_basedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function.","releases":{"jessie":{"fixed_version":"5.1.4-0.1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-1490":{"debianbug":359904,"scope":"remote","description":"PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a \"binary safety\" issue.  NOTE: this issue has been referred to as a \"memory leak,\" but it is an information leak that discloses memory contents.","releases":{"jessie":{"fixed_version":"5.1.4-0.1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-2020":{"scope":"remote","description":"ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value, a different vulnerability than CVE-2013-7226.","releases":{"jessie":{"fixed_version":"5.5.9+dfsg-1","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-1635":{"debianbug":702221,"scope":"remote","description":"ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory.","releases":{"jessie":{"fixed_version":"5.4.4-14","repositories":{"jessie":"5.6.33+dfsg-0+deb8u1","jessie-security":"5.6.40+dfsg-0+deb8u2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2003-0188":{"scope":"local","description":"lv reads a .lv file from the current working directory, which allows local users to execute arbitrary commands as other lv users by placing malicious .lv files into other directories.","releases":{"buster":{"fixed_version":"4.49.5-2","repositories":{"buster":"4.51-5"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.49.5-2","repositories":{"stretch":"4.51-3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.49.5-2","repositories":{"jessie":"4.51-2.2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.49.5-2","repositories":{"sid":"4.51-5"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2003-0214":{"scope":"local","description":"run-mailcap in mime-support 3.22 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.","releases":{"buster":{"fixed_version":"3.23-1","repositories":{"buster":"3.62"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.23-1","repositories":{"stretch":"3.60"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.23-1","repositories":{"jessie":"3.58"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.23-1","repositories":{"sid":"3.62"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-7209":{"scope":"remote","description":"run-mailcap in the Debian mime-support package before 3.52-1+deb7u1 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename.","releases":{"buster":{"fixed_version":"3.58","repositories":{"buster":"3.62"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.58","repositories":{"stretch":"3.60"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.58","repositories":{"jessie":"3.58"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.58","repositories":{"sid":"3.62"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-5065":{"debianbug":617998,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) before 5.0 allows remote attackers to inject arbitrary web script or HTML via vectors involving nested CDATA stanzas.","releases":{"buster":{"fixed_version":"5.0.1-1","repositories":{"buster":"5.2.1-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"5.0.1-1","repositories":{"stretch":"5.1.3-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"5.0.1-1","repositories":{"jessie":"5.1.3-3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"5.0.1-1","repositories":{"sid":"5.2.1-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-2921":{"debianbug":674167,"scope":"remote","description":"Universal Feed Parser (aka feedparser or python-feedparser) before 5.1.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML ENTITY declaration in a non-ASCII encoded document.","releases":{"buster":{"fixed_version":"5.1.2-1","repositories":{"buster":"5.2.1-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"5.1.2-1","repositories":{"stretch":"5.1.3-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"5.1.2-1","repositories":{"jessie":"5.1.3-3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"5.1.2-1","repositories":{"sid":"5.2.1-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-1158":{"debianbug":617998,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via an unexpected URI scheme, as demonstrated by a javascript: URI.","releases":{"buster":{"fixed_version":"5.0.1-1","repositories":{"buster":"5.2.1-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"5.0.1-1","repositories":{"stretch":"5.1.3-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"5.0.1-1","repositories":{"jessie":"5.1.3-3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"5.0.1-1","repositories":{"sid":"5.2.1-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-1157":{"debianbug":617998,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via malformed XML comments.","releases":{"buster":{"fixed_version":"5.0.1-1","repositories":{"buster":"5.2.1-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"5.0.1-1","repositories":{"stretch":"5.1.3-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"5.0.1-1","repositories":{"jessie":"5.1.3-3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"5.0.1-1","repositories":{"sid":"5.2.1-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-1156":{"debianbug":617998,"scope":"remote","description":"feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) before 5.0.1 allows remote attackers to cause a denial of service (application crash) via a malformed DOCTYPE declaration.","releases":{"buster":{"fixed_version":"5.0.1-1","repositories":{"buster":"5.2.1-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"5.0.1-1","repositories":{"stretch":"5.1.3-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"5.0.1-1","repositories":{"jessie":"5.1.3-3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"5.0.1-1","repositories":{"sid":"5.2.1-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-10164":{"scope":"remote","description":"Multiple integer overflows in libXpm before 3.5.12, when a program requests parsing XPM extensions on a 64-bit platform, allow remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via (1) the number of extensions or (2) their concatenated length in a crafted XPM file, which triggers a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"1:3.5.12-1","repositories":{"buster":"1:3.5.12-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:3.5.12-1","repositories":{"stretch":"1:3.5.12-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:3.5.12-0+deb8u1","repositories":{"jessie":"1:3.5.12-0+deb8u1","jessie-security":"1:3.5.12-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:3.5.12-1","repositories":{"sid":"1:3.5.12-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-9765":{"scope":"remote","description":"Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, as used on Axis cameras and other devices, allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via a large XML document, aka Devil's Ivy. NOTE: the large document would be blocked by many common web-server configurations on general-purpose computers.","releases":{"buster":{"fixed_version":"2.8.48-1","repositories":{"buster":"2.8.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.8.35-4+deb9u1","repositories":{"stretch":"2.8.35-4+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.8.17-1+deb8u1","repositories":{"jessie":"2.8.17-1+deb8u1","jessie-security":"2.8.17-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.8.48-1","repositories":{"sid":"2.8.75-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-7659":{"scope":"remote","description":"Genivia gSOAP 2.7.x and 2.8.x before 2.8.75 allows attackers to cause a denial of service (application abort) or possibly have unspecified other impact if a server application is built with the -DWITH_COOKIES flag. This affects the C/C++ libgsoapck/libgsoapck++ and libgsoapssl/libgsoapssl++ libraries, as these are built with that flag.","releases":{"buster":{"fixed_version":"2.8.75-1","repositories":{"buster":"2.8.75-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.8.35-4+deb9u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"2.8.17-1+deb8u2","repositories":{"jessie":"2.8.17-1+deb8u1","jessie-security":"2.8.17-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.8.75-1","repositories":{"sid":"2.8.75-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-4578":{"scope":"local","description":"The geli encryption provider 7 before r239184 on FreeBSD 10 uses a weak Master Key, which makes it easier for local users to defeat a cryptographic protection mechanism via a brute-force attack.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"10.3~svn296373-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2004-1004":{"scope":"remote","description":"Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.","releases":{"buster":{"fixed_version":"1:4.6.0-4.6.1-pre3-1","repositories":{"buster":"3:4.8.22-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:4.6.0-4.6.1-pre3-1","repositories":{"stretch":"3:4.8.18-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:4.6.0-4.6.1-pre3-1","repositories":{"jessie":"3:4.8.13-3"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:4.6.0-4.6.1-pre3-1","repositories":{"sid":"3:4.8.22-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-4463":{"debianbug":689571,"scope":"remote","description":"Midnight Commander (mc) 4.8.5 does not properly handle the (1) MC_EXT_SELECTED or (2) MC_EXT_ONLYTAGGED environment variables when multiple files are selected, which allows user-assisted remote attackers to execute arbitrary commands via a crafted file name.","releases":{"buster":{"fixed_version":"3:4.8.8-1","repositories":{"buster":"3:4.8.22-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3:4.8.8-1","repositories":{"stretch":"3:4.8.18-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3:4.8.8-1","repositories":{"jessie":"3:4.8.13-3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"3:4.8.8-1","repositories":{"sid":"3:4.8.22-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2004-0232":{"scope":"remote","description":"Multiple format string vulnerabilities in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.","releases":{"buster":{"fixed_version":"1:4.6.0-4.6.1-pre1-2","repositories":{"buster":"3:4.8.22-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.6.0-4.6.1-pre1-2","repositories":{"stretch":"3:4.8.18-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:4.6.0-4.6.1-pre1-2","repositories":{"jessie":"3:4.8.13-3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:4.6.0-4.6.1-pre1-2","repositories":{"sid":"3:4.8.22-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2004-0231":{"scope":"local","description":"Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with unknown impact, related to \"Insecure temporary file and directory creations.\"","releases":{"buster":{"fixed_version":"1:4.6.0-4.6.1-pre1-2","repositories":{"buster":"3:4.8.22-1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1:4.6.0-4.6.1-pre1-2","repositories":{"stretch":"3:4.8.18-1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1:4.6.0-4.6.1-pre1-2","repositories":{"jessie":"3:4.8.13-3"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1:4.6.0-4.6.1-pre1-2","repositories":{"sid":"3:4.8.22-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2004-0226":{"scope":"remote","description":"Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.","releases":{"buster":{"fixed_version":"1:4.6.0-4.6.1-pre1-2","repositories":{"buster":"3:4.8.22-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:4.6.0-4.6.1-pre1-2","repositories":{"stretch":"3:4.8.18-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:4.6.0-4.6.1-pre1-2","repositories":{"jessie":"3:4.8.13-3"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:4.6.0-4.6.1-pre1-2","repositories":{"sid":"3:4.8.22-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2004-1005":{"scope":"remote","description":"Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.","releases":{"buster":{"fixed_version":"1:4.6.0-4.6.1-pre3-1","repositories":{"buster":"3:4.8.22-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:4.6.0-4.6.1-pre3-1","repositories":{"stretch":"3:4.8.18-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:4.6.0-4.6.1-pre3-1","repositories":{"jessie":"3:4.8.13-3"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:4.6.0-4.6.1-pre3-1","repositories":{"sid":"3:4.8.22-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2004-1009":{"scope":"remote","description":"Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors.","releases":{"buster":{"fixed_version":"1:4.6.0-4.6.1-pre3-1","repositories":{"buster":"3:4.8.22-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.6.0-4.6.1-pre3-1","repositories":{"stretch":"3:4.8.18-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:4.6.0-4.6.1-pre3-1","repositories":{"jessie":"3:4.8.13-3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:4.6.0-4.6.1-pre3-1","repositories":{"sid":"3:4.8.22-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2003-1023":{"scope":"remote","description":"Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c for Midnight Commander (mc) 4.6.0 and earlier, and possibly later versions, allows remote attackers to execute arbitrary code during symlink conversion.","releases":{"buster":{"fixed_version":"1:4.6.0-4.6.1-pre1-1","repositories":{"buster":"3:4.8.22-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:4.6.0-4.6.1-pre1-1","repositories":{"stretch":"3:4.8.18-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:4.6.0-4.6.1-pre1-1","repositories":{"jessie":"3:4.8.13-3"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:4.6.0-4.6.1-pre1-1","repositories":{"sid":"3:4.8.22-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2004-1091":{"scope":"remote","description":"Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by triggering a null dereference.","releases":{"buster":{"fixed_version":"1:4.6.0-4.6.1-pre3-1","repositories":{"buster":"3:4.8.22-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.6.0-4.6.1-pre3-1","repositories":{"stretch":"3:4.8.18-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:4.6.0-4.6.1-pre3-1","repositories":{"jessie":"3:4.8.13-3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:4.6.0-4.6.1-pre3-1","repositories":{"sid":"3:4.8.22-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2004-1090":{"scope":"remote","description":"Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via \"a corrupt section header.\"","releases":{"buster":{"fixed_version":"1:4.6.0-4.6.1-pre3-1","repositories":{"buster":"3:4.8.22-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.6.0-4.6.1-pre3-1","repositories":{"stretch":"3:4.8.18-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:4.6.0-4.6.1-pre3-1","repositories":{"jessie":"3:4.8.13-3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:4.6.0-4.6.1-pre3-1","repositories":{"sid":"3:4.8.22-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2004-1093":{"scope":"remote","description":"Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via \"use of already freed memory.\"","releases":{"buster":{"fixed_version":"1:4.6.0-4.6.1-pre3-1","repositories":{"buster":"3:4.8.22-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.6.0-4.6.1-pre3-1","repositories":{"stretch":"3:4.8.18-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:4.6.0-4.6.1-pre3-1","repositories":{"jessie":"3:4.8.13-3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:4.6.0-4.6.1-pre3-1","repositories":{"sid":"3:4.8.22-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2004-1092":{"scope":"remote","description":"Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory.","releases":{"buster":{"fixed_version":"1:4.6.0-4.6.1-pre3-1","repositories":{"buster":"3:4.8.22-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.6.0-4.6.1-pre3-1","repositories":{"stretch":"3:4.8.18-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:4.6.0-4.6.1-pre3-1","repositories":{"jessie":"3:4.8.13-3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:4.6.0-4.6.1-pre3-1","repositories":{"sid":"3:4.8.22-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-0763":{"scope":"local","description":"Buffer overflow in Midnight Commander (mc) 4.5.55 and earlier may allow attackers to execute arbitrary code.","releases":{"buster":{"fixed_version":"1:4.6.0-4.6.1-pre3-1","repositories":{"buster":"3:4.8.22-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.6.0-4.6.1-pre3-1","repositories":{"stretch":"3:4.8.18-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:4.6.0-4.6.1-pre3-1","repositories":{"jessie":"3:4.8.13-3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:4.6.0-4.6.1-pre3-1","repositories":{"sid":"3:4.8.22-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2004-1176":{"scope":"remote","description":"Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.","releases":{"buster":{"fixed_version":"1:4.6.0-4.6.1-pre3-1","repositories":{"buster":"3:4.8.22-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:4.6.0-4.6.1-pre3-1","repositories":{"stretch":"3:4.8.18-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:4.6.0-4.6.1-pre3-1","repositories":{"jessie":"3:4.8.13-3"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:4.6.0-4.6.1-pre3-1","repositories":{"sid":"3:4.8.22-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2004-1175":{"scope":"remote","description":"fish.c in midnight commander allows remote attackers to execute arbitrary programs via \"insecure filename quoting,\" possibly using shell metacharacters.","releases":{"buster":{"fixed_version":"1:4.6.0-4.6.1-pre3-1","repositories":{"buster":"3:4.8.22-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:4.6.0-4.6.1-pre3-1","repositories":{"stretch":"3:4.8.18-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:4.6.0-4.6.1-pre3-1","repositories":{"jessie":"3:4.8.13-3"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:4.6.0-4.6.1-pre3-1","repositories":{"sid":"3:4.8.22-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2004-1174":{"scope":"remote","description":"direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by \"manipulating non-existing file handles.\"","releases":{"buster":{"fixed_version":"1:4.6.0-4.6.1-pre3-1","repositories":{"buster":"3:4.8.22-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.6.0-4.6.1-pre3-1","repositories":{"stretch":"3:4.8.18-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:4.6.0-4.6.1-pre3-1","repositories":{"jessie":"3:4.8.13-3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:4.6.0-4.6.1-pre3-1","repositories":{"sid":"3:4.8.22-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-0071":{"scope":"local","description":"The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid bits for pinentry programs, which allows local users to read or overwrite arbitrary files as gid 0.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.1.0-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.0.0-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.8.3-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.1.0-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-9267":{"scope":"local","description":"Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program.","releases":{"buster":{"fixed_version":"2.50-1","repositories":{"buster":"3.04-1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2.50-1","repositories":{"stretch":"2.51-1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"2.46-10+deb8u1","repositories":{"jessie":"2.46-10","jessie-security":"2.46-10+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2.50-1","repositories":{"sid":"3.04-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2015-9268":{"scope":"remote","description":"Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime.","releases":{"buster":{"fixed_version":"2.50-1","repositories":{"buster":"3.04-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.50-1","repositories":{"stretch":"2.51-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.46-10+deb8u1","repositories":{"jessie":"2.46-10","jessie-security":"2.46-10+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.50-1","repositories":{"sid":"3.04-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-3251":{"debianbug":376444,"scope":"remote","description":"Heap-based buffer overflow in the array_push function in hashcash.c for Hashcash before 1.21 might allow attackers to execute arbitrary code via crafted entries.","releases":{"buster":{"fixed_version":"1.21","repositories":{"buster":"1.21-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.21","repositories":{"stretch":"1.21-2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.21","repositories":{"jessie":"1.21-1.1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.21","repositories":{"sid":"1.21-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2005-0687":{"scope":"remote","description":"Format string vulnerability in Hashcash 1.16 allows remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via format string specifiers in a reply address, which is not properly handled when printing the header.","releases":{"buster":{"fixed_version":"1.17-1","repositories":{"buster":"1.21-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.17-1","repositories":{"stretch":"1.21-2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.17-1","repositories":{"jessie":"1.21-1.1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.17-1","repositories":{"sid":"1.21-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2019-8355":{"debianbug":927906,"scope":"remote","description":"An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integer overflow on the result of multiplication fed into the lsx_valloc macro that wraps malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow in channels_start in remix.c.","releases":{"buster":{"fixed_version":"14.4.2+git20190427-1","repositories":{"buster":"14.4.2+git20190427-1"},"urgency":"medium**","status":"resolved"},"stretch":{"repositories":{"stretch":"14.4.1-5+deb9u1"},"urgency":"medium**","status":"open"},"jessie":{"repositories":{"jessie":"14.4.1-5","jessie-security":"14.4.1-5+deb8u3"},"urgency":"medium**","status":"open"},"sid":{"fixed_version":"14.4.2+git20190427-1","repositories":{"sid":"14.4.2+git20190427-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-8354":{"debianbug":927906,"scope":"remote","description":"An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"14.4.2+git20190427-1","repositories":{"buster":"14.4.2+git20190427-1"},"urgency":"medium**","status":"resolved"},"stretch":{"repositories":{"stretch":"14.4.1-5+deb9u1"},"urgency":"medium**","status":"open"},"jessie":{"repositories":{"jessie":"14.4.1-5","jessie-security":"14.4.1-5+deb8u3"},"urgency":"medium**","status":"open"},"sid":{"fixed_version":"14.4.2+git20190427-1","repositories":{"sid":"14.4.2+git20190427-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2004-0557":{"debianbug":262083,"scope":"remote","description":"Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 through 12.17.4 allow remote attackers to execute arbitrary code via certain WAV file header fields.","releases":{"buster":{"fixed_version":"12.17.4-9","repositories":{"buster":"14.4.2+git20190427-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"12.17.4-9","repositories":{"stretch":"14.4.1-5+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"12.17.4-9","repositories":{"jessie":"14.4.1-5","jessie-security":"14.4.1-5+deb8u3"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"12.17.4-9","repositories":{"sid":"14.4.2+git20190427-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-18189":{"debianbug":881121,"scope":"remote","description":"In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allow a remote attacker to cause a denial-of-service.","releases":{"buster":{"fixed_version":"14.4.2-2","repositories":{"buster":"14.4.2+git20190427-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"14.4.1-5+deb9u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"14.4.1-5+deb8u2","repositories":{"jessie":"14.4.1-5","jessie-security":"14.4.1-5+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"14.4.2-2","repositories":{"sid":"14.4.2+git20190427-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-15372":{"debianbug":878808,"scope":"remote","description":"There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.","releases":{"buster":{"fixed_version":"14.4.2-2","repositories":{"buster":"14.4.2+git20190427-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"14.4.1-5+deb9u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"14.4.1-5+deb8u2","repositories":{"jessie":"14.4.1-5","jessie-security":"14.4.1-5+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"14.4.2-2","repositories":{"sid":"14.4.2+git20190427-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-8357":{"debianbug":927906,"scope":"remote","description":"An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c allows a NULL pointer dereference.","releases":{"buster":{"fixed_version":"14.4.2+git20190427-1","repositories":{"buster":"14.4.2+git20190427-1"},"urgency":"low","status":"resolved"},"stretch":{"repositories":{"stretch":"14.4.1-5+deb9u1"},"urgency":"low","status":"open"},"jessie":{"repositories":{"jessie":"14.4.1-5","jessie-security":"14.4.1-5+deb8u3"},"urgency":"low","status":"open"},"sid":{"fixed_version":"14.4.2+git20190427-1","repositories":{"sid":"14.4.2+git20190427-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-15371":{"debianbug":878809,"scope":"remote","description":"There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.","releases":{"buster":{"fixed_version":"14.4.2-2","repositories":{"buster":"14.4.2+git20190427-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"14.4.1-5+deb9u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"14.4.1-5+deb8u3","repositories":{"jessie":"14.4.1-5","jessie-security":"14.4.1-5+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"14.4.2-2","repositories":{"sid":"14.4.2+git20190427-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-8356":{"debianbug":927906,"scope":"remote","description":"An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the statically declared array, aka a stack-based buffer overflow.","releases":{"buster":{"fixed_version":"14.4.2+git20190427-1","repositories":{"buster":"14.4.2+git20190427-1"},"urgency":"medium**","status":"resolved"},"stretch":{"repositories":{"stretch":"14.4.1-5+deb9u1"},"urgency":"medium**","status":"open"},"jessie":{"repositories":{"jessie":"14.4.1-5","jessie-security":"14.4.1-5+deb8u3"},"urgency":"medium**","status":"open"},"sid":{"fixed_version":"14.4.2+git20190427-1","repositories":{"sid":"14.4.2+git20190427-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-15370":{"debianbug":878810,"scope":"remote","description":"There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.","releases":{"buster":{"fixed_version":"14.4.2-2","repositories":{"buster":"14.4.2+git20190427-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"14.4.1-5+deb9u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"14.4.1-5+deb8u2","repositories":{"jessie":"14.4.1-5","jessie-security":"14.4.1-5+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"14.4.2-2","repositories":{"sid":"14.4.2+git20190427-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-11332":{"debianbug":870328,"scope":"remote","description":"The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted wav file.","releases":{"buster":{"fixed_version":"14.4.2-2","repositories":{"buster":"14.4.2+git20190427-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"14.4.1-5+deb9u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"14.4.1-5+deb8u3","repositories":{"jessie":"14.4.1-5","jessie-security":"14.4.1-5+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"14.4.2-2","repositories":{"sid":"14.4.2+git20190427-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-15642":{"debianbug":882144,"scope":"remote","description":"In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file.","releases":{"buster":{"fixed_version":"14.4.2-2","repositories":{"buster":"14.4.2+git20190427-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"14.4.1-5+deb9u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"14.4.1-5+deb8u2","repositories":{"jessie":"14.4.1-5","jessie-security":"14.4.1-5+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"14.4.2-2","repositories":{"sid":"14.4.2+git20190427-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-8145":{"debianbug":773720,"scope":"remote","description":"Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecified impact via a crafted WAV file to the (1) start_read or (2) AdpcmReadBlock function.","releases":{"buster":{"fixed_version":"14.4.2-2","repositories":{"buster":"14.4.2+git20190427-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"14.4.1-5+deb9u1","repositories":{"stretch":"14.4.1-5+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"14.4.1-5+deb8u1","repositories":{"jessie":"14.4.1-5","jessie-security":"14.4.1-5+deb8u3"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"14.4.2-2","repositories":{"sid":"14.4.2+git20190427-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-11359":{"debianbug":870328,"scope":"remote","description":"The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted snd file, during conversion to a wav file.","releases":{"buster":{"fixed_version":"14.4.2-2","repositories":{"buster":"14.4.2+git20190427-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"14.4.1-5+deb9u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"14.4.1-5+deb8u3","repositories":{"jessie":"14.4.1-5","jessie-security":"14.4.1-5+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"14.4.2-2","repositories":{"sid":"14.4.2+git20190427-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-11358":{"debianbug":870328,"scope":"remote","description":"The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted hcom file.","releases":{"buster":{"fixed_version":"14.4.2-2","repositories":{"buster":"14.4.2+git20190427-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"14.4.1-5+deb9u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"14.4.1-5+deb8u3","repositories":{"jessie":"14.4.1-5","jessie-security":"14.4.1-5+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"14.4.2-2","repositories":{"sid":"14.4.2+git20190427-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2003-0212":{"scope":"remote","description":"handleAccept in rinetd before 0.62 does not properly resize the connection list when it becomes full and sets an array index incorrectly, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large number of connections.","releases":{"buster":{"fixed_version":"0.61-2","repositories":{"buster":"0.62.1sam-1.1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.61-2","repositories":{"stretch":"0.62.1sam-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.61-2","repositories":{"jessie":"0.62-5.1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.61-2","repositories":{"sid":"0.62.1sam-1.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-2091":{"debianbug":578663,"scope":"remote","description":"The authentication hook (mgs_hook_authz) in mod-gnutls 0.5.10 and earlier does not validate client certificates when \"GnuTLSClientVerify require\" is set, which allows remote attackers to spoof clients via a crafted certificate.","releases":{"buster":{"fixed_version":"0.6-1.3","repositories":{"buster":"0.9.0-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.6-1.3","repositories":{"stretch":"0.8.2-3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.6-1.3","repositories":{"sid":"0.9.0-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-5144":{"debianbug":578663,"scope":"remote","description":"mod-gnutls does not validate client certificates when \"GnuTLSClientVerify require\" is set in a directory context, which allows remote attackers to spoof clients via a crafted certificate.","releases":{"buster":{"fixed_version":"0.5.6-1","repositories":{"buster":"0.9.0-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.5.6-1","repositories":{"stretch":"0.8.2-3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.5.6-1","repositories":{"sid":"0.9.0-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2002-0658":{"scope":"local","description":"OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.","releases":{"buster":{"fixed_version":"1.1.3-7","repositories":{"buster":"1.4.2-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.1.3-7","repositories":{"stretch":"1.4.2-5"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.1.3-7","repositories":{"jessie":"1.4.2-5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.1.3-7","repositories":{"sid":"1.4.2-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-9765":{"debianbug":814067,"scope":"remote","description":"Buffer overflow in the main_get_appheader function in xdelta3-main.h in xdelta3 before 3.0.9 allows remote attackers to execute arbitrary code via a crafted input file.","releases":{"buster":{"fixed_version":"3.0.8-dfsg-1.1","repositories":{"buster":"3.0.11-dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.0.8-dfsg-1.1","repositories":{"stretch":"3.0.11-dfsg-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.0.8-dfsg-1+deb8u1","repositories":{"jessie":"3.0.8-dfsg-1+deb8u1","jessie-security":"3.0.8-dfsg-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.0.8-dfsg-1.1","repositories":{"sid":"3.0.11-dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-1000026":{"debianbug":868572,"scope":"remote","description":"Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable to a directory traversal attack allowing attackers to overwrite arbitrary files by using \"..\" in tar archive entries","releases":{"buster":{"fixed_version":"0.4.1-1","repositories":{"buster":"0.4.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.2.0-1+deb9u1","repositories":{"stretch-security":"0.2.0-1+deb9u1","stretch":"0.2.0-1+deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.4.1-1","repositories":{"sid":"0.4.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-7032":{"debianbug":840014,"scope":"remote","description":"webcheckout in myrepos through 1.20171231 does not sanitize URLs that are passed to git clone, allowing a malicious website operator or a MitM attacker to take advantage of it for arbitrary code execution, as demonstrated by an \"ext::sh -c\" attack or an option injection attack.","releases":{"jessie":{"fixed_version":"1.16","repositories":{"jessie":"1.16"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-1569":{"scope":"local","description":"policyd-weight 0.1.14 beta-16 and earlier allows local users to modify or delete arbitrary files via a symlink attack on temporary files that are used when creating a socket.","releases":{"buster":{"fixed_version":"0.1.14.17-1","repositories":{"buster":"0.1.15.2-12"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.1.14.17-1","repositories":{"stretch":"0.1.15.2-12"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.1.14.17-1","repositories":{"jessie":"0.1.15.2-10"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.1.14.17-1","repositories":{"sid":"0.1.15.2-12"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-1570":{"scope":"local","description":"Race condition in the create_lockpath function in policyd-weight 0.1.14 beta-16 allows local users to modify or delete arbitrary files by creating the LOCKPATH directory, then modifying it after the symbolic link check occurs.  NOTE: this is due to an incomplete fix for CVE-2008-1569.","releases":{"buster":{"fixed_version":"0.1.14.17-1","repositories":{"buster":"0.1.15.2-12"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.1.14.17-1","repositories":{"stretch":"0.1.15.2-12"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.1.14.17-1","repositories":{"jessie":"0.1.15.2-10"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.1.14.17-1","repositories":{"sid":"0.1.15.2-12"},"urgency":"low","status":"resolved"}}}}
{"CVE-2019-7653":{"debianbug":921751,"scope":"remote","description":"The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because \"python -m\" looks in this directory, as demonstrated by rdf2dot. This issue is specific to use of the debian/scripts directory.","releases":{"buster":{"fixed_version":"4.2.2-2","repositories":{"buster":"4.2.2-2"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"4.2.1-2"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"4.1.2-3+deb8u1","repositories":{"jessie":"4.1.2-3","jessie-security":"4.1.2-3+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.2.2-2","repositories":{"sid":"4.2.2-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-1175":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in apps/web/vs_diag.cgi in the DAAP extension in Banshee 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the server parameter, which is not properly handled in an error message.","releases":{"stretch":{"repositories":{"stretch":"2.6.2-6.1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.2-3"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2005-4791":{"debianbug":451548,"scope":"local","description":"Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) liferea or (2) banshee.","releases":{"stretch":{"fixed_version":"0.11.2+dfsg-1","repositories":{"stretch":"2.6.2-6.1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.11.2+dfsg-1","repositories":{"jessie":"2.6.2-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-3998":{"debianbug":605095,"scope":"local","description":"The (1) banshee-1 and (2) muinshee scripts in Banshee 1.8.0 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.  NOTE: Banshee might also be affected using GST_PLUGIN_PATH.","releases":{"stretch":{"fixed_version":"1.6.1-1.1","repositories":{"stretch":"2.6.2-6.1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.6.1-1.1","repositories":{"jessie":"2.6.2-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-3291":{"scope":"local","description":"Stani's Python Editor (SPE) 0.7.5 is installed with world-writable permissions, which allows local users to gain privileges by modifying executable files.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.8.4.h-3.2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"0.8.4.h-3.2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.8.4.h-3.1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.8.4.h-3.2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-8614":{"scope":"remote","description":"Multiple stack-based buffer overflows in the (1) conv_jistoeuc, (2) conv_euctojis, and (3) conv_sjistoeuc functions in codeconv.c in Claws Mail before 3.13.1 allow remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion.","releases":{"buster":{"fixed_version":"1.7.4-6","repositories":{"buster":"1.7.4-6"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.7.4-6","repositories":{"stretch":"1.7.4-6"},"urgency":"high**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.7.4-5"},"urgency":"high**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.7.4-6","repositories":{"sid":"1.7.4-6"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-8708":{"debianbug":811048,"scope":"remote","description":"Stack-based buffer overflow in the conv_euctojis function in codeconv.c in Claws Mail 3.13.1 allows remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8614.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.7.4-6"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.7.4-6"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.7.4-5"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.7.4-6"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-11461":{"debianbug":928054,"scope":"local","description":"An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal, allowing an attacker to escape the sandbox if the thumbnailer has a controlling terminal. This is due to improper filtering of the TIOCSTI ioctl on 64-bit systems, similar to CVE-2019-10063.","releases":{"buster":{"repositories":{"buster":"3.30.5-1"},"urgency":"medium**","status":"open"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"3.22.3-1+deb9u1","stretch":"3.22.3-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.14.1-2"},"urgency":"unimportant","status":"resolved"},"sid":{"repositories":{"sid":"3.30.5-1"},"urgency":"medium**","status":"open"}}}}
{"TEMP-0515104-609AB4":{"debianbug":515104,"releases":{"buster":{"fixed_version":"2.26.2-1","repositories":{"buster":"3.30.5-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.26.2-1","repositories":{"stretch-security":"3.22.3-1+deb9u1","stretch":"3.22.3-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.26.2-1","repositories":{"jessie":"3.14.1-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.26.2-1","repositories":{"sid":"3.30.5-1"},"urgency":"low","status":"resolved"}}}}
{"TEMP-0000000-BC4C2F":{"releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.30.5-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"3.22.3-1+deb9u1","stretch":"3.22.3-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.14.1-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.30.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-14604":{"debianbug":860268,"scope":"remote","description":"GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious \"sh -c\" command. In other words, Nautilus provides no UI indication that a file actually has the potentially unsafe .desktop extension; instead, the UI only shows the .pdf extension. One (slightly) mitigating factor is that an attack requires the .desktop file to have execute permission. The solution is to ask the user to confirm that the file is supposed to be treated as a .desktop file, and then remember the user's answer in the metadata::trusted field.","releases":{"buster":{"fixed_version":"3.25.90-1","repositories":{"buster":"3.30.5-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.22.3-1+deb9u1","repositories":{"stretch-security":"3.22.3-1+deb9u1","stretch":"3.22.3-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue, issue mitigated because does not silently decompress tarballs","repositories":{"jessie":"3.14.1-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3.25.90-1","repositories":{"sid":"3.30.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2228":{"debianbug":813573,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in horde/templates/topbar/_menubar.html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via the searchfield parameter, as demonstrated by a request to xplorer/gollem/manager.php.","releases":{"buster":{"fixed_version":"5.2.9+debian0-1","repositories":{"buster":"5.2.20+debian0-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"5.2.9+debian0-1","repositories":{"stretch":"5.2.13+debian0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"5.2.1+debian0-2+deb8u3","repositories":{"jessie":"5.2.1+debian0-2+deb8u3","jessie-security":"5.2.1+debian0-2+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"5.2.9+debian0-1","repositories":{"sid":"5.2.20+debian0-1"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0785364-25992B":{"debianbug":785364,"releases":{"buster":{"fixed_version":"5.2.5+debian0-1","repositories":{"buster":"5.2.20+debian0-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"5.2.5+debian0-1","repositories":{"stretch":"5.2.13+debian0-1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"5.2.1+debian0-2+deb8u1","repositories":{"jessie":"5.2.1+debian0-2+deb8u3","jessie-security":"5.2.1+debian0-2+deb8u4"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"5.2.5+debian0-1","repositories":{"sid":"5.2.20+debian0-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2017-16907":{"debianbug":909739,"scope":"remote","description":"In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action.","releases":{"buster":{"fixed_version":"5.2.18+debian0-1","repositories":{"buster":"5.2.20+debian0-1"},"urgency":"low**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"5.2.13+debian0-1"},"urgency":"low**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"5.2.1+debian0-2+deb8u4","repositories":{"jessie":"5.2.1+debian0-2+deb8u3","jessie-security":"5.2.1+debian0-2+deb8u4"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"5.2.18+debian0-1","repositories":{"sid":"5.2.20+debian0-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2013-6365":{"debianbug":730110,"releases":{"buster":{"fixed_version":"5.1.5+debian0-1","repositories":{"buster":"5.2.20+debian0-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"5.1.5+debian0-1","repositories":{"stretch":"5.2.13+debian0-1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"5.1.5+debian0-1","repositories":{"jessie":"5.2.1+debian0-2+deb8u3","jessie-security":"5.2.1+debian0-2+deb8u4"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"5.1.5+debian0-1","repositories":{"sid":"5.2.20+debian0-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2013-6364":{"debianbug":730979,"releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.2.20+debian0-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"5.2.13+debian0-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"5.2.1+debian0-2+deb8u3","jessie-security":"5.2.1+debian0-2+deb8u4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.2.20+debian0-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-1090":{"scope":"local","description":"The SUSE horde5 package before 5.0.2-2.4.1 sets incorrect ownership for certain configuration files and directories including /etc/apache2/vhosts.d, which allows local wwwrun users to gain privileges via unspecified vectors.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.2.20+debian0-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"5.2.13+debian0-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"5.2.1+debian0-2+deb8u3","jessie-security":"5.2.1+debian0-2+deb8u4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.2.20+debian0-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-7984":{"debianbug":803641,"scope":"remote","description":"Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary (1) commands via the cmd parameter to admin/cmdshell.php, (2) SQL queries via the sql parameter to admin/sqlshell.php, or (3) PHP code via the php parameter to admin/phpshell.php.","releases":{"buster":{"fixed_version":"5.2.8+debian0-1","repositories":{"buster":"5.2.20+debian0-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"5.2.8+debian0-1","repositories":{"stretch":"5.2.13+debian0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"5.2.1+debian0-2+deb8u2","repositories":{"jessie":"5.2.1+debian0-2+deb8u3","jessie-security":"5.2.1+debian0-2+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"5.2.8+debian0-1","repositories":{"sid":"5.2.20+debian0-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-6620":{"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in the (1) tasks and (2) search views in Horde Kronolith H4 before 3.0.17 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.","releases":{"buster":{"fixed_version":"4.0.2-1","repositories":{"buster":"4.2.25-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.0.2-1","repositories":{"stretch":"4.2.19-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.0.2-1","repositories":{"jessie":"4.2.2-4","jessie-security":"4.2.2-4+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.0.2-1","repositories":{"sid":"4.2.25-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-16906":{"debianbug":909737,"scope":"remote","description":"In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a \"Calendar -> New Event\" action.","releases":{"buster":{"fixed_version":"4.2.24-1","repositories":{"buster":"4.2.25-1"},"urgency":"low**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"4.2.19-1"},"urgency":"low**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"4.2.2-4+deb8u1","repositories":{"jessie":"4.2.2-4","jessie-security":"4.2.2-4+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.2.24-1","repositories":{"sid":"4.2.25-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-16908":{"debianbug":909738,"scope":"remote","description":"In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. This can be leveraged for remote code execution after compromising an administrator account, because the CVE-2015-7984 CSRF protection mechanism can then be bypassed.","releases":{"buster":{"fixed_version":"4.2.24-1","repositories":{"buster":"4.2.25-1"},"urgency":"low**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"4.2.19-1"},"urgency":"low**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.2.2-4","jessie-security":"4.2.2-4+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"4.2.24-1","repositories":{"sid":"4.2.25-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2013-6365":{"debianbug":730110,"releases":{"buster":{"fixed_version":"4.1.4-1","repositories":{"buster":"4.2.25-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"4.1.4-1","repositories":{"stretch":"4.2.19-1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"4.1.4-1","repositories":{"jessie":"4.2.2-4","jessie-security":"4.2.2-4+deb8u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"4.1.4-1","repositories":{"sid":"4.2.25-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2017-1000420":{"scope":"remote","description":"Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file overwrite","releases":{"buster":{"fixed_version":"0.14.36+ds1-1","repositories":{"buster":"1.0.0~ds1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.14.18+dfsg1-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.14.36+ds1-1","repositories":{"sid":"1.0.0~ds1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-3671":{"debianbug":379060,"scope":"remote","description":"Cross-site request forgery (CSRF) vulnerability in the communicate function in estmaster.c for Hyper Estraier before 1.3.3 allows remote attackers to perform unauthorized actions as other users via unknown vectors.","releases":{"stretch":{"fixed_version":"1.3.3-1","repositories":{"stretch":"1.4.13-14"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.3.3-1","repositories":{"jessie":"1.4.13-13"},"urgency":"low","status":"resolved"}}}}
{"CVE-2004-0014":{"scope":"remote","description":"Multiple buffer overflows in the nd WebDAV interface 0.8.2 and earlier allows remote web servers to execute arbitrary code via certain long strings.","releases":{"buster":{"fixed_version":"0.8.2-1","repositories":{"buster":"0.8.2-8"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.8.2-1","repositories":{"stretch":"0.8.2-8"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.8.2-1","repositories":{"jessie":"0.8.2-7"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.8.2-1","repositories":{"sid":"0.8.2-8"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-12559":{"debianbug":901798,"scope":"remote","description":"An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The mount target path check in mounter.cpp `mpOk()` is insufficient. A regular user can consequently mount a CIFS filesystem anywhere (e.g., outside of the /home directory tree) by passing directory traversal sequences such as a home/../usr substring.","releases":{"buster":{"fixed_version":"2.3.0.ds1-2","repositories":{"buster":"2.3.3.ds1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.0.1.ds1-2"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1.4.2.ds1-1"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.3.0.ds1-2","repositories":{"sid":"2.3.3.ds1-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-7301":{"scope":"remote","description":"Cantata before 1.2.2 does not restrict access to files in the play queue, which allows remote attackers to obtain sensitive information by reading the songs in the queue.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.3.3.ds1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.0.1.ds1-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.4.2.ds1-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.3.3.ds1-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-7300":{"scope":"remote","description":"Absolute path traversal vulnerability in cantata before 1.2.2 allows local users to read arbitrary files via a full pathname in a request to the internal httpd server.  NOTE: this vulnerability can be leveraged by remote attackers using CVE-2013-7301.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.3.3.ds1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.0.1.ds1-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.4.2.ds1-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.3.3.ds1-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-12560":{"debianbug":901798,"scope":"remote","description":"An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. Arbitrary unmounts can be performed by regular users via directory traversal sequences such as a home/../sys/kernel substring.","releases":{"buster":{"fixed_version":"2.3.0.ds1-2","repositories":{"buster":"2.3.3.ds1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.0.1.ds1-2"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1.4.2.ds1-1"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.3.0.ds1-2","repositories":{"sid":"2.3.3.ds1-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-12561":{"debianbug":901798,"scope":"remote","description":"An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. A regular user can inject additional mount options such as file_mode= by manipulating (for example) the domain parameter of the samba URL.","releases":{"buster":{"fixed_version":"2.3.0.ds1-2","repositories":{"buster":"2.3.3.ds1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.0.1.ds1-2"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1.4.2.ds1-1"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.3.0.ds1-2","repositories":{"sid":"2.3.3.ds1-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-12562":{"debianbug":901798,"scope":"remote","description":"An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The wrapper script 'mount.cifs.wrapper' uses the shell to forward the arguments to the actual mount.cifs binary. The shell evaluates wildcards (such as in an injected string:/home/../tmp/* string).","releases":{"buster":{"fixed_version":"2.3.0.ds1-2","repositories":{"buster":"2.3.3.ds1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.0.1.ds1-2"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1.4.2.ds1-1"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.3.0.ds1-2","repositories":{"sid":"2.3.3.ds1-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-9485":{"debianbug":924447,"releases":{"sid":{"fixed_version":"11.8.2-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-19585":{"scope":"local","description":"GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1 have CRLF Injection in Project Mirroring when using the Git protocol.","releases":{"sid":{"fixed_version":"11.3.11+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-19584":{"releases":{"sid":{"fixed_version":"0","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-5158":{"debianbug":926482,"scope":"remote","description":"The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.","releases":{"sid":{"fixed_version":"11.8.6+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-19583":{"releases":{"sid":{"fixed_version":"11.3.11+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-19582":{"releases":{"sid":{"fixed_version":"0","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-19581":{"releases":{"sid":{"fixed_version":"0","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-19580":{"releases":{"sid":{"fixed_version":"11.3.11+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2016-9469":{"debianbug":847157,"scope":"remote","description":"Multiple versions of GitLab expose a dangerous method to any authenticated user that could lead to the deletion of all Issue and MergeRequest objects on a GitLab instance. For GitLab instances with publicly available projects this vulnerability could be exploited by an unauthenticated user. A fix was included in versions 8.14.3, 8.13.8, and 8.12.11, which were released on December 5th 2016 at 3:59 PST. The GitLab versions vulnerable to this are 8.13.0, 8.13.0-ee, 8.13.1, 8.13.1-ee, 8.13.2, 8.13.2-ee, 8.13.3, 8.13.3-ee, 8.13.4, 8.13.4-ee, 8.13.5, 8.13.5-ee, 8.13.6, 8.13.6-ee, 8.13.7, 8.14.0, 8.14.0-ee, 8.14.1, 8.14.2, and 8.14.2-ee.","releases":{"sid":{"fixed_version":"8.13.6+dfsg2-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0900522-298D01":{"debianbug":900522,"releases":{"sid":{"fixed_version":"10.7.7+dfsg-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-10109":{"debianbug":926482,"scope":"remote","description":"An Information Exposure issue (issue 1 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. EXIF geolocation data were not removed from images when uploaded to GitLab. As a result, anyone with access to the uploaded image could obtain its geolocation, device, and software version data (if present).","releases":{"sid":{"fixed_version":"11.8.6+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-10108":{"scope":"remote","description":"An Incorrect Access Control (issue 1 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allowed non-members of a private project/group to add and read labels.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-14606":{"scope":"remote","description":"An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur via a Milestone name during a promotion.","releases":{"sid":{"fixed_version":"10.8.7+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-14603":{"scope":"remote","description":"An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. CSRF can occur in the Test feature of the System Hooks component.","releases":{"sid":{"fixed_version":"10.8.7+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0900522-27F98D":{"debianbug":900522,"releases":{"sid":{"fixed_version":"10.7.7+dfsg-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-14602":{"scope":"remote","description":"An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. Information Disclosure can occur because the Prometheus metrics feature discloses private project pathnames.","releases":{"sid":{"fixed_version":"10.8.7+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-8778":{"scope":"remote","description":"GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-14605":{"scope":"remote","description":"An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the branch name during a Web IDE file commit.","releases":{"sid":{"fixed_version":"10.8.7+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-14604":{"scope":"remote","description":"An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the tooltip of the job inside the CI/CD pipeline.","releases":{"sid":{"fixed_version":"10.8.7+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-18649":{"scope":"remote","description":"An issue was discovered in the wiki API in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for remote code execution.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-18648":{"scope":"remote","description":"An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through an Error Message.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-18647":{"scope":"remote","description":"An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Missing Authorization.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-14601":{"scope":"remote","description":"An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.2. A Denial of Service can occur because Markdown rendering times are slow.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-18646":{"scope":"remote","description":"An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows SSRF.","releases":{"sid":{"fixed_version":"11.2.8+dfsg-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-19856":{"scope":"remote","description":"GitLab CE/EE before 11.3.12, 11.4.x before 11.4.10, and 11.5.x before 11.5.3 allows Directory Traversal in Templates API.","releases":{"sid":{"fixed_version":"11.5.4+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-18645":{"scope":"remote","description":"An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for Information Exposure via unsubscribe links in email replies.","releases":{"sid":{"fixed_version":"11.2.8+dfsg-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0000000-077068":{"releases":{"sid":{"fixed_version":"11.1.8+dfsg-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-18644":{"scope":"remote","description":"An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows Information Exposure via a Gitlab Prometheus integration.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-19579":{"releases":{"sid":{"fixed_version":"0","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-18643":{"scope":"remote","description":"GitLab CE & EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 have Persistent XSS.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-19578":{"releases":{"sid":{"fixed_version":"0","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-18642":{"scope":"remote","description":"An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has XSS.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"TEMP-0900522-A18AAE":{"debianbug":900522,"releases":{"sid":{"fixed_version":"10.7.7+dfsg-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-19577":{"releases":{"sid":{"fixed_version":"11.3.11+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-17452":{"releases":{"sid":{"fixed_version":"11.1.8+dfsg-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-17453":{"releases":{"sid":{"fixed_version":"11.1.8+dfsg-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-6781":{"debianbug":921059,"scope":"local","description":"An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It was possible to use the profile name to inject a potentially malicious link into notification emails.","releases":{"sid":{"fixed_version":"11.5.10+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-17450":{"releases":{"sid":{"fixed_version":"11.1.8+dfsg-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-7353":{"scope":"local","description":"An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 11.7.x before 11.7.4. GitLab Releases were vulnerable to an authorization issue that allowed users to view confidential issue and merge request titles of other projects.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-6782":{"debianbug":921059,"releases":{"sid":{"fixed_version":"11.5.10+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-17451":{"releases":{"sid":{"fixed_version":"11.1.8+dfsg-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-10110":{"debianbug":926482,"scope":"remote","description":"An Insecure Permissions issue (issue 1 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The \"move issue\" feature may allow a user to create projects under any namespace on any GitLab instance on which they hold credentials.","releases":{"sid":{"fixed_version":"11.8.6+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-10112":{"scope":"remote","description":"An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The construction of the HMAC key was insecurely derived.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-10111":{"debianbug":926482,"scope":"remote","description":"An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allows persistent XSS in the merge request \"resolve conflicts\" page.","releases":{"sid":{"fixed_version":"11.8.6+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2019-9890":{"debianbug":924447,"scope":"remote","description":"An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions.","releases":{"sid":{"fixed_version":"11.8.2-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-6787":{"debianbug":921059,"scope":"local","description":"An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The GitLab API allowed project Maintainers and Owners to view the trigger tokens of other project users.","releases":{"sid":{"fixed_version":"11.5.10+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-10114":{"scope":"remote","description":"An Information Exposure issue (issue 2 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. During the OAuth authentication process, the application attempts to validate a parameter in an insecure way, potentially exposing data.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-6788":{"debianbug":921059,"releases":{"sid":{"fixed_version":"11.5.10+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-10113":{"debianbug":926482,"scope":"remote","description":"An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. Making concurrent GET /api/v4/projects/<id>/languages requests may allow Uncontrolled Resource Consumption.","releases":{"sid":{"fixed_version":"11.8.6+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-6789":{"debianbug":921059,"releases":{"sid":{"fixed_version":"11.5.10+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-10116":{"debianbug":926482,"scope":"remote","description":"An Insecure Permissions issue (issue 3 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. Guests of a project were allowed to see Related Branches created for an issue.","releases":{"sid":{"fixed_version":"11.8.6+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-10115":{"debianbug":926482,"scope":"remote","description":"An Insecure Permissions issue (issue 2 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The GitLab Releases feature could allow guest users access to private information like release details and code information.","releases":{"sid":{"fixed_version":"11.8.6+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-6783":{"debianbug":921059,"releases":{"sid":{"fixed_version":"11.5.10+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"TEMP-0900522-4405E2":{"debianbug":900522,"releases":{"sid":{"fixed_version":"10.7.7+dfsg-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-6784":{"debianbug":921059,"releases":{"sid":{"fixed_version":"11.5.10+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-10117":{"scope":"remote","description":"An Open Redirect issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. A redirect is triggered after successful authentication within the Oauth/:GeoAuthController for the secondary Geo node.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-6785":{"debianbug":921059,"releases":{"sid":{"fixed_version":"11.5.10+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-6786":{"debianbug":921059,"releases":{"sid":{"fixed_version":"11.5.10+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"TEMP-0902726-3BBE24":{"debianbug":902726,"releases":{"sid":{"fixed_version":"10.7.7+dfsg-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-10379":{"scope":"remote","description":"An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 10.5.8, 10.6.x before 10.6.5, and 10.7.x before 10.7.2. The Move Issue feature contained a persistent XSS vulnerability.","releases":{"sid":{"fixed_version":"10.6.5+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-7316":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in GitLab 6.0 and other versions before 6.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML file, as demonstrated by README.html.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-9243":{"debianbug":894869,"scope":"remote","description":"GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vulnerable to XSS because a lack of input validation in the merge request component leads to cross site scripting (specifically, filenames in changes tabs of merge requests). This is fixed in 10.6.3, 10.5.7, and 10.4.7.","releases":{"sid":{"fixed_version":"10.6.3+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-9244":{"debianbug":894868,"scope":"remote","description":"GitLab Community and Enterprise Editions version 9.2 up to 10.4 are vulnerable to XSS because a lack of input validation in the milestones component leads to cross site scripting (specifically, data-milestone-id in the milestone dropdown feature). This is fixed in 10.6.3, 10.5.7, and 10.4.7.","releases":{"sid":{"fixed_version":"10.6.3+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-17449":{"releases":{"sid":{"fixed_version":"11.1.8+dfsg-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-6790":{"debianbug":921059,"scope":"local","description":"An Incorrect Access Control (issue 2 of 3) issue was discovered in GitLab Community and Enterprise Edition 8.14 and later but before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. Guest users were able to view the list of a group's merge requests.","releases":{"sid":{"fixed_version":"11.5.10+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-6791":{"debianbug":921059,"releases":{"sid":{"fixed_version":"11.5.10+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-6792":{"debianbug":921059,"releases":{"sid":{"fixed_version":"11.5.10+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-6793":{"releases":{"sid":{"fixed_version":"0","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-16051":{"scope":"remote","description":"An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Orphaned Upload Files Exposure.","releases":{"sid":{"fixed_version":"11.1.8+dfsg-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0900522-7DE480":{"debianbug":900522,"releases":{"sid":{"fixed_version":"10.7.7+dfsg-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-16050":{"scope":"remote","description":"An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.5 and 11.2.x before 11.2.2. There is Persistent XSS in the Merge Request Changes View.","releases":{"sid":{"fixed_version":"11.1.8+dfsg-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-6794":{"debianbug":921059,"releases":{"sid":{"fixed_version":"11.5.10+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-6795":{"debianbug":921059,"releases":{"sid":{"fixed_version":"11.5.10+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-6796":{"debianbug":921059,"scope":"remote","description":"An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 2 of 2).","releases":{"sid":{"fixed_version":"11.5.10+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-4490":{"scope":"remote","description":"The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-6797":{"scope":"local","description":"An information disclosure issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The GitHub token used in CI/CD for External Repos was being leaked to project maintainers in the UI.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-17939":{"scope":"remote","description":"An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via the merge request JSON endpoint.","releases":{"sid":{"fixed_version":"11.1.8+dfsg-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-17537":{"releases":{"sid":{"fixed_version":"11.1.8+dfsg-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-17536":{"releases":{"sid":{"fixed_version":"11.1.8+dfsg-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-16048":{"scope":"remote","description":"An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Missing Authorization Control for API Repository Storage.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-16049":{"scope":"remote","description":"An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Sensitive Data Disclosure in Sidekiq Logs through an Error Message.","releases":{"sid":{"fixed_version":"11.1.8+dfsg-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-8801":{"debianbug":893905,"scope":"remote","description":"GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are vulnerable to SSRF in the Services and webhooks component.","releases":{"sid":{"fixed_version":"10.5.6+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-18641":{"scope":"remote","description":"An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Cleartext Storage of Sensitive Information.","releases":{"sid":{"fixed_version":"11.2.8+dfsg-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-19576":{"releases":{"sid":{"fixed_version":"11.3.11+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-18640":{"scope":"remote","description":"An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through Browser Caching.","releases":{"sid":{"fixed_version":"11.2.8+dfsg-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-19575":{"releases":{"sid":{"fixed_version":"11.3.11+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-19574":{"releases":{"sid":{"fixed_version":"11.3.11+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-19573":{"releases":{"sid":{"fixed_version":"11.3.11+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-19572":{"releases":{"sid":{"fixed_version":"11.3.11+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-19571":{"releases":{"sid":{"fixed_version":"11.3.11+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-19570":{"releases":{"sid":{"fixed_version":"11.3.11+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-11545":{"releases":{"sid":{"fixed_version":"0","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-11546":{"debianbug":928221,"releases":{"sid":{"fixed_version":"11.8.9+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-11544":{"debianbug":928221,"releases":{"sid":{"fixed_version":"11.8.9+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-11549":{"debianbug":928221,"releases":{"sid":{"fixed_version":"11.8.9+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-6960":{"debianbug":921059,"releases":{"sid":{"fixed_version":"11.5.10+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-11547":{"debianbug":928221,"releases":{"sid":{"fixed_version":"11.8.9+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-20144":{"scope":"remote","description":"GitLab Community and Enterprise Edition 11.x before 11.3.13, 11.4.x before 11.4.11, and 11.5.x before 11.5.4 has Incorrect Access Control.","releases":{"sid":{"fixed_version":"11.5.4+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-11548":{"debianbug":928221,"releases":{"sid":{"fixed_version":"11.8.9+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2017-17716":{"scope":"remote","description":"GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate verification, but a verify_certificates LDAP option was mentioned in the 9.4 release announcement. This issue occurred because code was not merged. This is related to use of the omniauth-ldap library and the gitlab_omniauth-ldap gem.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-4546":{"scope":"remote","description":"The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-19569":{"releases":{"sid":{"fixed_version":"11.3.11+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2017-12426":{"debianbug":872190,"scope":"remote","description":"GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, 9.3.x before 9.3.10, and 9.4.x before 9.4.4 might allow remote attackers to execute arbitrary code via a crafted SSH URL in a project import.","releases":{"sid":{"fixed_version":"9.5.4+dfsg-7","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-20499":{"debianbug":918086,"releases":{"sid":{"fixed_version":"11.5.6+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-20498":{"debianbug":918086,"releases":{"sid":{"fixed_version":"11.5.6+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"TEMP-0000000-DE2DCD":{"releases":{"sid":{"fixed_version":"11.1.8+dfsg-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-20491":{"debianbug":918086,"releases":{"sid":{"fixed_version":"11.5.6+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-20490":{"debianbug":918086,"releases":{"sid":{"fixed_version":"11.5.6+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-20493":{"debianbug":918086,"releases":{"sid":{"fixed_version":"11.5.6+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-20492":{"debianbug":918086,"releases":{"sid":{"fixed_version":"11.5.6+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-20495":{"debianbug":918086,"releases":{"sid":{"fixed_version":"11.5.6+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-20494":{"debianbug":918086,"releases":{"sid":{"fixed_version":"11.5.6+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-20497":{"debianbug":918086,"releases":{"sid":{"fixed_version":"11.5.6+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-5883":{"scope":"local","description":"An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 6.0 and later but before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. The issue comments feature could allow a user to comment on an issue which they shouldn't be allowed to.","releases":{"sid":{"fixed_version":"11.3.11+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-20496":{"debianbug":918086,"releases":{"sid":{"fixed_version":"11.5.6+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-9170":{"debianbug":924447,"scope":"remote","description":"An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control.","releases":{"sid":{"fixed_version":"11.8.2-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-9172":{"debianbug":924447,"scope":"remote","description":"An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 2 of 5).","releases":{"sid":{"fixed_version":"11.8.2-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-9171":{"debianbug":924447,"scope":"remote","description":"An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 1 of 5).","releases":{"sid":{"fixed_version":"11.8.2-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-14364":{"debianbug":904026,"scope":"remote","description":"GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0.4 allows Directory Traversal with write access and resultant remote code execution via the GitLab projects import component.","releases":{"sid":{"fixed_version":"10.7.7+dfsg-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-18843":{"scope":"remote","description":"The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSRF.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-20488":{"debianbug":918086,"releases":{"sid":{"fixed_version":"11.5.6+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-9178":{"debianbug":924447,"scope":"remote","description":"An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 4 of 5).","releases":{"sid":{"fixed_version":"11.8.2-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-7155":{"debianbug":921059,"scope":"remote","description":"An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control.","releases":{"sid":{"fixed_version":"11.5.10+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-20489":{"debianbug":918086,"releases":{"sid":{"fixed_version":"11.5.6+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-9179":{"debianbug":924447,"scope":"remote","description":"An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 5 of 5).","releases":{"sid":{"fixed_version":"11.8.2-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-15472":{"releases":{"sid":{"fixed_version":"11.1.8+dfsg-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-9174":{"debianbug":924447,"scope":"remote","description":"An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows SSRF.","releases":{"sid":{"fixed_version":"11.8.2-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2019-11000":{"scope":"remote","description":"An issue was discovered in GitLab Enterprise Edition before 11.7.11, 11.8.x before 11.8.7, and 11.9.x before 11.9.7. It allows Information Disclosure.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-9176":{"debianbug":924447,"scope":"remote","description":"An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows CSRF.","releases":{"sid":{"fixed_version":"11.8.2-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0894867-E5064B":{"debianbug":894867,"releases":{"sid":{"fixed_version":"10.6.3+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-9175":{"debianbug":924447,"scope":"remote","description":"An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 3 of 5).","releases":{"sid":{"fixed_version":"11.8.2-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-9219":{"debianbug":924447,"scope":"remote","description":"An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 2 of 5).","releases":{"sid":{"fixed_version":"11.8.2-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-9217":{"debianbug":924447,"scope":"remote","description":"An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. Its User Interface has a Misrepresentation of Critical Information.","releases":{"sid":{"fixed_version":"11.8.2-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-4489":{"scope":"remote","description":"The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands, as demonstrated by the search box for the GitLab code search feature.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-8540":{"scope":"remote","description":"The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-11438":{"scope":"remote","description":"GitLab Community Edition (CE) and Enterprise Edition (EE) before 9.0.11, 9.1.8, 9.2.8 allow an authenticated user with the ability to create a group to add themselves to any project that is inside a subgroup.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-11437":{"scope":"remote","description":"GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, and 9.3.8 allows an authenticated user with the ability to create a project to use the mirroring feature to potentially read repositories belonging to other users.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-9222":{"debianbug":924447,"scope":"remote","description":"An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions.","releases":{"sid":{"fixed_version":"11.8.2-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-9221":{"debianbug":924447,"releases":{"sid":{"fixed_version":"11.8.2-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2017-0914":{"scope":"remote","description":"Gitlab Community and Enterprise Editions version 10.1, 10.2, and 10.2.4 are vulnerable to a SQL injection in the MilestoneFinder component resulting in disclosure of all data in a GitLab instance's database.","releases":{"sid":{"fixed_version":"10.5.5+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-9224":{"debianbug":924447,"scope":"remote","description":"An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 4 of 5).","releases":{"sid":{"fixed_version":"11.8.2-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9086":{"debianbug":843519,"scope":"remote","description":"GitLab versions 8.9.x and above contain a critical security flaw in the \"import/export project\" feature of GitLab. Added in GitLab 8.9, this feature allows a user to export and then re-import their projects as tape archive files (tar). All GitLab versions prior to 8.13.0 restricted this feature to administrators only. Starting with version 8.13.0 this feature was made available to all users. This feature did not properly check for symbolic links in user-provided archives and therefore it was possible for an authenticated user to retrieve the contents of any file accessible to the GitLab service account. This included sensitive files such as those that contain secret tokens used by the GitLab service to authenticate users. GitLab CE and EE versions 8.13.0 through 8.13.2, 8.12.0 through 8.12.7, 8.11.0 through 8.11.10, 8.10.0 through 8.10.12, and 8.9.0 through 8.9.11 are affected.","releases":{"sid":{"fixed_version":"8.13.3+dfsg1-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-0915":{"debianbug":888508,"scope":"remote","description":"Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validation in the GitlabProjectsImportService resulting in remote code execution.","releases":{"sid":{"fixed_version":"10.5.5+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2019-9223":{"debianbug":924447,"scope":"remote","description":"An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure.","releases":{"sid":{"fixed_version":"11.8.2-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-0916":{"debianbug":888508,"scope":"remote","description":"Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the system_hook_push queue through web hook component resulting in remote code execution.","releases":{"sid":{"fixed_version":"10.5.5+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-0917":{"debianbug":888508,"scope":"remote","description":"Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the CI job component resulting in persistent cross site scripting.","releases":{"sid":{"fixed_version":"10.5.5+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-9220":{"debianbug":924447,"scope":"remote","description":"An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Uncontrolled Resource Consumption.","releases":{"sid":{"fixed_version":"11.8.2-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-0918":{"debianbug":888508,"scope":"remote","description":"Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution.","releases":{"sid":{"fixed_version":"10.5.5+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-10640":{"debianbug":926482,"scope":"remote","description":"An issue was discovered in GitLab Community and Enterprise Edition before 11.7.10, 11.8.x before 11.8.6, and 11.9.x before 11.9.4. A regex input validation issue for the .gitlab-ci.yml refs value allows Uncontrolled Resource Consumption.","releases":{"sid":{"fixed_version":"11.8.6+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-0919":{"scope":"remote","description":"GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were previously unauthorized.","releases":{"sid":{"fixed_version":"10.5.5+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-6996":{"releases":{"sid":{"fixed_version":"0","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-6997":{"debianbug":921059,"releases":{"sid":{"fixed_version":"11.5.10+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-9225":{"debianbug":924447,"scope":"remote","description":"An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 5 of 5).","releases":{"sid":{"fixed_version":"11.8.2-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-9866":{"debianbug":925196,"releases":{"sid":{"fixed_version":"11.8.3-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-6995":{"debianbug":921059,"releases":{"sid":{"fixed_version":"11.5.10+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-12605":{"debianbug":902726,"scope":"remote","description":"An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'url_for' contained a XSS issue due to it allowing arbitrary protocols as a parameter.","releases":{"sid":{"fixed_version":"10.7.7+dfsg-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-12606":{"debianbug":902726,"scope":"remote","description":"An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The wiki contains a persistent XSS issue due to a lack of output encoding affecting a specific markdown feature.","releases":{"sid":{"fixed_version":"10.7.7+dfsg-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-12607":{"debianbug":902726,"scope":"remote","description":"An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The charts feature contained a persistent XSS issue due to a lack of output encoding.","releases":{"sid":{"fixed_version":"10.7.7+dfsg-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-17975":{"scope":"remote","description":"An issue was discovered in GitLab Community Edition 11.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via the GFM markdown API.","releases":{"sid":{"fixed_version":"11.1.8+dfsg-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-17976":{"scope":"remote","description":"An issue was discovered in GitLab Community Edition 11.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via Epic change descriptions.","releases":{"sid":{"fixed_version":"11.1.8+dfsg-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-19359":{"debianbug":914166,"scope":"remote","description":"GitLab Community and Enterprise Edition 8.9 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 has Incorrect Access Control.","releases":{"sid":{"fixed_version":"11.3.10+dfsg-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-17454":{"releases":{"sid":{"fixed_version":"11.1.8+dfsg-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-3710":{"debianbug":888508,"scope":"remote","description":"Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution.","releases":{"sid":{"fixed_version":"10.5.5+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-17455":{"releases":{"sid":{"fixed_version":"11.1.8+dfsg-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"TEMP-0902726-51ACFE":{"debianbug":902726,"releases":{"sid":{"fixed_version":"10.7.7+dfsg-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-6240":{"debianbug":919822,"scope":"remote","description":"An issue was discovered in GitLab Community and Enterprise Edition before 11.4. It allows Directory Traversal.","releases":{"sid":{"fixed_version":"11.5.7+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-0923":{"debianbug":888508,"scope":"remote","description":"Gitlab Community Edition version 9.1 is vulnerable to lack of input validation in the IPython notebooks component resulting in persistent cross site scripting.","releases":{"sid":{"fixed_version":"10.5.5+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-7176":{"debianbug":921059,"releases":{"sid":{"fixed_version":"11.5.10+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2017-0924":{"scope":"remote","description":"Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the labels component resulting in persistent cross site scripting.","releases":{"sid":{"fixed_version":"10.5.5+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-0925":{"debianbug":888508,"scope":"remote","description":"Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password.","releases":{"sid":{"fixed_version":"10.5.5+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0900522-3AD97C":{"debianbug":900522,"releases":{"sid":{"fixed_version":"10.7.7+dfsg-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-20501":{"debianbug":918086,"releases":{"sid":{"fixed_version":"11.5.6+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2017-0926":{"debianbug":888508,"scope":"remote","description":"Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login.","releases":{"sid":{"fixed_version":"10.5.5+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-20500":{"debianbug":918086,"scope":"local","description":"An insecure permissions issue was discovered in GitLab Community and Enterprise Edition 9.4 and later but before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. The runner registration token in the CI/CD settings could not be reset. This was a security risk if one of the maintainers leaves the group and they know the token.","releases":{"sid":{"fixed_version":"11.5.6+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-19496":{"releases":{"sid":{"fixed_version":"11.3.11+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2017-0927":{"debianbug":888508,"scope":"remote","description":"Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the deployment keys component resulting in unauthorized use of deployment keys by guest users.","releases":{"sid":{"fixed_version":"10.5.5+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-19495":{"releases":{"sid":{"fixed_version":"11.3.11+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-19494":{"releases":{"sid":{"fixed_version":"11.3.11+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-19493":{"releases":{"sid":{"fixed_version":"11.3.11+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-20229":{"scope":"remote","description":"GitLab Community and Enterprise Edition before 11.3.14, 11.4.x before 11.4.12, and 11.5.x before 11.5.5 allows Directory Traversal.","releases":{"sid":{"fixed_version":"11.5.5+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-4583":{"releases":{"sid":{"fixed_version":"0","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-0882":{"debianbug":858410,"scope":"remote","description":"Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th 2017 at 23:59 UTC.","releases":{"sid":{"fixed_version":"8.13.11+dfsg-7","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-4581":{"scope":"remote","description":"GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote attackers to execute arbitrary code via a crafted change using SSH.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-4582":{"releases":{"sid":{"fixed_version":"0","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-4580":{"scope":"remote","description":"GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1, when using a MySQL backend, allows remote attackers to impersonate arbitrary users and bypass authentication via unspecified API calls.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-0920":{"scope":"remote","description":"GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an attacker to see every project name and their respective namespace on a GitLab instance.","releases":{"sid":{"fixed_version":"10.5.5+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-9756":{"debianbug":924447,"scope":"remote","description":"An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control, a different vulnerability than CVE-2019-9732.","releases":{"sid":{"fixed_version":"11.8.2-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-0921":{"debianbug":900522,"scope":"remote","description":"GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account takeover if a victim's session is compromised.","releases":{"sid":{"fixed_version":"10.7.7+dfsg-2","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-4340":{"debianbug":823290,"scope":"remote","description":"The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5.11, 8.4.0 through 8.4.9, 8.3.0 through 8.3.8, and 8.2.0 through 8.2.4 allows remote authenticated users to \"log in\" as any other user via unspecified vectors.","releases":{"sid":{"fixed_version":"8.8.2+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-0922":{"scope":"remote","description":"Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass issue in the GitLab Projects::BoardsController component resulting in an information disclosure on any board object.","releases":{"sid":{"fixed_version":"10.5.5+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-20507":{"debianbug":918086,"releases":{"sid":{"fixed_version":"11.5.6+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-8971":{"debianbug":893905,"scope":"remote","description":"The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, and 10.5.x before 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users.","releases":{"sid":{"fixed_version":"10.5.6+dfsg-1","repositories":{"sid":"11.8.9+dfsg-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-5940":{"scope":"local","description":"Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-5180.","releases":{"buster":{"fixed_version":"0.9.44.6-1","repositories":{"buster":"0.9.58.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.9.44.6-1","repositories":{"stretch":"0.9.44.8-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.9.44.6-1","repositories":{"sid":"0.9.58.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-10119":{"scope":"local","description":"Firejail uses 0777 permissions when mounting /tmp, which allows local users to gain privileges.","releases":{"buster":{"fixed_version":"0.9.38-1","repositories":{"buster":"0.9.58.2-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.9.38-1","repositories":{"stretch":"0.9.44.8-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.9.38-1","repositories":{"sid":"0.9.58.2-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-10118":{"scope":"local","description":"Firejail allows local users to truncate /etc/resolv.conf via a chroot command to /.","releases":{"buster":{"fixed_version":"0.9.44.2-1","repositories":{"buster":"0.9.58.2-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.9.44.2-1","repositories":{"stretch":"0.9.44.8-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.9.44.2-1","repositories":{"sid":"0.9.58.2-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-10117":{"scope":"local","description":"Firejail does not restrict access to --tmpfs, which allows local users to gain privileges, as demonstrated by mounting over /etc.","releases":{"buster":{"fixed_version":"0.9.38-1","repositories":{"buster":"0.9.58.2-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.9.38-1","repositories":{"stretch":"0.9.44.8-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.9.38-1","repositories":{"sid":"0.9.58.2-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-5180":{"debianbug":850160,"scope":"local","description":"Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option.","releases":{"buster":{"fixed_version":"0.9.44.2-3","repositories":{"buster":"0.9.58.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.9.44.2-3","repositories":{"stretch":"0.9.44.8-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.9.44.2-3","repositories":{"sid":"0.9.58.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5207":{"debianbug":850528,"scope":"local","description":"Firejail before 0.9.44.4, when running a bandwidth command, allows local users to gain root privileges via the --shell argument.","releases":{"buster":{"fixed_version":"0.9.44.4-1","repositories":{"buster":"0.9.58.2-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.9.44.4-1","repositories":{"stretch":"0.9.44.8-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.9.44.4-1","repositories":{"sid":"0.9.58.2-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-5206":{"debianbug":850558,"scope":"remote","description":"Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, allows context-dependent attackers to bypass a seccomp-based sandbox protection mechanism via the --allow-debuggers argument.","releases":{"buster":{"fixed_version":"0.9.44.4-1","repositories":{"buster":"0.9.58.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.9.44.4-1","repositories":{"stretch":"0.9.44.8-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.9.44.4-1","repositories":{"sid":"0.9.58.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-10123":{"scope":"local","description":"Firejail allows --chroot when seccomp is not supported, which might allow local users to gain privileges.","releases":{"buster":{"fixed_version":"0.9.38-1","repositories":{"buster":"0.9.58.2-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.9.38-1","repositories":{"stretch":"0.9.44.8-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.9.38-1","repositories":{"sid":"0.9.58.2-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-9016":{"scope":"local","description":"Firejail 0.9.38.4 allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.","releases":{"buster":{"fixed_version":"0.9.44-1","repositories":{"buster":"0.9.58.2-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.9.44-1","repositories":{"stretch":"0.9.44.8-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.9.44-1","repositories":{"sid":"0.9.58.2-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-10122":{"scope":"local","description":"Firejail does not properly clean environment variables, which allows local users to gain privileges.","releases":{"buster":{"fixed_version":"0.9.44.2-1","repositories":{"buster":"0.9.58.2-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.9.44.2-1","repositories":{"stretch":"0.9.44.8-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.9.44.2-1","repositories":{"sid":"0.9.58.2-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-10121":{"scope":"local","description":"Firejail uses weak permissions for /dev/shm/firejail and possibly other files, which allows local users to gain privileges.","releases":{"buster":{"fixed_version":"0.9.38-1","repositories":{"buster":"0.9.58.2-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.9.38-1","repositories":{"stretch":"0.9.44.8-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.9.38-1","repositories":{"sid":"0.9.58.2-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-10120":{"scope":"local","description":"Firejail uses 0777 permissions when mounting (1) /dev, (2) /dev/shm, (3) /var/tmp, or (4) /var/lock, which allows local users to gain privileges.","releases":{"buster":{"fixed_version":"0.9.38-1","repositories":{"buster":"0.9.58.2-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.9.38-1","repositories":{"stretch":"0.9.44.8-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.9.38-1","repositories":{"sid":"0.9.58.2-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-6552":{"scope":"local","description":"Red Hat Cluster Project 2.x allows local users to modify or overwrite arbitrary files via symlink attacks on files in /tmp, involving unspecified components in Resource Group Manager (aka rgmanager) before 2.03.09-1, gfs2-utils before 2.03.09-1, and CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9.","releases":{"jessie":{"fixed_version":"2.20081102-1","repositories":{"jessie":"3.1.8-1.2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-4579":{"debianbug":496410,"scope":"local","description":"The (1) fence_apc and (2) fence_apc_snmp programs, as used in (a) fence 2.02.00-r1 and possibly (b) cman, when running in verbose mode, allows local users to append to arbitrary files via a symlink attack on the apclog temporary file.","releases":{"jessie":{"fixed_version":"2.20081102-1","repositories":{"jessie":"3.1.8-1.2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-3374":{"scope":"local","description":"Buffer overflow in cluster/cman/daemon/daemon.c in cman (redhat-cluster-suite) before 20070622 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via long client messages.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"3.1.8-1.2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-4192":{"debianbug":496410,"scope":"local","description":"The pserver_shutdown function in fence_egenera in cman 2.20080629 and 2.20080801 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/eglog temporary file.","releases":{"jessie":{"fixed_version":"2.20081102-1","repositories":{"jessie":"3.1.8-1.2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-3373":{"scope":"remote","description":"daemon.c in cman (redhat-cluster-suite) before 20070622 does not clear a buffer for reading requests, which might allow local users to obtain sensitive information from previous requests.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"3.1.8-1.2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-6560":{"scope":"remote","description":"Buffer overflow in CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9 and Red Hat Enterprise Linux (RHEL) 5 allows attackers to cause a denial of service (CPU consumption and memory corruption) via a cluster.conf file with many lines.  NOTE: it is not clear whether this issue crosses privilege boundaries in realistic uses of the product.","releases":{"jessie":{"fixed_version":"2.20081102-1","repositories":{"jessie":"3.1.8-1.2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-4580":{"debianbug":496410,"scope":"local","description":"fence_manual, as used in fence 2.02.00-r1 and possibly cman, allows local users to modify arbitrary files via a symlink attack on the fence_manual.fifo temporary file.","releases":{"jessie":{"fixed_version":"2.20080801-1","repositories":{"jessie":"3.1.8-1.2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-5846":{"scope":"remote","description":"The gst_asf_demux_process_ext_stream_props function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors related to the number of languages in a video file.","releases":{"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.10.19-2.1"},"urgency":"low","nodsa_reason":"","status":"open"}}}}
{"CVE-2017-5847":{"scope":"remote","description":"The gst_asf_demux_process_ext_content_desc function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving extended content descriptors.","releases":{"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.10.19-2.1"},"urgency":"low","nodsa_reason":"","status":"open"}}}}
{"CVE-2013-6428":{"debianbug":732033,"scope":"remote","description":"The ReST API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 allows remote authenticated users to bypass the tenant scoping restrictions via a modified tenant_id in the request path.","releases":{"buster":{"fixed_version":"2013.2.1-1","repositories":{"buster":"1:11.0.0-6"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2013.2.1-1","repositories":{"stretch":"1:7.0.0-4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2013.2.1-1","repositories":{"jessie":"2014.1.3-7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2013.2.1-1","repositories":{"sid":"1:11.0.0-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9185":{"debianbug":843232,"scope":"remote","description":"In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are <=5.0.3, >=6.0.0 <=6.1.0, and ==7.0.0.","releases":{"buster":{"fixed_version":"1:7.0.0-2","repositories":{"buster":"1:11.0.0-6"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:7.0.0-2","repositories":{"stretch":"1:7.0.0-4"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2014.1.3-7"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1:7.0.0-2","repositories":{"sid":"1:11.0.0-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-6426":{"debianbug":732033,"scope":"remote","description":"The cloudformation-compatible API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 does not properly enforce policy rules, which allows local in-instance users to bypass intended access restrictions and (1) create a stack via the CreateStack method or (2) update a stack via the UpdateStack method.","releases":{"buster":{"fixed_version":"2013.2.1-1","repositories":{"buster":"1:11.0.0-6"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2013.2.1-1","repositories":{"stretch":"1:7.0.0-4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2013.2.1-1","repositories":{"jessie":"2014.1.3-7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2013.2.1-1","repositories":{"sid":"1:11.0.0-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-2621":{"scope":"local","description":"An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:11.0.0-6"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1:7.0.0-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2014.1.3-7"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:11.0.0-6"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-5295":{"scope":"remote","description":"The template-validate command in OpenStack Orchestration API (Heat) before 2015.1.3 (kilo) and 5.0.x before 5.0.1 (liberty) allows remote authenticated users to cause a denial of service (memory consumption) or determine the existence of local files via the resource type in a template, as demonstrated by file:///dev/zero.","releases":{"buster":{"fixed_version":"1:6.0.0~rc3-1","repositories":{"buster":"1:11.0.0-6"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:6.0.0~rc3-1","repositories":{"stretch":"1:7.0.0-4"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2014.1.3-7"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1:6.0.0~rc3-1","repositories":{"sid":"1:11.0.0-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-3801":{"debianbug":748824,"scope":"remote","description":"OpenStack Orchestration API (Heat) 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list.","releases":{"buster":{"fixed_version":"2014.1-4","repositories":{"buster":"1:11.0.0-6"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2014.1-4","repositories":{"stretch":"1:7.0.0-4"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"2014.1-4","repositories":{"jessie":"2014.1.3-7"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2014.1-4","repositories":{"sid":"1:11.0.0-6"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2002-1788":{"scope":"remote","description":"Format string vulnerability in the nn_exitmsg function in nn 6.6.0 through 6.6.3 allows remote NNTP servers to execute arbitrary code via format strings in server responses.","releases":{"buster":{"fixed_version":"6.6.4-1","repositories":{"buster":"6.7.3-10"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"6.6.4-1","repositories":{"stretch":"6.7.3-10"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"6.6.4-1","repositories":{"jessie":"6.7.3-8"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"6.6.4-1","repositories":{"sid":"6.7.3-10"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-3791":{"debianbug":495968,"scope":"local","description":"src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop Environment (LXDE) allows local users to overwrite arbitrary files via a symlink attack on the /tmp/rot.jpg temporary file.","releases":{"buster":{"fixed_version":"0.1.9-2","repositories":{"buster":"0.2.5-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.1.9-2","repositories":{"stretch":"0.2.5-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.1.9-2","repositories":{"jessie":"0.2.4-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.1.9-2","repositories":{"sid":"0.2.5-2"},"urgency":"low","status":"resolved"}}}}
{"TEMP-0497005-A51CB0":{"debianbug":497005,"releases":{"buster":{"fixed_version":"0.1.10-1","repositories":{"buster":"0.2.5-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0.1.10-1","repositories":{"stretch":"0.2.5-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0.1.10-1","repositories":{"jessie":"0.2.4-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0.1.10-1","repositories":{"sid":"0.2.5-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-3904":{"debianbug":498022,"scope":"remote","description":"src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop Environment (LXDE) allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename.","releases":{"buster":{"fixed_version":"0.1.9-2","repositories":{"buster":"0.2.5-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.1.9-2","repositories":{"stretch":"0.2.5-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.1.9-2","repositories":{"jessie":"0.2.4-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.1.9-2","repositories":{"sid":"0.2.5-2"},"urgency":"low","status":"resolved"}}}}
{"TEMP-0497005-8CD734":{"debianbug":497005,"releases":{"buster":{"fixed_version":"0.1.10-1","repositories":{"buster":"0.2.5-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0.1.10-1","repositories":{"stretch":"0.2.5-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0.1.10-1","repositories":{"jessie":"0.2.4-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0.1.10-1","repositories":{"sid":"0.2.5-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-5630":{"scope":"remote","description":"PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite.","releases":{"buster":{"repositories":{"buster":"1:1.10.6+submodules+notgz-1.1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"1:1.10.1+submodules+notgz-9+deb9u1","stretch":"1:1.10.1+submodules+notgz-9+deb9u1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"1:1.10.6+submodules+notgz-1.1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2018-1000888":{"debianbug":919147,"scope":"remote","description":"PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. There are several file operations with `$v_header['filename']` as parameter (such as file_exists, is_file, is_dir, etc). When extract is called without a specific prefix path, we can trigger unserialization by crafting a tar file with `phar://[path_to_malicious_phar_file]` as path. Object injection can be used to trigger destruct in the loaded PHP classes, e.g. the Archive_Tar class itself. With Archive_Tar object injection, arbitrary file deletion can occur because `@unlink($this->_temp_tarname)` is called. If another class with useful gadget is loaded, it may possible to cause remote code execution that can result in files being deleted or possibly modified. This vulnerability appears to have been fixed in 1.4.4.","releases":{"buster":{"fixed_version":"1:1.10.6+submodules+notgz-1.1","repositories":{"buster":"1:1.10.6+submodules+notgz-1.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.10.1+submodules+notgz-9+deb9u1","repositories":{"stretch-security":"1:1.10.1+submodules+notgz-9+deb9u1","stretch":"1:1.10.1+submodules+notgz-9+deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.10.6+submodules+notgz-1.1","repositories":{"sid":"1:1.10.6+submodules+notgz-1.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-5565":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in js/compose-dimp.js in Horde Internet Mail Program (IMP) before 5.0.24, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted name for an attached file, related to the dynamic view.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"6.2.22-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"6.2.17-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"6.2.2-3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"6.2.22-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-4946":{"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via (1) unspecified flags or (2) a mailbox name in the dynamic mailbox view.","releases":{"buster":{"fixed_version":"6.2.0-1","repositories":{"buster":"6.2.22-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"6.2.0-1","repositories":{"stretch":"6.2.17-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"6.2.0-1","repositories":{"jessie":"6.2.2-3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"6.2.0-1","repositories":{"sid":"6.2.22-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-4945":{"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via an unspecified flag in the basic (1) mailbox or (2) message view.","releases":{"buster":{"fixed_version":"6.2.0-1","repositories":{"buster":"6.2.22-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"6.2.0-1","repositories":{"stretch":"6.2.17-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"6.2.0-1","repositories":{"jessie":"6.2.2-3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"6.2.0-1","repositories":{"sid":"6.2.22-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-6640":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in Horde Internet Mail Program (IMP) before 5.0.22, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted SVG image attachment, a different vulnerability than CVE-2012-5565.","releases":{"buster":{"fixed_version":"5.0.22","repositories":{"buster":"6.2.22-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"5.0.22","repositories":{"stretch":"6.2.17-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"5.0.22","repositories":{"jessie":"6.2.2-3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"5.0.22","repositories":{"sid":"6.2.22-1"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0678512-2E167C":{"debianbug":678512,"releases":{"buster":{"fixed_version":"1.0.7-1","repositories":{"buster":"1.0.7-4.2"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"1.0.7-1","repositories":{"stretch":"1.0.7-4"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"1.0.3-6+deb8u1","repositories":{"jessie":"1.0.3-6+deb8u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"1.0.7-1","repositories":{"sid":"1.0.7-4.2"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2015-7542":{"debianbug":748955,"releases":{"buster":{"fixed_version":"4.12.0beta-3","repositories":{"buster":"4.20.0-9"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"4.12.0beta-3","repositories":{"stretch":"4.15.3-5"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"4.12.0beta-3","repositories":{"jessie":"4.12.0beta-3"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"4.12.0beta-3","repositories":{"sid":"4.20.0-9"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2018-0486":{"scope":"remote","description":"Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD.","releases":{"buster":{"fixed_version":"1.6.3-1","repositories":{"buster":"3.0.4-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.6.0-4+deb9u1","repositories":{"stretch-security":"1.6.0-4+deb9u2","stretch":"1.6.0-4+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.5.3-2+deb8u2","repositories":{"jessie":"1.5.3-2+deb8u3","jessie-security":"1.5.3-2+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.6.3-1","repositories":{"sid":"3.0.4-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-3474":{"scope":"remote","description":"OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element's Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is designated for just one purpose, potentially weakening the intended security application of the certificate.","releases":{"buster":{"fixed_version":"1.2.2-1","repositories":{"buster":"3.0.4-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.2.2-1","repositories":{"stretch-security":"1.6.0-4+deb9u2","stretch":"1.6.0-4+deb9u2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.2.2-1","repositories":{"jessie":"1.5.3-2+deb8u3","jessie-security":"1.5.3-2+deb8u4"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.2.2-1","repositories":{"sid":"3.0.4-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-3475":{"scope":"remote","description":"Internet2 Shibboleth Service Provider software 1.3.x before 1.3.3 and 2.x before 2.2.1, when using PKIX trust validation, does not properly handle a '\\0' character in the subject or subjectAltName fields of a certificate, which allows remote man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.","releases":{"buster":{"fixed_version":"1.2.2-1","repositories":{"buster":"3.0.4-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.2.2-1","repositories":{"stretch-security":"1.6.0-4+deb9u2","stretch":"1.6.0-4+deb9u2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.2.2-1","repositories":{"jessie":"1.5.3-2+deb8u3","jessie-security":"1.5.3-2+deb8u4"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.2.2-1","repositories":{"sid":"3.0.4-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-3476":{"scope":"remote","description":"Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed encoded URL.","releases":{"buster":{"fixed_version":"1.2.2-1","repositories":{"buster":"3.0.4-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.2.2-1","repositories":{"stretch-security":"1.6.0-4+deb9u2","stretch":"1.6.0-4+deb9u2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.2.2-1","repositories":{"jessie":"1.5.3-2+deb8u3","jessie-security":"1.5.3-2+deb8u4"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.2.2-1","repositories":{"sid":"3.0.4-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-0851":{"debianbug":793855,"scope":"remote","description":"XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider (SP), does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service (crash) via schema-invalid XML data.","releases":{"buster":{"fixed_version":"1.5.6-1","repositories":{"buster":"3.0.4-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.5.6-1","repositories":{"stretch-security":"1.6.0-4+deb9u2","stretch":"1.6.0-4+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.5.3-2+deb8u1","repositories":{"jessie":"1.5.3-2+deb8u3","jessie-security":"1.5.3-2+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.5.6-1","repositories":{"sid":"3.0.4-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-9628":{"debianbug":924346,"scope":"remote","description":"The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.","releases":{"buster":{"fixed_version":"3.0.4-1","repositories":{"buster":"3.0.4-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.6.0-4+deb9u2","repositories":{"stretch-security":"1.6.0-4+deb9u2","stretch":"1.6.0-4+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.5.3-2+deb8u4","repositories":{"jessie":"1.5.3-2+deb8u3","jessie-security":"1.5.3-2+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.0.4-1","repositories":{"sid":"3.0.4-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-0489":{"scope":"remote","description":"Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. NOTE: this issue exists because of an incomplete fix for CVE-2018-0486.","releases":{"buster":{"fixed_version":"1.6.4-1","repositories":{"buster":"3.0.4-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.6.0-4+deb9u1","repositories":{"stretch-security":"1.6.0-4+deb9u2","stretch":"1.6.0-4+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.5.3-2+deb8u3","repositories":{"jessie":"1.5.3-2+deb8u3","jessie-security":"1.5.3-2+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.6.4-1","repositories":{"sid":"3.0.4-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2004-1485":{"scope":"remote","description":"Buffer overflow in the TFTP client in InetUtils 1.4.2 allows remote malicious DNS servers to execute arbitrary code via a large DNS response that is handled by the gethostbyname function.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.17-22"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"0.17-18"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.17-18"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.17-22"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-1500":{"scope":"local","description":"PreferencesPithosDialog.py in Pithos 0.3.7 does not properly restrict permissions for the .config/pithos.ini file in a user's home directory, which allows local users to obtain Pandora credentials by reading this file.","releases":{"buster":{"fixed_version":"0.3.8-1","repositories":{"buster":"1.1.2-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.3.8-1","repositories":{"stretch":"1.1.2-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.3.8-1","repositories":{"jessie":"0.3.17-3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.3.8-1","repositories":{"sid":"1.1.2-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-4817":{"releases":{"buster":{"fixed_version":"0.3.5-1","repositories":{"buster":"1.1.2-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"0.3.5-1","repositories":{"stretch":"1.1.2-1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"0.3.5-1","repositories":{"jessie":"0.3.17-3"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"0.3.5-1","repositories":{"sid":"1.1.2-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-1080":{"debianbug":893690,"scope":"remote","description":"Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed. If a server is configured to process allow rules before deny rules (authz.evaluateOrder=allow,deny), then allow rules will deny access and deny rules will grant access. This may result in an escalation of privileges or have other unintended consequences.","releases":{"sid":{"fixed_version":"10.6.6-1","repositories":{"sid":"10.6.8-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7537":{"debianbug":869261,"scope":"remote","description":"It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates.","releases":{"sid":{"fixed_version":"10.3.5+12-5","repositories":{"sid":"10.6.8-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-0234":{"scope":"remote","description":"Multiple temporary file creation vulnerabilities in pki-core 10.2.0.","releases":{"sid":{"repositories":{"sid":"10.6.8-2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2018-6764":{"debianbug":889839,"scope":"local","description":"util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.","releases":{"buster":{"fixed_version":"4.0.0-2","repositories":{"buster":"5.0.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.0.0-4+deb9u3","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"4.0.0-2","repositories":{"sid":"5.0.0-2.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-10746":{"scope":"remote","description":"libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886.","releases":{"buster":{"fixed_version":"1.3.1-1","repositories":{"buster":"5.0.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.3.1-1","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.2.9-9+deb8u6","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.3.1-1","repositories":{"sid":"5.0.0-2.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-4423":{"debianbug":687598,"scope":"remote","description":"The virNetServerProgramDispatchCall function in libvirt before 0.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and segmentation fault) via an RPC call with (1) an event as the RPC number or (2) an RPC number whose value is in a \"gap\" in the RPC dispatch table.","releases":{"buster":{"fixed_version":"0.9.12-5","repositories":{"buster":"5.0.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.9.12-5","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.9.12-5","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.9.12-5","repositories":{"sid":"5.0.0-2.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-4154":{"debianbug":717355,"scope":"remote","description":"The qemuAgentCommand function in libvirt before 1.1.1, when a guest agent is not configured, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to \"agent based cpu (un)plug,\" as demonstrated by the \"virsh vcpucount foobar --guest\" command.","releases":{"buster":{"fixed_version":"1.1.0-4","repositories":{"buster":"5.0.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.1.0-4","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.1.0-4","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.1.0-4","repositories":{"sid":"5.0.0-2.1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-4153":{"debianbug":717354,"scope":"remote","description":"Double free vulnerability in the qemuAgentGetVCPUs function in qemu/qemu_agent.c in libvirt 1.0.6 through 1.1.0 allows remote attackers to cause a denial of service (daemon crash) via a cpu count request, as demonstrated by the \"virsh vcpucount dom --guest\" command.","releases":{"buster":{"fixed_version":"1.1.0-4","repositories":{"buster":"5.0.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.1.0-4","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.1.0-4","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.1.0-4","repositories":{"sid":"5.0.0-2.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-2635":{"debianbug":856313,"scope":"remote","description":"A NULL pointer deference flaw was found in the way libvirt from 2.5.0 to 3.0.0 handled empty drives. A remote authenticated attacker could use this flaw to crash libvirtd daemon resulting in denial of service.","releases":{"buster":{"fixed_version":"3.0.0-3","repositories":{"buster":"5.0.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.0.0-3","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"3.0.0-3","repositories":{"sid":"5.0.0-2.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-2511":{"debianbug":633630,"scope":"remote","description":"Integer overflow in libvirt before 0.9.3 allows remote authenticated users to cause a denial of service (libvirtd crash) and possibly execute arbitrary code via a crafted VirDomainGetVcpus RPC call that triggers memory corruption.","releases":{"buster":{"fixed_version":"0.9.2-7","repositories":{"buster":"5.0.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.9.2-7","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.9.2-7","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.9.2-7","repositories":{"sid":"5.0.0-2.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-1146":{"debianbug":617773,"scope":"local","description":"libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote attackers to cause a denial of service (host OS crash) or possibly execute arbitrary code via a (1) virNodeDeviceDettach, (2) virNodeDeviceReset, (3) virDomainRevertToSnapshot, (4) virDomainSnapshotDelete, (5) virNodeDeviceReAttach, or (6) virConnectDomainXMLToNative call, a different vulnerability than CVE-2008-5086.","releases":{"buster":{"fixed_version":"0.8.8-3","repositories":{"buster":"5.0.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.8.8-3","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.8.8-3","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.8.8-3","repositories":{"sid":"5.0.0-2.1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-1447":{"debianbug":735676,"scope":"remote","description":"Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent.","releases":{"buster":{"fixed_version":"1.2.1-1","repositories":{"buster":"5.0.0-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.2.1-1","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.2.1-1","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.2.1-1","repositories":{"sid":"5.0.0-2.1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2014-7823":{"debianbug":769149,"scope":"remote","description":"The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag.","releases":{"buster":{"fixed_version":"1.2.9-4","repositories":{"buster":"5.0.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.2.9-4","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.2.9-4","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.2.9-4","repositories":{"sid":"5.0.0-2.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-4239":{"debianbug":719533,"scope":"remote","description":"The xenDaemonListDefinedDomains function in xen/xend_internal.c in libvirt 1.1.1 allows remote authenticated users to cause a denial of service (memory corruption and crash) via vectors involving the virConnectListDefinedDomains API function.","releases":{"buster":{"fixed_version":"1.1.2~rc1-1","repositories":{"buster":"5.0.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.1.2~rc1-1","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.1.2~rc1-1","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.1.2~rc1-1","repositories":{"sid":"5.0.0-2.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-1962":{"scope":"remote","description":"The remoteDispatchStoragePoolListAllVolumes function in the storage pool manager in libvirt 1.0.5 allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of requests \"to list all volumes for the particular pool.\"","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.0.0-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.0.0-2.1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-6458":{"debianbug":734556,"scope":"remote","description":"Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows remote read-only attackers to cause a denial of service (libvirtd crash) via the virDomainDetachDeviceFlags command.","releases":{"buster":{"fixed_version":"1.2.1-1","repositories":{"buster":"5.0.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.2.1-1","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.2.1-1","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.2.1-1","repositories":{"sid":"5.0.0-2.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-6457":{"scope":"remote","description":"The libxlDomainGetNumaParameters function in the libxl driver (libxl/libxl_driver.c) in libvirt before 1.2.1 does not properly initialize the nodemap, which allows local users to cause a denial of service (invalid free operation and crash) or possibly execute arbitrary code via an inactive domain to the virsh numatune command.","releases":{"buster":{"fixed_version":"1.2.1-1","repositories":{"buster":"5.0.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.2.1-1","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.2.1-1","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.2.1-1","repositories":{"sid":"5.0.0-2.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-6456":{"debianbug":732394,"scope":"remote","description":"The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; (2) create arbitrary nodes (mknod) via the virDomainDeviceAttach API and a symlink attack on /dev in the container; and cause a denial of service (shutdown or reboot host OS) via the (3) virDomainShutdown or (4) virDomainReboot API and a symlink attack on /dev/initctl in the container, related to \"paths under /proc/$PID/root\" and the virInitctlSetRunLevel function.","releases":{"buster":{"fixed_version":"1.2.3-1","repositories":{"buster":"5.0.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.2.3-1","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.2.3-1","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.2.3-1","repositories":{"sid":"5.0.0-2.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-4399":{"scope":"remote","description":"The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to cause a denial of service (use-after-free and crash) by registering an event handler and then closing the connection.","releases":{"buster":{"fixed_version":"1.1.4-1","repositories":{"buster":"5.0.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.1.4-1","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.1.4-1","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.1.4-1","repositories":{"sid":"5.0.0-2.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-4311":{"scope":"local","description":"libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.","releases":{"buster":{"fixed_version":"1.1.3~rc1-1","repositories":{"buster":"5.0.0-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.1.3~rc1-1","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1.1.3~rc1-1","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.1.3~rc1-1","repositories":{"sid":"5.0.0-2.1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-2238":{"scope":"local","description":"Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-image backing stores without extracting the defined disk backing-store format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors.","releases":{"buster":{"fixed_version":"0.8.3-1","repositories":{"buster":"5.0.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.8.3-1","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.8.3-1","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.8.3-1","repositories":{"sid":"5.0.0-2.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-2218":{"debianbug":714699,"scope":"remote","description":"Double free vulnerability in the virConnectListAllInterfaces method in interface/interface_backend_netcf.c in libvirt 1.0.6 allows remote attackers to cause a denial of service (libvirtd crash) via a filtering flag that causes an interface to be skipped, as demonstrated by the \"virsh iface-list --inactive\" command.","releases":{"buster":{"fixed_version":"1.1.0-1","repositories":{"buster":"5.0.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.1.0-1","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.1.0-1","repositories":{"sid":"5.0.0-2.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-1766":{"debianbug":701649,"scope":"local","description":"libvirt 1.0.2 and earlier sets the group owner to kvm for device files, which allows local users to write to these files via unspecified vectors.","releases":{"buster":{"fixed_version":"0.9.12-8","repositories":{"buster":"5.0.0-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"0.9.12-8","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"0.9.12-8","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"0.9.12-8","repositories":{"sid":"5.0.0-2.1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2010-2239":{"scope":"local","description":"Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images without setting the user-defined backing-store format, which allows guest OS users to read arbitrary files on the host OS via unspecified vectors.","releases":{"buster":{"fixed_version":"0.8.3-1","repositories":{"buster":"5.0.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.8.3-1","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.8.3-1","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.8.3-1","repositories":{"sid":"5.0.0-2.1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-2237":{"scope":"local","description":"Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing stores without referring to the user-defined main disk format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors.","releases":{"buster":{"fixed_version":"0.8.3-1","repositories":{"buster":"5.0.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.8.3-1","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.8.3-1","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.8.3-1","repositories":{"sid":"5.0.0-2.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-5247":{"debianbug":799132,"scope":"remote","description":"The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool.","releases":{"buster":{"fixed_version":"1.2.20-1","repositories":{"buster":"5.0.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.2.20-1","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.2.20-1","repositories":{"sid":"5.0.0-2.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-2693":{"debianbug":677496,"scope":"local","description":"libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices.","releases":{"buster":{"fixed_version":"0.9.12-1","repositories":{"buster":"5.0.0-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"0.9.12-1","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"0.9.12-1","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"0.9.12-1","repositories":{"sid":"5.0.0-2.1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2013-5651":{"scope":"remote","description":"The virBitmapParse function in util/virbitmap.c in libvirt before 1.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a crafted bitmap, as demonstrated by a large nodeset value to numatune.","releases":{"buster":{"fixed_version":"1.1.2~rc1-1","repositories":{"buster":"5.0.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.1.2~rc1-1","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.1.2~rc1-1","repositories":{"sid":"5.0.0-2.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-3657":{"scope":"remote","description":"The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service (deadlock) via a NULL value in the second parameter in the virConnectListAllDomains API command.","releases":{"buster":{"fixed_version":"1.2.9-1","repositories":{"buster":"5.0.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.2.9-1","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.2.9-1","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.2.9-1","repositories":{"sid":"5.0.0-2.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-0028":{"scope":"remote","description":"libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the domain:getattr and connect:search_domains restrictions in ACLs and obtain sensitive domain object information via a request to the (1) virConnectDomainEventRegister and (2) virConnectDomainEventRegisterAny functions in the event registration API.","releases":{"buster":{"fixed_version":"1.2.1-1","repositories":{"buster":"5.0.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.2.1-1","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.2.1-1","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.2.1-1","repositories":{"sid":"5.0.0-2.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-4400":{"debianbug":727101,"scope":"local","description":"virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to overwrite arbitrary files and possibly gain privileges via unspecified environment variables or command-line arguments.","releases":{"buster":{"fixed_version":"1.1.4-1","repositories":{"buster":"5.0.0-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.1.4-1","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.1.4-1","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.1.4-1","repositories":{"sid":"5.0.0-2.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-1000256":{"debianbug":878799,"scope":"remote","description":"libvirt version 2.3.0 and later is vulnerable to a bad default configuration of \"verify-peer=no\" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.","releases":{"buster":{"fixed_version":"3.8.0-3","repositories":{"buster":"5.0.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.0.0-4+deb9u1","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"3.8.0-3","repositories":{"sid":"5.0.0-2.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-4401":{"debianbug":727101,"scope":"remote","description":"The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML.  NOTE: some of these details are obtained from third party information.","releases":{"buster":{"fixed_version":"1.1.4-1","repositories":{"buster":"5.0.0-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.1.4-1","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.1.4-1","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.1.4-1","repositories":{"sid":"5.0.0-2.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-5160":{"debianbug":796111,"scope":"local","description":"libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.","releases":{"buster":{"fixed_version":"2.2.0-1","repositories":{"buster":"5.0.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.2.0-1","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"low","status":"resolved"},"jessie":{"nodsa":"Minor issue; needs changes first in QEMU","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.2.0-1","repositories":{"sid":"5.0.0-2.1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-0236":{"debianbug":776065,"scope":"remote","description":"libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface.","releases":{"buster":{"fixed_version":"1.2.9-8","repositories":{"buster":"5.0.0-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.2.9-8","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.2.9-8","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.2.9-8","repositories":{"sid":"5.0.0-2.1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2019-11091":{"debianbug":929067,"releases":{"buster":{"repositories":{"buster":"5.0.0-2"},"urgency":"not yet assigned","status":"open"},"stretch":{"repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"not yet assigned","status":"open"},"jessie":{"repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"not yet assigned","status":"open"},"sid":{"fixed_version":"5.0.0-2.1","repositories":{"sid":"5.0.0-2.1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2015-5313":{"debianbug":808273,"scope":"local","description":"Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name.","releases":{"buster":{"fixed_version":"1.3.0-1","repositories":{"buster":"5.0.0-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.3.0-1","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.2.9-9+deb8u2","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.3.0-1","repositories":{"sid":"5.0.0-2.1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2013-0170":{"debianbug":699224,"scope":"remote","description":"Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.","releases":{"buster":{"fixed_version":"0.9.12-6","repositories":{"buster":"5.0.0-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.9.12-6","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.9.12-6","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.9.12-6","repositories":{"sid":"5.0.0-2.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-4297":{"scope":"remote","description":"The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1.1.2 and earlier allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via unspecified vectors.","releases":{"buster":{"fixed_version":"1.1.2-2","repositories":{"buster":"5.0.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.1.2-2","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.1.2-2","repositories":{"sid":"5.0.0-2.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-2230":{"debianbug":715559,"scope":"remote","description":"The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via unspecified vectors involving \"multiple events registration.\"","releases":{"buster":{"fixed_version":"1.1.0-3","repositories":{"buster":"5.0.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.1.0-3","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.1.0-3","repositories":{"sid":"5.0.0-2.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-4296":{"scope":"remote","description":"The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a crafted RPC call.","releases":{"buster":{"fixed_version":"1.1.4-1","repositories":{"buster":"5.0.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.1.4-1","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.1.4-1","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.1.4-1","repositories":{"sid":"5.0.0-2.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-3886":{"debianbug":926418,"scope":"remote","description":"An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.","releases":{"buster":{"fixed_version":"5.0.0-2","repositories":{"buster":"5.0.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"5.0.0-2","repositories":{"sid":"5.0.0-2.1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-0179":{"scope":"local","description":"libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue.  NOTE: this issue was SPLIT per ADT3 due to different affected versions of some vectors. CVE-2014-5177 is used for other API methods.","releases":{"buster":{"fixed_version":"1.2.4-1","repositories":{"buster":"5.0.0-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.2.4-1","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1.2.4-1","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.2.4-1","repositories":{"sid":"5.0.0-2.1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-5086":{"scope":"local","description":"Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a connection is read-only, which allows local users to bypass intended access restrictions and perform administrative actions.","releases":{"buster":{"fixed_version":"0.4.6-10","repositories":{"buster":"5.0.0-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.4.6-10","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.4.6-10","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.4.6-10","repositories":{"sid":"5.0.0-2.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-1486":{"debianbug":623222,"scope":"remote","description":"libvirtd in libvirt before 0.9.0 does not use thread-safe error reporting, which allows remote attackers to cause a denial of service (crash) by causing multiple threads to report errors at the same time.","releases":{"buster":{"fixed_version":"0.9.0-1","repositories":{"buster":"5.0.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.9.0-1","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.9.0-1","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.9.0-1","repositories":{"sid":"5.0.0-2.1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2019-3840":{"scope":"remote","description":"A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service.","releases":{"buster":{"fixed_version":"5.0.0-1","repositories":{"buster":"5.0.0-2"},"urgency":"low**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"low**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"5.0.0-1","repositories":{"sid":"5.0.0-2.1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2013-4291":{"scope":"local","description":"The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1, when the domain has read an uid:gid label, does not properly set group memberships, which allows local users to gain privileges.","releases":{"buster":{"fixed_version":"1.1.2-2","repositories":{"buster":"5.0.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.1.2-2","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.1.2-2","repositories":{"sid":"5.0.0-2.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-2178":{"debianbug":629128,"scope":"local","description":"The virSecurityManagerGetPrivateData function in security/security_manager.c in libvirt 0.8.8 through 0.9.1 uses the wrong argument for a sizeof call, which causes incorrect processing of \"security manager private data\" that \"reopens disk probing\" and might allow guest OS users to read arbitrary files on the host OS.  NOTE: this vulnerability exists because of a CVE-2010-2238 regression.","releases":{"buster":{"fixed_version":"0.9.1-2","repositories":{"buster":"5.0.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.9.1-2","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.9.1-2","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.9.1-2","repositories":{"sid":"5.0.0-2.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-4292":{"debianbug":721325,"scope":"local","description":"libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of service (memory consumption) via a large number of domain migrate parameters in certain RPC calls in (1) daemon/remote.c and (2) remote/remote_driver.c.","releases":{"buster":{"fixed_version":"1.1.2~rc2-1","repositories":{"buster":"5.0.0-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.1.2~rc2-1","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.1.2~rc2-1","repositories":{"sid":"5.0.0-2.1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2014-8136":{"debianbug":773856,"scope":"local","description":"The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.","releases":{"buster":{"fixed_version":"1.2.9-7","repositories":{"buster":"5.0.0-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.2.9-7","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.2.9-7","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.2.9-7","repositories":{"sid":"5.0.0-2.1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2014-8135":{"debianbug":773855,"scope":"local","description":"The storageVolUpload function in storage/storage_driver.c in libvirt before 1.2.11 does not check a certain return value, which allows local users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted offset value in a \"virsh vol-upload\" command.","releases":{"buster":{"fixed_version":"1.2.9-7","repositories":{"buster":"5.0.0-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.2.9-7","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.2.9-7","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.2.9-7","repositories":{"sid":"5.0.0-2.1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2013-6436":{"scope":"local","description":"The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt 1.0.5 through 1.2.0 does not properly check the status of LXC guests when reading memory tunables, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) via a guest in the shutdown status, as demonstrated by the \"virsh memtune\" command.","releases":{"buster":{"fixed_version":"1.2.0-1","repositories":{"buster":"5.0.0-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.2.0-1","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.2.0-1","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.2.0-1","repositories":{"sid":"5.0.0-2.1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-12127":{"debianbug":929067,"releases":{"buster":{"repositories":{"buster":"5.0.0-2"},"urgency":"not yet assigned","status":"open"},"stretch":{"repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"not yet assigned","status":"open"},"jessie":{"repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"not yet assigned","status":"open"},"sid":{"fixed_version":"5.0.0-2.1","repositories":{"sid":"5.0.0-2.1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2014-8131":{"debianbug":773858,"scope":"remote","description":"The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via a request to access the users does not have privileges to access.","releases":{"buster":{"fixed_version":"1.2.9-7","repositories":{"buster":"5.0.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.2.9-7","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.2.9-7","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.2.9-7","repositories":{"sid":"5.0.0-2.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-0036":{"scope":"local","description":"Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy.c in libvirt_proxy 0.5.1 might allow local users to gain privileges by sending a portion of the header of a virProxyPacket packet, and then sending the remainder of the packet with crafted values in the header, related to use of uninitialized memory in a validation check.","releases":{"buster":{"fixed_version":"0.5.1-7","repositories":{"buster":"5.0.0-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0.5.1-7","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0.5.1-7","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0.5.1-7","repositories":{"sid":"5.0.0-2.1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-5008":{"scope":"remote","description":"libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server.","releases":{"buster":{"fixed_version":"2.0.0-1","repositories":{"buster":"5.0.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.0.0-1","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.2.9-9+deb8u3","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.0.0-1","repositories":{"sid":"5.0.0-2.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-12126":{"debianbug":929067,"releases":{"buster":{"repositories":{"buster":"5.0.0-2"},"urgency":"not yet assigned","status":"open"},"stretch":{"repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"not yet assigned","status":"open"},"jessie":{"repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"not yet assigned","status":"open"},"sid":{"fixed_version":"5.0.0-2.1","repositories":{"sid":"5.0.0-2.1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2012-3445":{"debianbug":683483,"scope":"remote","description":"The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of service (libvirtd crash) via an RPC command with nparams set to zero, which triggers an out-of-bounds read or a free of an invalid pointer.","releases":{"buster":{"fixed_version":"0.9.12-4","repositories":{"buster":"5.0.0-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"0.9.12-4","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"0.9.12-4","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"0.9.12-4","repositories":{"sid":"5.0.0-2.1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-1064":{"scope":"remote","description":"libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent.","releases":{"buster":{"fixed_version":"4.1.0-1","repositories":{"buster":"5.0.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.0.0-4+deb9u3","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.2.9-9+deb8u5","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.1.0-1","repositories":{"sid":"5.0.0-2.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-4600":{"scope":"remote","description":"The networkReloadIptablesRules function in network/bridge_driver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow remote attackers to bypass intended access restrictions via a (1) DNS or (2) DHCP query.","releases":{"buster":{"fixed_version":"0.9.9-1","repositories":{"buster":"5.0.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.9.9-1","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.9.9-1","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.9.9-1","repositories":{"sid":"5.0.0-2.1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-3633":{"debianbug":762203,"scope":"remote","description":"The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query, which triggers an out-of-bounds read.","releases":{"buster":{"fixed_version":"1.2.8-2","repositories":{"buster":"5.0.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.2.8-2","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.2.8-2","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.2.8-2","repositories":{"sid":"5.0.0-2.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-2242":{"scope":"local","description":"Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree.","releases":{"buster":{"fixed_version":"0.8.3-1","repositories":{"buster":"5.0.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.8.3-1","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.8.3-1","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.8.3-1","repositories":{"sid":"5.0.0-2.1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-5177":{"scope":"local","description":"libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virDomainDefineXML, (2) virNetworkCreateXML, (3) virNetworkDefineXML, (4) virStoragePoolCreateXML, (5) virStoragePoolDefineXML, (6) virStorageVolCreateXML, (7) virDomainCreateXML, (8) virNodeDeviceCreateXML, (9) virInterfaceDefineXML, (10) virStorageVolCreateXMLFrom, (11) virConnectDomainXMLFromNative, (12) virConnectDomainXMLToNative, (13) virSecretDefineXML, (14) virNWFilterDefineXML, (15) virDomainSnapshotCreateXML, (16) virDomainSaveImageDefineXML, (17) virDomainCreateXMLWithFiles, (18) virConnectCompareCPU, or (19) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue.  NOTE: this issue was SPLIT from CVE-2014-0179 per ADT3 due to different affected versions of some vectors.","releases":{"buster":{"fixed_version":"1.2.4-1","repositories":{"buster":"5.0.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.2.4-1","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.2.4-1","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.2.4-1","repositories":{"sid":"5.0.0-2.1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-7336":{"scope":"local","description":"The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) by causing domblkstat to be called at the same time as the qemuMonitorGetSpiceMigrationStatus function.","releases":{"buster":{"fixed_version":"1.1.4-1","repositories":{"buster":"5.0.0-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.1.4-1","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.1.4-1","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.1.4-1","repositories":{"sid":"5.0.0-2.1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-12130":{"debianbug":929067,"releases":{"buster":{"repositories":{"buster":"5.0.0-2"},"urgency":"not yet assigned","status":"open"},"stretch":{"repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"not yet assigned","status":"open"},"jessie":{"repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"not yet assigned","status":"open"},"sid":{"fixed_version":"5.0.0-2.1","repositories":{"sid":"5.0.0-2.1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-5748":{"debianbug":887700,"scope":"remote","description":"qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.","releases":{"buster":{"fixed_version":"4.0.0-1","repositories":{"buster":"5.0.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.0.0-4+deb9u2","repositories":{"stretch-security":"3.0.0-4+deb9u3","stretch":"3.0.0-4+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.2.9-9+deb8u5","repositories":{"jessie":"1.2.9-9+deb8u5","jessie-security":"1.2.9-9+deb8u6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.0.0-1","repositories":{"sid":"5.0.0-2.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-20820":{"debianbug":927925,"scope":"remote","description":"read_ujpg in jpgcoder.cc in Dropbox Lepton 1.2.1 allows attackers to cause a denial-of-service (application runtime crash because of an integer overflow) via a crafted file.","releases":{"sid":{"repositories":{"sid":"1.2.1+20170405-3"},"urgency":"medium**","status":"open"}}}}
{"CVE-2017-7448":{"debianbug":859714,"scope":"remote","description":"The allocate_channel_framebuffer function in uncompressed_components.hh in Dropbox Lepton 1.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed JPEG image.","releases":{"sid":{"fixed_version":"1.2.1-3","repositories":{"sid":"1.2.1+20170405-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-6238":{"debianbug":831814,"scope":"remote","description":"The write_ujpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause denial of service (out-of-bounds read) via a crafted jpeg file.","releases":{"sid":{"fixed_version":"1.2.1-1","repositories":{"sid":"1.2.1+20170405-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-12108":{"debianbug":905494,"scope":"remote","description":"An issue was discovered in Dropbox Lepton 1.2.1. The validateAndCompress function in validation.cc allows remote attackers to cause a denial of service (SIGFPE and application crash) via a malformed file.","releases":{"sid":{"repositories":{"sid":"1.2.1+20170405-3"},"urgency":"medium**","status":"open"}}}}
{"CVE-2016-6235":{"debianbug":831814,"scope":"remote","description":"The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (segmentation fault) via a crafted jpeg file.","releases":{"sid":{"fixed_version":"1.2.1-1","repositories":{"sid":"1.2.1+20170405-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-6234":{"debianbug":831814,"scope":"remote","description":"The process_file function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (crash) via a crafted jpeg file.","releases":{"sid":{"fixed_version":"1.2.1-1","repositories":{"sid":"1.2.1+20170405-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-6237":{"debianbug":831814,"scope":"remote","description":"The build_huffcodes function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause denial of service (out-of-bounds write) via a crafted jpeg file.","releases":{"sid":{"fixed_version":"1.2.1-1","repositories":{"sid":"1.2.1+20170405-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-6236":{"debianbug":831814,"scope":"remote","description":"The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg file.","releases":{"sid":{"fixed_version":"1.2.1-1","repositories":{"sid":"1.2.1+20170405-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-20819":{"scope":"remote","description":"io/ZlibCompression.cc in the decompression component in Dropbox Lepton 1.2.1 allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact by crafting a jpg image file. The root cause is a missing check of header payloads that may be (incorrectly) larger than the maximum file size.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"1.2.1+20170405-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-8891":{"debianbug":862446,"scope":"remote","description":"Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash) via a malformed lepton file because the code does not ensure setup of a correct number of threads.","releases":{"sid":{"fixed_version":"1.2.1+20170405-1","repositories":{"sid":"1.2.1+20170405-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-4664":{"releases":{"stretch":{"fixed_version":"0.4.2-1","repositories":{"stretch":"0.4.6-6"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.4.2-1","repositories":{"jessie":"0.4.6-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-9809":{"scope":"remote","description":"Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read.","releases":{"buster":{"fixed_version":"1.10.2-1","repositories":{"buster":"1.14.4-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.10.2-1","repositories":{"stretch":"1.10.4-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.4.4-2.1+deb8u2","repositories":{"jessie":"1.4.4-2.1+deb8u2","jessie-security":"1.4.4-2.1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.10.2-1","repositories":{"sid":"1.14.4-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9813":{"scope":"remote","description":"The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.","releases":{"buster":{"fixed_version":"1.10.2-1","repositories":{"buster":"1.14.4-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.10.2-1","repositories":{"stretch":"1.10.4-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.4.4-2.1+deb8u2","repositories":{"jessie":"1.4.4-2.1+deb8u2","jessie-security":"1.4.4-2.1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.10.2-1","repositories":{"sid":"1.14.4-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-9812":{"scope":"remote","description":"The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a too small section.","releases":{"buster":{"fixed_version":"1.10.2-1","repositories":{"buster":"1.14.4-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.10.2-1","repositories":{"stretch":"1.10.4-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.4.4-2.1+deb8u2","repositories":{"jessie":"1.4.4-2.1+deb8u2","jessie-security":"1.4.4-2.1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.10.2-1","repositories":{"sid":"1.14.4-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-5843":{"scope":"remote","description":"Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unref, (2) gst_tag_list_unref, and (3) gst_mxf_demux_update_essence_tracks functions in GStreamer before 1.10.3 allow remote attackers to cause a denial of service (crash) via vectors involving stream tags, as demonstrated by 02785736.mxf.","releases":{"buster":{"fixed_version":"1.10.3-1","repositories":{"buster":"1.14.4-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.10.3-1","repositories":{"stretch":"1.10.4-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.4.4-2.1+deb8u2","repositories":{"jessie":"1.4.4-2.1+deb8u2","jessie-security":"1.4.4-2.1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.10.3-1","repositories":{"sid":"1.14.4-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9446":{"scope":"remote","description":"The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.","releases":{"buster":{"fixed_version":"1.10.1-1","repositories":{"buster":"1.14.4-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.10.1-1","repositories":{"stretch":"1.10.4-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.4.4-2.1+deb8u1","repositories":{"jessie":"1.4.4-2.1+deb8u2","jessie-security":"1.4.4-2.1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.10.1-1","repositories":{"sid":"1.14.4-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9445":{"scope":"remote","description":"Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow.","releases":{"buster":{"fixed_version":"1.10.1-1","repositories":{"buster":"1.14.4-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.10.1-1","repositories":{"stretch":"1.10.4-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.4.4-2.1+deb8u1","repositories":{"jessie":"1.4.4-2.1+deb8u2","jessie-security":"1.4.4-2.1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.10.1-1","repositories":{"sid":"1.14.4-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5848":{"scope":"remote","description":"The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing.","releases":{"buster":{"fixed_version":"1.10.4-1","repositories":{"buster":"1.14.4-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.10.4-1","repositories":{"stretch":"1.10.4-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.4.4-2.1+deb8u2","repositories":{"jessie":"1.4.4-2.1+deb8u2","jessie-security":"1.4.4-2.1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.10.4-1","repositories":{"sid":"1.14.4-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-5141":{"debianbug":506350,"scope":"local","description":"flamethrower in flamethrower 0.1.8 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/multicast.tar.##### temporary file.","releases":{"buster":{"fixed_version":"0.1.8-2","repositories":{"buster":"0.1.8-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.1.8-2","repositories":{"stretch":"0.1.8-4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.1.8-2","repositories":{"jessie":"0.1.8-3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.1.8-2","repositories":{"sid":"0.1.8-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2002-1271":{"debianbug":168381,"scope":"remote","description":"The Mail::Mailer Perl module in the perl-MailTools package 1.47 and earlier uses mailx as the default mailer, which allows remote attackers to execute arbitrary commands by inserting them into the mail body, which is then processed by mailx.","releases":{"buster":{"fixed_version":"1.51","repositories":{"buster":"2.18-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.51","repositories":{"stretch":"2.18-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.51","repositories":{"jessie":"2.13-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.51","repositories":{"sid":"2.18-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2005-4791":{"debianbug":451548,"scope":"local","description":"Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) liferea or (2) banshee.","releases":{"stretch":{"fixed_version":"1.8.4-1","repositories":{"stretch":"1.8.9-4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.8.4-1","repositories":{"jessie":"1.8.9-4"},"urgency":"low","status":"resolved"}}}}
{"TEMP-0764814-3B6657":{"debianbug":764814,"releases":{"buster":{"fixed_version":"0.14.3702+dfsg-3","repositories":{"buster":"0.18~pre1+dfsg1-5"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"0.14.3702+dfsg-3","repositories":{"stretch":"0.16+dfsg2-3"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"0.14.3702+dfsg-3","repositories":{"jessie":"0.14.3702+dfsg-3"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"0.14.3702+dfsg-3","repositories":{"sid":"0.18.1+dfsg1-2"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2017-5899":{"debianbug":852934,"scope":"local","description":"Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a .. (dot dot) in the randstr argument.","releases":{"buster":{"fixed_version":"14.8.16-1","repositories":{"buster":"14.9.11-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"14.8.16-1","repositories":{"stretch":"14.8.16-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"14.8.16-1","repositories":{"sid":"14.9.11-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-20433":{"debianbug":917257,"scope":"remote","description":"c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization.","releases":{"buster":{"fixed_version":"0.9.1.2-10","repositories":{"buster":"0.9.1.2-10"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.9.1.2-9+deb9u1","repositories":{"stretch":"0.9.1.2-9+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.9.1.2-9+deb8u1","repositories":{"jessie":"0.9.1.2-9","jessie-security":"0.9.1.2-9+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.9.1.2-10","repositories":{"sid":"0.9.1.2-10"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2019-5427":{"debianbug":927936,"scope":"remote","description":"c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.","releases":{"buster":{"repositories":{"buster":"0.9.1.2-10"},"urgency":"low","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.9.1.2-9+deb9u1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.1.2-9","jessie-security":"0.9.1.2-9+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"0.9.1.2-10"},"urgency":"low","status":"open"}}}}
{"CVE-2017-14313":{"debianbug":874416,"scope":"remote","description":"The shibboleth_login_form function in shibboleth.php in the Shibboleth plugin before 1.8 for WordPress is prone to an XSS vulnerability due to improper use of add_query_arg().","releases":{"buster":{"fixed_version":"1.8-1","repositories":{"buster":"1.8-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.4-2+deb9u1","repositories":{"stretch-security":"1.4-2+deb9u1","stretch":"1.4-2+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.4-2+deb8u1","repositories":{"jessie":"1.4-2+deb8u1","jessie-security":"1.4-2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.8-1","repositories":{"sid":"1.8-1"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0000000-F9A459":{"releases":{"buster":{"fixed_version":"3.4.2~dfsg-3","repositories":{"buster":"5.2.3+dfsg-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"3.4.2~dfsg-3","repositories":{"stretch":"4.2.3+dfsg-1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.2.6~dfsg-1"},"urgency":"not yet assigned","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3.4.2~dfsg-3","repositories":{"sid":"5.2.3+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"TEMP-0000000-BD209F":{"releases":{"buster":{"fixed_version":"3.4.2~dfsg-3","repositories":{"buster":"5.2.3+dfsg-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"3.4.2~dfsg-3","repositories":{"stretch":"4.2.3+dfsg-1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.2.6~dfsg-1"},"urgency":"not yet assigned","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3.4.2~dfsg-3","repositories":{"sid":"5.2.3+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"TEMP-0000000-23C1BD":{"releases":{"buster":{"fixed_version":"3.4.2~dfsg-3","repositories":{"buster":"5.2.3+dfsg-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"3.4.2~dfsg-3","repositories":{"stretch":"4.2.3+dfsg-1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.2.6~dfsg-1"},"urgency":"not yet assigned","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3.4.2~dfsg-3","repositories":{"sid":"5.2.3+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2008-4974":{"debianbug":496384,"scope":"local","description":"rrdedit in netmrg 0.20 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/*.xml and (2) /tmp/*.backup temporary files.","releases":{"jessie":{"fixed_version":"0.20-2","repositories":{"jessie":"0.20-7"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-4215":{"scope":"local","description":"The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins 1.4.16 allows local users to gain privileges via a symlink attack on /tmp/ipxping/ipxping.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.2-6"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.2-3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.1.1-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.2-6"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-4703":{"scope":"local","description":"lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4701.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.2-6"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.2-3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.1.1-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.2-6"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-4702":{"scope":"local","description":"The check_icmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4701.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.2-6"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.2-3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.1.1-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.2-6"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-4701":{"scope":"local","description":"The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.2-6"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.2-3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.1.1-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.2-6"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-1768":{"debianbug":716937,"scope":"remote","description":"The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.","releases":{"buster":{"fixed_version":"2.2.2-1","repositories":{"buster":"2.4.2-6"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.2.2-1","repositories":{"stretch":"2.4.0-4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.2.2-1","repositories":{"jessie":"2.2.2-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.2.2-1","repositories":{"sid":"2.4.2-6"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-11521":{"debianbug":869404,"scope":"remote","description":"The SdpContents::Session::Medium::parse function in resip/stack/SdpContents.cxx in reSIProcate 1.10.2 allows remote attackers to cause a denial of service (memory consumption) by triggering many media connections.","releases":{"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1:1.11.0~beta1-3"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"1:1.9.7-5+deb8u1","repositories":{"jessie":"1:1.9.7-5","jessie-security":"1:1.9.7-5+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-9454":{"scope":"remote","description":"Buffer overflow in the ares_parse_a_reply function in the embedded ares library in ReSIProcate before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted DNS response.","releases":{"stretch":{"repositories":{"stretch":"1:1.11.0~beta1-3"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1:1.9.7-5","jessie-security":"1:1.9.7-5+deb8u1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2018-12584":{"debianbug":905495,"scope":"remote","description":"The ConnectionBase::preparseNewBytes function in resip/stack/ConnectionBase.cxx in reSIProcate through 1.10.2 allows remote attackers to cause a denial of service (buffer overflow) or possibly execute arbitrary code when TLS communication is enabled.","releases":{"stretch":{"repositories":{"stretch":"1:1.11.0~beta1-3"},"urgency":"high**","status":"open"},"jessie":{"fixed_version":"1:1.9.7-5+deb8u1","repositories":{"jessie":"1:1.9.7-5","jessie-security":"1:1.9.7-5+deb8u1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-3720":{"debianbug":551936,"scope":"remote","description":"The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.","releases":{"jessie":{"fixed_version":"3.16.0-1","repositories":{"jessie":"3.20.1+git20120521-5"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-3560":{"debianbug":560901,"scope":"remote","description":"The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.","releases":{"jessie":{"fixed_version":"3.16.0-1","repositories":{"jessie":"3.20.1+git20120521-5"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-8779":{"debianbug":861834,"scope":"remote","description":"rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.","releases":{"buster":{"fixed_version":"1.4.4-1","repositories":{"buster":"1.7.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.4.4-1","repositories":{"stretch":"1.4.4-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.4.4-1","repositories":{"sid":"1.7.1-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-1000487":{"scope":"remote","description":"Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings.","releases":{"buster":{"fixed_version":"3.0.22-1","repositories":{"buster":"3.1.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.0.22-1","repositories":{"stretch":"3.0.22-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.0.15-1+deb8u1","repositories":{"jessie":"3.0.15-1+deb8u1","jessie-security":"3.0.15-1+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.0.22-1","repositories":{"sid":"3.1.1-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-1152":{"debianbug":661548,"scope":"remote","description":"Multiple format string vulnerabilities in the error reporting functionality in the YAML::LibYAML (aka YAML-LibYAML and perl-YAML-LibYAML) module 0.38 for Perl allow remote attackers to cause a denial of service (process crash) via format string specifiers in a (1) YAML stream to the Load function, (2) YAML node to the load_node function, (3) YAML mapping to the load_mapping function, or (4) YAML sequence to the load_sequence function.","releases":{"buster":{"fixed_version":"0.38-2","repositories":{"buster":"0.76+repack-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.38-2","repositories":{"stretch":"0.63-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.38-2","repositories":{"jessie":"0.41-6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.38-2","repositories":{"sid":"0.76+repack-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-9130":{"debianbug":771365,"scope":"remote","description":"scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.","releases":{"buster":{"fixed_version":"0.41-6","repositories":{"buster":"0.76+repack-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.41-6","repositories":{"stretch":"0.63-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.41-6","repositories":{"jessie":"0.41-6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.41-6","repositories":{"sid":"0.76+repack-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-2525":{"debianbug":742732,"scope":"remote","description":"Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.","releases":{"buster":{"fixed_version":"0.41-5","repositories":{"buster":"0.76+repack-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.41-5","repositories":{"stretch":"0.63-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.41-5","repositories":{"jessie":"0.41-6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.41-5","repositories":{"sid":"0.76+repack-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-6393":{"debianbug":737076,"scope":"remote","description":"The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"0.41-4","repositories":{"buster":"0.76+repack-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.41-4","repositories":{"stretch":"0.63-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.41-4","repositories":{"jessie":"0.41-6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.41-4","repositories":{"sid":"0.76+repack-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-18367":{"debianbug":927981,"scope":"remote","description":"libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR multiple arguments rather than ANDing them. A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument.","releases":{"buster":{"repositories":{"buster":"0.9.0-1"},"urgency":"medium**","status":"open"},"stretch":{"repositories":{"stretch":"0.0~git20150813.0.1b506fc-2"},"urgency":"medium**","status":"open"},"sid":{"fixed_version":"0.9.0-2","repositories":{"sid":"0.9.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-0460":{"scope":"local","description":"The init script in kbd, possibly 1.14.1 and earlier, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/defkeymap.map.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.0.4-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.0.3-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.15.5-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.0.4-4"},"urgency":"unimportant","status":"resolved"}}}}
{"TEMP-0282583-19BE25":{"debianbug":282583,"releases":{"buster":{"fixed_version":"0.20080131-1","repositories":{"buster":"1.18~0+nmu2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0.20080131-1","repositories":{"stretch":"1.18~0+nmu2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0.20080131-1","repositories":{"jessie":"1.18~0+nmu2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0.20080131-1","repositories":{"sid":"1.18~0+nmu2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-4631":{"debianbug":440950,"scope":"local","description":"The DataLoader::doStart function in dataloader.cpp in QGit 1.5.6 and other versions up to 2pre1 allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on temporary files with predictable filenames.","releases":{"buster":{"fixed_version":"1.5.5-1.1","repositories":{"buster":"2.8-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.5.5-1.1","repositories":{"stretch":"2.6-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.5.5-1.1","repositories":{"jessie":"2.5-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.5.5-1.1","repositories":{"sid":"2.8-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-1770":{"debianbug":700158,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in views_view.php in Ganglia Web 3.5.7 allows remote attackers to inject arbitrary web script or HTML via the view_name parameter.","releases":{"buster":{"fixed_version":"3.6.0-1","repositories":{"buster":"3.6.0-7"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.6.0-1","repositories":{"stretch":"3.6.0-7"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3.6.0-1","repositories":{"jessie":"3.6.0-6"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"3.6.0-1","repositories":{"sid":"3.6.0-7"},"urgency":"low","status":"resolved"}}}}
{"TEMP-0567175-3A30A9":{"debianbug":567175,"releases":{"buster":{"fixed_version":"3.1.2-3","repositories":{"buster":"3.6.0-7"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.1.2-3","repositories":{"stretch":"3.6.0-7"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3.1.2-3","repositories":{"jessie":"3.6.0-6"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"3.1.2-3","repositories":{"sid":"3.6.0-7"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-0275":{"debianbug":700158,"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in Ganglia Web before 3.5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.","releases":{"buster":{"fixed_version":"3.6.0-1","repositories":{"buster":"3.6.0-7"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.6.0-1","repositories":{"stretch":"3.6.0-7"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3.6.0-1","repositories":{"jessie":"3.6.0-6"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"3.6.0-1","repositories":{"sid":"3.6.0-7"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-6816":{"debianbug":798213,"scope":"remote","description":"ganglia-web before 3.7.1 allows remote attackers to bypass authentication.","releases":{"buster":{"fixed_version":"3.6.0-1","repositories":{"buster":"3.6.0-7"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"3.6.0-1","repositories":{"stretch":"3.6.0-7"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"3.6.0-1","repositories":{"jessie":"3.6.0-6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"3.6.0-1","repositories":{"sid":"3.6.0-7"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-3448":{"debianbug":683584,"scope":"remote","description":"Unspecified vulnerability in Ganglia Web before 3.5.1 allows remote attackers to execute arbitrary PHP code via unknown attack vectors.","releases":{"buster":{"fixed_version":"3.3.8-1","repositories":{"buster":"3.6.0-7"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.3.8-1","repositories":{"stretch":"3.6.0-7"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.3.8-1","repositories":{"jessie":"3.6.0-6"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.3.8-1","repositories":{"sid":"3.6.0-7"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-6395":{"debianbug":730507,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in header.php in Ganglia Web 3.5.8 and 3.5.10 allows remote attackers to inject arbitrary web script or HTML via the host_regex parameter to the default URI, which is processed by get_context.php.","releases":{"buster":{"fixed_version":"3.6.0-1","repositories":{"buster":"3.6.0-7"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.6.0-1","repositories":{"stretch":"3.6.0-7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.6.0-1","repositories":{"jessie":"3.6.0-6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.6.0-1","repositories":{"sid":"3.6.0-7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-8501":{"scope":"remote","description":"The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable.","releases":{"buster":{"fixed_version":"5.2","repositories":{"buster":"8.3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"5.2","repositories":{"stretch":"7.4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"5.2","repositories":{"jessie":"5.2+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"5.2","repositories":{"sid":"8.3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-8484":{"scope":"remote","description":"The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a small S-record.","releases":{"buster":{"fixed_version":"5.2","repositories":{"buster":"8.3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"5.2","repositories":{"stretch":"7.4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"5.2","repositories":{"jessie":"5.2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"5.2","repositories":{"sid":"8.3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-8485":{"scope":"remote","description":"The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file.","releases":{"buster":{"fixed_version":"5.2","repositories":{"buster":"8.3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"5.2","repositories":{"stretch":"7.4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"5.2","repositories":{"jessie":"5.2+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"5.2","repositories":{"sid":"8.3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-8738":{"scope":"remote","description":"The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive.","releases":{"buster":{"fixed_version":"5.2","repositories":{"buster":"8.3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"5.2","repositories":{"stretch":"7.4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"5.2","repositories":{"jessie":"5.2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"5.2","repositories":{"sid":"8.3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-8737":{"scope":"local","description":"Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar.","releases":{"buster":{"fixed_version":"5.2","repositories":{"buster":"8.3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"5.2","repositories":{"stretch":"7.4"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"5.2","repositories":{"jessie":"5.2+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"5.2","repositories":{"sid":"8.3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2014-8503":{"scope":"remote","description":"Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted ihex file.","releases":{"buster":{"fixed_version":"5.2","repositories":{"buster":"8.3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"5.2","repositories":{"stretch":"7.4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"5.2","repositories":{"jessie":"5.2+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"5.2","repositories":{"sid":"8.3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-8502":{"scope":"remote","description":"Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file.","releases":{"buster":{"fixed_version":"5.2","repositories":{"buster":"8.3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"5.2","repositories":{"stretch":"7.4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"5.2","repositories":{"jessie":"5.2+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"5.2","repositories":{"sid":"8.3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-8504":{"scope":"remote","description":"Stack-based buffer overflow in the srec_scan function in bfd/srec.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted file.","releases":{"buster":{"fixed_version":"5.2","repositories":{"buster":"8.3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"5.2","repositories":{"stretch":"7.4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"5.2","repositories":{"jessie":"5.2+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"5.2","repositories":{"sid":"8.3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-4968":{"debianbug":496427,"scope":"local","description":"The (1) rccs and (2) STUFF scripts in lmbench 3.0-a7 allow local users to overwrite arbitrary files via a symlink attack on a /tmp/sdiff.##### temporary file.","releases":{"buster":{"fixed_version":"3.0-a9-1","repositories":{"buster":"3.0-a9+debian.1-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.0-a9-1","repositories":{"stretch":"3.0-a9-1.3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"3.0-a9-1","repositories":{"sid":"3.0-a9+debian.1-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-5152":{"scope":"local","description":"inmail-show in mh-book 200605 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/inmail#####.log or (2) /tmp/inmail#####.stdin temporary file.","releases":{"buster":{"repositories":{"buster":"200605-2"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"200605-2"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"200605-1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"200605-2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2012-4540":{"debianbug":692608,"scope":"remote","description":"Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.x before 1.4.1 allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly execute arbitrary code via a crafted webpage that triggers a heap-based buffer overflow, related to an error message and a \"triggering event attached to applet.\" NOTE: the 1.4.x versions were originally associated with CVE-2013-4349, but that entry has been MERGED with this one.","releases":{"buster":{"fixed_version":"1.3.1-1","repositories":{"buster":"1.7.2-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.3.1-1","repositories":{"stretch":"1.6.2-3.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.3.1-1","repositories":{"jessie":"1.5.3-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.3.1-1","repositories":{"sid":"1.7.2-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-2514":{"scope":"remote","description":"The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warning dialog box to represent a different filename than the file for which access will be granted.","releases":{"buster":{"fixed_version":"1.1-1","repositories":{"buster":"1.7.2-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.1-1","repositories":{"stretch":"1.6.2-3.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.1-1","repositories":{"jessie":"1.5.3-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.1-1","repositories":{"sid":"1.7.2-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-2513":{"scope":"remote","description":"The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader.","releases":{"buster":{"fixed_version":"1.1.2-1","repositories":{"buster":"1.7.2-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.1.2-1","repositories":{"stretch":"1.6.2-3.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.1.2-1","repositories":{"jessie":"1.5.3-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.1.2-1","repositories":{"sid":"1.7.2-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-3423":{"scope":"remote","description":"The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet.","releases":{"buster":{"fixed_version":"1.3-1","repositories":{"buster":"1.7.2-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.3-1","repositories":{"stretch":"1.6.2-3.1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.3-1","repositories":{"jessie":"1.5.3-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.3-1","repositories":{"sid":"1.7.2-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-3422":{"scope":"remote","description":"The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted web page, which causes an uninitialized memory location to be read.","releases":{"buster":{"fixed_version":"1.3-1","repositories":{"buster":"1.7.2-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.3-1","repositories":{"stretch":"1.6.2-3.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.3-1","repositories":{"jessie":"1.5.3-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.3-1","repositories":{"sid":"1.7.2-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-3377":{"scope":"remote","description":"The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a different sub-domain than the targeted domain.","releases":{"buster":{"fixed_version":"1.1.4-1","repositories":{"buster":"1.7.2-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.1.4-1","repositories":{"stretch":"1.6.2-3.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.1.4-1","repositories":{"jessie":"1.5.3-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.1.4-1","repositories":{"sid":"1.7.2-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-1927":{"scope":"remote","description":"The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka \"GIFAR.\"","releases":{"buster":{"fixed_version":"1.3.2-1","repositories":{"buster":"1.7.2-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.3.2-1","repositories":{"stretch":"1.6.2-3.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.3.2-1","repositories":{"jessie":"1.5.3-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.3.2-1","repositories":{"sid":"1.7.2-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-1926":{"scope":"remote","description":"The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet.","releases":{"buster":{"fixed_version":"1.3.2-1","repositories":{"buster":"1.7.2-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.3.2-1","repositories":{"stretch":"1.6.2-3.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.3.2-1","repositories":{"jessie":"1.5.3-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.3.2-1","repositories":{"sid":"1.7.2-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-6493":{"scope":"local","description":"The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp.","releases":{"buster":{"fixed_version":"1.4.2-1","repositories":{"buster":"1.7.2-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.4.2-1","repositories":{"stretch":"1.6.2-3.1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.4.2-1","repositories":{"jessie":"1.5.3-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.4.2-1","repositories":{"sid":"1.7.2-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-5234":{"debianbug":798467,"scope":"remote","description":"IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks.","releases":{"buster":{"fixed_version":"1.6.1-1","repositories":{"buster":"1.7.2-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.6.1-1","repositories":{"stretch":"1.6.2-3.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.5.3-1","repositories":{"jessie":"1.5.3-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.6.1-1","repositories":{"sid":"1.7.2-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-5235":{"debianbug":798467,"scope":"remote","description":"IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page.","releases":{"buster":{"fixed_version":"1.6.1-1","repositories":{"buster":"1.7.2-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.6.1-1","repositories":{"stretch":"1.6.2-3.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.5.3-1","repositories":{"jessie":"1.5.3-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.6.1-1","repositories":{"sid":"1.7.2-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-17527":{"scope":"remote","description":"** DISPUTED ** delphi_gui/WWWBrowserRunnerDM.pas in PasDoc 0.14 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer has indicated that the code referencing the BROWSER environment variable is never used.","releases":{"buster":{"fixed_version":"0.15.0-1","repositories":{"buster":"0.15.0-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"0.14.0-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"0.13.0-1"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"0.15.0-1","repositories":{"sid":"0.15.0-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-3178":{"debianbug":374085,"scope":"remote","description":"Directory traversal vulnerability in extract_chmLib example program in CHM Lib (chmlib) before 0.38 allows remote attackers to overwrite arbitrary files via a CHM archive containing files with a .. (dot dot) in their filename.","releases":{"buster":{"fixed_version":"0.38-1","repositories":{"buster":"2:0.40a-5"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.38-1","repositories":{"stretch":"2:0.40a-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.38-1","repositories":{"jessie":"2:0.40a-3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.38-1","repositories":{"sid":"2:0.40a-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2005-2930":{"debianbug":327431,"scope":"remote","description":"Stack-based buffer overflow in the _chm_find_in_PMGL function in chm_lib.c for chmlib before 0.36, as used in products such as KchmViewer, allows user-assisted attackers to execute arbitrary code via a CHM file containing a long element, a different vulnerability than CVE-2005-3318.","releases":{"buster":{"fixed_version":"0.36-1","repositories":{"buster":"2:0.40a-5"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"0.36-1","repositories":{"stretch":"2:0.40a-3"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"0.36-1","repositories":{"jessie":"2:0.40a-3"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"0.36-1","repositories":{"sid":"2:0.40a-5"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2007-0619":{"debianbug":408603,"scope":"remote","description":"chmlib before 0.39 allows user-assisted remote attackers to execute arbitrary code via a crafted page block length in a CHM file, which triggers memory corruption.","releases":{"buster":{"fixed_version":"2:0.39-1","repositories":{"buster":"2:0.40a-5"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2:0.39-1","repositories":{"stretch":"2:0.40a-3"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2:0.39-1","repositories":{"jessie":"2:0.40a-3"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2:0.39-1","repositories":{"sid":"2:0.40a-5"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2005-2659":{"scope":"remote","description":"Buffer overflow in the LZX decompression in CHM Lib (chmlib) 0.35, as used in products such as KchmViewer, has unknown impact and attack vectors.","releases":{"buster":{"fixed_version":"0.37-2","repositories":{"buster":"2:0.40a-5"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"0.37-2","repositories":{"stretch":"2:0.40a-3"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"0.37-2","repositories":{"jessie":"2:0.40a-3"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"0.37-2","repositories":{"sid":"2:0.40a-5"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2005-3318":{"debianbug":335931,"scope":"remote","description":"Buffer overflow in the _chm_decompress_block function in CHM lib (chmlib) before 0.37, as used in products such as KchmViewer, allows attackers to execute arbitrary code, a different vulnerability than CVE-2005-2930.","releases":{"buster":{"fixed_version":"0.37-1","repositories":{"buster":"2:0.40a-5"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"0.37-1","repositories":{"stretch":"2:0.40a-3"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"0.37-1","repositories":{"jessie":"2:0.40a-3"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"0.37-1","repositories":{"sid":"2:0.40a-5"},"urgency":"medium","status":"resolved"}}}}
{"TEMP-0274229-6E02C2":{"debianbug":274229,"releases":{"buster":{"fixed_version":"3.5.30","repositories":{"buster":"3.5.46"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"3.5.30","repositories":{"stretch":"3.5.43"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"3.5.30","repositories":{"jessie":"3.5.37"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"3.5.30","repositories":{"sid":"3.5.46"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-3620":{"scope":"local","description":"Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.","releases":{"buster":{"fixed_version":"3.20180703.1","repositories":{"buster":"3.20190514.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.20180703.1","repositories":{"stretch-security":"3.20190514.1~deb9u1","stretch":"3.20180807a.2~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.20180703.1","repositories":{"jessie":"3.20180425.1~deb8u1","jessie-security":"3.20190514.1~deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.20180703.1","repositories":{"sid":"3.20190514.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-3640":{"scope":"local","description":"Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.","releases":{"buster":{"fixed_version":"3.20180703.1","repositories":{"buster":"3.20190514.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.20180807a.1~deb9u1","repositories":{"stretch-security":"3.20190514.1~deb9u1","stretch":"3.20180807a.2~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.20180703.2~deb8u1","repositories":{"jessie":"3.20180425.1~deb8u1","jessie-security":"3.20190514.1~deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.20180703.1","repositories":{"sid":"3.20190514.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-12127":{"debianbug":929067,"releases":{"buster":{"fixed_version":"3.20190514.1","repositories":{"buster":"3.20190514.1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"3.20190514.1~deb9u1","repositories":{"stretch-security":"3.20190514.1~deb9u1","stretch":"3.20180807a.2~deb9u1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"3.20190514.1~deb8u1","repositories":{"jessie":"3.20180425.1~deb8u1","jessie-security":"3.20190514.1~deb8u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"3.20190514.1","repositories":{"sid":"3.20190514.1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-3639":{"scope":"local","description":"Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.","releases":{"buster":{"fixed_version":"3.20180703.1","repositories":{"buster":"3.20190514.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.20180807a.1~deb9u1","repositories":{"stretch-security":"3.20190514.1~deb9u1","stretch":"3.20180807a.2~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.20180703.2~deb8u1","repositories":{"jessie":"3.20180425.1~deb8u1","jessie-security":"3.20190514.1~deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.20180703.1","repositories":{"sid":"3.20190514.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-3615":{"scope":"local","description":"Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.","releases":{"buster":{"fixed_version":"3.20180703.1","repositories":{"buster":"3.20190514.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.20180703.1","repositories":{"stretch-security":"3.20190514.1~deb9u1","stretch":"3.20180807a.2~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.20180703.1","repositories":{"jessie":"3.20180425.1~deb8u1","jessie-security":"3.20190514.1~deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.20180703.1","repositories":{"sid":"3.20190514.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-12126":{"debianbug":929067,"releases":{"buster":{"fixed_version":"3.20190514.1","repositories":{"buster":"3.20190514.1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"3.20190514.1~deb9u1","repositories":{"stretch-security":"3.20190514.1~deb9u1","stretch":"3.20180807a.2~deb9u1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"3.20190514.1~deb8u1","repositories":{"jessie":"3.20180425.1~deb8u1","jessie-security":"3.20190514.1~deb8u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"3.20190514.1","repositories":{"sid":"3.20190514.1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-12130":{"debianbug":929067,"releases":{"buster":{"fixed_version":"3.20190514.1","repositories":{"buster":"3.20190514.1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"3.20190514.1~deb9u1","repositories":{"stretch-security":"3.20190514.1~deb9u1","stretch":"3.20180807a.2~deb9u1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"3.20190514.1~deb8u1","repositories":{"jessie":"3.20180425.1~deb8u1","jessie-security":"3.20190514.1~deb8u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"3.20190514.1","repositories":{"sid":"3.20190514.1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-3646":{"scope":"local","description":"Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.","releases":{"buster":{"fixed_version":"3.20180703.1","repositories":{"buster":"3.20190514.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.20180703.1","repositories":{"stretch-security":"3.20190514.1~deb9u1","stretch":"3.20180807a.2~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.20180703.1","repositories":{"jessie":"3.20180425.1~deb8u1","jessie-security":"3.20190514.1~deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.20180703.1","repositories":{"sid":"3.20190514.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-11091":{"debianbug":929067,"releases":{"buster":{"fixed_version":"3.20190514.1","repositories":{"buster":"3.20190514.1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"3.20190514.1~deb9u1","repositories":{"stretch-security":"3.20190514.1~deb9u1","stretch":"3.20180807a.2~deb9u1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"3.20190514.1~deb8u1","repositories":{"jessie":"3.20180425.1~deb8u1","jessie-security":"3.20190514.1~deb8u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"3.20190514.1","repositories":{"sid":"3.20190514.1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2017-5715":{"debianbug":886532,"scope":"local","description":"Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.","releases":{"buster":{"fixed_version":"3.20180425.1","repositories":{"buster":"3.20190514.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.20180425.1~deb9u1","repositories":{"stretch-security":"3.20190514.1~deb9u1","stretch":"3.20180807a.2~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.20180425.1~deb8u1","repositories":{"jessie":"3.20180425.1~deb8u1","jessie-security":"3.20190514.1~deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.20180425.1","repositories":{"sid":"3.20190514.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-0317":{"debianbug":513419,"scope":"local","description":"Untrusted search path vulnerability in the Python language bindings for Nautilus (nautilus-python) allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).","releases":{"buster":{"fixed_version":"0.4.3-3.2","repositories":{"buster":"1.2.2-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.4.3-3.2","repositories":{"stretch":"1.1-4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.4.3-3.2","repositories":{"jessie":"1.1-4"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.4.3-3.2","repositories":{"sid":"1.2.2-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-6687":{"debianbug":681591,"scope":"remote","description":"FastCGI (aka fcgi and libfcgi) 2.4.0 allows remote attackers to cause a denial of service (segmentation fault and crash) via a large number of connections.","releases":{"buster":{"fixed_version":"0.78-2","repositories":{"buster":"0.78-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.78-2","repositories":{"stretch":"0.78-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.77-1+deb8u1","repositories":{"jessie":"0.77-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.78-2","repositories":{"sid":"0.78-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-2766":{"debianbug":607479,"scope":"remote","description":"The FCGI (aka Fast CGI) module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers.","releases":{"buster":{"fixed_version":"0.73-2","repositories":{"buster":"0.78-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.73-2","repositories":{"stretch":"0.78-2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.73-2","repositories":{"jessie":"0.77-1+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.73-2","repositories":{"sid":"0.78-2"},"urgency":"high**","status":"resolved"}}}}
{"TEMP-0857546-8B0EB6":{"debianbug":857546,"releases":{"buster":{"fixed_version":"0.5.1-1","repositories":{"buster":"0.6.0-1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.4.4-2"},"urgency":"not yet assigned","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.5.1-1","repositories":{"sid":"0.6.0-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2017-5592":{"debianbug":854735,"scope":"remote","description":"An incorrect implementation of \"XEP-0280: Message Carbons\" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for profanity (0.4.7 - 0.5.0).","releases":{"buster":{"fixed_version":"0.5.1-1","repositories":{"buster":"0.6.0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.4.4-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0.5.1-1","repositories":{"sid":"0.6.0-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-11173":{"scope":"remote","description":"Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious example.net domain name, then example.com.example.net (as well as example.com-example.net) would be inadvertently allowed.","releases":{"buster":{"fixed_version":"0.4.1-1","repositories":{"buster":"1.0.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.4.0-1+deb9u1","repositories":{"stretch-security":"0.4.0-1+deb9u1","stretch":"0.4.0-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.2.9-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0.4.1-1","repositories":{"sid":"1.0.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-3979":{"scope":"remote","description":"A remote denial-of-service vulnerability exists in the way the Nouveau Display Driver (the default Ubuntu Nvidia display driver) handles GPU shader execution. A specially crafted pixel shader can cause remote denial-of-service issues. An attacker can provide a specially crafted website to trigger this vulnerability. This vulnerability can be triggered remotely after the user visits a malformed website. No further user interaction is required. Vulnerable versions include Ubuntu 18.04 LTS (linux 4.15.0-29-generic x86_64), Nouveau Display Driver NV117 (vermagic: 4.15.0-29-generic SMP mod_unload).","releases":{"buster":{"nodsa":"Minor issue","repositories":{"buster":"1:1.0.16-1"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1:1.0.13-3"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1:1.0.11-1"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"sid":{"repositories":{"sid":"1:1.0.16-1"},"urgency":"low","status":"open"}}}}
{"CVE-2011-4407":{"scope":"remote","description":"ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle (MITM) attackers to spoof GPG keys for a package repository.","releases":{"buster":{"fixed_version":"0.76.7debian2+nmu2","repositories":{"buster":"0.96.20.2-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.76.7debian2+nmu2","repositories":{"stretch":"0.96.20.2-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.76.7debian2+nmu2","repositories":{"jessie":"0.92.25debian1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.76.7debian2+nmu2","repositories":{"sid":"0.96.20.2-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-1061":{"scope":"local","description":"dbus/SoftwarePropertiesDBus.py in Software Properties 0.92.17 before 0.92.17.3, 0.92.9 before 0.92.9.3, and 0.82.7 before 0.82.7.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.","releases":{"buster":{"fixed_version":"0.92.18","repositories":{"buster":"0.96.20.2-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.92.18","repositories":{"stretch":"0.96.20.2-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.92.18","repositories":{"jessie":"0.92.25debian1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.92.18","repositories":{"sid":"0.96.20.2-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-17187":{"scope":"remote","description":"The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl(...)' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with options to configure this explicitly or select a certificate verification mode with or without hostname verification being performed. The latter hostname verifying mode was not implemented in Apache Qpid Proton-J versions 0.3 to 0.29.0, with attempts to use it resulting in an exception. This left only the option to verify the certificate is trusted, leaving such a client vulnerable to Man In The Middle (MITM) attack. Uses of the Proton-J protocol engine which do not utilise the optional transport TLS wrapper are not impacted, e.g. usage within Qpid JMS. Uses of Proton-J utilising the optional transport TLS wrapper layer that wish to enable hostname verification must be upgraded to version 0.30.0 or later and utilise the VerifyMode#VERIFY_PEER_NAME configuration, which is now the default for client mode usage unless configured otherwise.","releases":{"buster":{"fixed_version":"0.22.0-1","repositories":{"buster":"0.22.0-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"0.14.0-5"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"0.7-2"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"0.22.0-1","repositories":{"sid":"0.22.0-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-4467":{"scope":"remote","description":"The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when using the SChannel-based security layer, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.22.0-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"0.14.0-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.7-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.22.0-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-2166":{"scope":"remote","description":"The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.22.0-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"0.14.0-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.7-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.22.0-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-0223":{"scope":"remote","description":"While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic.","releases":{"buster":{"fixed_version":"0.22.0-1","repositories":{"buster":"0.22.0-3"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.14.0-5"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.7-2"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"0.22.0-1","repositories":{"sid":"0.22.0-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-4016":{"debianbug":567191,"scope":"remote","description":"Integer underflow in the clean_string function in irc_string.c in (1) IRCD-hybrid 7.2.2 and 7.2.3, (2) ircd-ratbox before 2.2.9, and (3) oftc-hybrid before 1.6.8, when flatten_links is disabled, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a LINKS command.","releases":{"jessie":{"fixed_version":"3.0.6.dfsg-1","repositories":{"jessie":"3.0.8.dfsg-3"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2015-5290":{"debianbug":805065,"releases":{"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.0.8.dfsg-3"},"urgency":"not yet assigned","nodsa_reason":"","status":"open"}}}}
{"TEMP-0000000-D0A7F0":{"releases":{"jessie":{"fixed_version":"3.0.6.dfsg-2","repositories":{"jessie":"3.0.8.dfsg-3"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2012-6084":{"debianbug":697092,"scope":"remote","description":"modules/m_capab.c in (1) ircd-ratbox before 3.0.8 and (2) Charybdis before 3.4.2 does not properly support capability negotiation during server handshakes, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed request.","releases":{"jessie":{"fixed_version":"3.0.7.dfsg-3","repositories":{"jessie":"3.0.8.dfsg-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-0300":{"debianbug":567191,"scope":"remote","description":"cache.c in ircd-ratbox before 2.2.9 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a HELP command.","releases":{"jessie":{"fixed_version":"3.0.6.dfsg-1","repositories":{"jessie":"3.0.8.dfsg-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-0277":{"debianbug":566775,"scope":"remote","description":"slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed MSNSLP INVITE request in an SLP message, a different issue than CVE-2010-0013.","releases":{"jessie":{"fixed_version":"2.2~rc3.hg396~dfsg1-6","repositories":{"jessie":"2.2.1+dfsg1-5.2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-0420":{"debianbug":572946,"scope":"remote","description":"libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user chat (MUC) room is used, does not properly parse nicknames containing <br> sequences, which allows remote attackers to cause a denial of service (application crash) via a crafted nickname.","releases":{"jessie":{"fixed_version":"2.2~rc3.hg396~dfsg1-6","repositories":{"jessie":"2.2.1+dfsg1-5.2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-4776":{"debianbug":503916,"scope":"remote","description":"libgadu before 1.8.2 allows remote servers to cause a denial of service (crash) via a contact description with a large length, which triggers a buffer over-read.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"2.2.1+dfsg1-5.2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-0423":{"debianbug":572946,"scope":"remote","description":"gtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to cause a denial of service (CPU consumption and application hang) by sending many smileys in a (1) IM or (2) chat.","releases":{"jessie":{"fixed_version":"2.2~rc3.hg396~dfsg1-6","repositories":{"jessie":"2.2.1+dfsg1-5.2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-6746":{"debianbug":706094,"scope":"remote","description":"telepathy-idle before 0.1.15 does not verify (1) that the issuer is a trusted CA, (2) that the server hostname matches a domain name in the subject's Common Name (CN), or (3) the expiration date of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.","releases":{"buster":{"fixed_version":"0.1.15-1","repositories":{"buster":"0.2.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.1.15-1","repositories":{"stretch":"0.2.0-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.1.15-1","repositories":{"jessie":"0.2.0-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.1.15-1","repositories":{"sid":"0.2.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-4435":{"debianbug":688151,"scope":"remote","description":"fwknop before 2.0.3 does not properly validate IP addresses, which allows remote authenticated users to cause a denial of service (server crash) via a long IP address.","releases":{"buster":{"fixed_version":"2.0.3-1","repositories":{"buster":"2.6.10-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.0.3-1","repositories":{"stretch":"2.6.9-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.0.3-1","repositories":{"jessie":"2.6.0-2.1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.0.3-1","repositories":{"sid":"2.6.10-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-4434":{"debianbug":688151,"releases":{"buster":{"fixed_version":"2.0.3-1","repositories":{"buster":"2.6.10-2"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"2.0.3-1","repositories":{"stretch":"2.6.9-1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"2.0.3-1","repositories":{"jessie":"2.6.0-2.1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"2.0.3-1","repositories":{"sid":"2.6.10-2"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2012-4436":{"debianbug":688151,"scope":"local","description":"Buffer overflow in the run_last_args function in client/fwknop.c in fwknop before 2.0.3, when processing --last, might allow local users to cause a denial of service (client crash) and possibly execute arbitrary code via many .fwknop.run arguments.","releases":{"buster":{"fixed_version":"2.0.3-1","repositories":{"buster":"2.6.10-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.0.3-1","repositories":{"stretch":"2.6.9-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.0.3-1","repositories":{"jessie":"2.6.0-2.1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.0.3-1","repositories":{"sid":"2.6.10-2"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0000000-3336BA":{"releases":{"buster":{"fixed_version":"1:3.2.0b6-1","repositories":{"buster":"1:3.2.0b6-18"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"1:3.2.0b6-1","repositories":{"stretch":"1:3.2.0b6-16"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"1:3.2.0b6-1","repositories":{"jessie":"1:3.2.0b6-12"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"1:3.2.0b6-1","repositories":{"sid":"1:3.2.0b6-18"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2007-6110":{"debianbug":453278,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6 allows remote attackers to inject arbitrary web script or HTML via the sort parameter.","releases":{"buster":{"fixed_version":"1:3.2.0b6-4","repositories":{"buster":"1:3.2.0b6-18"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:3.2.0b6-4","repositories":{"stretch":"1:3.2.0b6-16"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:3.2.0b6-4","repositories":{"jessie":"1:3.2.0b6-12"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:3.2.0b6-4","repositories":{"sid":"1:3.2.0b6-18"},"urgency":"low","status":"resolved"}}}}
{"CVE-2005-0085":{"debianbug":305996,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message.","releases":{"buster":{"fixed_version":"1:3.1.6-11","repositories":{"buster":"1:3.2.0b6-18"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:3.1.6-11","repositories":{"stretch":"1:3.2.0b6-16"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:3.1.6-11","repositories":{"jessie":"1:3.2.0b6-12"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:3.1.6-11","repositories":{"sid":"1:3.2.0b6-18"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-2320":{"debianbug":672989,"scope":"remote","description":"ConnMan before 0.85 does not ensure that netlink messages originate from the kernel, which allows remote attackers to bypass intended access restrictions and cause a denial of service via a crafted netlink message.","releases":{"buster":{"fixed_version":"1.0-1","repositories":{"buster":"1.36-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.0-1","repositories":{"stretch-security":"1.33-3+deb9u1","stretch":"1.33-3+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.0-1","repositories":{"jessie":"1.21-1.2+deb8u1","jessie-security":"1.21-1.2+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.0-1","repositories":{"sid":"1.36-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-2321":{"debianbug":672989,"scope":"remote","description":"The loopback plug-in in ConnMan before 0.85 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) host name or (2) domain name in a DHCP reply.","releases":{"buster":{"fixed_version":"1.0-1","repositories":{"buster":"1.36-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.0-1","repositories":{"stretch-security":"1.33-3+deb9u1","stretch":"1.33-3+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.0-1","repositories":{"jessie":"1.21-1.2+deb8u1","jessie-security":"1.21-1.2+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.0-1","repositories":{"sid":"1.36-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-2322":{"debianbug":672989,"scope":"remote","description":"Integer overflow in the dhcpv6_get_option function in gdhcp/client.c in ConnMan before 0.85 allows remote attackers to cause a denial of service (infinite loop and crash) via an invalid length value in a DHCP packet.","releases":{"buster":{"fixed_version":"1.0-1","repositories":{"buster":"1.36-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0-1","repositories":{"stretch-security":"1.33-3+deb9u1","stretch":"1.33-3+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0-1","repositories":{"jessie":"1.21-1.2+deb8u1","jessie-security":"1.21-1.2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0-1","repositories":{"sid":"1.36-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-6459":{"debianbug":697580,"scope":"remote","description":"ConnMan 1.3 on Tizen continues to list the bluetooth service after offline mode has been enabled, which might allow remote attackers to obtain sensitive information via Bluetooth packets.","releases":{"buster":{"fixed_version":"1.0-1.1","repositories":{"buster":"1.36-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0-1.1","repositories":{"stretch-security":"1.33-3+deb9u1","stretch":"1.33-3+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0-1.1","repositories":{"jessie":"1.21-1.2+deb8u1","jessie-security":"1.21-1.2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0-1.1","repositories":{"sid":"1.36-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-12865":{"debianbug":872844,"scope":"remote","description":"Stack-based buffer overflow in \"dnsproxy.c\" in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the \"name\" variable.","releases":{"buster":{"fixed_version":"1.35-1","repositories":{"buster":"1.36-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.33-3+deb9u1","repositories":{"stretch-security":"1.33-3+deb9u1","stretch":"1.33-3+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.21-1.2+deb8u1","repositories":{"jessie":"1.21-1.2+deb8u1","jessie-security":"1.21-1.2+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.35-1","repositories":{"sid":"1.36-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-15185":{"scope":"remote","description":"plugins/ogg.c in Libmp3splt 0.9.2 calls the libvorbis vorbis_block_clear function with uninitialized data upon detection of invalid input, which allows remote attackers to cause a denial of service (application crash) via a crafted file.","releases":{"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.9.2-0.1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.7.2-2.1"},"urgency":"medium**","nodsa_reason":"","status":"open"}}}}
{"CVE-2011-3193":{"debianbug":641738,"scope":"remote","description":"Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.","releases":{"buster":{"fixed_version":"1.28.3-1","repositories":{"buster":"1.42.4-6"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.28.3-1","repositories":{"stretch":"1.40.5-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.28.3-1","repositories":{"jessie":"1.36.8-3"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.28.3-1","repositories":{"sid":"1.42.4-6"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-15120":{"scope":"remote","description":"libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences.","releases":{"buster":{"fixed_version":"1.42.4-1","repositories":{"buster":"1.42.4-6"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.40.5-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.36.8-3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.42.4-1","repositories":{"sid":"1.42.4-6"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-0064":{"scope":"remote","description":"The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index.","releases":{"buster":{"fixed_version":"1.28.3-2~sid1","repositories":{"buster":"1.42.4-6"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.28.3-2~sid1","repositories":{"stretch":"1.40.5-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.28.3-2~sid1","repositories":{"jessie":"1.36.8-3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.28.3-2~sid1","repositories":{"sid":"1.42.4-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-0020":{"debianbug":610792,"scope":"remote","description":"Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.","releases":{"buster":{"fixed_version":"1.28.3-1+squeeze1","repositories":{"buster":"1.42.4-6"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.28.3-1+squeeze1","repositories":{"stretch":"1.40.5-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.28.3-1+squeeze1","repositories":{"jessie":"1.36.8-3"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.28.3-1+squeeze1","repositories":{"sid":"1.42.4-6"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-1194":{"debianbug":527474,"scope":"remote","description":"Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as demonstrated by a long document.location value in Firefox.","releases":{"buster":{"fixed_version":"1.24.0-2","repositories":{"buster":"1.42.4-6"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.24.0-2","repositories":{"stretch":"1.40.5-1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.24.0-2","repositories":{"jessie":"1.36.8-3"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.24.0-2","repositories":{"sid":"1.42.4-6"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2010-0421":{"debianbug":574021,"scope":"remote","description":"Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database.","releases":{"buster":{"fixed_version":"1.26.2-1","repositories":{"buster":"1.42.4-6"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.26.2-1","repositories":{"stretch":"1.40.5-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.26.2-1","repositories":{"jessie":"1.36.8-3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.26.2-1","repositories":{"sid":"1.42.4-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-16807":{"debianbug":908614,"scope":"remote","description":"In Bro through 2.5.5, there is a memory leak potentially leading to DoS in scripts/base/protocols/krb/main.bro in the Kerberos protocol parser.","releases":{"buster":{"nodsa":"Minor issue","repositories":{"buster":"2.5.5-1"},"urgency":"low","nodsa_reason":"","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.5-1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"2.5.5-1"},"urgency":"low","status":"open"}}}}
{"CVE-2017-1000458":{"scope":"remote","description":"Bro before Bro v2.5.2 is vulnerable to an out of bounds write in the ContentLine analyzer allowing remote attackers to cause a denial of service (crash) and possibly other exploitation.","releases":{"buster":{"fixed_version":"2.5.2-1","repositories":{"buster":"2.5.5-1"},"urgency":"high**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.5-1"},"urgency":"high**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.5.2-1","repositories":{"sid":"2.5.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-1522":{"scope":"remote","description":"analyzer/protocol/dnp3/DNP3.cc in Bro before 2.3.2 does not reject certain non-zero values of a packet length, which allows remote attackers to cause a denial of service (buffer overflow or buffer over-read) via a crafted DNP3 packet.","releases":{"buster":{"fixed_version":"2.3.2+dfsg-1","repositories":{"buster":"2.5.5-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.3.2+dfsg-1","repositories":{"stretch":"2.5-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.3.2+dfsg-1","repositories":{"sid":"2.5.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-17019":{"debianbug":908779,"scope":"remote","description":"In Bro through 2.5.5, there is a DoS in IRC protocol names command parsing in analyzer/protocol/irc/IRC.cc.","releases":{"buster":{"nodsa":"Minor issue","repositories":{"buster":"2.5.5-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.5-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"2.5.5-1"},"urgency":"medium**","status":"open"}}}}
{"CVE-2015-1521":{"scope":"remote","description":"analyzer/protocol/dnp3/DNP3.cc in Bro before 2.3.2 does not properly handle zero values of a packet length, which allows remote attackers to cause a denial of service (buffer overflow or buffer over-read if NDEBUG; otherwise assertion failure) via a crafted DNP3 packet.","releases":{"buster":{"fixed_version":"2.3.2+dfsg-1","repositories":{"buster":"2.5.5-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.3.2+dfsg-1","repositories":{"stretch":"2.5-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.3.2+dfsg-1","repositories":{"sid":"2.5.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-9244":{"scope":"remote","description":"Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with `mysql.escape()` which could lead to SQL Injection.","releases":{"buster":{"fixed_version":"2.0.0~alpha8-1","repositories":{"buster":"2.16.0-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.0.0~alpha8-1","repositories":{"stretch":"2.10.2-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.0.0~alpha8-1","repositories":{"jessie":"2.4.2-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.0.0~alpha8-1","repositories":{"sid":"2.16.0-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-20751":{"scope":"remote","description":"An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject()->GetDictionary().AddKey(PdfName(\"MediaBox\"),var) can be problematic due to the function GetObject() being called for the pPage NULL pointer object. The value of pPage at this point is 0x0, which causes a NULL pointer dereference.","releases":{"buster":{"fixed_version":"0.9.6+dfsg-4","repositories":{"buster":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.9.4-6"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.0-1.2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.9.6+dfsg-4","repositories":{"sid":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-20797":{"debianbug":923415,"scope":"remote","description":"An issue was discovered in PoDoFo 0.9.6. There is an attempted excessive memory allocation in PoDoFo::podofo_calloc in base/PdfMemoryManagement.cpp when called from PoDoFo::PdfPredictorDecoder::PdfPredictorDecoder in base/PdfFiltersPrivate.cpp.","releases":{"buster":{"nodsa":"Minor issue","repositories":{"buster":"0.9.6+dfsg-5"},"urgency":"low","nodsa_reason":"","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.9.4-6"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.0-1.2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"0.9.6+dfsg-5"},"urgency":"low","status":"open"}}}}
{"CVE-2018-5296":{"scope":"remote","description":"In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function (base/PdfParser.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.","releases":{"buster":{"fixed_version":"0.9.6+dfsg-3","repositories":{"buster":"0.9.6+dfsg-5"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.9.4-6"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.0-1.2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.9.6+dfsg-3","repositories":{"sid":"0.9.6+dfsg-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-5295":{"debianbug":889511,"scope":"remote","description":"In PoDoFo 0.9.5, there is an integer overflow in the PdfXRefStreamParserObject::ParseStream function (base/PdfXRefStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.","releases":{"buster":{"fixed_version":"0.9.5-9","repositories":{"buster":"0.9.6+dfsg-5"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.9.4-6"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.0-1.2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.9.5-9","repositories":{"sid":"0.9.6+dfsg-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2019-10723":{"debianbug":926667,"scope":"remote","description":"An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp has an attempted excessive memory allocation because nInitialSize is not validated.","releases":{"buster":{"repositories":{"buster":"0.9.6+dfsg-5"},"urgency":"medium**","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.9.4-6"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"clean exception quit/DoS, low popcon","repositories":{"jessie":"0.9.0-1.2"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"sid":{"repositories":{"sid":"0.9.6+dfsg-5"},"urgency":"medium**","status":"open"}}}}
{"CVE-2019-9687":{"debianbug":924430,"scope":"remote","description":"PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp.","releases":{"buster":{"fixed_version":"0.9.6+dfsg-5","repositories":{"buster":"0.9.6+dfsg-5"},"urgency":"high**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.9.4-6"},"urgency":"high**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.0-1.2"},"urgency":"high**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.9.6+dfsg-5","repositories":{"sid":"0.9.6+dfsg-5"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-8378":{"debianbug":861597,"scope":"remote","description":"Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors related to m_offsets.size.","releases":{"buster":{"fixed_version":"0.9.5-9","repositories":{"buster":"0.9.6+dfsg-5"},"urgency":"high**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.9.4-6"},"urgency":"high**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.0-1.2"},"urgency":"high**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.9.5-9","repositories":{"sid":"0.9.6+dfsg-5"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-5886":{"debianbug":854604,"scope":"remote","description":"Heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken function in PdfTokenizer.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.","releases":{"buster":{"fixed_version":"0.9.4-5","repositories":{"buster":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.9.4-5","repositories":{"stretch":"0.9.4-6"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.0-1.2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.9.4-5","repositories":{"sid":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-8001":{"debianbug":892556,"scope":"remote","description":"In PoDoFo 0.9.5, there exists a heap-based buffer over-read vulnerability in UnescapeName() in PdfName.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file.","releases":{"buster":{"fixed_version":"0.9.6+dfsg-3","repositories":{"buster":"0.9.6+dfsg-5"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.9.4-6"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.0-1.2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.9.6+dfsg-3","repositories":{"sid":"0.9.6+dfsg-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-8002":{"debianbug":892557,"scope":"remote","description":"In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfParserObject::ParseFileComplete() in PdfParserObject.cpp which may result in stack overflow. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file.","releases":{"buster":{"nodsa":"Minor issue","repositories":{"buster":"0.9.6+dfsg-5"},"urgency":"low","nodsa_reason":"","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.9.4-6"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.0-1.2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"0.9.6+dfsg-5"},"urgency":"low","status":"open"}}}}
{"CVE-2018-11254":{"debianbug":916585,"scope":"remote","description":"An issue was discovered in PoDoFo 0.9.5. There is an Excessive Recursion in the PdfPagesTree::GetPageNode() function of PdfPagesTree.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file, a related issue to CVE-2017-8054.","releases":{"buster":{"fixed_version":"0.9.6+dfsg-4","repositories":{"buster":"0.9.6+dfsg-5"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.9.4-6"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.0-1.2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.9.6+dfsg-4","repositories":{"sid":"0.9.6+dfsg-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-7381":{"debianbug":859329,"scope":"remote","description":"The doc/PdfPage.cpp:609:23 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.","releases":{"buster":{"fixed_version":"0.9.4-6","repositories":{"buster":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.9.4-6","repositories":{"stretch":"0.9.4-6"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.0-1.2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.9.4-6","repositories":{"sid":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8981":{"debianbug":854599,"scope":"remote","description":"Heap-based buffer overflow in the PdfParser::ReadXRefSubsection function in base/PdfParser.cpp in PoDoFo allows attackers to have unspecified impact via vectors related to m_offsets.size.","releases":{"buster":{"fixed_version":"0.9.4-1","repositories":{"buster":"0.9.6+dfsg-5"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.9.4-1","repositories":{"stretch":"0.9.4-6"},"urgency":"high**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.0-1.2"},"urgency":"high**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.9.4-1","repositories":{"sid":"0.9.6+dfsg-5"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-11255":{"debianbug":916584,"scope":"remote","description":"An issue was discovered in PoDoFo 0.9.5. The function PdfPage::GetPageNumber() in PdfPage.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.","releases":{"buster":{"repositories":{"buster":"0.9.6+dfsg-5"},"urgency":"low","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.9.4-6"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.0-1.2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"0.9.6+dfsg-5"},"urgency":"low","status":"open"}}}}
{"CVE-2017-7380":{"debianbug":859329,"scope":"remote","description":"The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.","releases":{"buster":{"fixed_version":"0.9.4-6","repositories":{"buster":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.9.4-6","repositories":{"stretch":"0.9.4-6"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.0-1.2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.9.4-6","repositories":{"sid":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-12982":{"debianbug":916581,"scope":"remote","description":"Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function in PdfVariant.h in PoDoFo 0.9.6-rc1 allows remote attackers to have denial-of-service impact via a crafted file.","releases":{"buster":{"fixed_version":"0.9.6+dfsg-4","repositories":{"buster":"0.9.6+dfsg-5"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.9.4-6"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.0-1.2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.9.6+dfsg-4","repositories":{"sid":"0.9.6+dfsg-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-11256":{"debianbug":916583,"scope":"remote","description":"An issue was discovered in PoDoFo 0.9.5. The function PdfDocument::Append() in PdfDocument.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.","releases":{"buster":{"fixed_version":"0.9.6+dfsg-4","repositories":{"buster":"0.9.6+dfsg-5"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.9.4-6"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.0-1.2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.9.6+dfsg-4","repositories":{"sid":"0.9.6+dfsg-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-12983":{"debianbug":916580,"scope":"remote","description":"A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via a crafted pdf file.","releases":{"buster":{"repositories":{"buster":"0.9.6+dfsg-5"},"urgency":"low","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.9.4-6"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.0-1.2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"0.9.6+dfsg-5"},"urgency":"low","status":"open"}}}}
{"CVE-2018-14320":{"debianbug":916240,"scope":"remote","description":"This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within PdfEncoding::ParseToUnicode. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5673.","releases":{"buster":{"fixed_version":"0.9.6+dfsg-4","repositories":{"buster":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.9.4-6"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.0-1.2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.9.6+dfsg-4","repositories":{"sid":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7383":{"debianbug":859329,"scope":"remote","description":"The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.","releases":{"buster":{"fixed_version":"0.9.4-6","repositories":{"buster":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.9.4-6","repositories":{"stretch":"0.9.4-6"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.0-1.2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.9.4-6","repositories":{"sid":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-8054":{"debianbug":860995,"scope":"remote","description":"The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted PDF document.","releases":{"buster":{"fixed_version":"0.9.5-9","repositories":{"buster":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.9.4-6"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.0-1.2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.9.5-9","repositories":{"sid":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7382":{"debianbug":859329,"scope":"remote","description":"The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.","releases":{"buster":{"fixed_version":"0.9.4-6","repositories":{"buster":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.9.4-6","repositories":{"stretch":"0.9.4-6"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.0-1.2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.9.4-6","repositories":{"sid":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-8053":{"debianbug":860994,"scope":"remote","description":"PoDoFo 0.9.5 allows denial of service (infinite recursion and stack consumption) via a crafted PDF file in PoDoFo::PdfParser::ReadDocumentStructure (PdfParser.cpp).","releases":{"buster":{"fixed_version":"0.9.6+dfsg-3","repositories":{"buster":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.9.4-6"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.0-1.2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.9.6+dfsg-3","repositories":{"sid":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-19532":{"debianbug":916085,"scope":"remote","description":"A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose. It allows an attacker to cause Denial of Service.","releases":{"buster":{"fixed_version":"0.9.6+dfsg-4","repositories":{"buster":"0.9.6+dfsg-5"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.9.4-6"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.0-1.2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.9.6+dfsg-4","repositories":{"sid":"0.9.6+dfsg-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2019-9199":{"debianbug":923469,"scope":"remote","description":"PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.","releases":{"buster":{"fixed_version":"0.9.6+dfsg-5","repositories":{"buster":"0.9.6+dfsg-5"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.9.4-6"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.0-1.2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.9.6+dfsg-5","repositories":{"sid":"0.9.6+dfsg-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-5783":{"debianbug":916142,"scope":"remote","description":"In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PoDoFo::PdfVecObjects::Reserve function (base/PdfVecObjects.h). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file.","releases":{"buster":{"fixed_version":"0.9.6+dfsg-4","repositories":{"buster":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.9.4-6"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.0-1.2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.9.6+dfsg-4","repositories":{"sid":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-6352":{"scope":"remote","description":"In PoDoFo 0.9.5, there is an Excessive Iteration in the PdfParser::ReadObjectsInternal function of base/PdfParser.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file.","releases":{"buster":{"fixed_version":"0.9.6+dfsg-3","repositories":{"buster":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.9.4-6"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.0-1.2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.9.6+dfsg-3","repositories":{"sid":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6846":{"debianbug":861563,"scope":"remote","description":"The GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace function in graphicsstack.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.","releases":{"buster":{"fixed_version":"0.9.5-9","repositories":{"buster":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.9.4-6"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.0-1.2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.9.5-9","repositories":{"sid":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6847":{"debianbug":861564,"scope":"remote","description":"The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.","releases":{"buster":{"fixed_version":"0.9.4-6","repositories":{"buster":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.9.4-6","repositories":{"stretch":"0.9.4-6"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.0-1.2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.9.4-6","repositories":{"sid":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5854":{"debianbug":854602,"scope":"remote","description":"base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.","releases":{"buster":{"fixed_version":"0.9.5-9","repositories":{"buster":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.9.4-6"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.0-1.2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.9.5-9","repositories":{"sid":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6844":{"debianbug":861561,"scope":"remote","description":"Buffer overflow in the PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.","releases":{"buster":{"fixed_version":"0.9.4-5","repositories":{"buster":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.9.4-5","repositories":{"stretch":"0.9.4-6"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.0-1.2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.9.4-5","repositories":{"sid":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5855":{"debianbug":854603,"scope":"remote","description":"The PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.","releases":{"buster":{"fixed_version":"0.9.4-6","repositories":{"buster":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.9.4-6","repositories":{"stretch":"0.9.4-6"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.0-1.2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.9.4-6","repositories":{"sid":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6845":{"debianbug":861562,"scope":"remote","description":"The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.","releases":{"buster":{"fixed_version":"0.9.5-9","repositories":{"buster":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.9.4-6"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.0-1.2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.9.5-9","repositories":{"sid":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6848":{"debianbug":861565,"scope":"remote","description":"The PoDoFo::PdfXObject::PdfXObject function in PdfXObject.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.","releases":{"buster":{"fixed_version":"0.9.4-6","repositories":{"buster":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","fixed_version":"0.9.4-6","repositories":{"stretch":"0.9.4-6"},"urgency":"medium**","nodsa_reason":"","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.0-1.2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.9.4-6","repositories":{"sid":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6849":{"debianbug":861566,"scope":"remote","description":"The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.","releases":{"buster":{"fixed_version":"0.9.5-9","repositories":{"buster":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.9.4-6"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.0-1.2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.9.5-9","repositories":{"sid":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7994":{"debianbug":860930,"scope":"remote","description":"The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.","releases":{"buster":{"fixed_version":"0.9.5-7","repositories":{"buster":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.9.4-6"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.0-1.2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.9.5-7","repositories":{"sid":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7378":{"debianbug":859330,"scope":"remote","description":"The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PDF document.","releases":{"buster":{"fixed_version":"0.9.4-6","repositories":{"buster":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.9.4-6","repositories":{"stretch":"0.9.4-6"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.0-1.2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.9.4-6","repositories":{"sid":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5852":{"debianbug":854600,"scope":"remote","description":"The PoDoFo::PdfPage::GetInheritedKeyFromObject function in base/PdfVariant.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted file.","releases":{"buster":{"fixed_version":"0.9.5-7","repositories":{"buster":"0.9.6+dfsg-5"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.9.4-6"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.0-1.2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.9.5-7","repositories":{"sid":"0.9.6+dfsg-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-6842":{"debianbug":861559,"scope":"remote","description":"The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.","releases":{"buster":{"fixed_version":"0.9.4-6","repositories":{"buster":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.9.4-6","repositories":{"stretch":"0.9.4-6"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.0-1.2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.9.4-6","repositories":{"sid":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-15889":{"debianbug":916167,"scope":"remote","description":"In podofo 0.9.6, the function PoDoFo::PdfParser::ReadObjects() in base/PdfParser.cpp can cause the program to be aborted, because PoDoFo::PdfVecObjects::Reserve() in base/PdfVecObjects.h can be called with a large size value. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.","releases":{"buster":{"repositories":{"buster":"0.9.6+dfsg-5"},"urgency":"low","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.9.4-6"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.0-1.2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"0.9.6+dfsg-5"},"urgency":"low","status":"open"}}}}
{"CVE-2017-5853":{"debianbug":854601,"scope":"remote","description":"Integer overflow in base/PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.","releases":{"buster":{"fixed_version":"0.9.4-5","repositories":{"buster":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.9.4-5","repositories":{"stretch":"0.9.4-6"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.0-1.2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.9.4-5","repositories":{"sid":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6843":{"debianbug":861560,"scope":"remote","description":"Heap-based buffer overflow in the PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.","releases":{"buster":{"fixed_version":"0.9.4-6","repositories":{"buster":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.9.4-6","repositories":{"stretch":"0.9.4-6"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.0-1.2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.9.4-6","repositories":{"sid":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6840":{"debianbug":861557,"scope":"remote","description":"The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (invalid read) via a crafted file.","releases":{"buster":{"fixed_version":"0.9.4-6","repositories":{"buster":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.9.4-6","repositories":{"stretch":"0.9.4-6"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.0-1.2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.9.4-6","repositories":{"sid":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-8787":{"debianbug":861738,"scope":"remote","description":"The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in base/PdfXRefStreamParserObject.cpp:224 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted PDF file.","releases":{"buster":{"fixed_version":"0.9.5-7","repositories":{"buster":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.9.4-6"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.0-1.2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.9.5-7","repositories":{"sid":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7379":{"debianbug":859331,"scope":"remote","description":"The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in PdfEncoding.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PDF document.","releases":{"buster":{"fixed_version":"0.9.4-5","repositories":{"buster":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.9.4-5","repositories":{"stretch":"0.9.4-6"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.0-1.2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.9.4-5","repositories":{"sid":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6841":{"debianbug":861558,"scope":"remote","description":"The GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement function in graphicsstack.h in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.","releases":{"buster":{"fixed_version":"0.9.5-9","repositories":{"buster":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.9.4-6"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.0-1.2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.9.5-9","repositories":{"sid":"0.9.6+dfsg-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-5309":{"scope":"remote","description":"In PoDoFo 0.9.5, there is an integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function (base/PdfObjectStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.","releases":{"buster":{"fixed_version":"0.9.6+dfsg-3","repositories":{"buster":"0.9.6+dfsg-5"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.9.4-6"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.0-1.2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.9.6+dfsg-3","repositories":{"sid":"0.9.6+dfsg-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-5308":{"debianbug":854602,"scope":"remote","description":"PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function (base/PdfOutputStream.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file.","releases":{"buster":{"fixed_version":"0.9.5-9","repositories":{"buster":"0.9.6+dfsg-5"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.9.4-6"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.0-1.2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.9.5-9","repositories":{"sid":"0.9.6+dfsg-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-18187":{"scope":"remote","description":"In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity() function in library/ssl_srv.c.","releases":{"jessie":{"fixed_version":"1.3.9-2.1+deb8u3","repositories":{"jessie":"1.3.9-2.1+deb8u3","jessie-security":"1.3.9-2.1+deb8u4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-7129":{"debianbug":543150,"scope":"remote","description":"XySSL before 0.9 allows remote attackers to cause a denial of service (infinite loop) via an X.509 certificate that does not pass the RSA signature check during verification.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1.3.9-2.1+deb8u3","jessie-security":"1.3.9-2.1+deb8u4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-7128":{"debianbug":543150,"scope":"remote","description":"The ssl_parse_client_key_exchange function in XySSL before 0.9 does not protect against certain Bleichenbacher attacks using chosen ciphertext, which allows remote attackers to recover keys via unspecified vectors.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1.3.9-2.1+deb8u3","jessie-security":"1.3.9-2.1+deb8u4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-1923":{"debianbug":616114,"scope":"remote","description":"The Diffie-Hellman key-exchange implementation in dhm.c in PolarSSL before 0.14.2 does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-5095.","releases":{"jessie":{"fixed_version":"0.14.3-1","repositories":{"jessie":"1.3.9-2.1+deb8u3","jessie-security":"1.3.9-2.1+deb8u4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-3566":{"debianbug":765539,"scope":"remote","description":"The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the \"POODLE\" issue.","releases":{"jessie":{"fixed_version":"1.3.9-2","repositories":{"jessie":"1.3.9-2.1+deb8u3","jessie-security":"1.3.9-2.1+deb8u4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-3389":{"debianbug":645881,"scope":"remote","description":"The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.","releases":{"jessie":{"repositories":{"jessie":"1.3.9-2.1+deb8u3","jessie-security":"1.3.9-2.1+deb8u4"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2014-4911":{"debianbug":754655,"scope":"remote","description":"The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11 and 1.3.x before 1.3.8 allows remote attackers to cause a denial of service (crash) via vectors related to the GCM ciphersuites, as demonstrated using the Codenomicon Defensics toolkit.","releases":{"jessie":{"fixed_version":"1.3.7-2.1","repositories":{"jessie":"1.3.9-2.1+deb8u3","jessie-security":"1.3.9-2.1+deb8u4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-1000520":{"scope":"remote","description":"ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed Certificates vulnerability in mbedtls_ssl_get_verify_result() that can result in ECDSA-signed certificates are accepted, when only RSA-signed ones should be.. This attack appear to be exploitable via Peers negotiate a TLS-ECDH-RSA-* ciphersuite. Any of the peers can then provide an ECDSA-signed certificate, when only an RSA-signed one should be accepted..","releases":{"jessie":{"repositories":{"jessie":"1.3.9-2.1+deb8u3","jessie-security":"1.3.9-2.1+deb8u4"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2014-9744":{"scope":"remote","description":"Memory leak in PolarSSL before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of ClientHello messages.  NOTE: this identifier was SPLIT from CVE-2014-8628 per ADT3 due to different affected versions.","releases":{"jessie":{"fixed_version":"1.3.9-1","repositories":{"jessie":"1.3.9-2.1+deb8u3","jessie-security":"1.3.9-2.1+deb8u4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-1621":{"debianbug":699887,"scope":"remote","description":"Array index error in the SSL module in PolarSSL before 1.2.5 might allow remote attackers to cause a denial of service via vectors involving a crafted padding-length value during validation of CBC padding in a TLS session, a different vulnerability than CVE-2013-0169.","releases":{"jessie":{"fixed_version":"1.1.4-2","repositories":{"jessie":"1.3.9-2.1+deb8u3","jessie-security":"1.3.9-2.1+deb8u4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-5291":{"debianbug":801413,"scope":"remote","description":"Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message.  NOTE: this identifier has been SPLIT per ADT3 due to different affected version ranges. See CVE-2015-8036 for the session ticket issue that was introduced in 1.3.0.","releases":{"jessie":{"fixed_version":"1.3.9-2.1+deb8u1","repositories":{"jessie":"1.3.9-2.1+deb8u3","jessie-security":"1.3.9-2.1+deb8u4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-0487":{"debianbug":890288,"scope":"remote","description":"ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session.","releases":{"jessie":{"fixed_version":"1.3.9-2.1+deb8u3","repositories":{"jessie":"1.3.9-2.1+deb8u3","jessie-security":"1.3.9-2.1+deb8u4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-0488":{"debianbug":890287,"scope":"remote","description":"ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session.","releases":{"jessie":{"fixed_version":"1.3.9-2.1+deb8u3","repositories":{"jessie":"1.3.9-2.1+deb8u3","jessie-security":"1.3.9-2.1+deb8u4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-0497":{"debianbug":904821,"scope":"remote","description":"ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery (for a CBC based ciphersuite) via a timing-based side-channel attack. This vulnerability exists because of an incorrect fix (with a wrong SHA-384 calculation) for CVE-2013-0169.","releases":{"jessie":{"fixed_version":"1.3.9-2.1+deb8u4","repositories":{"jessie":"1.3.9-2.1+deb8u3","jessie-security":"1.3.9-2.1+deb8u4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-1182":{"debianbug":775776,"scope":"remote","description":"The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ASN.1 sequence in a certificate.","releases":{"jessie":{"fixed_version":"1.3.9-2.1","repositories":{"jessie":"1.3.9-2.1+deb8u3","jessie-security":"1.3.9-2.1+deb8u4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-8628":{"scope":"remote","description":"Memory leak in PolarSSL before 1.2.12 and 1.3.x before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted X.509 certificates.  NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2014-9744 for the ClientHello message issue.","releases":{"jessie":{"fixed_version":"1.3.9-1","repositories":{"jessie":"1.3.9-2.1+deb8u3","jessie-security":"1.3.9-2.1+deb8u4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-14032":{"debianbug":873557,"scope":"remote","description":"ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped with the PolarSSL name are not affected.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1.3.9-2.1+deb8u3","jessie-security":"1.3.9-2.1+deb8u4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-8627":{"scope":"remote","description":"PolarSSL 1.3.8 does not properly negotiate the signature algorithm to use, which allows remote attackers to conduct downgrade attacks via unspecified vectors.","releases":{"jessie":{"fixed_version":"1.3.9-1","repositories":{"jessie":"1.3.9-2.1+deb8u3","jessie-security":"1.3.9-2.1+deb8u4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-3555":{"debianbug":704946,"scope":"remote","description":"The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue.","releases":{"jessie":{"fixed_version":"1.2.0-1","repositories":{"jessie":"1.3.9-2.1+deb8u3","jessie-security":"1.3.9-2.1+deb8u4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-0169":{"debianbug":699885,"scope":"remote","description":"The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the \"Lucky Thirteen\" issue.","releases":{"jessie":{"fixed_version":"1.1.4-2","repositories":{"jessie":"1.3.9-2.1+deb8u3","jessie-security":"1.3.9-2.1+deb8u4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2013-4623":{"debianbug":719954,"scope":"remote","description":"The x509parse_crt function in x509.h in PolarSSL 1.1.x before 1.1.7 and 1.2.x before 1.2.8 does not properly parse certificate messages during the SSL/TLS handshake, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certificate message that contains a PEM encoded certificate.","releases":{"jessie":{"fixed_version":"1.2.8-1","repositories":{"jessie":"1.3.9-2.1+deb8u3","jessie-security":"1.3.9-2.1+deb8u4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-19608":{"debianbug":915796,"scope":"local","description":"Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites.","releases":{"jessie":{"repositories":{"jessie":"1.3.9-2.1+deb8u3","jessie-security":"1.3.9-2.1+deb8u4"},"urgency":"low**","status":"open"}}}}
{"CVE-2017-2784":{"debianbug":857560,"scope":"remote","description":"An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order to exploit this vulnerability, an attacker can act as either a client or a server on a network to deliver malicious x509 certificates to vulnerable applications.","releases":{"jessie":{"fixed_version":"1.3.9-2.1+deb8u2","repositories":{"jessie":"1.3.9-2.1+deb8u3","jessie-security":"1.3.9-2.1+deb8u4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8036":{"scope":"remote","description":"Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long session ticket name to the session ticket extension, which is not properly handled when creating a ClientHello message to resume a session.  NOTE: this identifier was SPLIT from CVE-2015-5291 per ADT3 due to different affected version ranges.","releases":{"jessie":{"fixed_version":"1.3.9-2.1+deb8u1","repositories":{"jessie":"1.3.9-2.1+deb8u3","jessie-security":"1.3.9-2.1+deb8u4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-5915":{"debianbug":725359,"scope":"remote","description":"The RSA-CRT implementation in PolarSSL before 1.2.9 does not properly perform Montgomery multiplication, which might allow remote attackers to conduct a timing side-channel attack and retrieve RSA private keys.","releases":{"jessie":{"fixed_version":"1.3.1-1","repositories":{"jessie":"1.3.9-2.1+deb8u3","jessie-security":"1.3.9-2.1+deb8u4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-0498":{"debianbug":904821,"scope":"local","description":"ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery (for a CBC based ciphersuite) via a cache-based side-channel attack.","releases":{"jessie":{"fixed_version":"1.3.9-2.1+deb8u4","repositories":{"jessie":"1.3.9-2.1+deb8u3","jessie-security":"1.3.9-2.1+deb8u4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-9988":{"scope":"remote","description":"ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input.","releases":{"jessie":{"fixed_version":"1.3.9-2.1+deb8u4","repositories":{"jessie":"1.3.9-2.1+deb8u3","jessie-security":"1.3.9-2.1+deb8u4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-5914":{"debianbug":725359,"scope":"remote","description":"Buffer overflow in the ssl_read_record function in ssl_tls.c in PolarSSL before 1.1.8, when using TLS 1.1, might allow remote attackers to execute arbitrary code via a long packet.","releases":{"jessie":{"fixed_version":"1.2.0-1","repositories":{"jessie":"1.3.9-2.1+deb8u3","jessie-security":"1.3.9-2.1+deb8u4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-2130":{"releases":{"jessie":{"fixed_version":"1.1.2-1","repositories":{"jessie":"1.3.9-2.1+deb8u3","jessie-security":"1.3.9-2.1+deb8u4"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-9989":{"scope":"remote","description":"ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input.","releases":{"jessie":{"fixed_version":"1.3.9-2.1+deb8u4","repositories":{"jessie":"1.3.9-2.1+deb8u3","jessie-security":"1.3.9-2.1+deb8u4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-0697":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 might allow remote attackers to inject arbitrary web script or HTML via a filename associated with a file upload.","releases":{"buster":{"fixed_version":"1.2.5-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.2.5-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.2.5-1","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.2.5-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-0698":{"scope":"remote","description":"Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / (slash) character in a key in a session cookie, related to session replays.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:1.11.20-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:1.11.20-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-0404":{"debianbug":407786,"scope":"remote","description":"bin/compile-messages.py in Django 0.95 does not quote argument strings before invoking the msgfmt program through the os.system function, which allows attackers to execute arbitrary commands via shell metacharacters in a (1) .po or (2) .mo file.","releases":{"buster":{"fixed_version":"0.95.1-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.95.1-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.95.1-1","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.95.1-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-0405":{"debianbug":407786,"scope":"remote","description":"The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user.","releases":{"buster":{"fixed_version":"0.95.1-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.95.1-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.95.1-1","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.95.1-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-0473":{"scope":"remote","description":"The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users.","releases":{"buster":{"fixed_version":"1.6.3-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.6.3-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.6.3-1","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.6.3-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-4136":{"debianbug":641405,"scope":"remote","description":"django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that session's identifier.","releases":{"buster":{"fixed_version":"1.3.1-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.3.1-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.3.1-1","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.3.1-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-0472":{"scope":"remote","description":"The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a \"dotted Python path.\"","releases":{"buster":{"fixed_version":"1.6.3-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.6.3-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.6.3-1","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.6.3-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-6975":{"debianbug":922027,"scope":"remote","description":"Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function.","releases":{"buster":{"fixed_version":"1:1.11.20-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"low","nodsa_reason":"postponed","status":"open"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:1.11.20-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-4137":{"debianbug":641405,"scope":"remote","description":"The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service (resource consumption) via a URL associated with (1) a slow response, (2) a completed TCP connection with no application data sent, or (3) a large amount of application data, a related issue to CVE-2011-1521.","releases":{"buster":{"fixed_version":"1.3.1-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.3.1-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.3.1-1","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.3.1-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-4138":{"debianbug":641405,"scope":"remote","description":"The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 originally tests a URL's validity through a HEAD request, but then uses a GET request for the new target URL in the case of a redirect, which might allow remote attackers to trigger arbitrary GET requests with an unintended source IP address via a crafted Location header.","releases":{"buster":{"fixed_version":"1.3.1-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.3.1-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.3.1-1","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.3.1-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-3082":{"debianbug":596205,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via a csrfmiddlewaretoken (aka csrf_token) cookie.","releases":{"buster":{"fixed_version":"1.2.3-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.2.3-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.2.3-1","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.2.3-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-0474":{"scope":"remote","description":"The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, related to \"MySQL typecasting.\"","releases":{"buster":{"fixed_version":"1.6.3-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.6.3-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.6.3-1","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.6.3-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-7401":{"scope":"remote","description":"The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies.","releases":{"buster":{"fixed_version":"1:1.10-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:1.10-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.7.11-1+deb8u1","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.10-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-4139":{"debianbug":641405,"scope":"remote","description":"Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote attackers to conduct cache poisoning attacks via a crafted request.","releases":{"buster":{"fixed_version":"1.3.1-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.3.1-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.3.1-1","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.3.1-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-0696":{"scope":"remote","description":"Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged AJAX requests that leverage a \"combination of browser plugins and redirects,\" a related issue to CVE-2011-0447.","releases":{"buster":{"fixed_version":"1.2.5-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.2.5-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.2.5-1","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.2.5-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2513":{"debianbug":816434,"scope":"remote","description":"The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests.","releases":{"buster":{"fixed_version":"1.9.4-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.9.4-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.7.7-1+deb8u4","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.9.4-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2010-4534":{"scope":"remote","description":"The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not properly restrict use of the query string to perform certain object filtering, which allows remote authenticated users to obtain sensitive information via a series of requests containing regular expressions, as demonstrated by a created_by__password__regex parameter.","releases":{"buster":{"fixed_version":"1.2.4-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.2.4-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.2.4-1","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.2.4-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-1443":{"debianbug":723043,"scope":"remote","description":"The authentication framework (django.contrib.auth) in Django 1.4.x before 1.4.8, 1.5.x before 1.5.4, and 1.6.x before 1.6 beta 4 allows remote attackers to cause a denial of service (CPU consumption) via a long password which is then hashed.","releases":{"buster":{"fixed_version":"1.5.4-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.5.4-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.5.4-1","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.5.4-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-4315":{"debianbug":722605,"scope":"remote","description":"Directory traversal vulnerability in Django 1.4.x before 1.4.7, 1.5.x before 1.5.3, and 1.6.x before 1.6 beta 3 allows remote attackers to read arbitrary files via a file path in the ALLOWED_INCLUDE_ROOTS setting followed by a .. (dot dot) in a ssi template tag.","releases":{"buster":{"fixed_version":"1.5.3-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.5.3-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.5.3-1","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.5.3-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2512":{"debianbug":816434,"scope":"remote","description":"The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authentication, as demonstrated by http://mysite.example.com\\@attacker.com.","releases":{"buster":{"fixed_version":"1.9.4-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.9.4-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.7.7-1+deb8u4","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.9.4-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-16984":{"scope":"remote","description":"An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. The read-only password widget used by the Django Admin to display an obfuscated password hash was bypassed if a user has only the \"view\" permission (new in Django 2.1), resulting in display of the entire password hash to those users. This may result in a vulnerability for sites with legacy user accounts using insecure hashes.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:1.11.20-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:1.11.20-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-7536":{"scope":"remote","description":"An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.","releases":{"buster":{"fixed_version":"1:1.11.11-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.10.7-2+deb9u1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.7.11-1+deb8u3","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.11.11-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-7537":{"scope":"remote","description":"An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.","releases":{"buster":{"fixed_version":"1:1.11.11-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.10.7-2+deb9u1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.7.11-1+deb8u3","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.11.11-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-4535":{"scope":"remote","description":"The password reset functionality in django.contrib.auth in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not validate the length of a string representing a base36 timestamp, which allows remote attackers to cause a denial of service (resource consumption) via a URL that specifies a large base36 integer.","releases":{"buster":{"fixed_version":"1.2.4-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.2.4-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.2.4-1","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.2.4-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-5963":{"debianbug":796104,"scope":"remote","description":"contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record.","releases":{"buster":{"fixed_version":"1.7.10-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.7.10-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.7.7-1+deb8u2","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.7.10-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-5964":{"debianbug":796104,"scope":"remote","description":"The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session store consumption) via unspecified vectors.","releases":{"buster":{"fixed_version":"1.7.10-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.7.10-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.7.7-1+deb8u2","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.7.10-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0407607-240F77":{"debianbug":407607,"releases":{"buster":{"fixed_version":"0.95.1-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"0.95.1-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"0.95.1-1","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"0.95.1-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2014-3730":{"scope":"remote","description":"The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by \"http:\\\\\\djangoproject.com.\"","releases":{"buster":{"fixed_version":"1.6.5-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.6.5-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.6.5-1","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.6.5-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-2302":{"debianbug":481164,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in the login form in the administration application in Django 0.91 before 0.91.2, 0.95 before 0.95.3, and 0.96 before 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the URI of a certain previous request.","releases":{"buster":{"fixed_version":"0.96.2-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.96.2-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.96.2-1","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.96.2-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-6186":{"debianbug":831799,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors involving unsafe usage of Element.innerHTML.","releases":{"buster":{"fixed_version":"1:1.9.8-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.9.8-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.7.7-1+deb8u5","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.9.8-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9014":{"debianbug":842856,"scope":"remote","description":"Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.","releases":{"buster":{"fixed_version":"1:1.10.3-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.10.3-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.7.11-1+deb8u2","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.10.3-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9013":{"debianbug":842856,"scope":"remote","description":"Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually specify a password in the database settings TEST dictionary.","releases":{"buster":{"fixed_version":"1:1.10.3-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:1.10.3-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.7.11-1+deb8u2","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:1.10.3-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-4140":{"debianbug":641405,"scope":"remote","description":"The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME record and a web page containing JavaScript code.","releases":{"buster":{"fixed_version":"1.3.1-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.3.1-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.3.1-1","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.3.1-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-4249":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject arbitrary web script or HTML via a URLField.","releases":{"buster":{"fixed_version":"1.5.2-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.5.2-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.5.2-1","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.5.2-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-3695":{"debianbug":550457,"scope":"remote","description":"Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a crafted (1) EmailField (email address) or (2) URLField (URL) that triggers a large amount of backtracking in a regular expression.","releases":{"buster":{"fixed_version":"1.1.1-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.1.1-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.1.1-1","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.1.1-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2018-14574":{"debianbug":905216,"scope":"remote","description":"django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect.","releases":{"buster":{"fixed_version":"1:1.11.15-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.10.7-2+deb9u2","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:1.11.15-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-3982":{"scope":"remote","description":"The session.flush function in the cached_db backend in Django 1.8.x before 1.8.2 does not properly flush the session, which allows remote attackers to hijack user sessions via an empty string in the session key.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:1.11.20-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:1.11.20-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-2241":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in the contents function in admin/helpers.py in Django before 1.7.6 and 1.8 before 1.8b2 allows remote attackers to inject arbitrary web script or HTML via a model attribute in ModelAdmin.readonly_fields, as demonstrated by a @property.","releases":{"buster":{"fixed_version":"1.7.6-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.7.6-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.7.6-1","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.7.6-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-4520":{"debianbug":691145,"scope":"remote","description":"The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host header values.","releases":{"buster":{"fixed_version":"1.4.2-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.4.2-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.4.2-1","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.4.2-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-5712":{"debianbug":448838,"scope":"remote","description":"The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USE_I18N option and the i18n component are enabled, allows remote attackers to cause a denial of service (memory consumption) via many HTTP requests with large Accept-Language headers.","releases":{"buster":{"fixed_version":"0.96-1.1","repositories":{"buster":"1:1.11.20-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.96-1.1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.96-1.1","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.96-1.1","repositories":{"sid":"1:1.11.20-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-6188":{"scope":"remote","description":"django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.","releases":{"buster":{"fixed_version":"1:1.11.10-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:1.11.10-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-2659":{"debianbug":539134,"scope":"remote","description":"The Admin media handler in core/servers/basehttp.py in Django 1.0 and 0.96 does not properly map URL requests to expected \"static media files,\" which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a crafted URL.","releases":{"buster":{"fixed_version":"1.1-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.1-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.1-1","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.1-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-1665":{"debianbug":700948,"scope":"remote","description":"The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.","releases":{"buster":{"fixed_version":"1.4.4-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.4.4-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.4.4-1","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.4.4-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-3909":{"scope":"remote","description":"The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete or modify data via unspecified requests.","releases":{"buster":{"fixed_version":"1.0-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0-1","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-12794":{"debianbug":874415,"scope":"remote","description":"In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with \"DEBUG = True\" (which makes this page accessible) in your production settings.","releases":{"buster":{"fixed_version":"1:1.11.5-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:1.10.7-2+deb9u2","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:1.11.5-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-0222":{"debianbug":775375,"scope":"remote","description":"ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x before 1.7.3, when show_hidden_initial is set to True, allows remote attackers to cause a denial of service by submitting duplicate values, which triggers a large number of SQL queries.","releases":{"buster":{"fixed_version":"1.7.1-1.1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.7.1-1.1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.7.1-1.1","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.7.1-1.1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-0220":{"debianbug":775375,"scope":"remote","description":"The django.util.http.is_safe_url function in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 does not properly handle leading whitespaces, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL, related to redirect URLs, as demonstrated by a \"\\njavascript:\" URL.","releases":{"buster":{"fixed_version":"1.7.1-1.1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.7.1-1.1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.7.1-1.1","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.7.1-1.1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-0221":{"debianbug":775375,"scope":"remote","description":"The django.views.static.serve view in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 reads files an entire line at a time, which allows remote attackers to cause a denial of service (memory consumption) via a long line in a file.","releases":{"buster":{"fixed_version":"1.7.1-1.1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.7.1-1.1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.7.1-1.1","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.7.1-1.1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-3443":{"debianbug":683364,"scope":"remote","description":"The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service (memory consumption) by uploading an image file.","releases":{"buster":{"fixed_version":"1.4.1-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.4.1-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.4.1-1","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.4.1-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-1418":{"scope":"remote","description":"Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) Cache-Control header in responses, which allows remote attackers to obtain sensitive information or poison the cache via a request from certain browsers.","releases":{"buster":{"fixed_version":"1.6.5-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.6.5-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.6.5-1","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.6.5-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-5828":{"scope":"remote","description":"** DISPUTED **  Cross-site request forgery (CSRF) vulnerability in the admin panel in Django 0.96 allows remote attackers to change passwords of arbitrary users via a request to admin/auth/user/1/password/.  NOTE: this issue has been disputed by Debian, since product documentation includes a recommendation for a CSRF protection module that is included with the product.  However, CVE considers this an issue because the default configuration does not use this module.","releases":{"buster":{"fixed_version":"1.2.1","repositories":{"buster":"1:1.11.20-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.2.1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1.2.1","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.2.1","repositories":{"sid":"1:1.11.20-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-3442":{"debianbug":683364,"scope":"remote","description":"The (1) django.http.HttpResponseRedirect and (2) django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via a data: URL.","releases":{"buster":{"fixed_version":"1.4.1-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.4.1-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.4.1-1","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.4.1-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-3444":{"debianbug":683364,"scope":"remote","description":"The get_image_dimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows remote attackers to cause a denial of service (process or thread consumption) via a large TIFF image.","releases":{"buster":{"fixed_version":"1.4.1-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.4.1-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.4.1-1","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.4.1-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-0483":{"scope":"remote","description":"The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a to_field parameter in a popup action to an admin change form page, as demonstrated by a /admin/auth/user/?pop=1&t=password URI.","releases":{"buster":{"fixed_version":"1.6.6-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.6.6-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.6.6-1","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.6.6-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2013-6044":{"scope":"remote","description":"The is_safe_url function in utils/http.py in Django 1.4.x before 1.4.6, 1.5.x before 1.5.2, and 1.6 before beta 2 treats a URL's scheme as safe even if it is not HTTP or HTTPS, which might introduce cross-site scripting (XSS) or other vulnerabilities into Django applications that use this function, as demonstrated by \"the login view in django.contrib.auth.views\" and the javascript: scheme.","releases":{"buster":{"fixed_version":"1.5.2-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.5.2-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.5.2-1","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.5.2-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-3498":{"debianbug":918230,"scope":"remote","description":"In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content.","releases":{"buster":{"fixed_version":"1:1.11.18-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.10.7-2+deb9u4","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.7.11-1+deb8u4","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.11.18-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7234":{"debianbug":859516,"scope":"remote","description":"A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the ``django.views.static.serve()`` view could redirect to any other domain, aka an open redirect vulnerability.","releases":{"buster":{"fixed_version":"1:1.10.7-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.10.7-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.7.11-1+deb8u2","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.10.7-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7233":{"debianbug":859515,"scope":"remote","description":"Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an \"on success\" URL. The security check for these redirects (namely ``django.utils.http.is_safe_url()``) considered some numeric URLs \"safe\" when they shouldn't be, aka an open redirect vulnerability. Also, if a developer relies on ``is_safe_url()`` to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack.","releases":{"buster":{"fixed_version":"1:1.10.7-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.10.7-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.7.11-1+deb8u2","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.10.7-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-0219":{"debianbug":775375,"scope":"remote","description":"Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 allows remote attackers to spoof WSGI headers by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X-Auth_User header.","releases":{"buster":{"fixed_version":"1.7.1-1.1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.7.1-1.1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.7.1-1.1","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.7.1-1.1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-0480":{"scope":"remote","description":"The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slash) in a URL, which triggers a scheme-relative URL to be generated.","releases":{"buster":{"fixed_version":"1.6.6-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.6.6-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.6.6-1","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.6.6-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2048":{"debianbug":813448,"scope":"remote","description":"Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the \"Save as New\" option when editing objects and leveraging the \"change\" permission.","releases":{"buster":{"fixed_version":"1.9.2-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.9.2-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.9.2-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-0482":{"scope":"remote","description":"The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors related to the REMOTE_USER header.","releases":{"buster":{"fixed_version":"1.6.6-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.6.6-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.6.6-1","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.6.6-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-0481":{"scope":"remote","description":"The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause a denial of service (CPU consumption) by unloading a multiple files with the same name.","releases":{"buster":{"fixed_version":"1.6.6-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.6.6-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.6.6-1","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.6.6-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-2317":{"debianbug":780873,"scope":"remote","description":"The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a control character in a URL, as demonstrated by a \\x08javascript: URL.","releases":{"buster":{"fixed_version":"1.7.7-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.7.7-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.7.7-1","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.7.7-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-2316":{"debianbug":780874,"scope":"remote","description":"The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of service (infinite loop) by increasing the length of the input string.","releases":{"buster":{"fixed_version":"1.7.7-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.7.7-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.7.7-1","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.7.7-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-5143":{"scope":"remote","description":"The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys.","releases":{"buster":{"fixed_version":"1.7.9-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.7.9-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.7.7-1+deb8u1","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.7.9-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-5144":{"scope":"remote","description":"Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator.","releases":{"buster":{"fixed_version":"1.7.9-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.7.9-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.7.7-1+deb8u1","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.7.9-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8213":{"scope":"remote","description":"The get_format function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRET_KEY.","releases":{"buster":{"fixed_version":"1.8.7-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.8.7-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.7.7-1+deb8u3","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.8.7-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-5145":{"scope":"remote","description":"validators.URLValidator in Django 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:1.11.20-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:1.11.20-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-0305":{"debianbug":701186,"scope":"remote","description":"The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information.","releases":{"buster":{"fixed_version":"1.4.4-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.4.4-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.4.4-1","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.4.4-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-0306":{"debianbug":701186,"scope":"remote","description":"The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service (memory consumption) or trigger server errors via a modified max_num parameter.","releases":{"buster":{"fixed_version":"1.4.4-1","repositories":{"buster":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.4.4-1","repositories":{"stretch-security":"1:1.10.7-2+deb9u4","stretch":"1:1.10.7-2+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.4.4-1","repositories":{"jessie":"1.7.11-1+deb8u3","jessie-security":"1.7.11-1+deb8u4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.4.4-1","repositories":{"sid":"1:1.11.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-3366":{"debianbug":679272,"scope":"remote","description":"The Trigger plugin in bcfg2 1.2.x before 1.2.3 allows remote attackers with root access to the client to execute arbitrary commands via shell metacharacters in the UUID field to the server process (bcfg2-server).","releases":{"buster":{"fixed_version":"1.2.2-2","repositories":{"buster":"1.4.0~pre2+git141-g6d40dace6358-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.2.2-2","repositories":{"stretch":"1.4.0~pre2+git141-g6d40dace6358-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.2.2-2","repositories":{"jessie":"1.3.5-1+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.2.2-2","repositories":{"sid":"1.4.0~pre2+git141-g6d40dace6358-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-2385":{"debianbug":557745,"scope":"remote","description":"The Yahoo! UI framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka \"JavaScript Hijacking.\"","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.4.0~pre2+git141-g6d40dace6358-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.4.0~pre2+git141-g6d40dace6358-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.3.5-1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.4.0~pre2+git141-g6d40dace6358-2"},"urgency":"unimportant","status":"resolved"}}}}
{"TEMP-0406285-531EEA":{"debianbug":406285,"releases":{"buster":{"fixed_version":"0.8.7.3-1","repositories":{"buster":"1.4.0~pre2+git141-g6d40dace6358-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.8.7.3-1","repositories":{"stretch":"1.4.0~pre2+git141-g6d40dace6358-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.8.7.3-1","repositories":{"jessie":"1.3.5-1+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.8.7.3-1","repositories":{"sid":"1.4.0~pre2+git141-g6d40dace6358-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-3211":{"debianbug":640028,"scope":"remote","description":"The server in Bcfg2 1.1.2 and earlier, and 1.2 prerelease, allows remote attackers to execute arbitrary commands via shell metacharacters in data received from a client.","releases":{"buster":{"fixed_version":"1.1.2-2","repositories":{"buster":"1.4.0~pre2+git141-g6d40dace6358-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.1.2-2","repositories":{"stretch":"1.4.0~pre2+git141-g6d40dace6358-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.1.2-2","repositories":{"jessie":"1.3.5-1+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.1.2-2","repositories":{"sid":"1.4.0~pre2+git141-g6d40dace6358-2"},"urgency":"high**","status":"resolved"}}}}
{"TEMP-0736821-BCABA8":{"debianbug":736821,"releases":{"buster":{"fixed_version":"0.7.2-1","repositories":{"buster":"0.7.2-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.7.2-1","repositories":{"stretch":"0.7.2-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.7.2-1","repositories":{"sid":"0.7.2-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-10375":{"scope":"remote","description":"Yodl before 3.07.01 has a Buffer Over-read in the queue_push function in queue/queuepush.c.","releases":{"buster":{"fixed_version":"3.07.01-1","repositories":{"buster":"4.02.00-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.07.01-1","repositories":{"stretch":"3.08.01-1"},"urgency":"high**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.04.00-1"},"urgency":"high**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3.07.01-1","repositories":{"sid":"4.02.00-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-12181":{"debianbug":924615,"scope":"local","description":"Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access.","releases":{"buster":{"fixed_version":"0~20181115.85588389-3","repositories":{"buster":"0~20181115.85588389-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"0~20161202.7bbe0b3e-1+deb9u1","repositories":{"stretch":"0~20161202.7bbe0b3e-1+deb9u1"},"urgency":"low**","status":"resolved"},"jessie":{"repositories":{"jessie":"0~20131112.2590861a-3"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"0~20181115.85588389-3","repositories":{"sid":"0~20181115.85588389-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-12182":{"scope":"local","description":"Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.","releases":{"buster":{"repositories":{"buster":"0~20181115.85588389-3"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"0~20161202.7bbe0b3e-1+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"0~20131112.2590861a-3"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"0~20181115.85588389-3"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2018-12183":{"scope":"local","description":"Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.","releases":{"buster":{"nodsa":"Minor issue","fixed_version":"0~20181115.85588389-1","repositories":{"buster":"0~20181115.85588389-3"},"urgency":"medium**","nodsa_reason":"","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0~20161202.7bbe0b3e-1+deb9u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"repositories":{"jessie":"0~20131112.2590861a-3"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"0~20181115.85588389-1","repositories":{"sid":"0~20181115.85588389-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-4859":{"releases":{"buster":{"repositories":{"buster":"0~20181115.85588389-3"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"0~20161202.7bbe0b3e-1+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"0~20131112.2590861a-3"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"0~20181115.85588389-3"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2018-3630":{"releases":{"buster":{"repositories":{"buster":"0~20181115.85588389-3"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"0~20161202.7bbe0b3e-1+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"0~20131112.2590861a-3"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"0~20181115.85588389-3"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2014-4860":{"releases":{"buster":{"repositories":{"buster":"0~20181115.85588389-3"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"0~20161202.7bbe0b3e-1+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"0~20131112.2590861a-3"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"0~20181115.85588389-3"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2019-0160":{"scope":"remote","description":"Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.","releases":{"buster":{"fixed_version":"0~20181115.85588389-1","repositories":{"buster":"0~20181115.85588389-3"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0~20161202.7bbe0b3e-1+deb9u1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"repositories":{"jessie":"0~20131112.2590861a-3"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"0~20181115.85588389-1","repositories":{"sid":"0~20181115.85588389-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-12180":{"debianbug":924615,"scope":"remote","description":"Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access.","releases":{"buster":{"fixed_version":"0~20181115.85588389-3","repositories":{"buster":"0~20181115.85588389-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0~20161202.7bbe0b3e-1+deb9u1","repositories":{"stretch":"0~20161202.7bbe0b3e-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"repositories":{"jessie":"0~20131112.2590861a-3"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"0~20181115.85588389-3","repositories":{"sid":"0~20181115.85588389-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-12178":{"debianbug":924615,"scope":"remote","description":"Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network.","releases":{"buster":{"fixed_version":"0~20181115.85588389-3","repositories":{"buster":"0~20181115.85588389-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0~20161202.7bbe0b3e-1+deb9u1","repositories":{"stretch":"0~20161202.7bbe0b3e-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"repositories":{"jessie":"0~20131112.2590861a-3"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"0~20181115.85588389-3","repositories":{"sid":"0~20181115.85588389-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-12179":{"debianbug":927484,"scope":"local","description":"Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.","releases":{"buster":{"repositories":{"buster":"0~20181115.85588389-3"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"0~20161202.7bbe0b3e-1+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"0~20131112.2590861a-3"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"0~20181115.85588389-3"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2019-0161":{"scope":"local","description":"Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access.","releases":{"buster":{"fixed_version":"0~20180803.dd4cae4d-1","repositories":{"buster":"0~20181115.85588389-3"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0~20161202.7bbe0b3e-1+deb9u1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"repositories":{"jessie":"0~20131112.2590861a-3"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"0~20180803.dd4cae4d-1","repositories":{"sid":"0~20181115.85588389-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-2350":{"debianbug":658830,"releases":{"buster":{"fixed_version":"0.9.2-3.3","repositories":{"buster":"0.9.6-1.3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.9.2-3.3","repositories":{"stretch":"0.9.6-1.2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.9.2-3.3","repositories":{"jessie":"0.9.6-1.1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.9.2-3.3","repositories":{"sid":"0.9.6-1.3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-4336":{"debianbug":605092,"scope":"remote","description":"The cu_rrd_create_file function (src/utils_rrdcreate.c) in collectd 4.x before 4.9.4 and before 4.10.2 allow remote attackers to cause a denial of service (assertion failure) via a packet with a timestamp whose value is 10 or less, as demonstrated by creating RRD files using the (1) RRDtool and (2) RRDCacheD plugins.","releases":{"buster":{"fixed_version":"4.10.1-2.1","repositories":{"buster":"5.8.1-1.3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"4.10.1-2.1","repositories":{"stretch":"5.7.1-1.1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"4.10.1-2.1","repositories":{"jessie":"5.4.1-6+deb8u1","jessie-security":"5.4.1-6+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"4.10.1-2.1","repositories":{"sid":"5.8.1-1.3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-7401":{"debianbug":859494,"scope":"remote","description":"Incorrect interaction of the parse_packet() and parse_part_sign_sha256() functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service (infinite loop) of a collectd instance (configured with \"SecurityLevel None\" and with empty \"AuthFile\" options) via a crafted UDP packet.","releases":{"buster":{"fixed_version":"5.7.2-1","repositories":{"buster":"5.8.1-1.3"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"5.7.1-1.1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"5.4.1-6+deb8u1","jessie-security":"5.4.1-6+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"5.7.2-1","repositories":{"sid":"5.8.1-1.3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-16820":{"debianbug":881757,"scope":"remote","description":"The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash (or potentially have other impact).","releases":{"buster":{"fixed_version":"5.8.0-1","repositories":{"buster":"5.8.1-1.3"},"urgency":"high**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"5.7.1-1.1"},"urgency":"high**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"5.4.1-6+deb8u1","jessie-security":"5.4.1-6+deb8u1"},"urgency":"high**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"5.8.0-1","repositories":{"sid":"5.8.1-1.3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-3736":{"debianbug":559797,"scope":"local","description":"ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.","releases":{"buster":{"fixed_version":"4.8.2-1","repositories":{"buster":"5.8.1-1.3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"4.8.2-1","repositories":{"stretch":"5.7.1-1.1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"4.8.2-1","repositories":{"jessie":"5.4.1-6+deb8u1","jessie-security":"5.4.1-6+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"4.8.2-1","repositories":{"sid":"5.8.1-1.3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-6254":{"debianbug":832507,"scope":"remote","description":"Heap-based buffer overflow in the parse_packet function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted network packet.","releases":{"buster":{"fixed_version":"5.5.2-1","repositories":{"buster":"5.8.1-1.3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"5.5.2-1","repositories":{"stretch":"5.7.1-1.1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"5.4.1-6+deb8u1","repositories":{"jessie":"5.4.1-6+deb8u1","jessie-security":"5.4.1-6+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"5.5.2-1","repositories":{"sid":"5.8.1-1.3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-0373":{"scope":"remote","description":"The gen_class_pod implementation in lib/Config/Model/Utils/GenClassPod.pm in Config-Model (aka libconfig-model-perl) before 2.102 has a dangerous \"use lib\" line, which allows remote attackers to have an unspecified impact via a crafted Debian package file.","releases":{"buster":{"fixed_version":"2.097-2","repositories":{"buster":"2.133-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.097-2","repositories":{"stretch":"2.097-2"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.061-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.097-2","repositories":{"sid":"2.133-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-0374":{"scope":"local","description":"lib/Config/Model.pm in Config-Model (aka libconfig-model-perl) before 2.102 allows local users to gain privileges via a crafted model in the current working directory, related to use of . with the INC array.","releases":{"buster":{"fixed_version":"2.097-2","repositories":{"buster":"2.133-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.097-2","repositories":{"stretch":"2.097-2"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.061-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.097-2","repositories":{"sid":"2.133-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-3720":{"debianbug":551936,"scope":"remote","description":"The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.","releases":{"buster":{"fixed_version":"2.10.0-1","repositories":{"buster":"1:2018.3.2+dfsg-5"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.10.0-1","repositories":{"stretch":"1:2016.4.4+dfsg-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.10.0-1","repositories":{"jessie":"3.0.0-6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.10.0-1","repositories":{"sid":"1:2018.3.2+dfsg-5"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-2090":{"debianbug":669024,"scope":"remote","description":"Multiple format string vulnerabilities in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in certain data chunk values in an aircraft xml model to (1) fgfs/flightgear/src/Cockpit/panel.cxx or (2) fgfs/flightgear/src/Network/generic.cxx, or (3) a scene graph model to simgear/simgear/scene/model/SGText.cxx.","releases":{"buster":{"fixed_version":"2.10.0-2","repositories":{"buster":"1:2018.3.2+dfsg-5"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.10.0-2","repositories":{"stretch":"1:2016.4.4+dfsg-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.10.0-2","repositories":{"jessie":"3.0.0-6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.10.0-2","repositories":{"sid":"1:2018.3.2+dfsg-5"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-2091":{"debianbug":669024,"scope":"remote","description":"Multiple buffer overflows in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long string in a rotor tag of an aircraft xml model to the Rotor::getValueforFGSet function in src/FDM/YASim/Rotor.cpp or (2) a crafted UDP packet to the SGSocketUDP::read function in simgear/simgear/simgear/io/sg_socket_udp.cxx.","releases":{"buster":{"fixed_version":"2.10.0-3","repositories":{"buster":"1:2018.3.2+dfsg-5"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.10.0-3","repositories":{"stretch":"1:2016.4.4+dfsg-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.10.0-3","repositories":{"jessie":"3.0.0-6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.10.0-3","repositories":{"sid":"1:2018.3.2+dfsg-5"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-3560":{"debianbug":560901,"scope":"remote","description":"The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.","releases":{"buster":{"fixed_version":"2.10.0-1","repositories":{"buster":"1:2018.3.2+dfsg-5"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.10.0-1","repositories":{"stretch":"1:2016.4.4+dfsg-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.10.0-1","repositories":{"jessie":"3.0.0-6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.10.0-1","repositories":{"sid":"1:2018.3.2+dfsg-5"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2005-2803":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in Hiki 0.8.1 to 0.8.2 allows remote attackers to inject arbitrary web script or HTML via a page name in a Login link, a different vulnerability than CVE-2005-2336.","releases":{"buster":{"fixed_version":"0.8.3-1","repositories":{"buster":"1.0.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.8.3-1","repositories":{"stretch":"1.0.0-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.8.3-1","repositories":{"jessie":"1.0.0-0.2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.8.3-1","repositories":{"sid":"1.0.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-2836":{"debianbug":430691,"scope":"remote","description":"Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched against an insufficiently restrictive regular expression before it is used to construct a filename that is marked for deletion at logout.","releases":{"buster":{"fixed_version":"0.8.7-1","repositories":{"buster":"1.0.0-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"0.8.7-1","repositories":{"stretch":"1.0.0-2"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"0.8.7-1","repositories":{"jessie":"1.0.0-0.2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"0.8.7-1","repositories":{"sid":"1.0.0-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2005-2336":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in Hiki 0.8.0 to 0.8.2 allows remote attackers to inject arbitrary web script or HTML via \"missing pages\" in which the page name is not properly escaped, a different vulnerability than CVE-2005-2803.","releases":{"buster":{"fixed_version":"0.8.2-1","repositories":{"buster":"1.0.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.8.2-1","repositories":{"stretch":"1.0.0-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.8.2-1","repositories":{"jessie":"1.0.0-0.2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.8.2-1","repositories":{"sid":"1.0.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-3379":{"debianbug":378059,"scope":"remote","description":"Algorithmic complexity vulnerability in Hiki Wiki 0.6.0 through 0.6.5 and 0.8.0 through 0.8.5 allows remote attackers to cause a denial of service (CPU consumption) by performing a diff between large, crafted pages that trigger the worst case.","releases":{"buster":{"fixed_version":"0.8.6-1","repositories":{"buster":"1.0.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.8.6-1","repositories":{"stretch":"1.0.0-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.8.6-1","repositories":{"jessie":"1.0.0-0.2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.8.6-1","repositories":{"sid":"1.0.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-1936":{"debianbug":737125,"releases":{"buster":{"fixed_version":"1.7.1-5","repositories":{"buster":"1.7.4-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.7.1-5","repositories":{"stretch":"1.7.4-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1.7.1-5","repositories":{"jessie":"1.7.2-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.7.1-5","repositories":{"sid":"1.7.4-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2003-0707":{"scope":"remote","description":"Buffer overflow in LinuxNode (node) before 0.3.2 allows remote attackers to execute arbitrary code.","releases":{"jessie":{"fixed_version":"0.3.2-1","repositories":{"jessie":"0.3.2-7.4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-2927":{"debianbug":777013,"scope":"remote","description":"node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to cause a denial of service (bandwidth consumption).","releases":{"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.3.2-7.4"},"urgency":"medium**","nodsa_reason":"","status":"open"}}}}
{"CVE-2003-0708":{"scope":"remote","description":"Format string vulnerability in LinuxNode (node) before 0.3.2 may allow attackers to cause a denial of service or execute arbitrary code.","releases":{"jessie":{"fixed_version":"0.3.2-1","repositories":{"jessie":"0.3.2-7.4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1624":{"debianbug":736247,"scope":"local","description":"Race condition in the xdg.BaseDirectory.get_runtime_dir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once the get_runtime_dir function is called.","releases":{"buster":{"fixed_version":"0.25-4","repositories":{"buster":"0.25-5"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.25-4","repositories":{"stretch":"0.25-4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.25-4","repositories":{"jessie":"0.25-4"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.25-4","repositories":{"sid":"0.25-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-2765":{"debianbug":631912,"scope":"remote","description":"pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks.","releases":{"buster":{"fixed_version":"1:3.14-1","repositories":{"buster":"1:3.16-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:3.14-1","repositories":{"stretch":"1:3.14-5"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:3.14-1","repositories":{"jessie":"1:3.14-1.2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:3.14-1","repositories":{"sid":"1:3.16-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-5704":{"debianbug":887488,"scope":"remote","description":"Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site.","releases":{"buster":{"fixed_version":"0.10.0-4","repositories":{"buster":"0.10.0-5"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.9.0-1+deb8u1","repositories":{"stretch-security":"0.9.0-1+deb8u1","stretch":"0.9.0-1+deb8u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.8.0-4+deb7u1","repositories":{"jessie":"0.8.0-4+deb7u1","jessie-security":"0.8.0-4+deb7u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.10.0-4","repositories":{"sid":"0.10.0-5"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-4459":{"scope":"local","description":"LightDM 1.7.5 through 1.8.3 and 1.9.x before 1.9.2 does not apply the AppArmor profile to the Guest account, which allows local users to bypass intended restrictions by leveraging the Guest account.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.26.0-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.18.3-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.10.3-3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.26.0-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-8316":{"scope":"remote","description":"Array index error in LightDM (aka Light Display Manager) 1.14.3, 1.16.x before 1.16.6 when the XDMCP server is enabled allows remote attackers to cause a denial of service (process crash) via an XDMCP request packet with no address.","releases":{"buster":{"fixed_version":"1.16.6-1","repositories":{"buster":"1.26.0-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.16.6-1","repositories":{"stretch":"1.18.3-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.10.3-3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.16.6-1","repositories":{"sid":"1.26.0-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-1111":{"debianbug":658678,"scope":"local","description":"lightdm before 1.0.9 does not properly close file descriptors before opening a child process, which allows local users to write to the lightdm log or have other unspecified impact.","releases":{"buster":{"fixed_version":"1.0.9-1","repositories":{"buster":"1.26.0-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.9-1","repositories":{"stretch":"1.18.3-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.9-1","repositories":{"jessie":"1.10.3-3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.9-1","repositories":{"sid":"1.26.0-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-8900":{"scope":"local","description":"LightDM through 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x, allows physically proximate attackers to bypass intended AppArmor restrictions and visit the home directories of arbitrary users by establishing a guest session.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.26.0-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.18.3-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.10.3-3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.26.0-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-0943":{"scope":"local","description":"debian/guest-account in Light Display Manager (lightdm) 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name of a file in /tmp.  NOTE: this identifier was SPLIT per ADT1/ADT2 due to different codebases and affected versions. CVE-2012-6648 has been assigned for the gdm-guest-session issue.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.26.0-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.18.3-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.10.3-3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.26.0-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-3349":{"debianbug":639151,"releases":{"buster":{"fixed_version":"0.9.6-1","repositories":{"buster":"1.26.0-4"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"0.9.6-1","repositories":{"stretch":"1.18.3-1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"0.9.6-1","repositories":{"jessie":"1.10.3-3"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"0.9.6-1","repositories":{"sid":"1.26.0-4"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2017-7358":{"scope":"local","description":"In LightDM through 1.22.0, a directory traversal issue in debian/guest-account.sh allows local attackers to own arbitrary directory path locations and escalate privileges to root when the guest user logs out.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.26.0-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.18.3-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.10.3-3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.26.0-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-4331":{"debianbug":721744,"scope":"local","description":"Light Display Manager (aka LightDM) 1.4.x before 1.4.3, 1.6.x before 1.6.2, and 1.7.x before 1.7.14 uses 0664 permissions for the temporary .Xauthority file, which allows local users to obtain sensitive information by reading the file.","releases":{"buster":{"fixed_version":"1.6.2-1","repositories":{"buster":"1.26.0-4"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.6.2-1","repositories":{"stretch":"1.18.3-1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.6.2-1","repositories":{"jessie":"1.10.3-3"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.6.2-1","repositories":{"sid":"1.26.0-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2011-4105":{"scope":"local","description":"LightDM before 1.0.6 allows local users to change ownership of arbitrary files via a symlink attack on ~/.Xauthority.","releases":{"buster":{"fixed_version":"1.0.6-2","repositories":{"buster":"1.26.0-4"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.0.6-2","repositories":{"stretch":"1.18.3-1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.0.6-2","repositories":{"jessie":"1.10.3-3"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.0.6-2","repositories":{"sid":"1.26.0-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2011-3153":{"scope":"local","description":"dmrc.c in Light Display Manager (aka LightDM) before 1.1.1 allows local users to read arbitrary files via a symlink attack on ~/.dmrc.","releases":{"buster":{"fixed_version":"1.0.6-2","repositories":{"buster":"1.26.0-4"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.0.6-2","repositories":{"stretch":"1.18.3-1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.0.6-2","repositories":{"jessie":"1.10.3-3"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.0.6-2","repositories":{"sid":"1.26.0-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2007-2797":{"scope":"local","description":"xterm, including 192-7.el4 in Red Hat Enterprise Linux and 208-3.1 in Debian GNU/Linux, sets the wrong group ownership of tty devices, which allows local users to write data to other users' terminals.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"344-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"327-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"312-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"344-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-0823":{"scope":"local","description":"xterm on Slackware Linux 10.2 stores information that had been displayed for a different user account using the same xterm process, which might allow local users to bypass file permissions and read other users' files, or obtain other sensitive information, by reading the xterm process memory.  NOTE: it could be argued that this is an expected consequence of multiple users sharing the same interactive process, in which case this is not a vulnerability.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"344-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"327-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"312-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"344-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-7236":{"debianbug":510030,"scope":"remote","description":"The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted attackers to execute arbitrary code or have unspecified other impact via escape sequences.","releases":{"buster":{"fixed_version":"238-1","repositories":{"buster":"344-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"238-1","repositories":{"stretch":"327-2"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"238-1","repositories":{"jessie":"312-2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"238-1","repositories":{"sid":"344-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2006-4447":{"scope":"local","description":"X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit.","releases":{"buster":{"repositories":{"buster":"344-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"327-2"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"312-2"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"344-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2008-2383":{"debianbug":510030,"scope":"remote","description":"CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \\n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.","releases":{"buster":{"fixed_version":"238-2","repositories":{"buster":"344-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"238-2","repositories":{"stretch":"327-2"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"238-2","repositories":{"jessie":"312-2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"238-2","repositories":{"sid":"344-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2013-0334":{"debianbug":762739,"scope":"remote","description":"Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.","releases":{"buster":{"fixed_version":"1.7.2-1","repositories":{"buster":"1.17.3-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.7.2-1","repositories":{"stretch":"1.13.6-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.7.2-1","repositories":{"jessie":"1.7.4-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.7.2-1","repositories":{"sid":"1.17.3-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-7954":{"debianbug":842504,"scope":"remote","description":"Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source.  NOTE: this might overlap CVE-2013-0334.","releases":{"buster":{"nodsa":"Minor issue, too intrusive to backport","repositories":{"buster":"1.17.3-3"},"urgency":"high**","nodsa_reason":"ignored","status":"open"},"stretch":{"nodsa":"Minor issue, too intrusive to backport","repositories":{"stretch":"1.13.6-2"},"urgency":"high**","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Minor issue, too intrusive to backport","repositories":{"jessie":"1.7.4-1"},"urgency":"high**","nodsa_reason":"ignored","status":"open"},"sid":{"repositories":{"sid":"1.17.3-3"},"urgency":"high**","status":"open"}}}}
{"CVE-2016-2510":{"scope":"remote","description":"BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.","releases":{"buster":{"fixed_version":"2.0b4-16","repositories":{"buster":"2.0b4-19"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.0b4-16","repositories":{"stretch":"2.0b4-18"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.0b4-15+deb8u1","repositories":{"jessie":"2.0b4-15+deb8u1","jessie-security":"2.0b4-15+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.0b4-16","repositories":{"sid":"2.0b4-19"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2004-0993":{"scope":"remote","description":"Buffer overflow in hpsockd before 0.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code.","releases":{"buster":{"fixed_version":"0.14","repositories":{"buster":"0.17"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.14","repositories":{"stretch":"0.17"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.14","repositories":{"jessie":"0.17"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.14","repositories":{"sid":"0.17"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-5638":{"debianbug":696424,"scope":"local","description":"The setup_logging function in log.h in SANLock uses world-writable permissions for /var/log/sanlock.log, which allows local users to overwrite the file content or bypass intended disk-quota restrictions via standard filesystem write operations.","releases":{"buster":{"fixed_version":"2.2-2","repositories":{"buster":"3.6.0-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2.2-2","repositories":{"stretch":"3.3.0-2.1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"2.2-2","repositories":{"jessie":"2.2-2"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2.2-2","repositories":{"sid":"3.6.0-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2005-3757":{"scope":"remote","description":"The Saxon XSLT parser in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to obtain sensitive information and execute arbitrary code via dangerous Java class methods in select attribute of xsl:value-of tags in XSLT style sheets, such as (1) system-property, (2) sys:getProperty, and (3) run:exec.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.1.0-1.1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.1.0-1.1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.1.0-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.1.0-1.1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2005-2491":{"debianbug":324531,"scope":"remote","description":"Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"0.1.0-3","repositories":{"buster":"0.10.44-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0.1.0-3","repositories":{"stretch":"0.10.32-1.1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0.1.0-3","repositories":{"jessie":"0.10.18-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0.1.0-3","repositories":{"sid":"0.10.44-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-2660":{"debianbug":540146,"scope":"remote","description":"Multiple integer overflows in CamlImages 2.2 might allow context-dependent attackers to execute arbitrary code via images containing large width and height values that trigger a heap-based buffer overflow, related to (1) crafted GIF files (gifread.c) and (2) crafted JPEG files (jpegread.c), a different vulnerability than CVE-2009-2295.","releases":{"buster":{"fixed_version":"1.6.0-15","repositories":{"buster":"1.10.2-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.6.0-15","repositories":{"stretch":"1.10.2-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.6.0-15","repositories":{"jessie":"1.10.2-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.6.0-15","repositories":{"sid":"1.10.2-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-3296":{"debianbug":551282,"scope":"remote","description":"Multiple integer overflows in tiffread.c in CamlImages 2.2 might allow remote attackers to execute arbitrary code via TIFF images containing large width and height values that trigger heap-based buffer overflows.","releases":{"buster":{"fixed_version":"1.6.0-15","repositories":{"buster":"1.10.2-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.6.0-15","repositories":{"stretch":"1.10.2-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.6.0-15","repositories":{"jessie":"1.10.2-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.6.0-15","repositories":{"sid":"1.10.2-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-2295":{"debianbug":535909,"scope":"remote","description":"Multiple integer overflows in CamlImages 2.2 and earlier might allow context-dependent attackers to execute arbitrary code via a crafted PNG image with large width and height values that trigger a heap-based buffer overflow in the (1) read_png_file or (2) read_png_file_as_rgb24 function.","releases":{"buster":{"fixed_version":"1.6.0-15","repositories":{"buster":"1.10.2-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.6.0-15","repositories":{"stretch":"1.10.2-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.6.0-15","repositories":{"jessie":"1.10.2-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.6.0-15","repositories":{"sid":"1.10.2-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-7839":{"debianbug":770544,"scope":"remote","description":"DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1) external-general-entities or (2) external-parameter-entities features, which allows remote attackers to conduct XML external entity (XXE) attacks via unspecified vectors.","releases":{"jessie":{"fixed_version":"3.0.6-2","repositories":{"jessie":"3.0.6-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.0.6-2","repositories":{"sid":"3.6.2-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9606":{"debianbug":851430,"scope":"remote","description":"JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.","releases":{"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.0.6-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3.1.4-1","repositories":{"sid":"3.6.2-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-6348":{"debianbug":837170,"scope":"remote","description":"JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack.","releases":{"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.0.6-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"3.6.2-2"},"urgency":"low","status":"open"}}}}
{"CVE-2018-1051":{"scope":"remote","description":"It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"3.0.6-2"},"urgency":"unimportant","status":"resolved"},"sid":{"repositories":{"sid":"3.6.2-2"},"urgency":"medium**","status":"open"}}}}
{"CVE-2016-7050":{"scope":"remote","description":"SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to execute arbitrary code.","releases":{"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.0.6-2"},"urgency":"high**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3.0.18-1","repositories":{"sid":"3.6.2-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-6345":{"debianbug":837170,"scope":"remote","description":"RESTEasy allows remote authenticated users to obtain sensitive information by leveraging \"insufficient use of random values\" in async jobs.","releases":{"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.0.6-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"3.6.2-2"},"urgency":"low","status":"open"}}}}
{"CVE-2016-6347":{"debianbug":837170,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","releases":{"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.0.6-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"3.6.2-2"},"urgency":"low","status":"open"}}}}
{"CVE-2016-6346":{"debianbug":837170,"scope":"remote","description":"RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors.","releases":{"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.0.6-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"3.6.2-2"},"urgency":"low","status":"open"}}}}
{"CVE-2017-7561":{"debianbug":873392,"scope":"remote","description":"Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"3.0.6-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"3.6.2-1","repositories":{"sid":"3.6.2-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-7787":{"debianbug":839865,"scope":"remote","description":"A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user.","releases":{"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"3.4.2.4-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.4.2.4-2"},"urgency":"medium**","nodsa_reason":"","status":"open"}}}}
{"CVE-2017-16612":{"debianbug":883792,"scope":"remote","description":"libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0.","releases":{"buster":{"fixed_version":"1.14.0-2","repositories":{"buster":"1.16.0-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.12.0-1+deb9u1","repositories":{"stretch":"1.12.0-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.6.0-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.14.0-2","repositories":{"sid":"1.16.0-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-0808":{"debianbug":655496,"scope":"local","description":"as31 2.3.1-4 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack.","releases":{"buster":{"fixed_version":"2.3.1-5","repositories":{"buster":"2.3.1-7"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2.3.1-5","repositories":{"stretch":"2.3.1-6"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"2.3.1-5","repositories":{"jessie":"2.3.1-6"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2.3.1-5","repositories":{"sid":"2.3.1-7"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2015-3233":{"scope":"remote","description":"Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.","releases":{"stretch":{"fixed_version":"7.38-1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.32-1+deb8u4","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-3232":{"scope":"remote","description":"Open redirect vulnerability in the Field UI module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destinations parameter.","releases":{"stretch":{"fixed_version":"7.38-1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.32-1+deb8u4","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-3231":{"scope":"remote","description":"The Render cache system in Drupal 7.x before 7.38, when used to cache content by user role, allows remote authenticated users to obtain private content viewed by user 1 by reading the cache.","releases":{"stretch":{"fixed_version":"7.38-1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.32-1+deb8u4","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-3704":{"debianbug":765507,"scope":"remote","description":"The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.","releases":{"stretch":{"fixed_version":"7.32-1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"7.32-1","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-3165":{"scope":"remote","description":"The Form API in Drupal 6.x before 6.38 ignores access restrictions on submit buttons, which might allow remote attackers to bypass intended access restrictions by leveraging permission to submit a form with a button that has \"#access\" set to FALSE in the server-side form definition.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-11358":{"debianbug":927330,"scope":"remote","description":"jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.","releases":{"stretch":{"fixed_version":"7.52-2+deb9u8","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.32-1+deb8u17","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-11831":{"debianbug":928688,"scope":"remote","description":"The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL.","releases":{"stretch":{"fixed_version":"7.52-2+deb9u9","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"7.32-1+deb8u17","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-3166":{"scope":"remote","description":"CRLF injection vulnerability in the drupal_set_header function in Drupal 6.x before 6.38, when used with PHP before 5.1.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by leveraging a module that allows user-submitted data to appear in HTTP headers.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-3167":{"scope":"remote","description":"Open redirect vulnerability in the drupal_goto function in Drupal 6.x before 6.38, when used with PHP before 5.4.7, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a double-encoded URL in the \"destination\" parameter.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-2922":{"scope":"remote","description":"The request_path function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attackers to obtain sensitive information via the q[] parameter to index.php, which reveals the installation path in an error message.","releases":{"stretch":{"fixed_version":"7.22-1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"7.22-1","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-6338":{"scope":"remote","description":"In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; Drupal core uses the third-party PEAR Archive_Tar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details","releases":{"stretch":{"fixed_version":"7.52-2+deb9u6","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.32-1+deb8u15","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-3168":{"scope":"remote","description":"The System module in Drupal 6.x before 6.38 and 7.x before 7.43 might allow remote attackers to hijack the authentication of site administrators for requests that download and run files with arbitrary JSON-encoded content, aka a \"reflected file download vulnerability.\"","releases":{"stretch":{"fixed_version":"7.43-1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"7.32-1+deb8u6","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2019-6339":{"scope":"remote","description":"In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (core, contrib, and custom) may be performing file operations on insufficiently validated user input, thereby being exposed to this vulnerability. This vulnerability is mitigated by the fact that such code paths typically require access to an administrative permission or an atypical configuration.","releases":{"stretch":{"fixed_version":"7.52-2+deb9u6","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"7.32-1+deb8u14","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"high**","status":"resolved"}}}}
{"TEMP-0911337-06D812":{"debianbug":911337,"releases":{"stretch":{"fixed_version":"7.52-2+deb9u5","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"7.32-1+deb8u13","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2016-3162":{"debianbug":756305,"scope":"remote","description":"The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an unprocessed form by leveraging permission to create content or comment and upload files.","releases":{"stretch":{"fixed_version":"7.43-1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.32-1+deb8u6","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-3163":{"scope":"remote","description":"The XML-RPC system in Drupal 6.x before 6.38 and 7.x before 7.43 might make it easier for remote attackers to conduct brute-force attacks via a large number of calls made at once to the same method.","releases":{"stretch":{"fixed_version":"7.43-1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.32-1+deb8u6","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-3164":{"debianbug":756305,"scope":"remote","description":"Drupal 6.x before 6.38, 7.x before 7.43, and 8.x before 8.0.4 might allow remote attackers to conduct open redirect attacks by leveraging (1) custom code or (2) a form shown on a 404 error page, related to path manipulation.","releases":{"stretch":{"fixed_version":"7.43-1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.32-1+deb8u6","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-0826":{"scope":"remote","description":"Cross-site request forgery (CSRF) vulnerability in the Aggregator module in Drupal 6.x before 6.23 and 7.x before 7.11 allows remote attackers to hijack the authentication of unspecified victims for requests that update feeds and possibly cause a denial of service (loss of updates due to rate limit) via unspecified vectors.","releases":{"stretch":{"fixed_version":"7.11-1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.11-1","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-0825":{"scope":"remote","description":"Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.","releases":{"stretch":{"fixed_version":"7.11-1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.11-1","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-3169":{"scope":"remote","description":"The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows remote attackers to gain privileges by leveraging contributed or custom code that calls the user_save function with an explicit category and loads all roles into the array.","releases":{"stretch":{"fixed_version":"7.43-1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.32-1+deb8u6","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-2749":{"debianbug":780772,"scope":"remote","description":"Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter.","releases":{"stretch":{"fixed_version":"7.32-1+deb8u2","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.32-1+deb8u2","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-10909":{"scope":"local","description":"In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-6661":{"scope":"remote","description":"Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to obtain sensitive node titles by reading the menu.","releases":{"stretch":{"fixed_version":"7.39-1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.32-1+deb8u5","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-6660":{"scope":"remote","description":"The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not properly validate the form token, which allows remote attackers to conduct CSRF attacks that upload files in a different user's account via vectors related to \"file upload value callbacks.\"","releases":{"stretch":{"fixed_version":"7.39-1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.32-1+deb8u5","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-1887":{"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in the Views module 7.x-3.x before 7.x-3.6 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via certain view configuration fields.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-6665":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the \"a\" tag.","releases":{"stretch":{"fixed_version":"7.39-1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.32-1+deb8u5","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-0316":{"debianbug":701165,"scope":"remote","description":"The Image module in Drupal 7.x before 7.20 allows remote attackers to cause a denial of service (CPU and disk space consumption) via a large number of new derivative requests.","releases":{"stretch":{"fixed_version":"7.14-2","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.14-2","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-1590":{"debianbug":671402,"scope":"remote","description":"The forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the post title via the forum overview page.","releases":{"stretch":{"fixed_version":"7.14-1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.14-1","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-1591":{"debianbug":671402,"scope":"remote","description":"The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles.","releases":{"stretch":{"fixed_version":"7.14-1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.14-1","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-3234":{"scope":"remote","description":"The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows remote attackers to log into other users' accounts by leveraging an OpenID identity from certain providers, as demonstrated by the Verisign, LiveJournal, and StackExchange providers.","releases":{"stretch":{"fixed_version":"7.38-1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.32-1+deb8u4","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-7943":{"scope":"remote","description":"Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.41, the jQuery Update module 7.x-2.x before 7.x-2.7 for Drupal, and the LABjs module 7.x-1.x before 7.x-1.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3233.","releases":{"stretch":{"fixed_version":"7.41-1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.32-1+deb8u9","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9452":{"debianbug":756305,"scope":"remote","description":"The transliterate mechanism in Drupal 8.x before 8.2.3 allows remote attackers to cause a denial of service via a crafted URL.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-9451":{"scope":"remote","description":"Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors.","releases":{"stretch":{"fixed_version":"7.52-1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.32-1+deb8u8","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-6340":{"scope":"remote","description":"Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.)","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-4554":{"debianbug":690817,"scope":"remote","description":"The OpenID module in Drupal 7.x before 7.16 allows remote OpenID servers to read arbitrary files via a crafted DOCTYPE declaration in an XRDS file.","releases":{"stretch":{"fixed_version":"7.14-1.1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.14-1.1","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-6658":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in the Autocomplete system in Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to uploading files.","releases":{"stretch":{"fixed_version":"7.39-1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.32-1+deb8u5","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9450":{"debianbug":756305,"scope":"remote","description":"The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-6929":{"debianbug":891153,"scope":"remote","description":"A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit. For Drupal 8, this vulnerability was already fixed in Drupal 8.4.0 in the Drupal core upgrade to jQuery 3. For Drupal 7, it is fixed in the current release (Drupal 7.57) for jQuery 1.4.4 (the version that ships with Drupal 7 core) as well as for other newer versions of jQuery that might be used on the site, for example using the jQuery Update module.","releases":{"stretch":{"fixed_version":"7.52-2+deb9u2","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.32-1+deb8u10","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-6341":{"debianbug":925176,"scope":"remote","description":"In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.","releases":{"stretch":{"fixed_version":"7.52-2+deb9u7","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"7.32-1+deb8u16","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2012-4553":{"debianbug":690817,"scope":"remote","description":"Drupal 7.x before 7.16 allows remote attackers to obtain sensitive information and possibly re-install Drupal and execute arbitrary PHP code via an external database server, related to \"transient conditions.\"","releases":{"stretch":{"fixed_version":"7.14-1.1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.14-1.1","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-6659":{"scope":"remote","description":"SQL injection vulnerability in the SQL comment filtering system in the Database API in Drupal 7.x before 7.39 allows remote attackers to execute arbitrary SQL commands via an SQL comment.","releases":{"stretch":{"fixed_version":"7.39-1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"7.32-1+deb8u5","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-2726":{"releases":{"stretch":{"fixed_version":"7.6-1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"7.6-1","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2013-6388":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in the Color module in Drupal 7.x before 7.24 allows remote attackers to inject arbitrary web script or HTML via vectors related to CSS.","releases":{"stretch":{"fixed_version":"7.24-1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.24-1","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-6387":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in the Image module in Drupal 7.x before 7.24 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the description field.","releases":{"stretch":{"fixed_version":"7.24-1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"7.24-1","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2013-6386":{"scope":"remote","description":"Drupal 6.x before 6.29 and 7.x before 7.24 uses the PHP mt_rand function to generate random numbers, which uses predictable seeds and allows remote attackers to predict security strings and bypass intended restrictions via a brute force attack.","releases":{"stretch":{"fixed_version":"7.24-1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.24-1","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-1476":{"scope":"remote","description":"The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an earlier version of Drupal, does not properly restrict access to unpublished content, which allows remote authenticated users to obtain sensitive information via a listing page.","releases":{"stretch":{"fixed_version":"7.26-1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.26-1","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6922":{"debianbug":756305,"scope":"remote","description":"In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56; Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal core did not previously provide this protection, allowing an access bypass vulnerability to occur. This issue is mitigated by the fact that in order to be affected, the site must allow anonymous users to upload files into a private file system.","releases":{"stretch":{"fixed_version":"7.52-2+deb9u1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.32-1+deb8u9","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-6385":{"scope":"remote","description":"The form API in Drupal 6.x before 6.29 and 7.x before 7.24, when used with unspecified third-party modules, performs form validation even when CSRF validation has failed, which might allow remote attackers to trigger application-specific impacts such as arbitrary code execution via application-specific vectors.","releases":{"stretch":{"fixed_version":"7.24-1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.24-1","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-1475":{"scope":"remote","description":"The OpenID module in Drupal 6.x before 6.30 and 7.x before 7.26 allows remote OpenID users to authenticate as other users via unspecified vectors.","releases":{"stretch":{"fixed_version":"7.26-1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"7.26-1","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2019-10910":{"scope":"remote","description":"In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-injection.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-2687":{"debianbug":633385,"scope":"remote","description":"Drupal 7.x before 7.3 allows remote attackers to bypass intended node_access restrictions via vectors related to a listing that shows nodes but lacks a JOIN clause for the node table.","releases":{"stretch":{"fixed_version":"7.2-1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"7.2-1","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-6927":{"debianbug":756305,"scope":"remote","description":"Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML (as JavaScript output does not typically go through Twig autoescaping). This function does not correctly handle all methods of injecting malicious HTML, leading to a cross-site scripting vulnerability under certain circumstances. The PHP functions which Drupal provides for HTML escaping are not affected.","releases":{"stretch":{"fixed_version":"7.52-2+deb9u2","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.32-1+deb8u10","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6928":{"debianbug":891152,"scope":"remote","description":"Drupal core 7.x versions before 7.57 when using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. This check fails under certain conditions in which one module is trying to grant access to the file and another is trying to deny it, leading to an access bypass vulnerability. This vulnerability is mitigated by the fact that it only occurs for unusual site configurations.","releases":{"stretch":{"fixed_version":"7.52-2+deb9u2","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"7.32-1+deb8u10","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2019-10911":{"scope":"remote","description":"In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled. This is related to symfony/security.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-0827":{"scope":"remote","description":"The File module in Drupal 7.x before 7.11, when using unspecified field access modules, allows remote authenticated users to read arbitrary private files that are associated with restricted fields via unspecified vectors.","releases":{"stretch":{"fixed_version":"7.11-1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"7.11-1","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"low**","status":"resolved"}}}}
{"TEMP-0911336-06ADE0":{"debianbug":911336,"releases":{"stretch":{"fixed_version":"7.52-2+deb9u5","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"7.32-1+deb8u13","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2013-0244":{"debianbug":698333,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in Drupal 6.x before 6.28 and 7.x before 7.19, when running with older versions of jQuery that are vulnerable to CVE-2011-4969, allows remote attackers to inject arbitrary web script or HTML via vectors involving unspecified Javascript functions that are used to select DOM elements.","releases":{"stretch":{"fixed_version":"7.14-1.3","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"7.14-1.3","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2013-0245":{"debianbug":698333,"scope":"remote","description":"The printer friendly version functionality in the Book module in Drupal 6.x before 6.28 and 7.x before 7.19 does not properly restrict access to node that are part of a book outline, which allows remote authenticated users with the \"access printer-friendly version\" permission to read node titles and possibly node content via unspecified vectors.","releases":{"stretch":{"fixed_version":"7.14-1.3","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"7.14-1.3","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2013-0246":{"debianbug":698334,"scope":"remote","description":"The Image module in Drupal 7.x before 7.19, when a private file system is used, does not properly restrict access to derivative images, which allows remote attackers to read derivative images of otherwise restricted images via unspecified vectors.","releases":{"stretch":{"fixed_version":"7.14-1.3","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.14-1.3","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-6389":{"scope":"remote","description":"Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.24 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.","releases":{"stretch":{"fixed_version":"7.24-1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.24-1","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-5653":{"debianbug":696342,"scope":"remote","description":"The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 allows remote authenticated users to bypass the protection mechanism and execute arbitrary PHP code via a null byte in a file name.","releases":{"stretch":{"fixed_version":"7.14-1.2","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.14-1.2","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-5651":{"debianbug":696342,"scope":"remote","description":"Drupal 6.x before 6.27 and 7.x before 7.18 displays information for blocked users, which might allow remote attackers to obtain sensitive information by reading the search results.","releases":{"stretch":{"fixed_version":"7.14-1.2","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.14-1.2","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9449":{"debianbug":756305,"scope":"remote","description":"The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query tags.","releases":{"stretch":{"fixed_version":"7.52-1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.32-1+deb8u8","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6932":{"debianbug":891154,"scope":"remote","description":"Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an external site.","releases":{"stretch":{"fixed_version":"7.52-2+deb9u2","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.32-1+deb8u10","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-6211":{"scope":"remote","description":"The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form.","releases":{"stretch":{"fixed_version":"7.44-1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.32-1+deb8u7","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-5021":{"debianbug":755038,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in the Form API in Drupal 6.x before 6.32 and possibly 7.x before 7.29 allows remote authenticated users with the \"administer taxonomy\" permission to inject arbitrary web script or HTML via an option group label.","releases":{"stretch":{"fixed_version":"7.29-1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"7.29-1","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2014-5020":{"debianbug":755038,"scope":"remote","description":"The File module in Drupal 7.x before 7.29 does not properly check permissions to view files, which allows remote authenticated users with certain permissions to bypass intended restrictions and read files by attaching the file to content with a file field.","releases":{"stretch":{"fixed_version":"7.29-1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.29-1","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-5267":{"scope":"remote","description":"modules/openid/xrds.inc in Drupal 6.x before 6.33 and 7.x before 7.31 allows remote attackers to have unspecified impact via a crafted DOCTYPE declaration in an XRDS document.","releases":{"stretch":{"fixed_version":"7.31-1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.31-1","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-5266":{"debianbug":757312,"scope":"remote","description":"The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service (CPU consumption) via a large document, a different vulnerability than CVE-2014-5265.","releases":{"stretch":{"fixed_version":"7.31-1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.31-1","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-5265":{"debianbug":757312,"scope":"remote","description":"The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, permits entity declarations without considering recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.","releases":{"stretch":{"fixed_version":"7.31-1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.31-1","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-5022":{"debianbug":755038,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in the Ajax system in Drupal 7.x before 7.29 allows remote attackers to inject arbitrary web script or HTML via vectors involving forms with an Ajax-enabled textfield and a file field.","releases":{"stretch":{"fixed_version":"7.29-1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.29-1","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-7570":{"scope":"remote","description":"Drupal 8.x before 8.1.10 does not properly check for \"Administer comments\" permission, which allows remote authenticated users to set the visibility of comments for arbitrary nodes by leveraging rights to edit those nodes.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-2153":{"scope":"remote","description":"Drupal 7.x before 7.14 does not properly restrict access to nodes in a list when using a \"contributed node access module,\" which allows remote authenticated users with the \"Access the content overview page\" permission to read all published nodes by accessing the admin/content page.","releases":{"stretch":{"fixed_version":"7.14-1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.14-1","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-7571":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in Drupal 8.x before 8.1.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an HTTP exception.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-3170":{"debianbug":756305,"scope":"remote","description":"The \"have you forgotten your password\" links in the User module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allow remote attackers to obtain sensitive username information by leveraging a configuration that permits using an email address to login and a module that permits logging in.","releases":{"stretch":{"fixed_version":"7.43-1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.32-1+deb8u6","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-3171":{"scope":"remote","description":"Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data truncation.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-1588":{"debianbug":671402,"scope":"remote","description":"Algorithmic complexity vulnerability in the _filter_url function in the text filtering system (modules/filter/filter.module) in Drupal 7.x before 7.14 allows remote authenticated users with certain roles to cause a denial of service (CPU consumption) via a long email address.","releases":{"stretch":{"fixed_version":"7.14-1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"7.14-1","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2012-1589":{"debianbug":671402,"scope":"remote","description":"Open redirect vulnerability in the Form API in Drupal 7.x before 7.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted parameters in a destination URL.","releases":{"stretch":{"fixed_version":"7.14-1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.14-1","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-2983":{"scope":"remote","description":"Drupal 6.x before 6.31 and 7.x before 7.27 does not properly isolate the cached data of different anonymous users, which allows remote anonymous users to obtain sensitive interim form input information in opportunistic situations via unspecified vectors.","releases":{"stretch":{"fixed_version":"7.27-1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.27-1","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-7572":{"scope":"remote","description":"The system.temporary route in Drupal 8.x before 8.1.10 does not properly check for \"Export configuration\" permission, which allows remote authenticated users to bypass intended access restrictions and read a full config export via unspecified vectors.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-5019":{"debianbug":755038,"scope":"remote","description":"The multisite feature in Drupal 6.x before 6.32 and 7.x before 7.29 allows remote attackers to cause a denial of service via a crafted HTTP Host header, related to determining which configuration file to use.","releases":{"stretch":{"fixed_version":"7.29-1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.29-1","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-9016":{"debianbug":770469,"scope":"remote","description":"The password hashing API in Drupal 7.x before 7.34 and the Secure Password Hashes (aka phpass) module 6.x-2.x before 6.x-2.1 for Drupal allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted request.","releases":{"stretch":{"fixed_version":"7.32-1+deb8u1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.32-1+deb8u1","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-9015":{"debianbug":770469,"scope":"remote","description":"Drupal 6.x before 6.34 and 7.x before 7.34 allows remote attackers to hijack sessions via a crafted request, as demonstrated by a crafted request to a server that supports both HTTP and HTTPS sessions.","releases":{"stretch":{"fixed_version":"7.32-1+deb8u1","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.32-1+deb8u1","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-2559":{"debianbug":780772,"scope":"remote","description":"Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL.","releases":{"stretch":{"fixed_version":"7.32-1+deb8u2","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"7.32-1+deb8u2","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-7600":{"debianbug":894259,"scope":"remote","description":"Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.","releases":{"stretch":{"fixed_version":"7.52-2+deb9u3","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"7.32-1+deb8u11","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-7602":{"debianbug":896701,"scope":"remote","description":"A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild.","releases":{"stretch":{"fixed_version":"7.52-2+deb9u4","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"7.32-1+deb8u12","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-6752":{"scope":"remote","description":"** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in Drupal 7.12 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that end a session via the user/logout URI.  NOTE: the vendor disputes the significance of this issue, by considering the \"security benefit against platform complexity and performance impact\" and concluding that a change to the logout behavior is not planned because \"for most sites it is not worth the trade-off.\"","releases":{"stretch":{"repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2015-2750":{"debianbug":780772,"scope":"remote","description":"Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the \"//\" initial sequence.","releases":{"stretch":{"fixed_version":"7.32-1+deb8u2","repositories":{"stretch-security":"7.52-2+deb9u9","stretch":"7.52-2+deb9u8"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"7.32-1+deb8u2","repositories":{"jessie":"7.32-1+deb8u12","jessie-security":"7.32-1+deb8u17"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-1383":{"debianbug":537258,"scope":"remote","description":"The getdirective function in mathtex.cgi in mathTeX, when downloaded before 20090713, allows remote attackers to execute arbitrary commands via shell metacharacters in the dpi tag.","releases":{"buster":{"fixed_version":"1.03-1","repositories":{"buster":"1.03-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.03-1","repositories":{"stretch":"1.03-1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.03-1","repositories":{"jessie":"1.03-1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.03-1","repositories":{"sid":"1.03-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2009-2461":{"debianbug":537253,"scope":"local","description":"mathtex.cgi in mathTeX, when downloaded before 20090713, does not securely create temporary files, which has unspecified impact and local attack vectors.","releases":{"buster":{"fixed_version":"1.03-1","repositories":{"buster":"1.03-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.03-1","repositories":{"stretch":"1.03-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.03-1","repositories":{"jessie":"1.03-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.03-1","repositories":{"sid":"1.03-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-2460":{"debianbug":537253,"scope":"remote","description":"Multiple stack-based buffer overflows in mathtex.cgi in mathTeX, when downloaded before 20090713, have unspecified impact and remote attack vectors.","releases":{"buster":{"fixed_version":"1.03-1","repositories":{"buster":"1.03-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.03-1","repositories":{"stretch":"1.03-1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.03-1","repositories":{"jessie":"1.03-1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.03-1","repositories":{"sid":"1.03-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2011-4616":{"debianbug":652587,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in the HTML-Template-Pro module before 0.9507 for Perl allows remote attackers to inject arbitrary web script or HTML via template parameters, related to improper handling of > (greater than) and < (less than) characters.","releases":{"buster":{"fixed_version":"0.9507-1","repositories":{"buster":"0.9510-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.9507-1","repositories":{"stretch":"0.9510-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.9507-1","repositories":{"jessie":"0.9510-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.9507-1","repositories":{"sid":"0.9510-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-7298":{"debianbug":735880,"scope":"remote","description":"query_params.cpp in cxxtools before 2.2.1 allows remote attackers to cause a denial of service (infinite recursion and crash) via an HTTP query that contains %% (double percent) characters.","releases":{"buster":{"fixed_version":"2.2.1-1","repositories":{"buster":"2.2.1-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.2.1-1","repositories":{"stretch":"2.2.1-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.2.1-1","repositories":{"jessie":"2.2.1-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.2.1-1","repositories":{"sid":"2.2.1-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-9766":{"scope":"remote","description":"Integer overflow in the create_bits function in pixman-bits-image.c in Pixman before 0.32.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via large height and stride values.","releases":{"buster":{"fixed_version":"0.32.6-1","repositories":{"buster":"0.36.0-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.32.6-1","repositories":{"stretch":"0.34.0-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.32.6-1","repositories":{"jessie":"0.32.6-3","jessie-security":"0.32.6-3+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.32.6-1","repositories":{"sid":"0.36.0-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-6425":{"scope":"remote","description":"Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.","releases":{"buster":{"fixed_version":"0.30.2-2","repositories":{"buster":"0.36.0-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.30.2-2","repositories":{"stretch":"0.34.0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.30.2-2","repositories":{"jessie":"0.32.6-3","jessie-security":"0.32.6-3+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.30.2-2","repositories":{"sid":"0.36.0-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-1591":{"debianbug":700308,"scope":"remote","description":"Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors.  NOTE: this issue might be resultant from an integer overflow in the fast_composite_scaled_bilinear function in pixman-inlines.h, which triggers an infinite loop.","releases":{"buster":{"fixed_version":"0.26.0-4","repositories":{"buster":"0.36.0-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.26.0-4","repositories":{"stretch":"0.34.0-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.26.0-4","repositories":{"jessie":"0.32.6-3","jessie-security":"0.32.6-3+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.26.0-4","repositories":{"sid":"0.36.0-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-5297":{"releases":{"buster":{"fixed_version":"0.33.4-1","repositories":{"buster":"0.36.0-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"0.33.4-1","repositories":{"stretch":"0.34.0-1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"0.32.6-3+deb8u1","repositories":{"jessie":"0.32.6-3","jessie-security":"0.32.6-3+deb8u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"0.33.4-1","repositories":{"sid":"0.36.0-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2017-14226":{"debianbug":876001,"scope":"remote","description":"WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the WPXTableList class in WPXTable.cpp). This vulnerability can be triggered in LibreOffice before 5.3.7. It may lead to suffering a remote attack against a LibreOffice application.","releases":{"buster":{"fixed_version":"0.10.2-1","repositories":{"buster":"0.10.3-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.10.1-5+deb9u1","repositories":{"stretch":"0.10.1-5+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.10.0-2+deb8u1","repositories":{"jessie":"0.10.0-2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.10.2-1","repositories":{"sid":"0.10.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-1466":{"scope":"remote","description":"Integer overflow in the WP6GeneralTextPacket::_readContents function in WordPerfect Document importer/exporter (libwpd) before 0.8.9 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted WordPerfect file, a different vulnerability than CVE-2007-0002.","releases":{"buster":{"fixed_version":"0.8.9-1","repositories":{"buster":"0.10.3-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"0.8.9-1","repositories":{"stretch":"0.10.1-5+deb9u1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"0.8.9-1","repositories":{"jessie":"0.10.0-2+deb8u1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"0.8.9-1","repositories":{"sid":"0.10.3-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2012-2149":{"scope":"remote","description":"The WPXContentListener::_closeTableRow function in WPXContentListener.cpp in libwpd 0.8.8, as used by OpenOffice.org (OOo) before 3.4, allows remote attackers to execute arbitrary code via a crafted Wordperfect .WPD document that causes a negative array index to be used.  NOTE: some sources report this issue as an integer overflow.","releases":{"buster":{"fixed_version":"0.8.14-1","repositories":{"buster":"0.10.3-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.8.14-1","repositories":{"stretch":"0.10.1-5+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.8.14-1","repositories":{"jessie":"0.10.0-2+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.8.14-1","repositories":{"sid":"0.10.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-19208":{"debianbug":913702,"scope":"remote","description":"In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack. This is related to WPXTable.h.","releases":{"buster":{"fixed_version":"0.10.2-3","repositories":{"buster":"0.10.3-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.10.1-5+deb9u1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.10.0-2+deb8u1"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"0.10.2-3","repositories":{"sid":"0.10.3-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-0002":{"scope":"remote","description":"Multiple heap-based buffer overflows in WordPerfect Document importer/exporter (libwpd) before 0.8.9 allow user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted WordPerfect file in which values to loop counters are not properly handled in the (1) WP3TablesGroup::_readContents and (2) WP5DefinitionGroup_DefineTablesSubGroup::WP5DefinitionGroup_DefineTablesSubGroup functions.  NOTE: the integer overflow has been split into CVE-2007-1466.","releases":{"buster":{"fixed_version":"0.8.9-1","repositories":{"buster":"0.10.3-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.8.9-1","repositories":{"stretch":"0.10.1-5+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.8.9-1","repositories":{"jessie":"0.10.0-2+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.8.9-1","repositories":{"sid":"0.10.3-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-6369":{"debianbug":743960,"scope":"remote","description":"Stack-based buffer overflow in the jbg_dec_in function in libjbig/jbig.c in JBIG-KIT before 2.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted image file.","releases":{"buster":{"fixed_version":"2.0-2.1","repositories":{"buster":"2.1-3.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.0-2.1","repositories":{"stretch":"2.1-3.1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.0-2.1","repositories":{"jessie":"2.1-3.1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.0-2.1","repositories":{"sid":"2.1-3.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-9937":{"debianbug":869708,"scope":"remote","description":"In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack.","releases":{"buster":{"repositories":{"buster":"2.1-3.1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"2.1-3.1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.1-3.1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2.1-3.1"},"urgency":"unimportant","status":"open"}}}}
{"TEMP-0425254-0F9CE1":{"debianbug":425254,"releases":{"buster":{"fixed_version":"0.5-18","repositories":{"buster":"1.2.2-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.5-18","repositories":{"stretch":"1.2.2-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.5-18","repositories":{"jessie":"1.2.2-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.5-18","repositories":{"sid":"1.2.2-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2006-5111":{"debianbug":391278,"scope":"remote","description":"The libksba library 0.9.12 and possibly other versions, as used by gpgsm in the newpg package on SUSE LINUX, allows attackers to cause a denial of service (application crash) via a malformed X.509 certificate in a signature.","releases":{"buster":{"fixed_version":"0.9.14-1","repositories":{"buster":"1.3.5-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.9.14-1","repositories":{"stretch":"1.3.5-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.9.14-1","repositories":{"jessie":"1.3.2-1+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.9.14-1","repositories":{"sid":"1.3.5-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-4579":{"scope":"remote","description":"Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the \"returned length of the object from _ksba_ber_parse_tl.\"","releases":{"buster":{"fixed_version":"1.3.4-3","repositories":{"buster":"1.3.5-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.3.4-3","repositories":{"stretch":"1.3.5-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.3.2-1+deb8u1","repositories":{"jessie":"1.3.2-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.3.4-3","repositories":{"sid":"1.3.5-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-4574":{"scope":"remote","description":"Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-4356.","releases":{"buster":{"fixed_version":"1.3.4-3","repositories":{"buster":"1.3.5-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.3.4-3","repositories":{"stretch":"1.3.5-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.3.2-1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.3.4-3","repositories":{"sid":"1.3.5-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-4353":{"scope":"remote","description":"ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a denial of service (abort) via crafted BER data.","releases":{"buster":{"fixed_version":"1.3.3-1","repositories":{"buster":"1.3.5-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.3.3-1","repositories":{"stretch":"1.3.5-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.3.2-1+deb8u1","repositories":{"jessie":"1.3.2-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.3.3-1","repositories":{"sid":"1.3.5-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-4354":{"scope":"remote","description":"ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow.","releases":{"buster":{"fixed_version":"1.3.3-1","repositories":{"buster":"1.3.5-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.3.3-1","repositories":{"stretch":"1.3.5-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.3.2-1+deb8u1","repositories":{"jessie":"1.3.2-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.3.3-1","repositories":{"sid":"1.3.5-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-9087":{"debianbug":770972,"scope":"remote","description":"Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow.","releases":{"buster":{"fixed_version":"1.3.2-1","repositories":{"buster":"1.3.5-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.3.2-1","repositories":{"stretch":"1.3.5-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.3.2-1","repositories":{"jessie":"1.3.2-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.3.2-1","repositories":{"sid":"1.3.5-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-4355":{"scope":"remote","description":"Multiple integer overflows in ber-decoder.c in Libksba before 1.3.3 allow remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow.","releases":{"buster":{"fixed_version":"1.3.3-1","repositories":{"buster":"1.3.5-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.3.3-1","repositories":{"stretch":"1.3.5-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.3.2-1+deb8u1","repositories":{"jessie":"1.3.2-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.3.3-1","repositories":{"sid":"1.3.5-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-4356":{"scope":"remote","description":"The append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.3 allows remote attackers to cause a denial of service (out-of-bounds read) by clearing the high bit of the byte after invalid utf-8 encoded data.","releases":{"buster":{"fixed_version":"1.3.3-1","repositories":{"buster":"1.3.5-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.3.3-1","repositories":{"stretch":"1.3.5-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.3.2-1+deb8u1","repositories":{"jessie":"1.3.2-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.3.3-1","repositories":{"sid":"1.3.5-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-9085":{"debianbug":842714,"scope":"remote","description":"Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors.","releases":{"buster":{"repositories":{"buster":"0.6.1-2"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"0.5.2-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"0.4.1-1.2"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"0.6.1-2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2012-5127":{"debianbug":704573,"scope":"remote","description":"Integer overflow in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted WebP image.","releases":{"buster":{"fixed_version":"0.1.3-3+nmu1","repositories":{"buster":"0.6.1-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.1.3-3+nmu1","repositories":{"stretch":"0.5.2-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.1.3-3+nmu1","repositories":{"jessie":"0.4.1-1.2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.1.3-3+nmu1","repositories":{"sid":"0.6.1-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2005-2655":{"debianbug":325135,"scope":"remote","description":"lockmail in maildrop before 1.5.3 does not drop privileges before executing commands, which allows local users to gain privileges via command line arguments.","releases":{"buster":{"fixed_version":"2.0.2-7","repositories":{"buster":"2.9.3-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.0.2-7","repositories":{"stretch":"2.8.4-2"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.0.2-7","repositories":{"jessie":"2.7.1-3"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.0.2-7","repositories":{"sid":"2.9.3-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2010-0301":{"debianbug":564601,"scope":"local","description":"main.C in maildrop 2.3.0 and earlier, when run by root with the -d option, uses the gid of root for execution of the .mailfilter file in a user's home directory, which allows local users to gain privileges via a crafted file.","releases":{"buster":{"fixed_version":"2.2.0-3.1","repositories":{"buster":"2.9.3-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.2.0-3.1","repositories":{"stretch":"2.8.4-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.2.0-3.1","repositories":{"jessie":"2.7.1-3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.2.0-3.1","repositories":{"sid":"2.9.3-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-4755":{"debianbug":442075,"scope":"remote","description":"Alien Arena 2007 6.10 and earlier allows remote attackers to cause a denial of service (client disconnect) by sending a client_connect command in a forged packet from the server to a client.  NOTE: client IP addresses are available via product-specific queries.","releases":{"buster":{"fixed_version":"6.05-4.1","repositories":{"buster":"7.66+dfsg-5"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"6.05-4.1","repositories":{"stretch":"7.66+dfsg-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"6.05-4.1","repositories":{"jessie":"7.66+dfsg-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"6.05-4.1","repositories":{"sid":"7.66+dfsg-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-3439":{"debianbug":575621,"releases":{"buster":{"fixed_version":"7.33-5","repositories":{"buster":"7.66+dfsg-5"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"7.33-5","repositories":{"stretch":"7.66+dfsg-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"7.33-5","repositories":{"jessie":"7.66+dfsg-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"7.33-5","repositories":{"sid":"7.66+dfsg-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-4754":{"debianbug":442075,"scope":"remote","description":"Format string vulnerability in the safe_bprintf function in acesrc/acebot_cmds.c in Alien Arena 2007 6.10 and earlier allows remote attackers to cause a denial of service (daemon crash) via format string specifiers in a nickname.","releases":{"buster":{"fixed_version":"6.05-4.1","repositories":{"buster":"7.66+dfsg-5"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"6.05-4.1","repositories":{"stretch":"7.66+dfsg-3"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"6.05-4.1","repositories":{"jessie":"7.66+dfsg-2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"6.05-4.1","repositories":{"sid":"7.66+dfsg-5"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2009-3637":{"debianbug":552038,"scope":"remote","description":"Stack-based buffer overflow in the M_AddToServerList function in client/menu.c in Red Planet Arena Alien Arena 7.30 allows remote attackers to execute arbitrary code via a packet with a crafted server description to UDP port 27901 followed by a packet with a long print command.","releases":{"buster":{"fixed_version":"7.33-1","repositories":{"buster":"7.66+dfsg-5"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"7.33-1","repositories":{"stretch":"7.66+dfsg-3"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"7.33-1","repositories":{"jessie":"7.66+dfsg-2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"7.33-1","repositories":{"sid":"7.66+dfsg-5"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2004-0451":{"scope":"remote","description":"Multiple format string vulnerabilities in the (1) logquit, (2) logerr, or (3) loginfo functions in Software Upgrade Protocol (SUP) allows remote attackers to execute arbitrary code via format string specifiers in messages that are logged by syslog.","releases":{"buster":{"fixed_version":"1.8-11","repositories":{"buster":"20100519-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.8-11","repositories":{"stretch":"20100519-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.8-11","repositories":{"jessie":"20100519-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.8-11","repositories":{"sid":"20100519-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2003-0606":{"scope":"local","description":"sup 1.8 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files.","releases":{"buster":{"fixed_version":"1.8-9","repositories":{"buster":"20100519-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.8-9","repositories":{"stretch":"20100519-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.8-9","repositories":{"jessie":"20100519-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.8-9","repositories":{"sid":"20100519-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-16981":{"scope":"remote","description":"stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function.","releases":{"buster":{"repositories":{"buster":"2.5.0-1"},"urgency":"medium**","status":"undetermined"},"sid":{"repositories":{"sid":"2.5.0-1"},"urgency":"medium**","status":"undetermined"}}}}
{"CVE-2018-13794":{"debianbug":903711,"scope":"remote","description":"A heap-based buffer overflow exists in stbi__bmp_load_cont in stb_image.h in catimg 2.4.0.","releases":{"buster":{"fixed_version":"2.5.0-1","repositories":{"buster":"2.5.0-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.5.0-1","repositories":{"sid":"2.5.0-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-9474":{"debianbug":772008,"scope":"remote","description":"Buffer overflow in the mpfr_strtofr function in GNU MPFR before 3.1.2-p11 allows context-dependent attackers to have unspecified impact via vectors related to incorrect documentation for mpn_set_str.","releases":{"buster":{"fixed_version":"3.1.2-2","repositories":{"buster":"4.0.2-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.1.2-2","repositories":{"stretch":"3.1.5-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3.1.2-2","repositories":{"jessie":"3.1.2-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"3.1.2-2","repositories":{"sid":"4.0.2-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-4509":{"debianbug":729065,"scope":"local","description":"The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allows physically proximate attackers to obtain a user password by reading the lockscreen.","releases":{"buster":{"fixed_version":"1.5.0-1","repositories":{"buster":"1.5.0-5"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.5.0-1","repositories":{"stretch":"1.5.0-4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.5.0-1","repositories":{"jessie":"1.5.0-3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.5.0-1","repositories":{"sid":"1.5.0-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-1628":{"debianbug":475227,"scope":"local","description":"Stack-based buffer overflow in the audit_log_user_command function in lib/audit_logging.c in Linux Audit before 1.7 might allow remote attackers to execute arbitrary code via a long command argument. NOTE: some of these details are obtained from third party information.","releases":{"buster":{"fixed_version":"1.5.3-2.1","repositories":{"buster":"1:2.8.4-3"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.5.3-2.1","repositories":{"stretch":"1:2.6.7-2"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.5.3-2.1","repositories":{"jessie":"1:2.4-1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.5.3-2.1","repositories":{"sid":"1:2.8.4-3"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2015-5186":{"debianbug":795457,"scope":"remote","description":"Audit before 2.4.4 in Linux does not sanitize escape characters in filenames.","releases":{"buster":{"fixed_version":"1:2.4.4-1","repositories":{"buster":"1:2.8.4-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1:2.4.4-1","repositories":{"stretch":"1:2.6.7-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"1:2.4-1"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"1:2.4.4-1","repositories":{"sid":"1:2.8.4-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-0007":{"debianbug":411942,"scope":"local","description":"gnucash 2.0.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) gnucash.trace, (2) qof.trace, and (3) qof.trace.[PID] temporary files.","releases":{"buster":{"fixed_version":"2.0.5-1","repositories":{"buster":"1:3.4-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.0.5-1","repositories":{"stretch":"1:2.6.15-1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.0.5-1","repositories":{"jessie":"1:2.6.4-3"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.0.5-1","repositories":{"sid":"1:3.4-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2010-3999":{"debianbug":603329,"scope":"local","description":"gnc-test-env in GnuCash 2.3.15 and earlier places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.","releases":{"buster":{"fixed_version":"2.2.9-10","repositories":{"buster":"1:3.4-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.2.9-10","repositories":{"stretch":"1:2.6.15-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.2.9-10","repositories":{"jessie":"1:2.6.4-3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.2.9-10","repositories":{"sid":"1:3.4-1"},"urgency":"low","status":"resolved"}}}}
{"TEMP-0370144-2CA0D8":{"debianbug":370144,"releases":{"buster":{"fixed_version":"1.7.0-2","repositories":{"buster":"31.0.0-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.7.0-2","repositories":{"stretch":"9.8.0-dmo1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.7.0-2","repositories":{"jessie":"7.3.0-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.7.0-2","repositories":{"sid":"31.0.0-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-4022":{"scope":"remote","description":"A use-after-free vulnerability exists in the way MKVToolNix MKVINFO v25.0.0 handles the MKV (matroska) file format. A specially crafted MKV file can cause arbitrary code execution in the context of the current user.","releases":{"buster":{"fixed_version":"28.2.0-1","repositories":{"buster":"31.0.0-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"9.8.0-dmo1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"7.3.0-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"28.2.0-1","repositories":{"sid":"31.0.0-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-1127":{"debianbug":378640,"scope":"remote","description":"Format string vulnerability in the log function in Net::Server 0.87 and earlier, as used in Postfix Greylisting Policy Server (Postgrey) 1.18 and earlier, and possibly other products, allows remote attackers to cause a denial of service (crash) via format string specifiers that are not properly handled before being sent to syslog, as demonstrated using sender addresses to Postgrey.","releases":{"stretch":{"fixed_version":"1.22-1","repositories":{"stretch":"1.36-3+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.22-1","repositories":{"jessie":"1.35-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.22-1","repositories":{"sid":"1.36-5.1"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0000000-5AF47F":{"releases":{"stretch":{"fixed_version":"1.21-1","repositories":{"stretch":"1.36-3+deb9u2"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"1.21-1","repositories":{"jessie":"1.35-1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"1.21-1","repositories":{"sid":"1.36-5.1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-12085":{"debianbug":901202,"scope":"remote","description":"Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.","releases":{"buster":{"fixed_version":"3.5.0-4","repositories":{"buster":"3.8.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.0.0-3+deb9u4","repositories":{"stretch":"3.0.0-3+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.5.3-3+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3.5.0-4","repositories":{"sid":"3.9.0-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-17294":{"scope":"remote","description":"The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting an input file with certain translation dictionaries.","releases":{"buster":{"fixed_version":"3.7.0-1","repositories":{"buster":"3.8.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"3.0.0-3+deb9u4"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.5.3-3+deb8u1"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"3.7.0-1","repositories":{"sid":"3.9.0-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-13743":{"debianbug":874302,"scope":"remote","description":"There is a buffer overflow in Liblouis 3.2.0, triggered in the function _lou_showString() in utils.c, that will lead to a remote denial of service attack.","releases":{"buster":{"fixed_version":"3.3.0-1","repositories":{"buster":"3.8.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.0.0-3+deb9u1","repositories":{"stretch":"3.0.0-3+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.5.3-3+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3.3.0-1","repositories":{"sid":"3.9.0-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-13744":{"debianbug":874302,"scope":"remote","description":"There is an illegal address access in the function _lou_getALine() in compileTranslationTable.c:343 in Liblouis 3.2.0.","releases":{"buster":{"fixed_version":"3.3.0-1","repositories":{"buster":"3.8.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.0.0-3+deb9u1","repositories":{"stretch":"3.0.0-3+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.5.3-3+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3.3.0-1","repositories":{"sid":"3.9.0-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-13741":{"debianbug":874302,"scope":"remote","description":"There is a use-after-free in the function compileBrailleIndicator() in compileTranslationTable.c in Liblouis 3.2.0 that will lead to a remote denial of service attack.","releases":{"buster":{"fixed_version":"3.3.0-1","repositories":{"buster":"3.8.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.0.0-3+deb9u1","repositories":{"stretch":"3.0.0-3+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.5.3-3+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3.3.0-1","repositories":{"sid":"3.9.0-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-13742":{"debianbug":874302,"scope":"remote","description":"There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function includeFile() in compileTranslationTable.c, that will lead to a remote denial of service attack.","releases":{"buster":{"fixed_version":"3.3.0-1","repositories":{"buster":"3.8.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.0.0-3+deb9u1","repositories":{"stretch":"3.0.0-3+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.5.3-3+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3.3.0-1","repositories":{"sid":"3.9.0-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-11577":{"debianbug":900607,"scope":"remote","description":"Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c.","releases":{"buster":{"fixed_version":"3.5.0-3","repositories":{"buster":"3.8.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.0.0-3+deb9u4","repositories":{"stretch":"3.0.0-3+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.5.3-3+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3.5.0-3","repositories":{"sid":"3.9.0-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-13740":{"debianbug":874302,"scope":"remote","description":"There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function parseChars() in compileTranslationTable.c, that will lead to denial of service or possibly unspecified other impact.","releases":{"buster":{"fixed_version":"3.3.0-1","repositories":{"buster":"3.8.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.0.0-3+deb9u1","repositories":{"stretch":"3.0.0-3+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.5.3-3+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3.3.0-1","repositories":{"sid":"3.9.0-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-15101":{"scope":"remote","description":"A missing patch for a stack-based buffer overflow in findTable() was found in Red Hat version of liblouis before 2.5.4. An attacker could cause a denial of service condition or potentially even arbitrary code execution.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.8.0-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"3.0.0-3+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.5.3-3+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.9.0-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-11683":{"scope":"remote","description":"Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.","releases":{"buster":{"fixed_version":"3.5.0-3","repositories":{"buster":"3.8.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.0.0-3+deb9u4","repositories":{"stretch":"3.0.0-3+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.5.3-3+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3.5.0-3","repositories":{"sid":"3.9.0-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-11684":{"scope":"remote","description":"Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c.","releases":{"buster":{"fixed_version":"3.5.0-3","repositories":{"buster":"3.8.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.0.0-3+deb9u4","repositories":{"stretch":"3.0.0-3+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.5.3-3+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3.5.0-3","repositories":{"sid":"3.9.0-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-11685":{"scope":"remote","description":"Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c.","releases":{"buster":{"fixed_version":"3.5.0-3","repositories":{"buster":"3.8.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.0.0-3+deb9u4","repositories":{"stretch":"3.0.0-3+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.5.3-3+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3.5.0-3","repositories":{"sid":"3.9.0-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-13738":{"debianbug":874302,"scope":"remote","description":"There is an illegal address access in the _lou_getALine function in compileTranslationTable.c:346 in Liblouis 3.2.0.","releases":{"buster":{"fixed_version":"3.3.0-1","repositories":{"buster":"3.8.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.0.0-3+deb9u1","repositories":{"stretch":"3.0.0-3+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.5.3-3+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3.3.0-1","repositories":{"sid":"3.9.0-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-11410":{"debianbug":899999,"scope":"remote","description":"An issue was discovered in Liblouis 3.5.0. A invalid free in the compileRule function in compileTranslationTable.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.","releases":{"buster":{"fixed_version":"3.5.0-2","repositories":{"buster":"3.8.0-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.0.0-3+deb9u2","repositories":{"stretch":"3.0.0-3+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.5.3-3+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"3.5.0-2","repositories":{"sid":"3.9.0-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-8184":{"debianbug":880621,"releases":{"buster":{"fixed_version":"2.6.2-1","repositories":{"buster":"3.8.0-2"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"2.6.2-1","repositories":{"stretch":"3.0.0-3+deb9u4"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"2.5.3-3+deb8u1","repositories":{"jessie":"2.5.3-3+deb8u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"2.6.2-1","repositories":{"sid":"3.9.0-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2017-13739":{"debianbug":874302,"scope":"remote","description":"There is a heap-based buffer overflow that causes a more than two thousand bytes out-of-bounds write in Liblouis 3.2.0, triggered in the function resolveSubtable() in compileTranslationTable.c. It will lead to denial of service or remote code execution.","releases":{"buster":{"fixed_version":"3.3.0-1","repositories":{"buster":"3.8.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.0.0-3+deb9u1","repositories":{"stretch":"3.0.0-3+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.5.3-3+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3.3.0-1","repositories":{"sid":"3.9.0-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-11440":{"debianbug":900085,"scope":"remote","description":"Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c.","releases":{"buster":{"fixed_version":"3.5.0-3","repositories":{"buster":"3.8.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.0.0-3+deb9u4","repositories":{"stretch":"3.0.0-3+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.5.3-3+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3.5.0-3","repositories":{"sid":"3.9.0-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-4168":{"debianbug":751834,"scope":"remote","description":"(1) iodined.c and (2) user.c in iodine before 0.7.0 allows remote attackers to bypass authentication by continuing execution after an error has been triggering.","releases":{"buster":{"fixed_version":"0.6.0~rc1-19","repositories":{"buster":"0.7.0-9"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.6.0~rc1-19","repositories":{"stretch":"0.7.0-7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.6.0~rc1-19","repositories":{"jessie":"0.7.0-3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.6.0~rc1-19","repositories":{"sid":"0.7.0-9"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0000000-B446CF":{"releases":{"buster":{"fixed_version":"0.5.1","repositories":{"buster":"0.7.0-9"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.5.1","repositories":{"stretch":"0.7.0-7"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.5.1","repositories":{"jessie":"0.7.0-3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.5.1","repositories":{"sid":"0.7.0-9"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-5537":{"debianbug":852029,"scope":"local","description":"Unspecified vulnerability in the NetBeans component in Oracle Fusion Middleware 8.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information is from the October 2016 CPU. Oracle has not commented on third-party claims that this issue is a directory traversal vulnerability which allows local users with certain permissions to write to arbitrary files and consequently gain privileges via a .. (dot dot) in a archive entry in a ZIP file imported as a project.","releases":{"stretch":{"nodsa":"No details about affected code, backport of Netbeans 8.2 too intrusive","repositories":{"stretch":"8.1+dfsg3-2"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"10.0-1","repositories":{"sid":"10.0-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-17191":{"scope":"remote","description":"Apache NetBeans (incubating) 9.0 NetBeans Proxy Auto-Configuration (PAC) interpretation is vulnerable for remote command execution (RCE). Using the nashorn script engine the environment of the javascript execution for the Proxy Auto-Configuration leaks privileged objects, that can be used to circumvent the execution limits. If a different script engine was used, no execution limits were in place. Both vectors allow remote code execution.","releases":{"stretch":{"nodsa":"Nashorn module is not enabled. Javascript support is incomplete","repositories":{"stretch":"8.1+dfsg3-2"},"urgency":"high**","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"10.0-1","repositories":{"sid":"10.0-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-3736":{"debianbug":559797,"scope":"local","description":"ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.","releases":{"stretch":{"fixed_version":"3.1-2","repositories":{"stretch":"3.2.5-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3.1-2","repositories":{"jessie":"3.2.4-2.1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"3.1-2","repositories":{"sid":"3.2.5-1.3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-3385":{"debianbug":598307,"scope":"local","description":"TuxGuitar 1.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.","releases":{"buster":{"fixed_version":"1.2-7","repositories":{"buster":"1.2-23"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.2-7","repositories":{"stretch":"1.2-22"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.2-7","repositories":{"jessie":"1.2-20"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.2-7","repositories":{"sid":"1.2-23"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-3250":{"debianbug":791957,"scope":"remote","description":"Apache Directory LDAP API before 1.0.0-M31 allows attackers to conduct timing attacks via unspecified vectors.","releases":{"buster":{"fixed_version":"1.0.0~M20-3","repositories":{"buster":"1.0.0-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.0~M20-3","repositories":{"stretch":"1.0.0~M20-5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.0~M20-3","repositories":{"sid":"1.0.0-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-4398":{"debianbug":439839,"scope":"remote","description":"Multiple CRLF injection vulnerabilities in the (1) now-playing.rb and (2) xmms.pl 1.1 scripts for WeeChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.","releases":{"buster":{"fixed_version":"20070425-0.1","repositories":{"buster":"20180330-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"20070425-0.1","repositories":{"stretch":"20161006-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"20070425-0.1","repositories":{"jessie":"20140928-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"20070425-0.1","repositories":{"sid":"20190304-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-6524":{"scope":"remote","description":"The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-3612 per ADT2 due to different vulnerability types.","releases":{"buster":{"fixed_version":"5.6.0+dfsg1-4","repositories":{"buster":"5.15.8-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"5.6.0+dfsg1-4","repositories":{"stretch":"5.14.3-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"5.6.0+dfsg1-4","repositories":{"jessie":"5.6.0+dfsg1-4+deb8u3","jessie-security":"5.6.0+dfsg1-4+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"5.6.0+dfsg1-4","repositories":{"sid":"5.15.8-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-4905":{"debianbug":655495,"scope":"remote","description":"Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.","releases":{"buster":{"fixed_version":"5.5.0+dfsg-5","repositories":{"buster":"5.15.8-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"5.5.0+dfsg-5","repositories":{"stretch":"5.14.3-3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"5.5.0+dfsg-5","repositories":{"jessie":"5.6.0+dfsg1-4+deb8u3","jessie-security":"5.6.0+dfsg1-4+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"5.5.0+dfsg-5","repositories":{"sid":"5.15.8-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-7559":{"debianbug":860866,"releases":{"buster":{"fixed_version":"5.14.3-3","repositories":{"buster":"5.15.8-2"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"5.14.3-3","repositories":{"stretch":"5.14.3-3"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"5.6.0+dfsg1-4+deb8u3","repositories":{"jessie":"5.6.0+dfsg1-4+deb8u3","jessie-security":"5.6.0+dfsg1-4+deb8u2"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"5.14.3-3","repositories":{"sid":"5.15.8-2"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2016-3088":{"scope":"remote","description":"The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.","releases":{"buster":{"fixed_version":"5.14.0+dfsg-1","repositories":{"buster":"5.15.8-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"5.14.0+dfsg-1","repositories":{"stretch":"5.14.3-3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.0+dfsg1-4+deb8u3","jessie-security":"5.6.0+dfsg1-4+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"5.14.0+dfsg-1","repositories":{"sid":"5.15.8-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-3576":{"debianbug":792857,"scope":"remote","description":"The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11.0 allows remote attackers to cause a denial of service (shutdown) via a shutdown command.","releases":{"buster":{"fixed_version":"5.6.0+dfsg1-4+deb8u1","repositories":{"buster":"5.15.8-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"5.6.0+dfsg1-4+deb8u1","repositories":{"stretch":"5.14.3-3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"5.6.0+dfsg1-4+deb8u1","repositories":{"jessie":"5.6.0+dfsg1-4+deb8u3","jessie-security":"5.6.0+dfsg1-4+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"5.6.0+dfsg1-4+deb8u1","repositories":{"sid":"5.15.8-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-3060":{"scope":"remote","description":"The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.15.8-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"5.14.3-3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.0+dfsg1-4+deb8u3","jessie-security":"5.6.0+dfsg1-4+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.15.8-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-3600":{"debianbug":777196,"scope":"remote","description":"XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.","releases":{"buster":{"fixed_version":"5.6.0+dfsg1-4","repositories":{"buster":"5.15.8-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"5.6.0+dfsg1-4","repositories":{"stretch":"5.14.3-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"5.6.0+dfsg1-4","repositories":{"jessie":"5.6.0+dfsg1-4+deb8u3","jessie-security":"5.6.0+dfsg1-4+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"5.6.0+dfsg1-4","repositories":{"sid":"5.15.8-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-3612":{"debianbug":777196,"scope":"remote","description":"The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind. NOTE: this identifier has been SPLIT per ADT2 due to different vulnerability types. See CVE-2015-6524 for the use of wildcard operators in usernames.","releases":{"buster":{"fixed_version":"5.6.0+dfsg1-4","repositories":{"buster":"5.15.8-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"5.6.0+dfsg1-4","repositories":{"stretch":"5.14.3-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"5.6.0+dfsg1-4","repositories":{"jessie":"5.6.0+dfsg1-4+deb8u3","jessie-security":"5.6.0+dfsg1-4+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"5.6.0+dfsg1-4","repositories":{"sid":"5.15.8-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2019-0222":{"debianbug":925964,"scope":"remote","description":"In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.","releases":{"buster":{"repositories":{"buster":"5.15.8-2"},"urgency":"medium**","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"5.14.3-3"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.0+dfsg1-4+deb8u3","jessie-security":"5.6.0+dfsg1-4+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"repositories":{"sid":"5.15.8-2"},"urgency":"medium**","status":"open"}}}}
{"CVE-2016-0782":{"scope":"remote","description":"The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to conduct cross-site scripting (XSS) attacks and consequently obtain sensitive information from a Java memory dump via vectors related to creating a queue.","releases":{"buster":{"fixed_version":"5.13.2+dfsg-1","repositories":{"buster":"5.15.8-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"5.13.2+dfsg-1","repositories":{"stretch":"5.14.3-3"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"5.6.0+dfsg1-4+deb8u3","jessie-security":"5.6.0+dfsg1-4+deb8u2"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"5.13.2+dfsg-1","repositories":{"sid":"5.15.8-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-0734":{"scope":"remote","description":"The web-based administration console in Apache ActiveMQ 5.x before 5.13.2 does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.15.8-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"5.14.3-3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.0+dfsg1-4+deb8u3","jessie-security":"5.6.0+dfsg1-4+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.15.8-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-8110":{"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in the web based administration console in Apache ActiveMQ 5.x before 5.10.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.15.8-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"5.14.3-3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.0+dfsg1-4+deb8u3","jessie-security":"5.6.0+dfsg1-4+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.15.8-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-6092":{"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js.  NOTE: AMQ-4124 is covered by CVE-2012-6551.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.15.8-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"5.14.3-3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.0+dfsg1-4+deb8u3","jessie-security":"5.6.0+dfsg1-4+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.15.8-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-11775":{"debianbug":908950,"scope":"remote","description":"TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default.","releases":{"buster":{"fixed_version":"5.15.6-1","repositories":{"buster":"5.15.8-2"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"5.14.3-3"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"5.6.0+dfsg1-4+deb8u3","jessie-security":"5.6.0+dfsg1-4+deb8u2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"5.15.6-1","repositories":{"sid":"5.15.8-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-1880":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the refresh parameter to demo/portfolioPublish, a different vulnerability than CVE-2012-6092.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.15.8-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"5.14.3-3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.0+dfsg1-4+deb8u3","jessie-security":"5.6.0+dfsg1-4+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.15.8-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-6810":{"scope":"remote","description":"In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper user data output validation.","releases":{"buster":{"fixed_version":"5.14.2+dfsg-1","repositories":{"buster":"5.15.8-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"5.14.2+dfsg-1","repositories":{"stretch":"5.14.3-3"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"5.6.0+dfsg1-4+deb8u3","jessie-security":"5.6.0+dfsg1-4+deb8u2"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"5.14.2+dfsg-1","repositories":{"sid":"5.15.8-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-15709":{"debianbug":890352,"scope":"remote","description":"When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details (such as the OS and kernel version) are exposed as plain text.","releases":{"buster":{"fixed_version":"5.15.3-1","repositories":{"buster":"5.15.8-2"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"5.14.3-3"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.0+dfsg1-4+deb8u3","jessie-security":"5.6.0+dfsg1-4+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"5.15.3-1","repositories":{"sid":"5.15.8-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-1830":{"scope":"remote","description":"Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5.x before 5.11.2 for Windows allows remote attackers to create JSP files in arbitrary directories via unspecified vectors.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.15.8-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"5.14.3-3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.0+dfsg1-4+deb8u3","jessie-security":"5.6.0+dfsg1-4+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.15.8-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-8006":{"scope":"remote","description":"An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter.","releases":{"buster":{"repositories":{"buster":"5.15.8-2"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"5.14.3-3"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"5.6.0+dfsg1-4+deb8u3","jessie-security":"5.6.0+dfsg1-4+deb8u2"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"5.15.8-2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2015-5254":{"debianbug":809733,"scope":"remote","description":"Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.","releases":{"buster":{"fixed_version":"5.13.2+dfsg-1","repositories":{"buster":"5.15.8-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"5.13.2+dfsg-1","repositories":{"stretch":"5.14.3-3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"5.6.0+dfsg1-4+deb8u2","repositories":{"jessie":"5.6.0+dfsg1-4+deb8u3","jessie-security":"5.6.0+dfsg1-4+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"5.13.2+dfsg-1","repositories":{"sid":"5.15.8-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-6551":{"scope":"remote","description":"The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.15.8-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"5.14.3-3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.0+dfsg1-4+deb8u3","jessie-security":"5.6.0+dfsg1-4+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.15.8-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-1879":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the \"cron of a message.\"","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.15.8-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"5.14.3-3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"5.6.0+dfsg1-4+deb8u3","jessie-security":"5.6.0+dfsg1-4+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.15.8-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-0318":{"debianbug":855277,"scope":"local","description":"All versions of NVIDIA Linux GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper validation of an input parameter may cause a denial of service on the system.","releases":{"stretch":{"fixed_version":"304.135-2","repositories":{"stretch":"304.137-5~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"304.135-1","repositories":{"jessie":"304.137-0~deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"304.135-2","repositories":{"sid":"304.137-7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-6249":{"debianbug":894338,"scope":"local","description":"NVIDIA GPU Display Driver contains a vulnerability in kernel mode layer handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges.","releases":{"stretch":{"nodsa":"Non-free not supported","repositories":{"stretch":"304.137-5~deb9u1"},"urgency":"high**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Non-free not supported","repositories":{"jessie":"304.137-0~deb8u1"},"urgency":"high**","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"304.137-7"},"urgency":"high**","status":"open"}}}}
{"CVE-2016-7382":{"debianbug":846331,"scope":"local","description":"For the NVIDIA Quadro, NVS, GeForce, and Tesla products, NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys for Windows or nvidia.ko for Linux) handler where a missing permissions check may allow users to gain access to arbitrary physical memory, leading to an escalation of privileges.","releases":{"stretch":{"fixed_version":"304.132-1","repositories":{"stretch":"304.137-5~deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"304.134-0~deb8u1","repositories":{"jessie":"304.137-0~deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"304.132-1","repositories":{"sid":"304.137-7"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-0310":{"debianbug":855277,"scope":"local","description":"All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper access controls allowing unprivileged user to cause a denial of service.","releases":{"stretch":{"fixed_version":"304.135-2","repositories":{"stretch":"304.137-5~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"304.135-1","repositories":{"jessie":"304.137-0~deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"304.135-2","repositories":{"sid":"304.137-7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-0311":{"debianbug":855277,"scope":"local","description":"NVIDIA GPU Display Driver R378 contains a vulnerability in the kernel mode layer handler where improper access control may lead to denial of service or possible escalation of privileges.","releases":{"stretch":{"fixed_version":"304.135-2","repositories":{"stretch":"304.137-5~deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"304.135-1","repositories":{"jessie":"304.137-0~deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"304.135-2","repositories":{"sid":"304.137-7"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-7389":{"debianbug":846331,"scope":"local","description":"For the NVIDIA Quadro, NVS, GeForce, and Tesla products, NVIDIA GPU Display Driver on Linux R304 before 304.132, R340 before 340.98, R367 before 367.55, R361_93 before 361.93.03, and R370 before 370.28 contains a vulnerability in the kernel mode layer (nvidia.ko) handler for mmap() where improper input validation may allow users to gain access to arbitrary physical memory, leading to an escalation of privileges.","releases":{"stretch":{"fixed_version":"304.132-1","repositories":{"stretch":"304.137-5~deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"304.134-0~deb8u1","repositories":{"jessie":"304.137-0~deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"304.132-1","repositories":{"sid":"304.137-7"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-6260":{"debianbug":913467,"scope":"local","description":"NVIDIA graphics driver contains a vulnerability that may allow access to application data processed on the GPU through a side channel exposed by the GPU performance counters. Local user access is required. This is not a network or remote attack vector.","releases":{"stretch":{"nodsa":"Non-free not supported","repositories":{"stretch":"304.137-5~deb9u1"},"urgency":"low**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Non-free not supported","repositories":{"jessie":"304.137-0~deb8u1"},"urgency":"low**","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"304.137-7"},"urgency":"low**","status":"open"}}}}
{"CVE-2017-0350":{"debianbug":863515,"scope":"local","description":"All versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not correctly validated and used in an offset calculation may lead to denial of service or potential escalation of privileges.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"304.137-5~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"304.137-0~deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"304.137-7"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-6259":{"debianbug":869783,"scope":"remote","description":"NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect detection and recovery from an invalid state produced by specific user actions may lead to denial of service.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"304.137-5~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"304.137-0~deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"304.137-7"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-0351":{"debianbug":863515,"scope":"local","description":"All versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential escalation of privileges.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"304.137-5~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"304.137-0~deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"304.137-7"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-0352":{"debianbug":863515,"scope":"local","description":"All versions of the NVIDIA GPU Display Driver contain a vulnerability in the GPU firmware where incorrect access control may allow CPU access sensitive GPU control registers, leading to an escalation of privileges","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"304.137-5~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"304.137-0~deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"304.137-7"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-6257":{"debianbug":869783,"scope":"local","description":"NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"304.137-5~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"304.137-0~deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"304.137-7"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-8298":{"debianbug":772972,"scope":"remote","description":"The NVIDIA Linux Discrete GPU drivers before R304.125, R331.x before R331.113, R340.x before R340.65, R343.x before R343.36, and R346.x before R346.22, Linux for Tegra (L4T) driver before R21.2, and Chrome OS driver before R40 allows remote attackers to cause a denial of service (segmentation fault and X server crash) or possibly execute arbitrary code via a crafted GLX indirect rendering protocol request.","releases":{"stretch":{"fixed_version":"304.125-1","repositories":{"stretch":"304.137-5~deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"304.125-1","repositories":{"jessie":"304.137-0~deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"304.125-1","repositories":{"sid":"304.137-7"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-5950":{"debianbug":800566,"scope":"local","description":"The NVIDIA display driver R352 before 353.82 and R340 before 341.81 on Windows; R304 before 304.128, R340 before 340.93, and R352 before 352.41 on Linux; and R352 before 352.46 on GRID vGPU and vSGA allows local users to write to an arbitrary kernel memory location and consequently gain privileges via a crafted ioctl call.","releases":{"stretch":{"fixed_version":"304.128-5","repositories":{"stretch":"304.137-5~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"304.128-1","repositories":{"jessie":"304.137-0~deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"304.128-5","repositories":{"sid":"304.137-7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6272":{"debianbug":876414,"scope":"local","description":"NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to a denial of service or possible escalation of privileges.","releases":{"stretch":{"nodsa":"Non-free not supported","repositories":{"stretch":"304.137-5~deb9u1"},"urgency":"high**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Non-free not supported","repositories":{"jessie":"304.137-0~deb8u1"},"urgency":"high**","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"304.137-7"},"urgency":"high**","status":"open"}}}}
{"CVE-2017-0309":{"debianbug":855277,"scope":"local","description":"All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where multiple integer overflows may cause improper memory allocation leading to a denial of service or potential escalation of privileges.","releases":{"stretch":{"fixed_version":"304.135-2","repositories":{"stretch":"304.137-5~deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"304.135-1","repositories":{"jessie":"304.137-0~deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"304.135-2","repositories":{"sid":"304.137-7"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-7869":{"debianbug":805917,"scope":"local","description":"Multiple integer overflows in the kernel mode driver for the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows and R304 before 304.131, R340 before 340.96, R352 before 352.63, and R358 before 358.16 on Linux allow local users to obtain sensitive information, cause a denial of service (crash), or possibly gain privileges via unknown vectors, which trigger uninitialized or out of bounds memory access.  NOTE: this identifier has been SPLIT per ADT2 and ADT3 due to different vulnerability type and affected versions. See CVE-2015-8328 for the vulnerability in the NVAPI support layer in NVIDIA drivers for Windows.","releases":{"stretch":{"fixed_version":"304.131-2","repositories":{"stretch":"304.137-5~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Non-free not supported","fixed_version":"304.131-2","repositories":{"jessie":"304.137-0~deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"resolved"},"sid":{"fixed_version":"304.131-2","repositories":{"sid":"304.137-7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-6253":{"debianbug":894338,"scope":"local","description":"NVIDIA GPU Display Driver contains a vulnerability in the DirectX and OpenGL Usermode drivers where a specially crafted pixel shader can cause infinite recursion leading to denial of service.","releases":{"stretch":{"nodsa":"Non-free not supported","repositories":{"stretch":"304.137-5~deb9u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Non-free not supported","repositories":{"jessie":"304.137-0~deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"304.137-7"},"urgency":"medium**","status":"open"}}}}
{"CVE-2017-0321":{"debianbug":855277,"scope":"local","description":"All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential escalation of privileges.","releases":{"stretch":{"fixed_version":"304.135-2","repositories":{"stretch":"304.137-5~deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"304.135-1","repositories":{"jessie":"304.137-0~deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"304.135-2","repositories":{"sid":"304.137-7"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-5715":{"debianbug":886532,"scope":"local","description":"Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.","releases":{"stretch":{"nodsa":"Non-free not supported","repositories":{"stretch":"304.137-5~deb9u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Non-free not supported","repositories":{"jessie":"304.137-0~deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"304.137-7"},"urgency":"medium**","status":"open"}}}}
{"CVE-2017-6266":{"debianbug":876414,"scope":"local","description":"NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where improper access controls could allow unprivileged users to cause a denial of service.","releases":{"stretch":{"nodsa":"Non-free not supported","repositories":{"stretch":"304.137-5~deb9u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Non-free not supported","repositories":{"jessie":"304.137-0~deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"304.137-7"},"urgency":"medium**","status":"open"}}}}
{"CVE-2017-6267":{"debianbug":876414,"scope":"local","description":"NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect initialization of internal objects can cause an infinite loop which may lead to a denial of service.","releases":{"stretch":{"nodsa":"Non-free not supported","repositories":{"stretch":"304.137-5~deb9u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Non-free not supported","repositories":{"jessie":"304.137-0~deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"304.137-7"},"urgency":"medium**","status":"open"}}}}
{"CVE-2017-5753":{"debianbug":886852,"scope":"local","description":"Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.","releases":{"stretch":{"nodsa":"Non-free not supported","repositories":{"stretch":"304.137-5~deb9u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Non-free not supported","repositories":{"jessie":"304.137-0~deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"304.137-7"},"urgency":"medium**","status":"open"}}}}
{"CVE-2017-5754":{"debianbug":886852,"scope":"local","description":"Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.","releases":{"stretch":{"nodsa":"Non-free not supported","repositories":{"stretch":"304.137-5~deb9u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Non-free not supported","repositories":{"jessie":"304.137-0~deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"304.137-7"},"urgency":"medium**","status":"open"}}}}
{"CVE-2016-8826":{"debianbug":848195,"scope":"local","description":"All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys for Windows or nvidia.ko for Linux) where a user can cause a GPU interrupt storm, leading to a denial of service.","releases":{"stretch":{"fixed_version":"304.134-1","repositories":{"stretch":"304.137-5~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"304.134-0~deb8u1","repositories":{"jessie":"304.137-0~deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"304.134-1","repositories":{"sid":"304.137-7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-0757":{"scope":"remote","description":"A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.8.7+md510+dhx1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.8.7+md510+dhx1-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.8.1+md54+dhx2-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.8.7+md510+dhx1-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-0976":{"scope":"local","description":"A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify contents of the intermediate build folder (by default â\u20acœobjâ\u20ac??), aka 'NuGet Package Manager Tampering Vulnerability'.","releases":{"buster":{"repositories":{"buster":"2.8.7+md510+dhx1-1"},"urgency":"not yet assigned","status":"undetermined"},"stretch":{"repositories":{"stretch":"2.8.7+md510+dhx1-1"},"urgency":"not yet assigned","status":"undetermined"},"jessie":{"repositories":{"jessie":"2.8.1+md54+dhx2-1"},"urgency":"not yet assigned","status":"undetermined"},"sid":{"repositories":{"sid":"2.8.7+md510+dhx1-1"},"urgency":"not yet assigned","status":"undetermined"}}}}
{"CVE-2012-4570":{"scope":"remote","description":"SQL injection vulnerability in LetoDMS_Core/Core/inc.ClassDMS.php in LetoDMS (formerly MyDMS) before 3.3.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.","releases":{"buster":{"fixed_version":"3.3.8-1","repositories":{"buster":"3.4.2-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.3.8-1","repositories":{"stretch":"3.4.2-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.3.8-1","repositories":{"jessie":"3.3.11-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.3.8-1","repositories":{"sid":"3.4.2-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-4447":{"scope":"local","description":"X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit.","releases":{"buster":{"fixed_version":"1.0.0-6","repositories":{"buster":"1.3.5-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.0.0-6","repositories":{"stretch":"1.3.5-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1.0.0-6","repositories":{"jessie":"1.3.4-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.0.0-6","repositories":{"sid":"1.3.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-5200":{"debianbug":447344,"scope":"local","description":"hugin, as used on various operating systems including SUSE openSUSE 10.2 and 10.3, allows local users to overwrite arbitrary files via a symlink attack on the hugin_debug_optim_results.txt temporary file.","releases":{"buster":{"fixed_version":"0.6.1-1.1","repositories":{"buster":"2018.0.0+dfsg-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.6.1-1.1","repositories":{"stretch":"2016.2.0+dfsg-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.6.1-1.1","repositories":{"jessie":"2014.0.0+dfsg-5"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.6.1-1.1","repositories":{"sid":"2018.0.0+dfsg-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-14483":{"scope":"local","description":"flower.initd in the Gentoo dev-python/flower package before 0.9.1-r1 for Celery Flower sets PID file ownership to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"0.8.3+dfsg-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.7.0+dfsg-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.8.3+dfsg-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2001-1566":{"scope":"remote","description":"Format string vulnerability in libvanessa_logger 0.0.1 in Perdition 0.1.8 allows remote attackers to execute arbitrary code via format string specifiers in the __vanessa_logger_log function.","releases":{"buster":{"fixed_version":"0.0.2","repositories":{"buster":"0.0.10-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.0.2","repositories":{"stretch":"0.0.10-3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.0.2","repositories":{"jessie":"0.0.10-3"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.0.2","repositories":{"sid":"0.0.10-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-3721":{"debianbug":890575,"scope":"remote","description":"lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of \"Object\" via __proto__, causing the addition or modification of an existing property that will exist on all objects.","releases":{"buster":{"fixed_version":"4.17.11+dfsg-1","repositories":{"buster":"4.17.11+dfsg-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"4.16.6+dfsg-2"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.4.1+dfsg-3"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"4.17.11+dfsg-1","repositories":{"sid":"4.17.11+dfsg-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-16487":{"scope":"remote","description":"A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.","releases":{"buster":{"fixed_version":"4.17.11+dfsg-1","repositories":{"buster":"4.17.11+dfsg-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"4.16.6+dfsg-2"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.4.1+dfsg-3"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"4.17.11+dfsg-1","repositories":{"sid":"4.17.11+dfsg-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-5723":{"scope":"local","description":"Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"2.7.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-5560":{"scope":"local","description":"The default configuration in mate-settings-daemon 1.5.3 allows local users to change the timezone for the system via a crafted D-Bus call.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.20.4-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.16.2-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.8.2-4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.20.4-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-5237":{"scope":"remote","description":"protobuf allows remote authenticated attackers to cause a heap-based buffer overflow.","releases":{"buster":{"repositories":{"buster":"3.6.1.3-2"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.0.0-9"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.6.1-1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.6.1.3-2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2012-0813":{"debianbug":652417,"scope":"local","description":"Wicd before 1.7.1 saves sensitive information in log files in /var/log/wicd, which allows context-dependent attackers to obtain passwords and other sensitive information.","releases":{"buster":{"fixed_version":"1.7.1~b3-4","repositories":{"buster":"1.7.4+tb2-6"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.7.1~b3-4","repositories":{"stretch":"1.7.4+tb2-5~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1.7.1~b3-4","repositories":{"jessie":"1.7.2.4-4.1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.7.1~b3-4","repositories":{"sid":"1.7.4+tb2-6"},"urgency":"unimportant","status":"resolved"}}}}
{"TEMP-0582798-329FE7":{"debianbug":582798,"releases":{"buster":{"fixed_version":"1.7.0+ds1-3","repositories":{"buster":"1.7.4+tb2-6"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.7.0+ds1-3","repositories":{"stretch":"1.7.4+tb2-5~deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.7.0+ds1-3","repositories":{"jessie":"1.7.2.4-4.1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.7.0+ds1-3","repositories":{"sid":"1.7.4+tb2-6"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-0489":{"scope":"local","description":"The DBus configuration file for Wicd before 1.5.9 allows arbitrary users to own org.wicd.daemon, which allows local users to receive messages that were intended for the Wicd daemon, possibly including credentials.","releases":{"buster":{"fixed_version":"1.5.9-1","repositories":{"buster":"1.7.4+tb2-6"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.5.9-1","repositories":{"stretch":"1.7.4+tb2-5~deb9u1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.5.9-1","repositories":{"jessie":"1.7.2.4-4.1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.5.9-1","repositories":{"sid":"1.7.4+tb2-6"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2012-2095":{"debianbug":668397,"scope":"local","description":"The SetWiredProperty function in the D-Bus interface in WICD before 1.7.2 allows local users to write arbitrary configuration settings and gain privileges via a crafted property name in a dbus message.","releases":{"buster":{"fixed_version":"1.7.2.4-1","repositories":{"buster":"1.7.4+tb2-6"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.7.2.4-1","repositories":{"stretch":"1.7.4+tb2-5~deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.7.2.4-1","repositories":{"jessie":"1.7.2.4-4.1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.7.2.4-1","repositories":{"sid":"1.7.4+tb2-6"},"urgency":"low","status":"resolved"}}}}
{"CVE-2005-2096":{"debianbug":309196,"scope":"remote","description":"zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.","releases":{"buster":{"fixed_version":"0.10-6.1.1","repositories":{"buster":"0.16.1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0.10-6.1.1","repositories":{"stretch":"0.16-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0.10-6.1.1","repositories":{"jessie":"0.16~a2.git20130520-3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0.10-6.1.1","repositories":{"sid":"0.16.1-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-1192":{"debianbug":774989,"scope":"remote","description":"Absolute path traversal vulnerability in kgb 1.0b4 allows remote attackers to write to arbitrary files via a full pathname in a crafted archive.","releases":{"buster":{"fixed_version":"1.0b4+ds-14","repositories":{"buster":"1.0b4+ds-14"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0b4+ds-14","repositories":{"stretch":"1.0b4+ds-14"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"meant to be used as a local archiver","repositories":{"jessie":"1.0b4+ds-13.2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.0b4+ds-14","repositories":{"sid":"1.0b4+ds-14"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-2742":{"debianbug":633088,"scope":"remote","description":"Revelation 0.4.13-2 and earlier uses only the first 32 characters of a password followed by a sequence of zeros, which reduces the entropy and makes it easier for context-dependent attackers to crack passwords and obtain access to keys via a brute-force attack.","releases":{"stretch":{"fixed_version":"0.4.11-10","repositories":{"stretch":"0.4.14-3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.4.11-10","repositories":{"jessie":"0.4.14-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-2743":{"debianbug":633088,"scope":"remote","description":"Revelation 0.4.13-2 and earlier does not iterate through SHA hashing algorithms for AES encryption, which makes it easier for context-dependent attackers to guess passwords via a brute force attack.","releases":{"stretch":{"fixed_version":"0.4.11-10","repositories":{"stretch":"0.4.14-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.4.11-10","repositories":{"jessie":"0.4.14-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-3818":{"debianbug":680059,"scope":"local","description":"The fpm exporter in Revelation 0.4.13-2 and earlier encrypts the version number but not the password when exporting a file, which might allow local users to obtain sensitive information.","releases":{"stretch":{"fixed_version":"0.4.13-1.2","repositories":{"stretch":"0.4.14-3"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"0.4.13-1.2","repositories":{"jessie":"0.4.14-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2007-1558":{"scope":"remote","description":"The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions.  NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.","releases":{"buster":{"fixed_version":"2.3.17-1","repositories":{"buster":"2.5.6-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.3.17-1","repositories":{"stretch":"2.4.12-3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.3.17-1","repositories":{"jessie":"2.4.12-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.3.17-1","repositories":{"sid":"2.5.6-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-5007":{"scope":"remote","description":"Stack-based buffer overflow in the ir_fetch_seq function in balsa before 2.3.20 might allow remote IMAP servers to execute arbitrary code via a long response to a FETCH command.","releases":{"buster":{"fixed_version":"2.3.20-1","repositories":{"buster":"2.5.6-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.3.20-1","repositories":{"stretch":"2.4.12-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.3.20-1","repositories":{"jessie":"2.4.12-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.3.20-1","repositories":{"sid":"2.5.6-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2003-0167":{"scope":"remote","description":"Multiple off-by-one buffer overflows in the IMAP capability for Mutt 1.3.28 and earlier, and Balsa 1.2.4 and earlier, allow a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail folder, a different vulnerability than CVE-2003-0140.","releases":{"buster":{"fixed_version":"2.0.10","repositories":{"buster":"2.5.6-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.0.10","repositories":{"stretch":"2.4.12-3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.0.10","repositories":{"jessie":"2.4.12-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.0.10","repositories":{"sid":"2.5.6-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-1523":{"debianbug":629127,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter.","releases":{"jessie":{"fixed_version":"3.2.3-3","repositories":{"jessie":"3.5.1.dfsg-2","jessie-security":"3.5.1.dfsg-2+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-5027":{"scope":"remote","description":"The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon.","releases":{"jessie":{"repositories":{"jessie":"3.5.1.dfsg-2","jessie-security":"3.5.1.dfsg-2+deb8u1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2008-5028":{"debianbug":504894,"scope":"remote","description":"Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests.","releases":{"jessie":{"fixed_version":"3.0.6-1","repositories":{"jessie":"3.5.1.dfsg-2","jessie-security":"3.5.1.dfsg-2+deb8u1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-9566":{"scope":"local","description":"base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file.  NOTE: this can be leveraged by remote attackers using CVE-2016-9565.","releases":{"jessie":{"fixed_version":"3.5.1.dfsg-2+deb8u1","repositories":{"jessie":"3.5.1.dfsg-2","jessie-security":"3.5.1.dfsg-2+deb8u1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-10089":{"scope":"local","description":"Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"3.5.1.dfsg-2","jessie-security":"3.5.1.dfsg-2+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-6373":{"scope":"remote","description":"Unspecified vulnerability in Nagios before 3.0.6 has unspecified impact and remote attack vectors related to CGI programs, \"adaptive external commands,\" and \"writing newlines and submitting service comments.\"","releases":{"jessie":{"fixed_version":"3.0.6-3","repositories":{"jessie":"3.5.1.dfsg-2","jessie-security":"3.5.1.dfsg-2+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-2477":{"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in Icinga before 1.4.1, when escape_html_tags is disabled, allow remote attackers to inject arbitrary web script or HTML via a JavaScript expression, as demonstrated by the onload attribute of a BODY element located after a check-host-alive! sequence, a different vulnerability than CVE-2011-2179.","releases":{"jessie":{"fixed_version":"3.4.1-1","repositories":{"jessie":"3.5.1.dfsg-2","jessie-security":"3.5.1.dfsg-2+deb8u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-9565":{"scope":"remote","description":"MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796.","releases":{"jessie":{"fixed_version":"3.5.1-1","repositories":{"jessie":"3.5.1.dfsg-2","jessie-security":"3.5.1.dfsg-2+deb8u1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-2179":{"debianbug":629127,"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action.","releases":{"jessie":{"fixed_version":"3.2.3-3","repositories":{"jessie":"3.5.1.dfsg-2","jessie-security":"3.5.1.dfsg-2+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-2214":{"scope":"remote","description":"status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 does not properly restrict access to certain users that are a contact for a service, which allows remote authenticated users to obtain sensitive information about hostnames via the servicegroup (1) overview, (2) summary, or (3) grid style in status.cgi.  NOTE: this behavior is by design in most 3.x versions, but the upstream vendor \"decided to change it for Nagios 4\" and 3.5.1.","releases":{"jessie":{"fixed_version":"3.4.1-4","repositories":{"jessie":"3.5.1.dfsg-2","jessie-security":"3.5.1.dfsg-2+deb8u1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-7108":{"debianbug":771466,"scope":"remote","description":"Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read.","releases":{"jessie":{"fixed_version":"3.5.1.dfsg-2+deb8u1","repositories":{"jessie":"3.5.1.dfsg-2","jessie-security":"3.5.1.dfsg-2+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-14312":{"scope":"local","description":"Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"3.5.1.dfsg-2","jessie-security":"3.5.1.dfsg-2+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-7107":{"scope":"remote","description":"Cross-site request forgery (CSRF) vulnerability in cmd.cgi in Icinga 1.8.5, 1.9.4, 1.10.2, and earlier allows remote attackers to hijack the authentication of users for unspecified commands via unspecified vectors, as demonstrated by bypassing authentication requirements for CVE-2013-7106.","releases":{"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.5.1.dfsg-2","jessie-security":"3.5.1.dfsg-2+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"}}}}
{"CVE-2013-7205":{"debianbug":771466,"scope":"remote","description":"Off-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list, which triggers a heap-based buffer over-read.","releases":{"jessie":{"fixed_version":"3.5.1.dfsg-2+deb8u1","repositories":{"jessie":"3.5.1.dfsg-2","jessie-security":"3.5.1.dfsg-2+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-4214":{"debianbug":719056,"scope":"local","description":"rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary files via a symlink attack on /tmp/magpie_cache.","releases":{"jessie":{"fixed_version":"3.5.1-1","repositories":{"jessie":"3.5.1.dfsg-2","jessie-security":"3.5.1.dfsg-2+deb8u1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-18245":{"debianbug":917138,"scope":"remote","description":"Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified check_load plugin to NRPE.","releases":{"jessie":{"fixed_version":"3.5.1.dfsg-2+deb8u1","repositories":{"jessie":"3.5.1.dfsg-2","jessie-security":"3.5.1.dfsg-2+deb8u1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2014-1878":{"debianbug":823721,"scope":"remote","description":"Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service (segmentation fault) via a long message to cmd.cgi.","releases":{"jessie":{"fixed_version":"3.5.1.dfsg-2+deb8u1","repositories":{"jessie":"3.5.1.dfsg-2","jessie-security":"3.5.1.dfsg-2+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-5803":{"debianbug":482445,"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in CGI programs in Nagios before 2.12 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-5624 and CVE-2008-1360.","releases":{"jessie":{"fixed_version":"3.0.2-1","repositories":{"jessie":"3.5.1.dfsg-2","jessie-security":"3.5.1.dfsg-2+deb8u1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-8641":{"scope":"local","description":"A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"3.5.1.dfsg-2","jessie-security":"3.5.1.dfsg-2+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-6209":{"debianbug":831698,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in Nagios.","releases":{"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.5.1.dfsg-2","jessie-security":"3.5.1.dfsg-2+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"}}}}
{"CVE-2013-2029":{"scope":"local","description":"nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others for Nagios Core 3.4.4, 3.5.1, and earlier, allows local users to overwrite arbitrary files via a symlink attack on a temporary nagioscfg file with a predictable name in /tmp/.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"3.5.1.dfsg-2","jessie-security":"3.5.1.dfsg-2+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-2288":{"scope":"remote","description":"statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters.","releases":{"jessie":{"fixed_version":"3.0.6-5","repositories":{"jessie":"3.5.1.dfsg-2","jessie-security":"3.5.1.dfsg-2+deb8u1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-6096":{"debianbug":697930,"scope":"remote","description":"Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long (1) host_name variable (host parameter) or (2) svc_description variable.","releases":{"jessie":{"fixed_version":"3.4.1-3","repositories":{"jessie":"3.5.1.dfsg-2","jessie-security":"3.5.1.dfsg-2+deb8u1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-0726":{"scope":"remote","description":"The Fedora Nagios package uses \"nagiosadmin\" as the default password for the \"nagiosadmin\" administrator account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"3.5.1.dfsg-2","jessie-security":"3.5.1.dfsg-2+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-12847":{"scope":"local","description":"Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a \"kill `cat /pathname/nagios.lock`\" command.","releases":{"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.5.1.dfsg-2","jessie-security":"3.5.1.dfsg-2+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"}}}}
{"CVE-2018-18245":{"debianbug":917138,"scope":"remote","description":"Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified check_load plugin to NRPE.","releases":{"buster":{"fixed_version":"4.3.4-3","repositories":{"buster":"4.3.4-3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"4.3.4-3","repositories":{"sid":"4.3.4-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-13458":{"debianbug":917160,"scope":"remote","description":"qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.","releases":{"buster":{"fixed_version":"4.3.4-3","repositories":{"buster":"4.3.4-3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"4.3.4-3","repositories":{"sid":"4.3.4-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-13457":{"debianbug":917160,"scope":"remote","description":"qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.","releases":{"buster":{"fixed_version":"4.3.4-3","repositories":{"buster":"4.3.4-3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"4.3.4-3","repositories":{"sid":"4.3.4-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-13441":{"debianbug":917160,"scope":"local","description":"qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.","releases":{"buster":{"fixed_version":"4.3.4-3","repositories":{"buster":"4.3.4-3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"4.3.4-3","repositories":{"sid":"4.3.4-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-6172":{"debianbug":830808,"scope":"remote","description":"PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response.","releases":{"buster":{"fixed_version":"4.0.1-1","repositories":{"buster":"4.1.6-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.0.1-1","repositories":{"stretch-security":"4.0.3-1+deb9u4","stretch":"4.0.3-1+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.4.1-4+deb8u6","repositories":{"jessie":"3.4.1-4+deb8u8","jessie-security":"3.4.1-4+deb8u9"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.0.1-1","repositories":{"sid":"4.1.6-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-15091":{"scope":"remote","description":"An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly keyword. This missing check allows an attacker with valid API credentials to flush the cache, trigger a zone transfer or send a NOTIFY.","releases":{"buster":{"fixed_version":"4.0.5-1","repositories":{"buster":"4.1.6-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.0.3-1+deb9u2","repositories":{"stretch-security":"4.0.3-1+deb9u4","stretch":"4.0.3-1+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.4.1-4+deb8u8","repositories":{"jessie":"3.4.1-4+deb8u8","jessie-security":"3.4.1-4+deb8u9"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.0.5-1","repositories":{"sid":"4.1.6-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-7068":{"scope":"remote","description":"An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might result in a partial denial of service if the system becomes overloaded. This issue is based on the fact that the PowerDNS server parses all records present in a query regardless of whether they are needed or even legitimate. A specially crafted query containing a large number of records can be used to take advantage of that behaviour.","releases":{"buster":{"fixed_version":"4.0.2-1","repositories":{"buster":"4.1.6-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.0.2-1","repositories":{"stretch-security":"4.0.3-1+deb9u4","stretch":"4.0.3-1+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.4.1-4+deb8u7","repositories":{"jessie":"3.4.1-4+deb8u8","jessie-security":"3.4.1-4+deb8u9"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.0.2-1","repositories":{"sid":"4.1.6-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-0206":{"scope":"remote","description":"common_startup.cc in PowerDNS (aka pdns) Authoritative Server before 2.9.22.5 and 3.x before 3.0.1 allows remote attackers to cause a denial of service (packet loop) via a crafted UDP DNS response.","releases":{"buster":{"fixed_version":"3.0-1.1","repositories":{"buster":"4.1.6-2"},"urgency":"high","status":"resolved"},"stretch":{"fixed_version":"3.0-1.1","repositories":{"stretch-security":"4.0.3-1+deb9u4","stretch":"4.0.3-1+deb9u4"},"urgency":"high","status":"resolved"},"jessie":{"fixed_version":"3.0-1.1","repositories":{"jessie":"3.4.1-4+deb8u8","jessie-security":"3.4.1-4+deb8u9"},"urgency":"high","status":"resolved"},"sid":{"fixed_version":"3.0-1.1","repositories":{"sid":"4.1.6-2"},"urgency":"high","status":"resolved"}}}}
{"CVE-2016-5427":{"scope":"remote","description":"PowerDNS (aka pdns) Authoritative Server before 3.4.10 does not properly handle a . (dot) inside labels, which allows remote attackers to cause a denial of service (backend CPU consumption) via a crafted DNS query.","releases":{"buster":{"fixed_version":"4.0.0~alpha1-1","repositories":{"buster":"4.1.6-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.0.0~alpha1-1","repositories":{"stretch-security":"4.0.3-1+deb9u4","stretch":"4.0.3-1+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.4.1-4+deb8u6","repositories":{"jessie":"3.4.1-4+deb8u8","jessie-security":"3.4.1-4+deb8u9"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.0.0~alpha1-1","repositories":{"sid":"4.1.6-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-4251":{"debianbug":398557,"scope":"remote","description":"Buffer overflow in PowerDNS Recursor 3.1.3 and earlier might allow remote attackers to execute arbitrary code via a malformed TCP DNS query that prevents Recursor from properly calculating the TCP DNS query length.","releases":{"buster":{"fixed_version":"2.9.20-4","repositories":{"buster":"4.1.6-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.9.20-4","repositories":{"stretch-security":"4.0.3-1+deb9u4","stretch":"4.0.3-1+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.9.20-4","repositories":{"jessie":"3.4.1-4+deb8u8","jessie-security":"3.4.1-4+deb8u9"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.9.20-4","repositories":{"sid":"4.1.6-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-5426":{"scope":"remote","description":"PowerDNS (aka pdns) Authoritative Server before 3.4.10 allows remote attackers to cause a denial of service (backend CPU consumption) via a long qname.","releases":{"buster":{"fixed_version":"4.0.0~alpha1-1","repositories":{"buster":"4.1.6-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.0.0~alpha1-1","repositories":{"stretch-security":"4.0.3-1+deb9u4","stretch":"4.0.3-1+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.4.1-4+deb8u6","repositories":{"jessie":"3.4.1-4+deb8u8","jessie-security":"3.4.1-4+deb8u9"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.0.0~alpha1-1","repositories":{"sid":"4.1.6-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-4252":{"debianbug":398559,"scope":"remote","description":"PowerDNS Recursor 3.1.3 and earlier allows remote attackers to cause a denial of service (resource exhaustion and application crash) via a CNAME record with a zero TTL, which triggers an infinite loop.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"4.1.6-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"4.0.3-1+deb9u4","stretch":"4.0.3-1+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.4.1-4+deb8u8","jessie-security":"3.4.1-4+deb8u9"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"4.1.6-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-14626":{"debianbug":913162,"scope":"remote","description":"PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service.","releases":{"buster":{"fixed_version":"4.1.5-1","repositories":{"buster":"4.1.6-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"4.0.3-1+deb9u4","stretch":"4.0.3-1+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.4.1-4+deb8u8","jessie-security":"3.4.1-4+deb8u9"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"4.1.5-1","repositories":{"sid":"4.1.6-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-5470":{"scope":"remote","description":"The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a long name that refers to itself.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1868.","releases":{"buster":{"fixed_version":"3.4.5-1","repositories":{"buster":"4.1.6-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.4.5-1","repositories":{"stretch-security":"4.0.3-1+deb9u4","stretch":"4.0.3-1+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.4.1-4+deb8u2","repositories":{"jessie":"3.4.1-4+deb8u8","jessie-security":"3.4.1-4+deb8u9"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.4.5-1","repositories":{"sid":"4.1.6-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-5230":{"releases":{"buster":{"fixed_version":"3.4.6-1","repositories":{"buster":"4.1.6-2"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"3.4.6-1","repositories":{"stretch-security":"4.0.3-1+deb9u4","stretch":"4.0.3-1+deb9u4"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"3.4.1-4+deb8u3","repositories":{"jessie":"3.4.1-4+deb8u8","jessie-security":"3.4.1-4+deb8u9"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"3.4.6-1","repositories":{"sid":"4.1.6-2"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2005-0038":{"scope":"remote","description":"The DNS implementation of PowerDNS 2.9.16 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop.","releases":{"buster":{"fixed_version":"2.9.17-1","repositories":{"buster":"4.1.6-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.9.17-1","repositories":{"stretch-security":"4.0.3-1+deb9u4","stretch":"4.0.3-1+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.9.17-1","repositories":{"jessie":"3.4.1-4+deb8u8","jessie-security":"3.4.1-4+deb8u9"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.9.17-1","repositories":{"sid":"4.1.6-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-5311":{"scope":"remote","description":"PowerDNS (aka pdns) Authoritative Server 3.4.4 before 3.4.7 allows remote attackers to cause a denial of service (assertion failure and server crash) via crafted query packets.","releases":{"buster":{"fixed_version":"3.4.7-1","repositories":{"buster":"4.1.6-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.4.7-1","repositories":{"stretch-security":"4.0.3-1+deb9u4","stretch":"4.0.3-1+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.4.1-4+deb8u8","jessie-security":"3.4.1-4+deb8u9"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"3.4.7-1","repositories":{"sid":"4.1.6-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-5277":{"scope":"remote","description":"PowerDNS before 2.9.21.2 allows remote attackers to cause a denial of service (daemon crash) via a CH HINFO query.","releases":{"buster":{"fixed_version":"2.9.21.2-1","repositories":{"buster":"4.1.6-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.9.21.2-1","repositories":{"stretch-security":"4.0.3-1+deb9u4","stretch":"4.0.3-1+deb9u4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.9.21.2-1","repositories":{"jessie":"3.4.1-4+deb8u8","jessie-security":"3.4.1-4+deb8u9"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.9.21.2-1","repositories":{"sid":"4.1.6-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-7073":{"scope":"remote","description":"An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check of the TSIG time and fudge values was found in AXFRRetriever, leading to a possible replay attack.","releases":{"buster":{"fixed_version":"4.0.2-1","repositories":{"buster":"4.1.6-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.0.2-1","repositories":{"stretch-security":"4.0.3-1+deb9u4","stretch":"4.0.3-1+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.4.1-4+deb8u7","repositories":{"jessie":"3.4.1-4+deb8u8","jessie-security":"3.4.1-4+deb8u9"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.0.2-1","repositories":{"sid":"4.1.6-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-7074":{"scope":"remote","description":"An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check that the TSIG record is the last one, leading to the possibility of parsing records that are not covered by the TSIG signature.","releases":{"buster":{"fixed_version":"4.0.2-1","repositories":{"buster":"4.1.6-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.0.2-1","repositories":{"stretch-security":"4.0.3-1+deb9u4","stretch":"4.0.3-1+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.4.1-4+deb8u7","repositories":{"jessie":"3.4.1-4+deb8u8","jessie-security":"3.4.1-4+deb8u9"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.0.2-1","repositories":{"sid":"4.1.6-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-1046":{"debianbug":898255,"scope":"remote","description":"pdns before version 4.1.2 is vulnerable to a buffer overflow in dnsreplay. In the dnsreplay tool provided with PowerDNS Authoritative, replaying a specially crafted PCAP file can trigger a stack-based buffer overflow, leading to a crash and potentially arbitrary code execution. This buffer overflow only occurs when the -ecs-stamp option of dnsreplay is used.","releases":{"buster":{"fixed_version":"4.1.2-1","repositories":{"buster":"4.1.6-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.0.3-1+deb9u3","repositories":{"stretch-security":"4.0.3-1+deb9u4","stretch":"4.0.3-1+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.4.1-4+deb8u8","jessie-security":"3.4.1-4+deb8u9"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"4.1.2-1","repositories":{"sid":"4.1.6-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-7072":{"scope":"remote","description":"An issue has been found in PowerDNS Authoritative Server before 3.4.11 and 4.0.2 allowing a remote, unauthenticated attacker to cause a denial of service by opening a large number of TCP connections to the web server. If the web server runs out of file descriptors, it triggers an exception and terminates the whole PowerDNS process. While it's more complicated for an unauthorized attacker to make the web server run out of file descriptors since its connection will be closed just after being accepted, it might still be possible.","releases":{"buster":{"fixed_version":"4.0.2-1","repositories":{"buster":"4.1.6-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.0.2-1","repositories":{"stretch-security":"4.0.3-1+deb9u4","stretch":"4.0.3-1+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.4.1-4+deb8u7","repositories":{"jessie":"3.4.1-4+deb8u8","jessie-security":"3.4.1-4+deb8u9"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.0.2-1","repositories":{"sid":"4.1.6-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-3871":{"debianbug":924966,"scope":"remote","description":"A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by making the server connect to an invalid endpoint, or possibly information disclosure by making the server connect to an internal endpoint and somehow extracting meaningful information about the response","releases":{"buster":{"fixed_version":"4.1.6-2","repositories":{"buster":"4.1.6-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.0.3-1+deb9u4","repositories":{"stretch-security":"4.0.3-1+deb9u4","stretch":"4.0.3-1+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.4.1-4+deb8u9","repositories":{"jessie":"3.4.1-4+deb8u8","jessie-security":"3.4.1-4+deb8u9"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.1.6-2","repositories":{"sid":"4.1.6-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2120":{"scope":"remote","description":"An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overflow when checking if the content of the record matches the expected size, allowing an attacker to cause a read past the buffer boundary.","releases":{"buster":{"fixed_version":"4.0.2-1","repositories":{"buster":"4.1.6-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.0.2-1","repositories":{"stretch-security":"4.0.3-1+deb9u4","stretch":"4.0.3-1+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.4.1-4+deb8u7","repositories":{"jessie":"3.4.1-4+deb8u8","jessie-security":"3.4.1-4+deb8u9"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.0.2-1","repositories":{"sid":"4.1.6-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-0428":{"scope":"remote","description":"The DNSPacket::expand method in dnspacket.cc in PowerDNS before 2.9.17 allows remote attackers to cause a denial of service by sending a random stream of bytes.","releases":{"buster":{"fixed_version":"2.9.16-6","repositories":{"buster":"4.1.6-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.9.16-6","repositories":{"stretch-security":"4.0.3-1+deb9u4","stretch":"4.0.3-1+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.9.16-6","repositories":{"jessie":"3.4.1-4+deb8u8","jessie-security":"3.4.1-4+deb8u9"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.9.16-6","repositories":{"sid":"4.1.6-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-10851":{"debianbug":913162,"scope":"remote","description":"PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service.","releases":{"buster":{"fixed_version":"4.1.5-1","repositories":{"buster":"4.1.6-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.0.3-1+deb9u3","repositories":{"stretch-security":"4.0.3-1+deb9u4","stretch":"4.0.3-1+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.4.1-4+deb8u8","jessie-security":"3.4.1-4+deb8u9"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"4.1.5-1","repositories":{"sid":"4.1.6-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-7210":{"releases":{"buster":{"fixed_version":"3.3.1-1","repositories":{"buster":"4.1.6-2"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"3.3.1-1","repositories":{"stretch-security":"4.0.3-1+deb9u4","stretch":"4.0.3-1+deb9u4"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"3.3.1-1","repositories":{"jessie":"3.4.1-4+deb8u8","jessie-security":"3.4.1-4+deb8u9"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"3.3.1-1","repositories":{"sid":"4.1.6-2"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2008-3337":{"scope":"remote","description":"PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217.","releases":{"buster":{"fixed_version":"2.9.21.1-1","repositories":{"buster":"4.1.6-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.9.21.1-1","repositories":{"stretch-security":"4.0.3-1+deb9u4","stretch":"4.0.3-1+deb9u4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.9.21.1-1","repositories":{"jessie":"3.4.1-4+deb8u8","jessie-security":"3.4.1-4+deb8u9"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.9.21.1-1","repositories":{"sid":"4.1.6-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-1868":{"scope":"remote","description":"The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself.","releases":{"buster":{"fixed_version":"3.4.4-1","repositories":{"buster":"4.1.6-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.4.4-1","repositories":{"stretch-security":"4.0.3-1+deb9u4","stretch":"4.0.3-1+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.4.1-4+deb8u1","repositories":{"jessie":"3.4.1-4+deb8u8","jessie-security":"3.4.1-4+deb8u9"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.4.4-1","repositories":{"sid":"4.1.6-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2005-2301":{"debianbug":318798,"scope":"remote","description":"PowerDNS before 2.9.18, when running with an LDAP backend, does not properly escape LDAP queries, which allows remote attackers to cause a denial of service (failure to answer ldap questions) and possibly conduct an LDAP injection attack.","releases":{"buster":{"fixed_version":"2.9.18-1","repositories":{"buster":"4.1.6-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.9.18-1","repositories":{"stretch-security":"4.0.3-1+deb9u4","stretch":"4.0.3-1+deb9u4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.9.18-1","repositories":{"jessie":"3.4.1-4+deb8u8","jessie-security":"3.4.1-4+deb8u9"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.9.18-1","repositories":{"sid":"4.1.6-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2005-2302":{"debianbug":318798,"scope":"local","description":"PowerDNS before 2.9.18, when allowing recursion to a restricted range of IP addresses, does not properly handle questions from clients that are denied recursion, which could cause a \"blank out\" of answers to those clients that are allowed to use recursion.","releases":{"buster":{"fixed_version":"2.9.18-1","repositories":{"buster":"4.1.6-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.9.18-1","repositories":{"stretch-security":"4.0.3-1+deb9u4","stretch":"4.0.3-1+deb9u4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.9.18-1","repositories":{"jessie":"3.4.1-4+deb8u8","jessie-security":"3.4.1-4+deb8u9"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.9.18-1","repositories":{"sid":"4.1.6-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2014-10073":{"debianbug":896195,"scope":"remote","description":"The create_response function in server/server.c in Psensor before 1.1.4 allows Directory Traversal because it lacks a check for whether a file is under the webserver directory.","releases":{"buster":{"fixed_version":"1.1.5-1","repositories":{"buster":"1.1.5-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.1.5-1","repositories":{"stretch":"1.1.5-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.1.3-2+deb8u1","repositories":{"jessie":"1.1.3-2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.1.5-1","repositories":{"sid":"1.1.5-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-16396":{"debianbug":911920,"scope":"remote","description":"An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.","releases":{"jessie":{"fixed_version":"2.1.5-2+deb8u6","repositories":{"jessie":"2.1.5-2+deb8u3","jessie-security":"2.1.5-2+deb8u7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-17790":{"debianbug":884878,"scope":"remote","description":"The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely.","releases":{"jessie":{"fixed_version":"2.1.5-2+deb8u4","repositories":{"jessie":"2.1.5-2+deb8u3","jessie-security":"2.1.5-2+deb8u7"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-16395":{"debianbug":911918,"scope":"remote","description":"An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.","releases":{"jessie":{"fixed_version":"2.1.5-2+deb8u6","repositories":{"jessie":"2.1.5-2+deb8u3","jessie-security":"2.1.5-2+deb8u7"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-14064":{"debianbug":873906,"scope":"remote","description":"Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\\0' byte, returning a pointer to a string of length zero, which is not the length stored in space_len.","releases":{"jessie":{"fixed_version":"2.1.5-2+deb8u4","repositories":{"jessie":"2.1.5-2+deb8u3","jessie-security":"2.1.5-2+deb8u7"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-0898":{"debianbug":875936,"scope":"remote","description":"Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.","releases":{"jessie":{"fixed_version":"2.1.5-2+deb8u4","repositories":{"jessie":"2.1.5-2+deb8u3","jessie-security":"2.1.5-2+deb8u7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-0899":{"debianbug":873802,"scope":"remote","description":"RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.","releases":{"jessie":{"fixed_version":"2.1.5-2+deb8u4","repositories":{"jessie":"2.1.5-2+deb8u3","jessie-security":"2.1.5-2+deb8u7"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-4975":{"scope":"remote","description":"Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow.","releases":{"jessie":{"fixed_version":"2.1.3-1","repositories":{"jessie":"2.1.5-2+deb8u3","jessie-security":"2.1.5-2+deb8u7"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-11465":{"scope":"remote","description":"The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y. NOTE: this might have security relevance as a bypass of a $SAFE protection mechanism.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"2.1.5-2+deb8u3","jessie-security":"2.1.5-2+deb8u7"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-2337":{"debianbug":851161,"scope":"remote","description":"Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as \"retval\" argument can cause arbitrary code execution.","releases":{"jessie":{"fixed_version":"2.1.5-2+deb8u5","repositories":{"jessie":"2.1.5-2+deb8u3","jessie-security":"2.1.5-2+deb8u7"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-2339":{"debianbug":851161,"scope":"remote","description":"An exploitable heap overflow vulnerability exists in the Fiddle::Function.new \"initialize\" function functionality of Ruby. In Fiddle::Function.new \"initialize\" heap buffer \"arg_types\" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow.","releases":{"jessie":{"fixed_version":"2.1.5-2+deb8u4","repositories":{"jessie":"2.1.5-2+deb8u3","jessie-security":"2.1.5-2+deb8u7"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-8780":{"scope":"remote","description":"In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed.","releases":{"jessie":{"fixed_version":"2.1.5-2+deb8u4","repositories":{"jessie":"2.1.5-2+deb8u3","jessie-security":"2.1.5-2+deb8u7"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-9096":{"debianbug":864860,"scope":"remote","description":"Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.","releases":{"jessie":{"fixed_version":"2.1.5-2+deb8u4","repositories":{"jessie":"2.1.5-2+deb8u3","jessie-security":"2.1.5-2+deb8u7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2336":{"scope":"remote","description":"Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"2.1.5-2+deb8u3","jessie-security":"2.1.5-2+deb8u7"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-5147":{"debianbug":796344,"scope":"remote","description":"DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names.","releases":{"jessie":{"fixed_version":"2.1.5-2+deb8u3","repositories":{"jessie":"2.1.5-2+deb8u3","jessie-security":"2.1.5-2+deb8u7"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-17742":{"scope":"remote","description":"Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick.","releases":{"jessie":{"fixed_version":"2.1.5-2+deb8u4","repositories":{"jessie":"2.1.5-2+deb8u3","jessie-security":"2.1.5-2+deb8u7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-1855":{"releases":{"jessie":{"fixed_version":"2.1.5-2+deb8u1","repositories":{"jessie":"2.1.5-2+deb8u3","jessie-security":"2.1.5-2+deb8u7"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2015-4020":{"scope":"remote","description":"RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original domain name, aka a \"DNS hijack attack.\" NOTE: this vulnerability exists because to an incomplete fix for CVE-2015-3900.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"2.1.5-2+deb8u3","jessie-security":"2.1.5-2+deb8u7"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-7551":{"debianbug":796344,"scope":"local","description":"The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library.  NOTE: this vulnerability exists because of a CVE-2009-5147 regression.","releases":{"jessie":{"fixed_version":"2.1.5-2+deb8u3","repositories":{"jessie":"2.1.5-2+deb8u3","jessie-security":"2.1.5-2+deb8u7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-8090":{"debianbug":770932,"scope":"remote","description":"The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080.","releases":{"jessie":{"fixed_version":"2.1.5-1","repositories":{"jessie":"2.1.5-2+deb8u3","jessie-security":"2.1.5-2+deb8u7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-17405":{"debianbug":884437,"scope":"remote","description":"Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the \"|\" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution.","releases":{"jessie":{"fixed_version":"2.1.5-2+deb8u4","repositories":{"jessie":"2.1.5-2+deb8u3","jessie-security":"2.1.5-2+deb8u7"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-0901":{"debianbug":873802,"scope":"remote","description":"RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.","releases":{"jessie":{"fixed_version":"2.1.5-2+deb8u4","repositories":{"jessie":"2.1.5-2+deb8u3","jessie-security":"2.1.5-2+deb8u7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-8320":{"debianbug":925987,"releases":{"jessie":{"fixed_version":"2.1.5-2+deb8u7","repositories":{"jessie":"2.1.5-2+deb8u3","jessie-security":"2.1.5-2+deb8u7"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2017-0902":{"debianbug":873802,"scope":"remote","description":"RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls.","releases":{"jessie":{"fixed_version":"2.1.5-2+deb8u4","repositories":{"jessie":"2.1.5-2+deb8u3","jessie-security":"2.1.5-2+deb8u7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-0903":{"debianbug":879231,"scope":"remote","description":"RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution.","releases":{"jessie":{"fixed_version":"2.1.5-2+deb8u4","repositories":{"jessie":"2.1.5-2+deb8u3","jessie-security":"2.1.5-2+deb8u7"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2019-8322":{"debianbug":925987,"releases":{"jessie":{"fixed_version":"2.1.5-2+deb8u7","repositories":{"jessie":"2.1.5-2+deb8u3","jessie-security":"2.1.5-2+deb8u7"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-8321":{"debianbug":925987,"releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"2.1.5-2+deb8u3","jessie-security":"2.1.5-2+deb8u7"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-3916":{"scope":"remote","description":"The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string.","releases":{"jessie":{"repositories":{"jessie":"2.1.5-2+deb8u3","jessie-security":"2.1.5-2+deb8u7"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-7798":{"debianbug":842432,"scope":"remote","description":"The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.","releases":{"jessie":{"fixed_version":"2.1.5-2+deb8u4","repositories":{"jessie":"2.1.5-2+deb8u3","jessie-security":"2.1.5-2+deb8u7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-14033":{"debianbug":875928,"scope":"remote","description":"The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string.","releases":{"jessie":{"fixed_version":"2.1.5-2+deb8u4","repositories":{"jessie":"2.1.5-2+deb8u3","jessie-security":"2.1.5-2+deb8u7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-8324":{"debianbug":925987,"releases":{"jessie":{"fixed_version":"2.1.5-2+deb8u7","repositories":{"jessie":"2.1.5-2+deb8u3","jessie-security":"2.1.5-2+deb8u7"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-8323":{"debianbug":925987,"releases":{"jessie":{"fixed_version":"2.1.5-2+deb8u7","repositories":{"jessie":"2.1.5-2+deb8u3","jessie-security":"2.1.5-2+deb8u7"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2017-0900":{"debianbug":873802,"scope":"remote","description":"RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command.","releases":{"jessie":{"fixed_version":"2.1.5-2+deb8u4","repositories":{"jessie":"2.1.5-2+deb8u3","jessie-security":"2.1.5-2+deb8u7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-8325":{"debianbug":925987,"releases":{"jessie":{"fixed_version":"2.1.5-2+deb8u7","repositories":{"jessie":"2.1.5-2+deb8u3","jessie-security":"2.1.5-2+deb8u7"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-1000079":{"debianbug":895778,"scope":"remote","description":"RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation. This attack appear to be exploitable via the victim must install a malicious gem. This vulnerability appears to have been fixed in 2.7.6.","releases":{"jessie":{"fixed_version":"2.1.5-2+deb8u4","repositories":{"jessie":"2.1.5-2+deb8u3","jessie-security":"2.1.5-2+deb8u7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-1000077":{"debianbug":895778,"scope":"remote","description":"RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem could set an invalid homepage URL. This vulnerability appears to have been fixed in 2.7.6.","releases":{"jessie":{"fixed_version":"2.1.5-2+deb8u4","repositories":{"jessie":"2.1.5-2+deb8u3","jessie-security":"2.1.5-2+deb8u7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-10784":{"debianbug":875931,"scope":"remote","description":"The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.","releases":{"jessie":{"fixed_version":"2.1.5-2+deb8u4","repositories":{"jessie":"2.1.5-2+deb8u3","jessie-security":"2.1.5-2+deb8u7"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-1000078":{"debianbug":895778,"scope":"remote","description":"RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appear to be exploitable via the victim must browse to a malicious gem on a vulnerable gem server. This vulnerability appears to have been fixed in 2.7.6.","releases":{"jessie":{"fixed_version":"2.1.5-2+deb8u4","repositories":{"jessie":"2.1.5-2+deb8u3","jessie-security":"2.1.5-2+deb8u7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-1000075":{"debianbug":895778,"scope":"remote","description":"RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.. This vulnerability appears to have been fixed in 2.7.6.","releases":{"jessie":{"fixed_version":"2.1.5-2+deb8u4","repositories":{"jessie":"2.1.5-2+deb8u3","jessie-security":"2.1.5-2+deb8u7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-1000076":{"debianbug":895778,"scope":"remote","description":"RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in a mis-signed gem could be installed, as the tarball would contain multiple gem signatures.. This vulnerability appears to have been fixed in 2.7.6.","releases":{"jessie":{"fixed_version":"2.1.5-2+deb8u4","repositories":{"jessie":"2.1.5-2+deb8u3","jessie-security":"2.1.5-2+deb8u7"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-1000073":{"debianbug":895778,"scope":"remote","description":"RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in 2.7.6.","releases":{"jessie":{"fixed_version":"2.1.5-2+deb8u5","repositories":{"jessie":"2.1.5-2+deb8u3","jessie-security":"2.1.5-2+deb8u7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-1000074":{"debianbug":895778,"scope":"remote","description":"RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. This attack appear to be exploitable via victim must run the `gem owner` command on a gem with a specially crafted YAML file. This vulnerability appears to have been fixed in 2.7.6.","releases":{"jessie":{"fixed_version":"2.1.5-2+deb8u5","repositories":{"jessie":"2.1.5-2+deb8u3","jessie-security":"2.1.5-2+deb8u7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6181":{"scope":"remote","description":"The parse_char_class function in regparse.c in the Onigmo (aka Oniguruma-mod) regular expression library, as used in Ruby 2.4.0, allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted regular expression.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"2.1.5-2+deb8u3","jessie-security":"2.1.5-2+deb8u7"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-3900":{"debianbug":790111,"scope":"remote","description":"RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a \"DNS hijack attack.\"","releases":{"jessie":{"fixed_version":"2.1.5-2+deb8u2","repositories":{"jessie":"2.1.5-2+deb8u3","jessie-security":"2.1.5-2+deb8u7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-8777":{"scope":"remote","description":"In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption).","releases":{"jessie":{"fixed_version":"2.1.5-2+deb8u4","repositories":{"jessie":"2.1.5-2+deb8u3","jessie-security":"2.1.5-2+deb8u7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-6914":{"scope":"remote","description":"Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. (dot dot) in the prefix argument.","releases":{"jessie":{"fixed_version":"2.1.5-2+deb8u4","repositories":{"jessie":"2.1.5-2+deb8u3","jessie-security":"2.1.5-2+deb8u7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-8080":{"scope":"remote","description":"The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.","releases":{"jessie":{"fixed_version":"2.1.4-1","repositories":{"jessie":"2.1.5-2+deb8u3","jessie-security":"2.1.5-2+deb8u7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-8778":{"scope":"remote","description":"In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure.","releases":{"jessie":{"fixed_version":"2.1.5-2+deb8u4","repositories":{"jessie":"2.1.5-2+deb8u3","jessie-security":"2.1.5-2+deb8u7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-8779":{"scope":"remote","description":"In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket.","releases":{"jessie":{"fixed_version":"2.1.5-2+deb8u4","repositories":{"jessie":"2.1.5-2+deb8u3","jessie-security":"2.1.5-2+deb8u7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-20806":{"debianbug":924731,"scope":"remote","description":"Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the login page (the /public/main.php action parameter).","releases":{"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.6.5-1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.6.2-1.2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"0.6.8-1"},"urgency":"low","status":"open"}}}}
{"CVE-2017-0378":{"debianbug":868988,"scope":"remote","description":"XSS exists in the login_form function in views/helpers.php in Phamm before 0.6.7, exploitable via the PATH_INFO to main.php.","releases":{"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.6.5-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.6.2-1.2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.6.8-1","repositories":{"sid":"0.6.8-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-2077":{"debianbug":368268,"scope":"remote","description":"Buffer overflow in Paul Rombouts pdnsd before 1.2.4 has unknown impact and attack vectors.  NOTE: this issue might be related to the OUSPG PROTOS DNS test suite.","releases":{"jessie":{"fixed_version":"1.2.4par-0.1","repositories":{"jessie":"1.2.9a-par-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2008-1447":{"debianbug":490123,"scope":"remote","description":"The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka \"DNS Insufficient Socket Entropy Vulnerability\" or \"the Kaminsky bug.\"","releases":{"jessie":{"fixed_version":"1.2.6-par-11","repositories":{"jessie":"1.2.9a-par-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-2076":{"debianbug":368268,"scope":"remote","description":"Memory leak in Paul Rombouts pdnsd before 1.2.4 allows remote attackers to cause a denial of service (memory consumption) via a DNS query with an unsupported (1) QTYPE or (2) QCLASS, as demonstrated by the OUSPG PROTOS DNS test suite.","releases":{"jessie":{"fixed_version":"1.2.4par-0.1","repositories":{"jessie":"1.2.9a-par-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2008-4194":{"debianbug":500910,"scope":"remote","description":"The p_exec_query function in src/dns_query.c in pdnsd before 1.2.7-par allows remote attackers to cause a denial of service (daemon crash) via a long DNS reply with many entries in the answer section, related to a \"dangling pointer bug.\"","releases":{"jessie":{"fixed_version":"1.2.6-par-10","repositories":{"jessie":"1.2.9a-par-2"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0605160-28DAD2":{"debianbug":605150,"releases":{"jessie":{"fixed_version":"2.1.1-3.1","repositories":{"jessie":"2.1.1-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-5104":{"debianbug":825553,"scope":"remote","description":"The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket.","releases":{"buster":{"fixed_version":"1.2.0+dfsg-3","repositories":{"buster":"1.2.1~git20181030.92c5462-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.2.0+dfsg-3","repositories":{"stretch":"1.2.0+dfsg-3.1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.1.6+dfsg-3.1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.2.0+dfsg-3","repositories":{"sid":"1.2.1~git20181030.92c5462-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-2142":{"debianbug":710885,"scope":"local","description":"userpref.c in libimobiledevice 1.1.4, when $HOME and $XDG_CONFIG_HOME are not set, allows local users to overwrite arbitrary files via a symlink attack on (1) HostCertificate.pem, (2) HostPrivateKey.pem, (3) libimobiledevicerc, (4) RootCertificate.pem, or (5) RootPrivateKey.pem in /tmp/root/.config/libimobiledevice/.","releases":{"buster":{"fixed_version":"1.1.5-0.1","repositories":{"buster":"1.2.1~git20181030.92c5462-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.1.5-0.1","repositories":{"stretch":"1.2.0+dfsg-3.1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.1.5-0.1","repositories":{"jessie":"1.1.6+dfsg-3.1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.1.5-0.1","repositories":{"sid":"1.2.1~git20181030.92c5462-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-16396":{"debianbug":911920,"scope":"remote","description":"An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.","releases":{"buster":{"fixed_version":"2.5.3-1","repositories":{"buster":"2.5.5-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.5.3-1","repositories":{"sid":"2.5.5-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-8320":{"debianbug":925987,"releases":{"buster":{"fixed_version":"2.5.5-1","repositories":{"buster":"2.5.5-2"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"2.5.5-1","repositories":{"sid":"2.5.5-2"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2017-17790":{"debianbug":884878,"scope":"remote","description":"The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely.","releases":{"buster":{"fixed_version":"2.5.0-1","repositories":{"buster":"2.5.5-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.5.0-1","repositories":{"sid":"2.5.5-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2019-8322":{"debianbug":925987,"releases":{"buster":{"fixed_version":"2.5.5-1","repositories":{"buster":"2.5.5-2"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"2.5.5-1","repositories":{"sid":"2.5.5-2"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-16395":{"debianbug":911918,"scope":"remote","description":"An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.","releases":{"buster":{"fixed_version":"2.5.3-1","repositories":{"buster":"2.5.5-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.5.3-1","repositories":{"sid":"2.5.5-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2019-8321":{"debianbug":925987,"releases":{"buster":{"fixed_version":"2.5.5-1","repositories":{"buster":"2.5.5-2"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"2.5.5-1","repositories":{"sid":"2.5.5-2"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-8324":{"debianbug":925987,"releases":{"buster":{"fixed_version":"2.5.5-1","repositories":{"buster":"2.5.5-2"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"2.5.5-1","repositories":{"sid":"2.5.5-2"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-8323":{"debianbug":925987,"releases":{"buster":{"fixed_version":"2.5.5-1","repositories":{"buster":"2.5.5-2"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"2.5.5-1","repositories":{"sid":"2.5.5-2"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-8325":{"debianbug":925987,"releases":{"buster":{"fixed_version":"2.5.5-1","repositories":{"buster":"2.5.5-2"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"2.5.5-1","repositories":{"sid":"2.5.5-2"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-1000079":{"debianbug":895778,"scope":"remote","description":"RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation. This attack appear to be exploitable via the victim must install a malicious gem. This vulnerability appears to have been fixed in 2.7.6.","releases":{"buster":{"fixed_version":"2.5.0-5","repositories":{"buster":"2.5.5-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.5.0-5","repositories":{"sid":"2.5.5-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-1000077":{"debianbug":895778,"scope":"remote","description":"RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem could set an invalid homepage URL. This vulnerability appears to have been fixed in 2.7.6.","releases":{"buster":{"fixed_version":"2.5.0-5","repositories":{"buster":"2.5.5-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.5.0-5","repositories":{"sid":"2.5.5-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-1000078":{"debianbug":895778,"scope":"remote","description":"RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appear to be exploitable via the victim must browse to a malicious gem on a vulnerable gem server. This vulnerability appears to have been fixed in 2.7.6.","releases":{"buster":{"fixed_version":"2.5.0-5","repositories":{"buster":"2.5.5-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.5.0-5","repositories":{"sid":"2.5.5-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-8780":{"scope":"remote","description":"In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed.","releases":{"buster":{"fixed_version":"2.5.1-1","repositories":{"buster":"2.5.5-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.5.1-1","repositories":{"sid":"2.5.5-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-1000075":{"debianbug":895778,"scope":"remote","description":"RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.. This vulnerability appears to have been fixed in 2.7.6.","releases":{"buster":{"fixed_version":"2.5.0-5","repositories":{"buster":"2.5.5-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.5.0-5","repositories":{"sid":"2.5.5-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-1000076":{"debianbug":895778,"scope":"remote","description":"RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in a mis-signed gem could be installed, as the tarball would contain multiple gem signatures.. This vulnerability appears to have been fixed in 2.7.6.","releases":{"buster":{"fixed_version":"2.5.0-5","repositories":{"buster":"2.5.5-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.5.0-5","repositories":{"sid":"2.5.5-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-1000073":{"debianbug":895778,"scope":"remote","description":"RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in 2.7.6.","releases":{"buster":{"fixed_version":"2.5.0-5","repositories":{"buster":"2.5.5-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.5.0-5","repositories":{"sid":"2.5.5-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-1000074":{"debianbug":895778,"scope":"remote","description":"RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. This attack appear to be exploitable via victim must run the `gem owner` command on a gem with a specially crafted YAML file. This vulnerability appears to have been fixed in 2.7.6.","releases":{"buster":{"fixed_version":"2.5.0-5","repositories":{"buster":"2.5.5-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.5.0-5","repositories":{"sid":"2.5.5-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-17742":{"scope":"remote","description":"Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick.","releases":{"buster":{"fixed_version":"2.5.1-1","repositories":{"buster":"2.5.5-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.5.1-1","repositories":{"sid":"2.5.5-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-8777":{"scope":"remote","description":"In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption).","releases":{"buster":{"fixed_version":"2.5.1-1","repositories":{"buster":"2.5.5-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.5.1-1","repositories":{"sid":"2.5.5-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-6914":{"scope":"remote","description":"Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. (dot dot) in the prefix argument.","releases":{"buster":{"fixed_version":"2.5.1-1","repositories":{"buster":"2.5.5-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.5.1-1","repositories":{"sid":"2.5.5-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-8778":{"scope":"remote","description":"In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure.","releases":{"buster":{"fixed_version":"2.5.1-1","repositories":{"buster":"2.5.5-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.5.1-1","repositories":{"sid":"2.5.5-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-17405":{"debianbug":884437,"scope":"remote","description":"Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the \"|\" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution.","releases":{"buster":{"fixed_version":"2.5.0~rc1-1","repositories":{"buster":"2.5.5-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.5.0~rc1-1","repositories":{"sid":"2.5.5-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-8779":{"scope":"remote","description":"In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket.","releases":{"buster":{"fixed_version":"2.5.1-1","repositories":{"buster":"2.5.5-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.5.1-1","repositories":{"sid":"2.5.5-2"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0149799-ABFD7C":{"debianbug":149799,"releases":{"buster":{"fixed_version":"1.76-1","repositories":{"buster":"1.76-5"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.76-1","repositories":{"stretch":"1.76-5"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.76-1","repositories":{"jessie":"1.76-3"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.76-1","repositories":{"sid":"1.76-5"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2018-16396":{"debianbug":911920,"scope":"remote","description":"An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.","releases":{"stretch":{"fixed_version":"2.3.3-1+deb9u4","repositories":{"stretch-security":"2.3.3-1+deb9u6","stretch":"2.3.3-1+deb9u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-17790":{"debianbug":884878,"scope":"remote","description":"The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely.","releases":{"stretch":{"fixed_version":"2.3.3-1+deb9u3","repositories":{"stretch-security":"2.3.3-1+deb9u6","stretch":"2.3.3-1+deb9u6"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-16395":{"debianbug":911918,"scope":"remote","description":"An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.","releases":{"stretch":{"fixed_version":"2.3.3-1+deb9u4","repositories":{"stretch-security":"2.3.3-1+deb9u6","stretch":"2.3.3-1+deb9u6"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-14064":{"debianbug":873906,"scope":"remote","description":"Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\\0' byte, returning a pointer to a string of length zero, which is not the length stored in space_len.","releases":{"stretch":{"fixed_version":"2.3.3-1+deb9u1","repositories":{"stretch-security":"2.3.3-1+deb9u6","stretch":"2.3.3-1+deb9u6"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-0898":{"debianbug":875936,"scope":"remote","description":"Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.","releases":{"stretch":{"fixed_version":"2.3.3-1+deb9u2","repositories":{"stretch-security":"2.3.3-1+deb9u6","stretch":"2.3.3-1+deb9u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-0899":{"debianbug":873802,"scope":"remote","description":"RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.","releases":{"stretch":{"fixed_version":"2.3.3-1+deb9u1","repositories":{"stretch-security":"2.3.3-1+deb9u6","stretch":"2.3.3-1+deb9u6"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-11465":{"scope":"remote","description":"The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y. NOTE: this might have security relevance as a bypass of a $SAFE protection mechanism.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch-security":"2.3.3-1+deb9u6","stretch":"2.3.3-1+deb9u6"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-2337":{"debianbug":851161,"scope":"remote","description":"Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as \"retval\" argument can cause arbitrary code execution.","releases":{"stretch":{"fixed_version":"2.3.0-1","repositories":{"stretch-security":"2.3.3-1+deb9u6","stretch":"2.3.3-1+deb9u6"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-2339":{"debianbug":851161,"scope":"remote","description":"An exploitable heap overflow vulnerability exists in the Fiddle::Function.new \"initialize\" function functionality of Ruby. In Fiddle::Function.new \"initialize\" heap buffer \"arg_types\" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow.","releases":{"stretch":{"fixed_version":"2.3.0-1","repositories":{"stretch-security":"2.3.3-1+deb9u6","stretch":"2.3.3-1+deb9u6"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-8780":{"scope":"remote","description":"In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed.","releases":{"stretch":{"fixed_version":"2.3.3-1+deb9u3","repositories":{"stretch-security":"2.3.3-1+deb9u6","stretch":"2.3.3-1+deb9u6"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-9096":{"debianbug":864860,"scope":"remote","description":"Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.","releases":{"stretch":{"fixed_version":"2.3.3-1+deb9u1","repositories":{"stretch-security":"2.3.3-1+deb9u6","stretch":"2.3.3-1+deb9u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2336":{"scope":"remote","description":"Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch-security":"2.3.3-1+deb9u6","stretch":"2.3.3-1+deb9u6"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-17742":{"scope":"remote","description":"Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick.","releases":{"stretch":{"fixed_version":"2.3.3-1+deb9u3","repositories":{"stretch-security":"2.3.3-1+deb9u6","stretch":"2.3.3-1+deb9u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-17405":{"debianbug":884437,"scope":"remote","description":"Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the \"|\" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution.","releases":{"stretch":{"fixed_version":"2.3.3-1+deb9u3","repositories":{"stretch-security":"2.3.3-1+deb9u6","stretch":"2.3.3-1+deb9u6"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-0901":{"debianbug":873802,"scope":"remote","description":"RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.","releases":{"stretch":{"fixed_version":"2.3.3-1+deb9u1","repositories":{"stretch-security":"2.3.3-1+deb9u6","stretch":"2.3.3-1+deb9u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-8320":{"debianbug":925987,"releases":{"stretch":{"fixed_version":"2.3.3-1+deb9u6","repositories":{"stretch-security":"2.3.3-1+deb9u6","stretch":"2.3.3-1+deb9u6"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2017-0902":{"debianbug":873802,"scope":"remote","description":"RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls.","releases":{"stretch":{"fixed_version":"2.3.3-1+deb9u1","repositories":{"stretch-security":"2.3.3-1+deb9u6","stretch":"2.3.3-1+deb9u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-0903":{"debianbug":879231,"scope":"remote","description":"RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution.","releases":{"stretch":{"fixed_version":"2.3.3-1+deb9u2","repositories":{"stretch-security":"2.3.3-1+deb9u6","stretch":"2.3.3-1+deb9u6"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2019-8322":{"debianbug":925987,"releases":{"stretch":{"fixed_version":"2.3.3-1+deb9u6","repositories":{"stretch-security":"2.3.3-1+deb9u6","stretch":"2.3.3-1+deb9u6"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-8321":{"debianbug":925987,"releases":{"stretch":{"fixed_version":"2.3.3-1+deb9u6","repositories":{"stretch-security":"2.3.3-1+deb9u6","stretch":"2.3.3-1+deb9u6"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2016-7798":{"debianbug":842432,"scope":"remote","description":"The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.","releases":{"stretch":{"fixed_version":"2.3.3-1+deb9u1","repositories":{"stretch-security":"2.3.3-1+deb9u6","stretch":"2.3.3-1+deb9u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-14033":{"debianbug":875928,"scope":"remote","description":"The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string.","releases":{"stretch":{"fixed_version":"2.3.3-1+deb9u2","repositories":{"stretch-security":"2.3.3-1+deb9u6","stretch":"2.3.3-1+deb9u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-8324":{"debianbug":925987,"releases":{"stretch":{"fixed_version":"2.3.3-1+deb9u6","repositories":{"stretch-security":"2.3.3-1+deb9u6","stretch":"2.3.3-1+deb9u6"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-8323":{"debianbug":925987,"releases":{"stretch":{"fixed_version":"2.3.3-1+deb9u6","repositories":{"stretch-security":"2.3.3-1+deb9u6","stretch":"2.3.3-1+deb9u6"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2017-0900":{"debianbug":873802,"scope":"remote","description":"RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command.","releases":{"stretch":{"fixed_version":"2.3.3-1+deb9u1","repositories":{"stretch-security":"2.3.3-1+deb9u6","stretch":"2.3.3-1+deb9u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-8325":{"debianbug":925987,"releases":{"stretch":{"fixed_version":"2.3.3-1+deb9u6","repositories":{"stretch-security":"2.3.3-1+deb9u6","stretch":"2.3.3-1+deb9u6"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-1000079":{"debianbug":895778,"scope":"remote","description":"RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation. This attack appear to be exploitable via the victim must install a malicious gem. This vulnerability appears to have been fixed in 2.7.6.","releases":{"stretch":{"fixed_version":"2.3.3-1+deb9u3","repositories":{"stretch-security":"2.3.3-1+deb9u6","stretch":"2.3.3-1+deb9u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-1000077":{"debianbug":895778,"scope":"remote","description":"RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem could set an invalid homepage URL. This vulnerability appears to have been fixed in 2.7.6.","releases":{"stretch":{"fixed_version":"2.3.3-1+deb9u3","repositories":{"stretch-security":"2.3.3-1+deb9u6","stretch":"2.3.3-1+deb9u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-10784":{"debianbug":875931,"scope":"remote","description":"The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.","releases":{"stretch":{"fixed_version":"2.3.3-1+deb9u2","repositories":{"stretch-security":"2.3.3-1+deb9u6","stretch":"2.3.3-1+deb9u6"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-1000078":{"debianbug":895778,"scope":"remote","description":"RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appear to be exploitable via the victim must browse to a malicious gem on a vulnerable gem server. This vulnerability appears to have been fixed in 2.7.6.","releases":{"stretch":{"fixed_version":"2.3.3-1+deb9u3","repositories":{"stretch-security":"2.3.3-1+deb9u6","stretch":"2.3.3-1+deb9u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-1000075":{"debianbug":895778,"scope":"remote","description":"RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.. This vulnerability appears to have been fixed in 2.7.6.","releases":{"stretch":{"fixed_version":"2.3.3-1+deb9u3","repositories":{"stretch-security":"2.3.3-1+deb9u6","stretch":"2.3.3-1+deb9u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-1000076":{"debianbug":895778,"scope":"remote","description":"RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in a mis-signed gem could be installed, as the tarball would contain multiple gem signatures.. This vulnerability appears to have been fixed in 2.7.6.","releases":{"stretch":{"fixed_version":"2.3.3-1+deb9u3","repositories":{"stretch-security":"2.3.3-1+deb9u6","stretch":"2.3.3-1+deb9u6"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-1000073":{"debianbug":895778,"scope":"remote","description":"RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in 2.7.6.","releases":{"stretch":{"fixed_version":"2.3.3-1+deb9u3","repositories":{"stretch-security":"2.3.3-1+deb9u6","stretch":"2.3.3-1+deb9u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-1000074":{"debianbug":895778,"scope":"remote","description":"RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. This attack appear to be exploitable via victim must run the `gem owner` command on a gem with a specially crafted YAML file. This vulnerability appears to have been fixed in 2.7.6.","releases":{"stretch":{"fixed_version":"2.3.3-1+deb9u3","repositories":{"stretch-security":"2.3.3-1+deb9u6","stretch":"2.3.3-1+deb9u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6181":{"scope":"remote","description":"The parse_char_class function in regparse.c in the Onigmo (aka Oniguruma-mod) regular expression library, as used in Ruby 2.4.0, allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted regular expression.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch-security":"2.3.3-1+deb9u6","stretch":"2.3.3-1+deb9u6"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-8777":{"scope":"remote","description":"In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption).","releases":{"stretch":{"fixed_version":"2.3.3-1+deb9u3","repositories":{"stretch-security":"2.3.3-1+deb9u6","stretch":"2.3.3-1+deb9u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-6914":{"scope":"remote","description":"Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. (dot dot) in the prefix argument.","releases":{"stretch":{"fixed_version":"2.3.3-1+deb9u3","repositories":{"stretch-security":"2.3.3-1+deb9u6","stretch":"2.3.3-1+deb9u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-8778":{"scope":"remote","description":"In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure.","releases":{"stretch":{"fixed_version":"2.3.3-1+deb9u3","repositories":{"stretch-security":"2.3.3-1+deb9u6","stretch":"2.3.3-1+deb9u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-8779":{"scope":"remote","description":"In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket.","releases":{"stretch":{"fixed_version":"2.3.3-1+deb9u3","repositories":{"stretch-security":"2.3.3-1+deb9u6","stretch":"2.3.3-1+deb9u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-1996":{"debianbug":479036,"scope":"remote","description":"licq before 1.3.6 allows remote attackers to cause a denial of service (file-descriptor exhaustion and application crash) via a large number of connections.","releases":{"jessie":{"fixed_version":"1.3.5-6","repositories":{"jessie":"1.8.2-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2003-0363":{"scope":"remote","description":"Format string vulnerability in LICQ 1.2.6, 1.0.3 and possibly other versions allows remote attackers to perform unknown actions via format string specifiers.","releases":{"jessie":{"fixed_version":"1.2-7-1","repositories":{"jessie":"1.8.2-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-2816":{"debianbug":875801,"scope":"remote","description":"An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability.","releases":{"buster":{"fixed_version":"1:0.9.11-4","repositories":{"buster":"1:0.9.14-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:0.9.10-2+deb9u1","repositories":{"stretch":"1:0.9.10-2+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:0.9.10-1+deb8u1","repositories":{"jessie":"1:0.9.10-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:0.9.11-4","repositories":{"sid":"1:0.9.14-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-14731":{"debianbug":877442,"scope":"remote","description":"ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an ofxdump call.","releases":{"buster":{"fixed_version":"1:0.9.11-5","repositories":{"buster":"1:0.9.14-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:0.9.10-2+deb9u1","repositories":{"stretch":"1:0.9.10-2+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:0.9.10-1+deb8u1","repositories":{"jessie":"1:0.9.10-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:0.9.11-5","repositories":{"sid":"1:0.9.14-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-9656":{"debianbug":924350,"scope":"remote","description":"An issue was discovered in LibOFX 0.9.14. There is a NULL pointer dereference in the function OFXApplication::startElement in the file lib/ofx_sgml.cpp, as demonstrated by ofxdump.","releases":{"buster":{"repositories":{"buster":"1:0.9.14-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"1:0.9.10-2+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1:0.9.10-1+deb8u1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"1:0.9.14-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2019-6778":{"debianbug":921525,"scope":"local","description":"In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"0.2.1-1","repositories":{"buster":"0.2.1-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.2.1-1","repositories":{"sid":"0.2.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-6720":{"debianbug":422021,"scope":"remote","description":"libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain playback calculations, which allows user-assisted attackers to cause a denial of service (application crash) by loading multiple songs (aka MOD files) with different numbers of channels.","releases":{"buster":{"fixed_version":"1.2.8-1","repositories":{"buster":"1.2.12-15"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.2.8-1","repositories":{"stretch":"1.2.12-11"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.2.8-1","repositories":{"jessie":"1.2.12-11"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.2.8-1","repositories":{"sid":"1.2.12-15"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-4108":{"debianbug":498899,"scope":"local","description":"Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file.  NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted directory.","releases":{"buster":{"repositories":{"buster":"2.7.16-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"2.7.13-2"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.7.9-1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2.7.16-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2008-4955":{"debianbug":496373,"scope":"local","description":"freevo.real in freevo 1.8.1 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/*-#####.pid, (2) /tmp/freevo-gdb, (3) /tmp/freevo-gdb.sh, and (4) /tmp/*.stats temporary files.  NOTE: this issue is only a vulnerability when a verbose debug mode is activated by modifying source code.","releases":{"jessie":{"repositories":{"jessie":"1.9.2b2-4.2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2007-5718":{"debianbug":448319,"scope":"local","description":"vobcopy 0.5.14 allows local users to append data to an arbitrary file, or create an arbitrary new file, via a symlink attack on the (1) /tmp/vobcopy.bla or (2) /tmp/vobcopy_0.5.14.log temporary file.","releases":{"buster":{"fixed_version":"1.0.2-1","repositories":{"buster":"1.2.0-7"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.0.2-1","repositories":{"stretch":"1.2.0-6"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.0.2-1","repositories":{"jessie":"1.2.0-5"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.0.2-1","repositories":{"sid":"1.2.0-7"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-3239":{"debianbug":790830,"scope":"local","description":"Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes.","releases":{"buster":{"fixed_version":"7.0.0+r1-4","repositories":{"buster":"8.1.0+r23-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"7.0.0+r1-4","repositories":{"stretch":"7.0.0+r1-4"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"7.0.0+r1-4","repositories":{"sid":"8.1.0+r23-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-9227":{"debianbug":863315,"scope":"remote","description":"An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer.","releases":{"buster":{"fixed_version":"6.1.3-2","repositories":{"buster":"6.9.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"6.1.3-2","repositories":{"stretch":"6.1.3-2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"5.9.5-3.2+deb8u1","repositories":{"jessie":"5.9.5-3.2+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"6.1.3-2","repositories":{"sid":"6.9.1-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-9228":{"debianbug":863316,"scope":"remote","description":"An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption.","releases":{"buster":{"fixed_version":"6.1.3-2","repositories":{"buster":"6.9.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"6.1.3-2","repositories":{"stretch":"6.1.3-2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"5.9.5-3.2+deb8u1","repositories":{"jessie":"5.9.5-3.2+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"6.1.3-2","repositories":{"sid":"6.9.1-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-9229":{"debianbug":863318,"scope":"remote","description":"An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition.","releases":{"buster":{"fixed_version":"6.1.3-2","repositories":{"buster":"6.9.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"6.1.3-2","repositories":{"stretch":"6.1.3-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"5.9.5-3.2+deb8u1","repositories":{"jessie":"5.9.5-3.2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"6.1.3-2","repositories":{"sid":"6.9.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-9224":{"debianbug":863312,"scope":"remote","description":"An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.","releases":{"buster":{"fixed_version":"6.1.3-2","repositories":{"buster":"6.9.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"6.1.3-2","repositories":{"stretch":"6.1.3-2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"5.9.5-3.2+deb8u1","repositories":{"jessie":"5.9.5-3.2+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"6.1.3-2","repositories":{"sid":"6.9.1-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-9225":{"debianbug":863313,"scope":"remote","description":"An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in unicode_unfold_key(). A malformed regular expression could result in 4 bytes being written off the end of a stack buffer of expand_case_fold_string() during the call to onigenc_unicode_get_case_fold_codes_by_str(), a typical stack buffer overflow.","releases":{"buster":{"fixed_version":"6.1.3-2","repositories":{"buster":"6.9.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"6.1.3-2","repositories":{"stretch":"6.1.3-2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"5.9.5-3.2+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"6.1.3-2","repositories":{"sid":"6.9.1-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-9226":{"debianbug":863314,"scope":"remote","description":"An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption.","releases":{"buster":{"fixed_version":"6.1.3-2","repositories":{"buster":"6.9.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"6.1.3-2","repositories":{"stretch":"6.1.3-2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"5.9.5-3.2+deb8u1","repositories":{"jessie":"5.9.5-3.2+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"6.1.3-2","repositories":{"sid":"6.9.1-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-0997":{"debianbug":621099,"scope":"remote","description":"dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.","releases":{"buster":{"fixed_version":"4.1.1-P1-16.1","repositories":{"buster":"4.4.1-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.1.1-P1-16.1","repositories":{"stretch-security":"4.3.5-3+deb9u1","stretch":"4.3.5-3+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.1.1-P1-16.1","repositories":{"jessie":"4.3.1-6+deb8u3","jessie-security":"4.3.1-6+deb8u3"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.1.1-P1-16.1","repositories":{"sid":"4.4.1-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-4244":{"debianbug":693015,"scope":"remote","description":"ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"4.4.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"4.3.5-3+deb9u1","stretch":"4.3.5-3+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.3.1-6+deb8u3","jessie-security":"4.3.1-6+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"4.4.1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-5733":{"debianbug":891785,"scope":"remote","description":"A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0.","releases":{"buster":{"fixed_version":"4.3.5-3.1","repositories":{"buster":"4.4.1-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.3.5-3+deb9u1","repositories":{"stretch-security":"4.3.5-3+deb9u1","stretch":"4.3.5-3+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.3.1-6+deb8u3","repositories":{"jessie":"4.3.1-6+deb8u3","jessie-security":"4.3.1-6+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.3.5-3.1","repositories":{"sid":"4.4.1-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-0413":{"debianbug":611217,"scope":"remote","description":"The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) by sending a message over IPv6 for a declined and abandoned address.","releases":{"buster":{"fixed_version":"4.1.1-P1-16","repositories":{"buster":"4.4.1-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.1.1-P1-16","repositories":{"stretch-security":"4.3.5-3+deb9u1","stretch":"4.3.5-3+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.1.1-P1-16","repositories":{"jessie":"4.3.1-6+deb8u3","jessie-security":"4.3.1-6+deb8u3"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.1.1-P1-16","repositories":{"sid":"4.4.1-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-8605":{"debianbug":810875,"scope":"remote","description":"ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.","releases":{"buster":{"fixed_version":"4.3.3-7","repositories":{"buster":"4.4.1-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.3.3-7","repositories":{"stretch-security":"4.3.5-3+deb9u1","stretch":"4.3.5-3+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.3.1-6+deb8u2","repositories":{"jessie":"4.3.1-6+deb8u3","jessie-security":"4.3.1-6+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.3.3-7","repositories":{"sid":"4.4.1-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-5732":{"debianbug":891786,"releases":{"buster":{"fixed_version":"4.3.5-3.1","repositories":{"buster":"4.4.1-2"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"4.3.5-3+deb9u1","repositories":{"stretch-security":"4.3.5-3+deb9u1","stretch":"4.3.5-3+deb9u1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"4.3.1-6+deb8u3","repositories":{"jessie":"4.3.1-6+deb8u3","jessie-security":"4.3.1-6+deb8u3"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"4.3.5-3.1","repositories":{"sid":"4.4.1-2"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2011-4539":{"debianbug":652259,"scope":"remote","description":"dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet.","releases":{"buster":{"fixed_version":"4.2.2.dfsg.1-5","repositories":{"buster":"4.4.1-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"4.2.2.dfsg.1-5","repositories":{"stretch-security":"4.3.5-3+deb9u1","stretch":"4.3.5-3+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"4.2.2.dfsg.1-5","repositories":{"jessie":"4.3.1-6+deb8u3","jessie-security":"4.3.1-6+deb8u3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"4.2.2.dfsg.1-5","repositories":{"sid":"4.4.1-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2019-6470":{"debianbug":896122,"releases":{"buster":{"fixed_version":"4.4.1-2","repositories":{"buster":"4.4.1-2"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"nodsa":"Issue triggerable only when build against bind >= 9.11.3","repositories":{"stretch-security":"4.3.5-3+deb9u1","stretch":"4.3.5-3+deb9u1"},"urgency":"not yet assigned","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Issue triggerable only when build against bind >= 9.11.3","repositories":{"jessie":"4.3.1-6+deb8u3","jessie-security":"4.3.1-6+deb8u3"},"urgency":"not yet assigned","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"4.4.1-2","repositories":{"sid":"4.4.1-2"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2012-2248":{"debianbug":690532,"releases":{"buster":{"fixed_version":"4.2.4-3","repositories":{"buster":"4.4.1-2"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"4.2.4-3","repositories":{"stretch-security":"4.3.5-3+deb9u1","stretch":"4.3.5-3+deb9u1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"4.2.4-3","repositories":{"jessie":"4.3.1-6+deb8u3","jessie-security":"4.3.1-6+deb8u3"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"4.2.4-3","repositories":{"sid":"4.4.1-2"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2012-3955":{"scope":"remote","description":"ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced.","releases":{"buster":{"fixed_version":"4.2.4-2","repositories":{"buster":"4.4.1-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.2.4-2","repositories":{"stretch-security":"4.3.5-3+deb9u1","stretch":"4.3.5-3+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.2.4-2","repositories":{"jessie":"4.3.1-6+deb8u3","jessie-security":"4.3.1-6+deb8u3"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.2.4-2","repositories":{"sid":"4.4.1-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-3954":{"debianbug":686174,"scope":"remote","description":"Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests.","releases":{"buster":{"fixed_version":"4.2.4-2","repositories":{"buster":"4.4.1-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.2.4-2","repositories":{"stretch-security":"4.3.5-3+deb9u1","stretch":"4.3.5-3+deb9u1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.2.4-2","repositories":{"jessie":"4.3.1-6+deb8u3","jessie-security":"4.3.1-6+deb8u3"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.2.4-2","repositories":{"sid":"4.4.1-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2013-2494":{"debianbug":704426,"scope":"remote","description":"libdns in ISC DHCP 4.2.x before 4.2.5-P1 allows remote name servers to cause a denial of service (memory consumption) via vectors involving a regular expression, as demonstrated by a memory-exhaustion attack against a machine running a dhcpd process, a related issue to CVE-2013-2266.","releases":{"buster":{"fixed_version":"4.2.4-6","repositories":{"buster":"4.4.1-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"4.2.4-6","repositories":{"stretch-security":"4.3.5-3+deb9u1","stretch":"4.3.5-3+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"4.2.4-6","repositories":{"jessie":"4.3.1-6+deb8u3","jessie-security":"4.3.1-6+deb8u3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"4.2.4-6","repositories":{"sid":"4.4.1-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-3817":{"debianbug":683259,"scope":"remote","description":"ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation is enabled, does not properly initialize the failing-query cache, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) by sending many queries.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"4.4.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"4.3.5-3+deb9u1","stretch":"4.3.5-3+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.3.1-6+deb8u3","jessie-security":"4.3.1-6+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"4.4.1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-2156":{"scope":"remote","description":"ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote attackers to cause a denial of service (server exit) via a zero-length client ID.","releases":{"buster":{"fixed_version":"4.1.1-P1-1","repositories":{"buster":"4.4.1-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.1.1-P1-1","repositories":{"stretch-security":"4.3.5-3+deb9u1","stretch":"4.3.5-3+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.1.1-P1-1","repositories":{"jessie":"4.3.1-6+deb8u3","jessie-security":"4.3.1-6+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.1.1-P1-1","repositories":{"sid":"4.4.1-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-3144":{"debianbug":887413,"scope":"remote","description":"A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested.","releases":{"buster":{"fixed_version":"4.3.5-3.1","repositories":{"buster":"4.4.1-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.3.5-3+deb9u1","repositories":{"stretch-security":"4.3.5-3+deb9u1","stretch":"4.3.5-3+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.3.1-6+deb8u3","repositories":{"jessie":"4.3.1-6+deb8u3","jessie-security":"4.3.1-6+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.3.5-3.1","repositories":{"sid":"4.4.1-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2774":{"debianbug":817158,"scope":"remote","description":"ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions.","releases":{"buster":{"fixed_version":"4.3.4-1","repositories":{"buster":"4.4.1-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.3.4-1","repositories":{"stretch-security":"4.3.5-3+deb9u1","stretch":"4.3.5-3+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"4.3.1-6+deb8u3","jessie-security":"4.3.1-6+deb8u3"},"urgency":"high**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"4.3.4-1","repositories":{"sid":"4.4.1-2"},"urgency":"high**","status":"resolved"}}}}
{"TEMP-0000000-2D8F93":{"releases":{"buster":{"fixed_version":"0","repositories":{"buster":"4.4.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"4.3.5-3+deb9u1","stretch":"4.3.5-3+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.3.1-6+deb8u3","jessie-security":"4.3.1-6+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"4.4.1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-3571":{"debianbug":686174,"scope":"remote","description":"ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier.","releases":{"buster":{"fixed_version":"4.2.4-2","repositories":{"buster":"4.4.1-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.2.4-2","repositories":{"stretch-security":"4.3.5-3+deb9u1","stretch":"4.3.5-3+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.2.4-2","repositories":{"jessie":"4.3.1-6+deb8u3","jessie-security":"4.3.1-6+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.2.4-2","repositories":{"sid":"4.4.1-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-3570":{"debianbug":686174,"scope":"remote","description":"Buffer overflow in ISC DHCP 4.2.x before 4.2.4-P1, when DHCPv6 mode is enabled, allows remote attackers to cause a denial of service (segmentation fault and daemon exit) via a crafted client identifier parameter.","releases":{"buster":{"fixed_version":"4.2.4-2","repositories":{"buster":"4.4.1-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.2.4-2","repositories":{"stretch-security":"4.3.5-3+deb9u1","stretch":"4.3.5-3+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.2.4-2","repositories":{"jessie":"4.3.1-6+deb8u3","jessie-security":"4.3.1-6+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.2.4-2","repositories":{"sid":"4.4.1-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-2749":{"debianbug":638404,"scope":"remote","description":"The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet.","releases":{"buster":{"fixed_version":"4.2.2-1","repositories":{"buster":"4.4.1-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.2.2-1","repositories":{"stretch-security":"4.3.5-3+deb9u1","stretch":"4.3.5-3+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.2.2-1","repositories":{"jessie":"4.3.1-6+deb8u3","jessie-security":"4.3.1-6+deb8u3"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.2.2-1","repositories":{"sid":"4.4.1-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-4868":{"debianbug":655746,"scope":"remote","description":"The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets related to a lease-status update.","releases":{"buster":{"fixed_version":"4.2.2.dfsg.1-5","repositories":{"buster":"4.4.1-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"4.2.2.dfsg.1-5","repositories":{"stretch-security":"4.3.5-3+deb9u1","stretch":"4.3.5-3+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"4.2.2.dfsg.1-5","repositories":{"jessie":"4.3.1-6+deb8u3","jessie-security":"4.3.1-6+deb8u3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"4.2.2.dfsg.1-5","repositories":{"sid":"4.4.1-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-5688":{"debianbug":695192,"scope":"remote","description":"ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"4.4.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"4.3.5-3+deb9u1","stretch":"4.3.5-3+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.3.1-6+deb8u3","jessie-security":"4.3.1-6+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"4.4.1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-2748":{"debianbug":638404,"scope":"remote","description":"The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet.","releases":{"buster":{"fixed_version":"4.2.2-1","repositories":{"buster":"4.4.1-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.2.2-1","repositories":{"stretch-security":"4.3.5-3+deb9u1","stretch":"4.3.5-3+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.2.2-1","repositories":{"jessie":"4.3.1-6+deb8u3","jessie-security":"4.3.1-6+deb8u3"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.2.2-1","repositories":{"sid":"4.4.1-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-5689":{"debianbug":699145,"scope":"remote","description":"ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for an AAAA record.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"4.4.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"4.3.5-3+deb9u1","stretch":"4.3.5-3+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.3.1-6+deb8u3","jessie-security":"4.3.1-6+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"4.4.1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-1667":{"scope":"remote","description":"ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"4.4.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"4.3.5-3+deb9u1","stretch":"4.3.5-3+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.3.1-6+deb8u3","jessie-security":"4.3.1-6+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"4.4.1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-3868":{"scope":"remote","description":"Race condition in the ns_client structure management in ISC BIND 9.9.x before 9.9.1-P2 allows remote attackers to cause a denial of service (memory consumption or process exit) via a large volume of TCP queries.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"4.4.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"4.3.5-3+deb9u1","stretch":"4.3.5-3+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.3.1-6+deb8u3","jessie-security":"4.3.1-6+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"4.4.1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-1892":{"debianbug":539492,"scope":"remote","description":"dhcpd in ISC DHCP 3.0.4 and 3.1.1, when the dhcp-client-identifier and hardware ethernet configuration settings are both used, allows remote attackers to cause a denial of service (daemon crash) via unspecified requests.","releases":{"buster":{"fixed_version":"3.1.2p1-2","repositories":{"buster":"4.4.1-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.1.2p1-2","repositories":{"stretch-security":"4.3.5-3+deb9u1","stretch":"4.3.5-3+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3.1.2p1-2","repositories":{"jessie":"4.3.1-6+deb8u3","jessie-security":"4.3.1-6+deb8u3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"3.1.2p1-2","repositories":{"sid":"4.4.1-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-3616":{"scope":"remote","description":"ISC DHCP server 4.2 before 4.2.0-P2, when configured to use failover partnerships, allows remote attackers to cause a denial of service (communications-interrupted state and DHCP client service loss) by connecting to a port that is only intended for a failover peer, as demonstrated by a Nagios check_tcp process check to TCP port 520.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"4.4.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"4.3.5-3+deb9u1","stretch":"4.3.5-3+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.3.1-6+deb8u3","jessie-security":"4.3.1-6+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"4.4.1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-5166":{"debianbug":690118,"scope":"remote","description":"ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"4.4.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"4.3.5-3+deb9u1","stretch":"4.3.5-3+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.3.1-6+deb8u3","jessie-security":"4.3.1-6+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"4.4.1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-3611":{"scope":"remote","description":"ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before 4.2.0-P1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a DHCPv6 packet containing a Relay-Forward message without an address in the Relay-Forward link-address field.","releases":{"buster":{"fixed_version":"4.1.1-P1-14","repositories":{"buster":"4.4.1-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.1.1-P1-14","repositories":{"stretch-security":"4.3.5-3+deb9u1","stretch":"4.3.5-3+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.1.1-P1-14","repositories":{"jessie":"4.3.1-6+deb8u3","jessie-security":"4.3.1-6+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.1.1-P1-14","repositories":{"sid":"4.4.1-2"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0560087-F084E6":{"debianbug":560087,"releases":{"buster":{"fixed_version":"1.07-17","repositories":{"buster":"1.07-20"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.07-17","repositories":{"stretch":"1.07-20"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1.07-17","repositories":{"jessie":"1.07-19"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.07-17","repositories":{"sid":"1.07-20"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-19869":{"scope":"remote","description":"An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp.","releases":{"buster":{"fixed_version":"5.11.3-2","repositories":{"buster":"5.11.3-2"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"5.7.1~20161021-2"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"5.3.2-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"5.11.3-2","repositories":{"sid":"5.11.3-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2019-11371":{"scope":"remote","description":"BWA (aka Burrow-Wheeler Aligner) 0.7.17 r1198 has a Buffer Overflow via a long prefix that is mishandled in bns_fasta2bntseq and bns_dump at btnseq.c.","releases":{"buster":{"repositories":{"buster":"0.7.17-3"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"0.7.15-2+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"0.7.10-1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"0.7.17-3"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2019-10269":{"debianbug":926014,"scope":"remote","description":"BWA (aka Burrow-Wheeler Aligner) before 2019-01-23 has a stack-based buffer overflow in the bns_restore function in bntseq.c via a long sequence name in a .alt file.","releases":{"buster":{"fixed_version":"0.7.17-3","repositories":{"buster":"0.7.17-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.7.15-2+deb9u1","repositories":{"stretch":"0.7.15-2+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.7.10-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0.7.17-3","repositories":{"sid":"0.7.17-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-3287":{"scope":"remote","description":"lib/thin/connection.rb in Thin web server before 1.2.4 relies on the X-Forwarded-For header to determine the IP address of the client, which allows remote attackers to spoof the IP address and hide activities via a modified X-Forwarded-For header.","releases":{"buster":{"fixed_version":"1.2.4-1","repositories":{"buster":"1.7.2-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.2.4-1","repositories":{"stretch":"1.6.3-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.2.4-1","repositories":{"jessie":"1.3.1-5"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.2.4-1","repositories":{"sid":"1.7.2-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-9059":{"debianbug":863671,"scope":"remote","description":"picocom before 2.0 has a command injection vulnerability in the 'send and receive file' command because the command line is executed by /bin/sh unsafely.","releases":{"buster":{"fixed_version":"1.7-2","repositories":{"buster":"3.1-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.7-2","repositories":{"stretch":"1.7-2"},"urgency":"high**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.7-1"},"urgency":"high**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.7-2","repositories":{"sid":"3.1-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2003-0390":{"scope":"local","description":"Multiple buffer overflows in Options Parsing Tool (OPT) shared library 3.18 and earlier, when used in setuid programs, may allow local users to execute arbitrary code via long command line options that are fed into macros such as opt_warn_2, as used in functions such as opt_atoi.","releases":{"buster":{"fixed_version":"3.19","repositories":{"buster":"3.19-1.3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.19","repositories":{"stretch":"3.19-1.3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.19","repositories":{"jessie":"3.19-1.2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.19","repositories":{"sid":"3.19-1.3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-17057":{"debianbug":908866,"scope":"remote","description":"An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.","releases":{"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"6.2.12+dfsg2-1"},"urgency":"high**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"6.0.093+dfsg-1+deb8u1"},"urgency":"high**","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"6.2.26+dfsg-1","repositories":{"sid":"6.2.26+dfsg-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-6100":{"debianbug":814030,"scope":"remote","description":"tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP.","releases":{"stretch":{"fixed_version":"6.2.12+dfsg2-1","repositories":{"stretch":"6.2.12+dfsg2-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"6.0.093+dfsg-1+deb8u1","repositories":{"jessie":"6.0.093+dfsg-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"6.2.12+dfsg2-1","repositories":{"sid":"6.2.26+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0000000-D91305":{"releases":{"stretch":{"fixed_version":"6.0.010+dfsg-1","repositories":{"stretch":"6.2.12+dfsg2-1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"6.0.010+dfsg-1","repositories":{"jessie":"6.0.093+dfsg-1+deb8u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"6.0.010+dfsg-1","repositories":{"sid":"6.2.26+dfsg-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2016-1951":{"scope":"remote","description":"Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) before 4.12 allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long string to a PR_*printf function.","releases":{"buster":{"fixed_version":"2:4.12-1","repositories":{"buster":"2:4.20-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2:4.12-1","repositories":{"stretch":"2:4.12-6"},"urgency":"high**","status":"resolved"},"jessie":{"nodsa":"Minor issue","fixed_version":"2:4.12-1+debu8u1","repositories":{"jessie":"2:4.12-1+debu8u1","jessie-security":"2:4.12-1+debu8u1"},"urgency":"high**","nodsa_reason":"","status":"resolved"},"sid":{"fixed_version":"2:4.12-1","repositories":{"sid":"2:4.20-1"},"urgency":"high**","status":"resolved"}}}}
{"TEMP-0000000-583651":{"releases":{"buster":{"fixed_version":"2:4.12-1","repositories":{"buster":"2:4.20-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2:4.12-1","repositories":{"stretch":"2:4.12-6"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2:4.12-1+debu8u1","repositories":{"jessie":"2:4.12-1+debu8u1","jessie-security":"2:4.12-1+debu8u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"2:4.12-1","repositories":{"sid":"2:4.20-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-7183":{"scope":"remote","description":"Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.","releases":{"buster":{"fixed_version":"2:4.10.10-1","repositories":{"buster":"2:4.20-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2:4.10.10-1","repositories":{"stretch":"2:4.12-6"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2:4.10.7-1+deb8u1","repositories":{"jessie":"2:4.12-1+debu8u1","jessie-security":"2:4.12-1+debu8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2:4.10.10-1","repositories":{"sid":"2:4.20-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-2463":{"scope":"remote","description":"Multiple integer overflows in the (1) PL_Base64Decode and (2) PL_Base64Encode functions in nsprpub/lib/libc/src/base64.c in Mozilla Firefox before 3.0.12, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors that trigger buffer overflows.","releases":{"buster":{"fixed_version":"4.8.2-1","repositories":{"buster":"2:4.20-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.8.2-1","repositories":{"stretch":"2:4.12-6"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.8.2-1","repositories":{"jessie":"2:4.12-1+debu8u1","jessie-security":"2:4.12-1+debu8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.8.2-1","repositories":{"sid":"2:4.20-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-0689":{"debianbug":559265,"scope":"remote","description":"Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.","releases":{"buster":{"fixed_version":"4.8-2","repositories":{"buster":"2:4.20-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8-2","repositories":{"stretch":"2:4.12-6"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.8-2","repositories":{"jessie":"2:4.12-1+debu8u1","jessie-security":"2:4.12-1+debu8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.8-2","repositories":{"sid":"2:4.20-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-5607":{"scope":"remote","description":"Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted X.509 certificate, a related issue to CVE-2013-1741.","releases":{"buster":{"fixed_version":"2:4.10.2-1","repositories":{"buster":"2:4.20-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2:4.10.2-1","repositories":{"stretch":"2:4.12-6"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2:4.10.2-1","repositories":{"jessie":"2:4.12-1+debu8u1","jessie-security":"2:4.12-1+debu8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2:4.10.2-1","repositories":{"sid":"2:4.20-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1545":{"scope":"remote","description":"Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console functions.","releases":{"buster":{"fixed_version":"2:4.10.6-1","repositories":{"buster":"2:4.20-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2:4.10.6-1","repositories":{"stretch":"2:4.12-6"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2:4.10.6-1","repositories":{"jessie":"2:4.12-1+debu8u1","jessie-security":"2:4.12-1+debu8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2:4.10.6-1","repositories":{"sid":"2:4.20-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-1755":{"scope":"remote","description":"jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.","releases":{"buster":{"fixed_version":"2.2.8-2.1","repositories":{"buster":"2.7.0-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.2.8-2.1","repositories":{"stretch-security":"2.4.0-3+deb9u1","stretch":"2.4.0-3+deb9u1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.2.8-2.1","repositories":{"sid":"2.7.0-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2017-10807":{"debianbug":867032,"scope":"remote","description":"JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled.","releases":{"buster":{"fixed_version":"2.6.1-1","repositories":{"buster":"2.7.0-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.4.0-3+deb9u1","repositories":{"stretch-security":"2.4.0-3+deb9u1","stretch":"2.4.0-3+deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.6.1-1","repositories":{"sid":"2.7.0-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-18225":{"scope":"local","description":"The Gentoo net-im/jabberd2 package through 2.6.1 installs jabberd, jabberd2-c2s, jabberd2-router, jabberd2-s2s, and jabberd2-sm in /usr/bin owned by the jabber account, which might allow local users to gain privileges by leveraging access to this account and then waiting for root to execute one of these programs.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.7.0-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"2.4.0-3+deb9u1","stretch":"2.4.0-3+deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.7.0-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-18226":{"debianbug":902783,"scope":"local","description":"The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script executes a \"kill -TERM `cat /var/run/jabber/filename.pid`\" command.","releases":{"buster":{"nodsa":"Minor issue, default init system not affected","repositories":{"buster":"2.7.0-1"},"urgency":"low","nodsa_reason":"","status":"open"},"stretch":{"nodsa":"Minor issue, default init system not affected","repositories":{"stretch-security":"2.4.0-3+deb9u1","stretch":"2.4.0-3+deb9u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"2.7.0-1"},"urgency":"low","status":"open"}}}}
{"CVE-2012-3525":{"debianbug":685666,"scope":"remote","description":"s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response.","releases":{"buster":{"fixed_version":"2.2.17-1","repositories":{"buster":"2.7.0-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.2.17-1","repositories":{"stretch-security":"2.4.0-3+deb9u1","stretch":"2.4.0-3+deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.2.17-1","repositories":{"sid":"2.7.0-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-1329":{"debianbug":357874,"scope":"remote","description":"The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows remote attackers to cause a denial of service (\"c2s segfault\") by sending a \"response stanza before an auth stanza\".","releases":{"buster":{"fixed_version":"2.0s11-1","repositories":{"buster":"2.7.0-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.0s11-1","repositories":{"stretch-security":"2.4.0-3+deb9u1","stretch":"2.4.0-3+deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.0s11-1","repositories":{"sid":"2.7.0-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-2058":{"debianbug":779154,"scope":"remote","description":"c2s/c2s.c in Jabber Open Source Server 2.3.2 and earlier truncates data without ensuring it remains valid UTF-8, which allows remote authenticated users to read system memory or possibly have other unspecified impact via a crafted JID.","releases":{"buster":{"fixed_version":"2.3.3-1","repositories":{"buster":"2.7.0-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.3.3-1","repositories":{"stretch-security":"2.4.0-3+deb9u1","stretch":"2.4.0-3+deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.3.3-1","repositories":{"sid":"2.7.0-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-6171":{"debianbug":830809,"scope":"remote","description":"Knot DNS before 2.3.0 allows remote DNS servers to cause a denial of service (memory exhaustion and slave server crash) via a large zone transfer for (1) DDNS, (2) AXFR, or (3) IXFR.","releases":{"buster":{"fixed_version":"2.3.0-1","repositories":{"buster":"2.7.6-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.3.0-1","repositories":{"stretch-security":"2.4.0-3+deb9u1","stretch":"2.4.0-3+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.6.0-1+deb8u1","jessie-security":"1.6.0-1+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.3.0-1","repositories":{"sid":"2.7.6-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-11104":{"debianbug":865678,"scope":"remote","description":"Knot DNS before 2.4.5 and 2.5.x before 2.5.2 contains a flaw within the TSIG protocol implementation that would allow an attacker with a valid key name and algorithm to bypass TSIG authentication if no additional ACL restrictions are set, because of an improper TSIG validity period check.","releases":{"buster":{"fixed_version":"2.5.3-1","repositories":{"buster":"2.7.6-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.0-3+deb9u1","repositories":{"stretch-security":"2.4.0-3+deb9u1","stretch":"2.4.0-3+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.6.0-1+deb8u1","repositories":{"jessie":"1.6.0-1+deb8u1","jessie-security":"1.6.0-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.5.3-1","repositories":{"sid":"2.7.6-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-0486":{"scope":"remote","description":"Knot DNS before 1.5.2 allows remote attackers to cause a denial of service (application crash) via a crafted DNS message.","releases":{"buster":{"fixed_version":"1.5.2-1","repositories":{"buster":"2.7.6-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.5.2-1","repositories":{"stretch-security":"2.4.0-3+deb9u1","stretch":"2.4.0-3+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.5.2-1","repositories":{"jessie":"1.6.0-1+deb8u1","jessie-security":"1.6.0-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.5.2-1","repositories":{"sid":"2.7.6-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2002-1090":{"scope":"remote","description":"Buffer overflow in read_smtp_response of protocol.c in libesmtp before 0.8.11 allows a remote SMTP server to (1) execute arbitrary code via a certain response or (2) cause a denial of service via long server responses.","releases":{"buster":{"fixed_version":"0.8.11-1","repositories":{"buster":"1.0.6-4.3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.8.11-1","repositories":{"stretch":"1.0.6-4.2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.8.11-1","repositories":{"jessie":"1.0.6-4"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.8.11-1","repositories":{"sid":"1.0.6-4.3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-1194":{"debianbug":311191,"scope":"remote","description":"The match_component function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName.","releases":{"buster":{"fixed_version":"1.0.4-2","repositories":{"buster":"1.0.6-4.3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.4-2","repositories":{"stretch":"1.0.6-4.2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.4-2","repositories":{"jessie":"1.0.6-4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.4-2","repositories":{"sid":"1.0.6-4.3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-1192":{"debianbug":572960,"scope":"remote","description":"libESMTP, probably 1.0.4 and earlier, does not properly handle a '\\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.","releases":{"buster":{"fixed_version":"1.0.4-5","repositories":{"buster":"1.0.6-4.3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.4-5","repositories":{"stretch":"1.0.6-4.2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.4-5","repositories":{"jessie":"1.0.6-4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.4-5","repositories":{"sid":"1.0.6-4.3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-15161":{"scope":"remote","description":"** DISPUTED ** The libesedb_key_append_data function in libesedb_key.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments.","releases":{"buster":{"repositories":{"buster":"20181229-3"},"urgency":"medium**","status":"undetermined"},"stretch":{"repositories":{"stretch":"20170121-2"},"urgency":"medium**","status":"undetermined"},"sid":{"repositories":{"sid":"20181229-3"},"urgency":"medium**","status":"undetermined"}}}}
{"CVE-2018-15160":{"scope":"remote","description":"** DISPUTED ** The libesedb_catalog_definition_read function in libesedb_catalog_definition.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments.","releases":{"buster":{"repositories":{"buster":"20181229-3"},"urgency":"medium**","status":"undetermined"},"stretch":{"repositories":{"stretch":"20170121-2"},"urgency":"medium**","status":"undetermined"},"sid":{"repositories":{"sid":"20181229-3"},"urgency":"medium**","status":"undetermined"}}}}
{"CVE-2018-15159":{"scope":"remote","description":"** DISPUTED ** The libesedb_page_read_tags function in libesedb_page.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments.","releases":{"buster":{"repositories":{"buster":"20181229-3"},"urgency":"medium**","status":"undetermined"},"stretch":{"repositories":{"stretch":"20170121-2"},"urgency":"medium**","status":"undetermined"},"sid":{"repositories":{"sid":"20181229-3"},"urgency":"medium**","status":"undetermined"}}}}
{"CVE-2018-15158":{"scope":"remote","description":"** DISPUTED ** The libesedb_page_read_values function in libesedb_page.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments.","releases":{"buster":{"repositories":{"buster":"20181229-3"},"urgency":"medium**","status":"undetermined"},"stretch":{"repositories":{"stretch":"20170121-2"},"urgency":"medium**","status":"undetermined"},"sid":{"repositories":{"sid":"20181229-3"},"urgency":"medium**","status":"undetermined"}}}}
{"CVE-2014-8991":{"debianbug":725847,"scope":"local","description":"pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.","releases":{"buster":{"fixed_version":"1.5.6-4","repositories":{"buster":"18.1-5"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.5.6-4","repositories":{"stretch":"9.0.1-2+deb9u1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.5.6-4","repositories":{"jessie":"1.5.6-5"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.5.6-4","repositories":{"sid":"18.1-5"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2013-5123":{"releases":{"buster":{"fixed_version":"1.4.1-1","repositories":{"buster":"18.1-5"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.4.1-1","repositories":{"stretch":"9.0.1-2+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1.4.1-1","repositories":{"jessie":"1.5.6-5"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.4.1-1","repositories":{"sid":"18.1-5"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-1629":{"debianbug":710163,"scope":"remote","description":"pip before 1.3 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to a \"pip install\" operation.","releases":{"buster":{"fixed_version":"1.3.1-1","repositories":{"buster":"18.1-5"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.3.1-1","repositories":{"stretch":"9.0.1-2+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.3.1-1","repositories":{"jessie":"1.5.6-5"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.3.1-1","repositories":{"sid":"18.1-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-1888":{"scope":"local","description":"pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"18.1-5"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"9.0.1-2+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.5.6-5"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"18.1-5"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-11189":{"scope":"remote","description":"unrarlib.c in unrar-free 0.0.1 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash), which could be relevant if unrarlib is used as library code for a long-running application.","releases":{"buster":{"repositories":{"buster":"1:0.0.1+cvs20140707-4"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"1:0.0.1+cvs20140707-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1:0.0.1+cvs20140707-1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"1:0.0.1+cvs20140707-4"},"urgency":"unimportant","status":"open"}}}}
{"TEMP-0000000-DEED53":{"releases":{"buster":{"fixed_version":"1:0.0.1-2","repositories":{"buster":"1:0.0.1+cvs20140707-4"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"1:0.0.1-2","repositories":{"stretch":"1:0.0.1+cvs20140707-1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"1:0.0.1-2","repositories":{"jessie":"1:0.0.1+cvs20140707-1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"1:0.0.1-2","repositories":{"sid":"1:0.0.1+cvs20140707-4"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2017-14122":{"debianbug":874060,"scope":"remote","description":"unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stricomp.","releases":{"buster":{"fixed_version":"1:0.0.1+cvs20140707-4","repositories":{"buster":"1:0.0.1+cvs20140707-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"1:0.0.1+cvs20140707-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1:0.0.1+cvs20140707-1"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"1:0.0.1+cvs20140707-4","repositories":{"sid":"1:0.0.1+cvs20140707-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-14121":{"debianbug":874061,"scope":"remote","description":"The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a NULL pointer dereference flaw triggered by a specially crafted RAR archive.","releases":{"buster":{"fixed_version":"1:0.0.1+cvs20140707-4","repositories":{"buster":"1:0.0.1+cvs20140707-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"1:0.0.1+cvs20140707-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1:0.0.1+cvs20140707-1"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"1:0.0.1+cvs20140707-4","repositories":{"sid":"1:0.0.1+cvs20140707-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-14120":{"debianbug":874059,"scope":"remote","description":"unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory.","releases":{"buster":{"fixed_version":"1:0.0.1+cvs20140707-2","repositories":{"buster":"1:0.0.1+cvs20140707-4"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1:0.0.1+cvs20140707-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1:0.0.1+cvs20140707-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1:0.0.1+cvs20140707-2","repositories":{"sid":"1:0.0.1+cvs20140707-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-11190":{"scope":"remote","description":"unrarlib.c in unrar-free 0.0.1, when _DEBUG_LOG mode is enabled, might allow remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via an RAR archive containing a long filename.","releases":{"buster":{"repositories":{"buster":"1:0.0.1+cvs20140707-4"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"1:0.0.1+cvs20140707-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1:0.0.1+cvs20140707-1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"1:0.0.1+cvs20140707-4"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2011-1833":{"scope":"local","description":"Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount with a mismatched uid.","releases":{"stretch":{"fixed_version":"92-1","repositories":{"stretch":"111-4"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"92-1","repositories":{"jessie":"103-5+deb8u1","jessie-security":"103-5+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"92-1","repositories":{"sid":"111-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2008-5188":{"scope":"local","description":"The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process.","releases":{"stretch":{"fixed_version":"66-1","repositories":{"stretch":"111-4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"66-1","repositories":{"jessie":"103-5+deb8u1","jessie-security":"103-5+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"66-1","repositories":{"sid":"111-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-1832":{"scope":"local","description":"utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to remove directories via a umount system call.","releases":{"stretch":{"fixed_version":"92-1","repositories":{"stretch":"111-4"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"92-1","repositories":{"jessie":"103-5+deb8u1","jessie-security":"103-5+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"92-1","repositories":{"sid":"111-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2015-8946":{"scope":"local","description":"ecryptfs-setup-swap in eCryptfs before 111 does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning and certain versions of systemd, which allows local users to obtain sensitive information via unspecified vectors.","releases":{"stretch":{"fixed_version":"111-1","repositories":{"stretch":"111-4"},"urgency":"low**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"103-5+deb8u1","jessie-security":"103-5+deb8u1"},"urgency":"low**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"111-1","repositories":{"sid":"111-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2011-1831":{"scope":"local","description":"utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to effectively replace any directory with a new filesystem, and consequently gain privileges, via a mount system call.","releases":{"stretch":{"fixed_version":"92-1","repositories":{"stretch":"111-4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"92-1","repositories":{"jessie":"103-5+deb8u1","jessie-security":"103-5+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"92-1","repositories":{"sid":"111-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-1837":{"scope":"local","description":"The lock-counter implementation in utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 allows local users to overwrite arbitrary files via unspecified vectors.","releases":{"stretch":{"fixed_version":"92-1","repositories":{"stretch":"111-4"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"92-1","repositories":{"jessie":"103-5+deb8u1","jessie-security":"103-5+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"92-1","repositories":{"sid":"111-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2011-1836":{"scope":"local","description":"utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process.","releases":{"stretch":{"fixed_version":"92-1","repositories":{"stretch":"111-4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"92-1","repositories":{"jessie":"103-5+deb8u1","jessie-security":"103-5+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"92-1","repositories":{"sid":"111-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-1835":{"scope":"local","description":"The encrypted private-directory setup process in utils/ecryptfs-setup-private in ecryptfs-utils before 90 does not properly ensure that the passphrase file is created, which might allow local users to bypass intended access restrictions at a certain time in the new-user creation steps.","releases":{"stretch":{"fixed_version":"92-1","repositories":{"stretch":"111-4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"92-1","repositories":{"jessie":"103-5+deb8u1","jessie-security":"103-5+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"92-1","repositories":{"sid":"111-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-1834":{"scope":"local","description":"utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly maintain the mtab file during error conditions, which allows local users to cause a denial of service (table corruption) or bypass intended unmounting restrictions via a umount system call.","releases":{"stretch":{"fixed_version":"92-1","repositories":{"stretch":"111-4"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"92-1","repositories":{"jessie":"103-5+deb8u1","jessie-security":"103-5+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"92-1","repositories":{"sid":"111-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-6224":{"scope":"local","description":"ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning on a (1) NVMe or (2) MMC drive, which allows local users to obtain sensitive information via unspecified vectors.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8946.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"111-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"103-5+deb8u1","jessie-security":"103-5+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"111-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-3409":{"debianbug":682220,"releases":{"stretch":{"fixed_version":"99-1","repositories":{"stretch":"111-4"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"99-1","repositories":{"jessie":"103-5+deb8u1","jessie-security":"103-5+deb8u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"99-1","repositories":{"sid":"111-4"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2016-1572":{"scope":"local","description":"mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid.","releases":{"stretch":{"fixed_version":"106-2","repositories":{"stretch":"111-4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"103-5+deb8u1","repositories":{"jessie":"103-5+deb8u1","jessie-security":"103-5+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"106-2","repositories":{"sid":"111-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-3145":{"scope":"remote","description":"When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private.","releases":{"stretch":{"fixed_version":"92-1","repositories":{"stretch":"111-4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"92-1","repositories":{"jessie":"103-5+deb8u1","jessie-security":"103-5+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"92-1","repositories":{"sid":"111-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-9687":{"debianbug":780385,"scope":"remote","description":"eCryptfs 104 and earlier uses a default salt to encrypt the mount passphrase, which makes it easier for attackers to obtain user passwords via a brute force attack.","releases":{"stretch":{"fixed_version":"103-4","repositories":{"stretch":"111-4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"103-4","repositories":{"jessie":"103-5+deb8u1","jessie-security":"103-5+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"103-4","repositories":{"sid":"111-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-1296":{"debianbug":532372,"scope":"local","description":"The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on Ubuntu 9.04 stores the mount passphrase in installation logs, which might allow local users to obtain access to the filesystem by reading the log files from disk.  NOTE: the log files are only readable by root.","releases":{"stretch":{"fixed_version":"75-2","repositories":{"stretch":"111-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"75-2","repositories":{"jessie":"103-5+deb8u1","jessie-security":"103-5+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"75-2","repositories":{"sid":"111-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-6384":{"debianbug":730227,"scope":"local","description":"(1) impl_db2.py and (2) impl_mongodb.py in OpenStack Ceilometer 2013.2 and earlier, when the logging level is set to INFO, logs the connection string from ceilometer.conf, which allows local users to obtain sensitive information (the DB2 or MongoDB password) by reading the log file.","releases":{"buster":{"fixed_version":"2013.2-4","repositories":{"buster":"1:11.0.1-5"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2013.2-4","repositories":{"stretch":"1:7.0.1-5"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"2013.2-4","repositories":{"jessie":"2014.1.3-6"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2013.2-4","repositories":{"sid":"1:11.0.1-5"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2014-4615":{"scope":"remote","description":"The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain X_AUTH_TOKEN values by reading the message queue (v2/meters/http.request).","releases":{"buster":{"fixed_version":"2014.1.2-1","repositories":{"buster":"1:11.0.1-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2014.1.2-1","repositories":{"stretch":"1:7.0.1-5"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2014.1.2-1","repositories":{"jessie":"2014.1.3-6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2014.1.2-1","repositories":{"sid":"1:11.0.1-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-3830":{"debianbug":925298,"scope":"remote","description":"A vulnerability was found in ceilometer before version 12.0.0.0rc1. An Information Exposure in ceilometer-agent prints sensitive configuration data to log files without DEBUG logging being activated.","releases":{"buster":{"fixed_version":"1:11.0.1-5","repositories":{"buster":"1:11.0.1-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1:7.0.1-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2014.1.3-6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:11.0.1-5","repositories":{"sid":"1:11.0.1-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2002-0896":{"scope":"remote","description":"The throttle capability in Swatch may fail to report certain events if (1) the same type of event occurs after the throttle period, or (2) when multiple events matching the same \"watchfor\" expression do not occur after the throttle period, which could allow attackers to avoid detection.","releases":{"buster":{"fixed_version":"3.0.4-1","repositories":{"buster":"3.2.4-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.0.4-1","repositories":{"stretch":"3.2.3-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.0.4-1","repositories":{"jessie":"3.2.3-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.0.4-1","repositories":{"sid":"3.2.4-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2003-0173":{"scope":"local","description":"xfsdq in xfsdump does not create quota information files securely, which allows local users to gain root privileges.","releases":{"buster":{"fixed_version":"2.2.8-1","repositories":{"buster":"3.1.6+nmu2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.2.8-1","repositories":{"stretch":"3.1.6+nmu2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.2.8-1","repositories":{"jessie":"3.1.4"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.2.8-1","repositories":{"sid":"3.1.6+nmu2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-2654":{"debianbug":417894,"scope":"local","description":"xfs_fsr in xfsdump creates a .fsr temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems.","releases":{"buster":{"fixed_version":"2.2.45-1","repositories":{"buster":"3.1.6+nmu2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.2.45-1","repositories":{"stretch":"3.1.6+nmu2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.2.45-1","repositories":{"jessie":"3.1.4"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.2.45-1","repositories":{"sid":"3.1.6+nmu2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-2232":{"debianbug":490921,"scope":"local","description":"The expand_template function in afuse.c in afuse 0.2 allows local users to gain privileges via shell metacharacters in a pathname.","releases":{"buster":{"fixed_version":"0.2-3","repositories":{"buster":"0.4.1-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"0.2-3","repositories":{"stretch":"0.4.1-1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"0.2-3","repositories":{"jessie":"0.4.1-1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"0.2-3","repositories":{"sid":"0.4.1-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2012-6303":{"debianbug":695614,"scope":"remote","description":"Heap-based buffer overflow in the GetWavHeader function in generic/jkSoundFile.c in the Snack Sound Toolkit, as used in WaveSurfer 1.8.8p4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large chunk size in a WAV file.","releases":{"buster":{"fixed_version":"2.2.10-dfsg1-12.1","repositories":{"buster":"2.2.10.20090623-dfsg-8"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.2.10-dfsg1-12.1","repositories":{"stretch":"2.2.10.20090623-dfsg-6"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.2.10-dfsg1-12.1","repositories":{"jessie":"2.2.10.20090623-dfsg-4"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.2.10-dfsg1-12.1","repositories":{"sid":"2.2.10.20090623-dfsg-8"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-5244":{"debianbug":407010,"scope":"remote","description":"Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact and attack vectors related to libfaad.  NOTE: due to the lack of details, it is not clear whether this is an issue in xine-lib or in libfaad.","releases":{"buster":{"fixed_version":"1.0~rc2-20","repositories":{"buster":"2:1.3.0-8"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.0~rc2-20","repositories":{"stretch":"2:1.3.0-6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.0~rc2-20","repositories":{"sid":"2:1.3.0-8"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2004-1311":{"scope":"remote","description":"Integer overflow in the real_setup_and_get_header function in real.c for Unix MPlayer 1.0pre5 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a Real RTSP streaming media file with a -1 content-length field, which leads to a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"1.0~pre6a-1","repositories":{"buster":"2:1.3.0-8"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0~pre6a-1","repositories":{"stretch":"2:1.3.0-6"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0~pre6a-1","repositories":{"sid":"2:1.3.0-8"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2004-1310":{"scope":"remote","description":"Stack-based buffer overflow in the asf_mmst_streaming.c functionality for MPlayer 1.0pre5 allows remote attackers to execute arbitrary code via a large MMST stream packet.","releases":{"buster":{"fixed_version":"1.0~pre6a-1","repositories":{"buster":"2:1.3.0-8"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0~pre6a-1","repositories":{"stretch":"2:1.3.0-6"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0~pre6a-1","repositories":{"sid":"2:1.3.0-8"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2004-0386":{"scope":"remote","description":"Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0.91 allows remote attackers to execute arbitrary code via a long Location header.","releases":{"buster":{"fixed_version":"1.0~pre6a-1","repositories":{"buster":"2:1.3.0-8"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0~pre6a-1","repositories":{"stretch":"2:1.3.0-6"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0~pre6a-1","repositories":{"sid":"2:1.3.0-8"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-4610":{"debianbug":407010,"scope":"remote","description":"MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as demonstrated by lol-ffplay.ogm, different vectors than CVE-2007-6718.","releases":{"buster":{"fixed_version":"1.0~rc2-20","repositories":{"buster":"2:1.3.0-8"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0~rc2-20","repositories":{"stretch":"2:1.3.0-6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0~rc2-20","repositories":{"sid":"2:1.3.0-8"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0000000-C0C622":{"releases":{"buster":{"fixed_version":"1.0~rc1-12","repositories":{"buster":"2:1.3.0-8"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"1.0~rc1-12","repositories":{"stretch":"2:1.3.0-6"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"1.0~rc1-12","repositories":{"sid":"2:1.3.0-8"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2011-3625":{"debianbug":645987,"scope":"remote","description":"Stack-based buffer overflow in the sub_read_line_sami function in subreader.c in MPlayer, as used in SMPlayer 0.6.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a SAMI subtitle file.","releases":{"buster":{"fixed_version":"2:1.0~rc4.dfsg1+svn33713-2","repositories":{"buster":"2:1.3.0-8"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2:1.0~rc4.dfsg1+svn33713-2","repositories":{"stretch":"2:1.3.0-6"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2:1.0~rc4.dfsg1+svn33713-2","repositories":{"sid":"2:1.3.0-8"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-0630":{"debianbug":464532,"scope":"remote","description":"Buffer overflow in url.c in MPlayer 1.0rc2 and SVN before r25823 allows remote attackers to execute arbitrary code via a crafted URL that prevents the IPv6 parsing code from setting a pointer to NULL, which causes the buffer to be reused by the unescape code.","releases":{"buster":{"fixed_version":"1.0~rc2-8","repositories":{"buster":"2:1.3.0-8"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.0~rc2-8","repositories":{"stretch":"2:1.3.0-6"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.0~rc2-8","repositories":{"sid":"2:1.3.0-8"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2006-0579":{"scope":"remote","description":"Multiple integer overflows in (1) the new_demux_packet function in demuxer.h and (2) the demux_asf_read_packet function in demux_asf.c in MPlayer 1.0pre7try2 and earlier allow remote attackers to execute arbitrary code via an ASF file with a large packet length value. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2:1.3.0-8"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2:1.3.0-6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2:1.3.0-8"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-2948":{"scope":"remote","description":"Multiple stack-based buffer overflows in stream/stream_cddb.c in MPlayer before 1.0rc1try3 allow remote attackers to execute arbitrary code via a CDDB entry with a long (1) album title or (2) category.","releases":{"buster":{"fixed_version":"1.0~rc1-14","repositories":{"buster":"2:1.3.0-8"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0~rc1-14","repositories":{"stretch":"2:1.3.0-6"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0~rc1-14","repositories":{"sid":"2:1.3.0-8"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-4352":{"debianbug":823723,"scope":"remote","description":"Integer overflow in the demuxer function in libmpdemux/demux_gif.c in Mplayer allows remote attackers to cause a denial of service (crash) via large dimensions in a gif file.","releases":{"buster":{"fixed_version":"2:1.3.0-2","repositories":{"buster":"2:1.3.0-8"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:1.3.0-2","repositories":{"stretch":"2:1.3.0-6"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:1.3.0-2","repositories":{"sid":"2:1.3.0-8"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-6934":{"scope":"remote","description":"The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6933.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2:1.3.0-8"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2:1.3.0-6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2:1.3.0-8"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-6933":{"scope":"remote","description":"The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow.","releases":{"buster":{"fixed_version":"2:1.1.1+svn37434-1","repositories":{"buster":"2:1.3.0-8"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2:1.1.1+svn37434-1","repositories":{"stretch":"2:1.3.0-6"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2:1.1.1+svn37434-1","repositories":{"sid":"2:1.3.0-8"},"urgency":"low","status":"resolved"}}}}
{"CVE-2006-6172":{"debianbug":401740,"scope":"remote","description":"Buffer overflow in the asmrp_eval function in the RealMedia RTSP stream handler (asmrp.c) for Real Media input plugin, as used in (1) xine/xine-lib, (2) MPlayer 1.0rc1 and earlier, and possibly others, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a rulebook with a large number of rulematches.","releases":{"buster":{"fixed_version":"1.0~rc1-11","repositories":{"buster":"2:1.3.0-8"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.0~rc1-11","repositories":{"stretch":"2:1.3.0-6"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.0~rc1-11","repositories":{"sid":"2:1.3.0-8"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2008-3827":{"debianbug":500683,"scope":"remote","description":"Multiple integer underflows in the Real demuxer (demux_real.c) in MPlayer 1.0_rc2 and earlier allow remote attackers to cause a denial of service (process termination) and possibly execute arbitrary code via a crafted video file that causes the stream_read function to read or write arbitrary memory.","releases":{"buster":{"fixed_version":"1.0~rc2-18","repositories":{"buster":"2:1.3.0-8"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.0~rc2-18","repositories":{"stretch":"2:1.3.0-6"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.0~rc2-18","repositories":{"sid":"2:1.3.0-8"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2007-6718":{"debianbug":407010,"scope":"remote","description":"MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of service (SIGSEGV and application crash) via (1) a malformed MP3 file, as demonstrated by lol-mplayer.mp3; (2) a malformed Ogg Vorbis file, as demonstrated by lol-mplayer.ogg; (3) a malformed MPEG-1 file, as demonstrated by lol-mplayer.mpg; (4) a malformed MPEG-2 file, as demonstrated by lol-mplayer.m2v; (5) a malformed MPEG-4 AVI file, as demonstrated by lol-mplayer.avi; (6) a malformed FLAC file, as demonstrated by lol-mplayer.flac; (7) a malformed Ogg Theora file, as demonstrated by lol-mplayer.ogm; (8) a malformed WMV file, as demonstrated by lol-mplayer.wmv; or (9) a malformed AAC file, as demonstrated by lol-mplayer.aac.  NOTE: vector 5 might overlap CVE-2007-4938, and vector 6 might overlap CVE-2008-0486.","releases":{"buster":{"fixed_version":"1.0~rc3+svn20100502-1","repositories":{"buster":"2:1.3.0-8"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.0~rc3+svn20100502-1","repositories":{"stretch":"2:1.3.0-6"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.0~rc3+svn20100502-1","repositories":{"sid":"2:1.3.0-8"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-1246":{"debianbug":414072,"scope":"remote","description":"The DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder.c in MPlayer 1.0rc1 and earlier, as used in xine-lib, does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code, a different vulnerability than CVE-2007-1387.","releases":{"buster":{"fixed_version":"1.0~rc1-13","repositories":{"buster":"2:1.3.0-8"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.0~rc1-13","repositories":{"stretch":"2:1.3.0-6"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.0~rc1-13","repositories":{"sid":"2:1.3.0-8"},"urgency":"medium","status":"resolved"}}}}
{"TEMP-0000000-B138FB":{"releases":{"buster":{"fixed_version":"1.0~rc1-12","repositories":{"buster":"2:1.3.0-8"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"1.0~rc1-12","repositories":{"stretch":"2:1.3.0-6"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"1.0~rc1-12","repositories":{"sid":"2:1.3.0-8"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2005-1195":{"scope":"remote","description":"Multiple heap-based buffer overflows in the code used to handle (1) MMS over TCP (MMST) streams or (2) RealMedia RTSP streams in xine-lib before 1.0, and other products that use xine-lib such as MPlayer 1.0pre6 and earlier, allow remote malicious servers to execute arbitrary code.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2:1.3.0-8"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2:1.3.0-6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2:1.3.0-8"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2004-1188":{"scope":"remote","description":"The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which causes a read operation with a negative length that leads to a buffer overflow via (1) RMF_TAG, (2) DATA_TAG, (3) PROP_TAG, (4) MDPR_TAG, and (5) CONT_TAG values, a different vulnerability than CVE-2004-1187.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2:1.3.0-8"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2:1.3.0-6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2:1.3.0-8"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-4938":{"debianbug":443478,"scope":"remote","description":"Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large \"indx truck size\" and nEntriesInuse values, and a certain wLongsPerEntry value.","releases":{"buster":{"fixed_version":"1.0~rc1-16.1","repositories":{"buster":"2:1.3.0-8"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0~rc1-16.1","repositories":{"stretch":"2:1.3.0-6"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0~rc1-16.1","repositories":{"sid":"2:1.3.0-8"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2005-4048":{"debianbug":342207,"scope":"remote","description":"Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2:1.3.0-8"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2:1.3.0-6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2:1.3.0-8"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2004-0433":{"scope":"remote","description":"Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1.0pre4 and (2) xine lib (xine-lib) before 1-rc4, when playing Real RTSP (realrtsp) streams, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (a) long URLs, (b) long Real server responses, or (c) long Real Data Transport (RDT) packets.","releases":{"buster":{"fixed_version":"1.0~pre6a-1","repositories":{"buster":"2:1.3.0-8"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0~pre6a-1","repositories":{"stretch":"2:1.3.0-6"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0~pre6a-1","repositories":{"sid":"2:1.3.0-8"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2004-1309":{"scope":"remote","description":"Heap-based buffer overflow in the demux_open_bmp function in demux_bmp.c for Unix MPlayer 1.0pre5 allows remote attackers to execute arbitrary code via a bitmap (BMP) file containing a large biClrUsed field.","releases":{"buster":{"fixed_version":"1.0~pre6a-1","repositories":{"buster":"2:1.3.0-8"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0~pre6a-1","repositories":{"stretch":"2:1.3.0-6"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0~pre6a-1","repositories":{"sid":"2:1.3.0-8"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-0486":{"debianbug":464060,"scope":"remote","description":"Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow.","releases":{"buster":{"fixed_version":"1.0~rc2-8","repositories":{"buster":"2:1.3.0-8"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0~rc2-8","repositories":{"stretch":"2:1.3.0-6"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0~rc2-8","repositories":{"sid":"2:1.3.0-8"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-2062":{"debianbug":581245,"scope":"remote","description":"Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.c in VideoLAN VLC media player before 1.0.1 and stream/realrtsp/real.c in MPlayer before r29447, allows remote attackers to execute arbitrary code via a crafted length value in an RDT chunk header.","releases":{"buster":{"fixed_version":"2:1.0~rc3+svn20100502-3","repositories":{"buster":"2:1.3.0-8"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2:1.0~rc3+svn20100502-3","repositories":{"stretch":"2:1.3.0-6"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2:1.0~rc3+svn20100502-3","repositories":{"sid":"2:1.3.0-8"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2004-0659":{"scope":"remote","description":"Buffer overflow in TranslateFilename for common.c in MPlayer 1.0pre4 allows remote attackers to execute arbitrary code via a long file name.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2:1.3.0-8"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2:1.3.0-6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2:1.3.0-8"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-0485":{"debianbug":464060,"scope":"remote","description":"Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and earlier might allow remote attackers to execute arbitrary code via a QuickTime MOV file with a crafted stsc atom tag.","releases":{"buster":{"fixed_version":"1.0~rc2-8","repositories":{"buster":"2:1.3.0-8"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0~rc2-8","repositories":{"stretch":"2:1.3.0-6"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0~rc2-8","repositories":{"sid":"2:1.3.0-8"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-4800":{"debianbug":401304,"scope":"remote","description":"Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4) sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10) shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c.  NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802.","releases":{"buster":{"fixed_version":"1.0~rc1-1","repositories":{"buster":"2:1.3.0-8"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0~rc1-1","repositories":{"stretch":"2:1.3.0-6"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0~rc1-1","repositories":{"sid":"2:1.3.0-8"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-0385":{"debianbug":524799,"scope":"remote","description":"Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference.","releases":{"buster":{"fixed_version":"1.0~rc2-14","repositories":{"buster":"2:1.3.0-8"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.0~rc2-14","repositories":{"stretch":"2:1.3.0-6"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.0~rc2-14","repositories":{"sid":"2:1.3.0-8"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2008-1558":{"debianbug":473056,"scope":"remote","description":"Uncontrolled array index in the sdpplin_parse function in stream/realrtsp/sdpplin.c in MPlayer 1.0 rc2 allows remote attackers to overwrite memory and execute arbitrary code via a large streamid SDP parameter.  NOTE: this issue has been referred to as an integer overflow.","releases":{"buster":{"fixed_version":"1.0~rc2-10","repositories":{"buster":"2:1.3.0-8"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.0~rc2-10","repositories":{"stretch":"2:1.3.0-6"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.0~rc2-10","repositories":{"sid":"2:1.3.0-8"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2008-4866":{"debianbug":504977,"scope":"remote","description":"Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 before r14715, as used by MPlayer, allow context-dependent attackers to have an unknown impact via vectors related to execution of DTS generation code with a delay greater than MAX_REORDER_DELAY.","releases":{"buster":{"fixed_version":"1.0~rc2-14","repositories":{"buster":"2:1.3.0-8"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0~rc2-14","repositories":{"stretch":"2:1.3.0-6"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0~rc2-14","repositories":{"sid":"2:1.3.0-8"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-4867":{"debianbug":504977,"scope":"remote","description":"Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as used by MPlayer, allows context-dependent attackers to have an unknown impact via vectors related to an incorrect DCA_MAX_FRAME_SIZE value.","releases":{"buster":{"fixed_version":"1.0~rc2-14","repositories":{"buster":"2:1.3.0-8"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0~rc2-14","repositories":{"stretch":"2:1.3.0-6"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0~rc2-14","repositories":{"sid":"2:1.3.0-8"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-5616":{"debianbug":508803,"scope":"remote","description":"Stack-based buffer overflow in the demux_open_vqf function in libmpdemux/demux_vqf.c in MPlayer 1.0 rc2 before r28150 allows remote attackers to execute arbitrary code via a malformed TwinVQ file.","releases":{"buster":{"fixed_version":"1.0~rc2-19","repositories":{"buster":"2:1.3.0-8"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.0~rc2-19","repositories":{"stretch":"2:1.3.0-6"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.0~rc2-19","repositories":{"sid":"2:1.3.0-8"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-4868":{"scope":"remote","description":"Unspecified vulnerability in the avcodec_close function in libavcodec/utils.c in FFmpeg 0.4.9 before r14787, as used by MPlayer, has unknown impact and attack vectors, related to a free \"on random pointers.\"","releases":{"buster":{"fixed_version":"1.0~rc2-14","repositories":{"buster":"2:1.3.0-8"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0~rc2-14","repositories":{"stretch":"2:1.3.0-6"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0~rc2-14","repositories":{"sid":"2:1.3.0-8"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-1387":{"debianbug":414072,"scope":"remote","description":"The DirectShow loader (loader/dshow/DS_VideoDecoder.c) in MPlayer 1.0rc1 and earlier, as used in xine-lib, does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code, a different vulnerability than CVE-2007-1246.","releases":{"buster":{"fixed_version":"1.0~rc1-13","repositories":{"buster":"2:1.3.0-8"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.0~rc1-13","repositories":{"stretch":"2:1.3.0-6"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.0~rc1-13","repositories":{"sid":"2:1.3.0-8"},"urgency":"low","status":"resolved"}}}}
{"CVE-2004-1187":{"scope":"remote","description":"Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNA_TAG values, a different vulnerability than CVE-2004-1188.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2:1.3.0-8"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2:1.3.0-6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2:1.3.0-8"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-0629":{"debianbug":464533,"scope":"remote","description":"Buffer overflow in stream_cddb.c in MPlayer 1.0rc2 and SVN before r25824 allows remote user-assisted attackers to execute arbitrary code via a CDDB database entry containing a long album title.","releases":{"buster":{"fixed_version":"1.0~rc2-8","repositories":{"buster":"2:1.3.0-8"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.0~rc2-8","repositories":{"stretch":"2:1.3.0-6"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.0~rc2-8","repositories":{"sid":"2:1.3.0-8"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2012-3522":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in contrib/langwiz.php in GeSHi before 1.0.8.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.0.8.11-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.0.8.11-2.1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.0.8.11-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.0.8.11-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-3521":{"debianbug":685324,"scope":"remote","description":"Multiple directory traversal vulnerabilities in the cssgen contrib module in GeSHi before 1.0.8.11 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) geshi-path or (2) geshi-lang-path parameter.","releases":{"buster":{"fixed_version":"1.0.8.4-2","repositories":{"buster":"1.0.8.11-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.8.4-2","repositories":{"stretch":"1.0.8.11-2.1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.8.4-2","repositories":{"jessie":"1.0.8.11-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.8.4-2","repositories":{"sid":"1.0.8.11-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-5185":{"scope":"remote","description":"The highlighting functionality in geshi.php in GeSHi before 1.0.8 allows remote attackers to cause a denial of service (infinite loop) via an XML sequence containing an opening delimiter without a closing delimiter, as demonstrated using \"<\".","releases":{"buster":{"fixed_version":"1.0.8.1-1","repositories":{"buster":"1.0.8.11-3"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.0.8.1-1","repositories":{"stretch":"1.0.8.11-2.1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.0.8.1-1","repositories":{"jessie":"1.0.8.11-2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.0.8.1-1","repositories":{"sid":"1.0.8.11-3"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2008-5186":{"debianbug":504445,"scope":"remote","description":"** DISPUTED **  The set_language_path function in geshi.php in Generic Syntax Highlighter (GeSHi) before 1.0.8.1 might allow remote attackers to conduct file inclusion attacks via crafted inputs that influence the default language path ($path variable).  NOTE: this issue has been disputed by a vendor, stating that only a static value is used, so this is not a vulnerability in GeSHi. Separate CVE identifiers would be created for web applications that integrate GeSHi in a way that allows control of the default language path.","releases":{"buster":{"fixed_version":"1.0.8.1-1","repositories":{"buster":"1.0.8.11-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0.8.1-1","repositories":{"stretch":"1.0.8.11-2.1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.0.8.1-1","repositories":{"jessie":"1.0.8.11-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0.8.1-1","repositories":{"sid":"1.0.8.11-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-13666":{"scope":"local","description":"An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.5, as used in libbpg and other products. A small height value can cause an integer underflow, which leads to a crash. This is a different vulnerability than CVE-2017-8906.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.9-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.1-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.9-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-13135":{"scope":"remote","description":"A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg 0.9.7 and other products, because the CUData::initialize function in common/cudata.cpp mishandles memory-allocation failure.","releases":{"buster":{"fixed_version":"2.6-3","repositories":{"buster":"2.9-4"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.1-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.6-3","repositories":{"sid":"2.9-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-8906":{"scope":"remote","description":"An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.4, as used by the x265_encoder_encode dependency in libbpg and other products. A small picture can cause an integer underflow, which leads to a Denial of Service in the process of encoding.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.9-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.1-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.9-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-9970":{"scope":"remote","description":"jasypt before 1.9.2 allows a timing attack against the password hash comparison.","releases":{"buster":{"fixed_version":"1.9.2-1","repositories":{"buster":"1.9.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.9.2-1","repositories":{"stretch":"1.9.2-1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.8-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.9.2-1","repositories":{"sid":"1.9.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6410":{"debianbug":856889,"scope":"remote","description":"kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file.","releases":{"buster":{"fixed_version":"5.28.0-2","repositories":{"buster":"5.54.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"5.28.0-2","repositories":{"stretch":"5.28.0-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"5.28.0-2","repositories":{"sid":"5.54.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-0130":{"scope":"remote","description":"Certain Perl scripts in Konversation 0.15 allow remote attackers to execute arbitrary commands via shell metacharacters in (1) channel names or (2) song names that are not properly quoted when the user runs IRC scripts.","releases":{"buster":{"fixed_version":"0.15-3","repositories":{"buster":"1.7.5-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.15-3","repositories":{"stretch-security":"1.6.2-2+deb9u1","stretch":"1.6.2-2+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.15-3","repositories":{"jessie":"1.5-2+deb8u1","jessie-security":"1.5-2+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.15-3","repositories":{"sid":"1.7.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-8483":{"debianbug":766962,"scope":"remote","description":"The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string.","releases":{"buster":{"fixed_version":"1.5-2","repositories":{"buster":"1.7.5-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.5-2","repositories":{"stretch-security":"1.6.2-2+deb9u1","stretch":"1.6.2-2+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.5-2","repositories":{"jessie":"1.5-2+deb8u1","jessie-security":"1.5-2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.5-2","repositories":{"sid":"1.7.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-0131":{"scope":"remote","description":"The Quick Connection dialog in Konversation 0.15 inadvertently uses the user-provided password as the nickname instead of the user-provided nickname when connecting to the IRC server, which could leak the password to other users.","releases":{"buster":{"fixed_version":"0.15-3","repositories":{"buster":"1.7.5-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.15-3","repositories":{"stretch-security":"1.6.2-2+deb9u1","stretch":"1.6.2-2+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.15-3","repositories":{"jessie":"1.5-2+deb8u1","jessie-security":"1.5-2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.15-3","repositories":{"sid":"1.7.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-5050":{"releases":{"buster":{"fixed_version":"1.2.3-1","repositories":{"buster":"1.7.5-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.2.3-1","repositories":{"stretch-security":"1.6.2-2+deb9u1","stretch":"1.6.2-2+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.2.3-1","repositories":{"jessie":"1.5-2+deb8u1","jessie-security":"1.5-2+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.2.3-1","repositories":{"sid":"1.7.5-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-4400":{"debianbug":439837,"scope":"remote","description":"CRLF injection vulnerability in the included media script in Konversation allows user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.","releases":{"buster":{"fixed_version":"1.0.1-4","repositories":{"buster":"1.7.5-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.0.1-4","repositories":{"stretch-security":"1.6.2-2+deb9u1","stretch":"1.6.2-2+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.0.1-4","repositories":{"jessie":"1.5-2+deb8u1","jessie-security":"1.5-2+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.0.1-4","repositories":{"sid":"1.7.5-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2005-0129":{"scope":"remote","description":"The Quick Buttons feature in Konversation 0.15 allows remote attackers to execute certain IRC commands via a channel name containing \"%\" variables, which are recursively expanded by the Server::parseWildcards function when the Part Button is selected.","releases":{"buster":{"fixed_version":"0.15-3","repositories":{"buster":"1.7.5-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.15-3","repositories":{"stretch-security":"1.6.2-2+deb9u1","stretch":"1.6.2-2+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.15-3","repositories":{"jessie":"1.5-2+deb8u1","jessie-security":"1.5-2+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.15-3","repositories":{"sid":"1.7.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-15923":{"debianbug":881586,"scope":"remote","description":"Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow remote attackers to cause a denial of service (crash) via vectors related to parsing of IRC color formatting codes.","releases":{"buster":{"fixed_version":"1.7.3-1","repositories":{"buster":"1.7.5-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.6.2-2+deb9u1","repositories":{"stretch-security":"1.6.2-2+deb9u1","stretch":"1.6.2-2+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.5-2+deb8u1","repositories":{"jessie":"1.5-2+deb8u1","jessie-security":"1.5-2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.7.3-1","repositories":{"sid":"1.7.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-19517":{"debianbug":914553,"scope":"remote","description":"An issue was discovered in sysstat 12.1.1. The remap_struct function in sa_common.c has an out-of-bounds read during a memset call, as demonstrated by sadf.","releases":{"buster":{"fixed_version":"12.0.3-2","repositories":{"buster":"12.0.3-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"11.4.3-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"11.0.1-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"12.0.3-2","repositories":{"sid":"12.0.3-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2004-0108":{"scope":"local","description":"The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CAN-2004-0107.","releases":{"buster":{"fixed_version":"5.0.2-1","repositories":{"buster":"12.0.3-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"5.0.2-1","repositories":{"stretch":"11.4.3-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"5.0.2-1","repositories":{"jessie":"11.0.1-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"5.0.2-1","repositories":{"sid":"12.0.3-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-19416":{"debianbug":914384,"scope":"remote","description":"An issue was discovered in sysstat 12.1.1. The remap_struct function in sa_common.c has an out-of-bounds read during a memmove call, as demonstrated by sadf.","releases":{"buster":{"fixed_version":"12.0.3-2","repositories":{"buster":"12.0.3-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"11.4.3-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"11.0.1-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"12.0.3-2","repositories":{"sid":"12.0.3-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2004-0107":{"scope":"local","description":"The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CVE-2004-0108.","releases":{"buster":{"fixed_version":"5.0.2-1","repositories":{"buster":"12.0.3-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"5.0.2-1","repositories":{"stretch":"11.4.3-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"5.0.2-1","repositories":{"jessie":"11.0.1-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"5.0.2-1","repositories":{"sid":"12.0.3-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-3852":{"scope":"local","description":"The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"12.0.3-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"11.4.3-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"11.0.1-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"12.0.3-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-2085":{"debianbug":479039,"scope":"remote","description":"Multiple stack-based buffer overflows in the (1) get_remote_ip_media and (2) get_remote_ipv6_media functions in call.cpp in SIPp 3.1 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted SIP message.","releases":{"buster":{"fixed_version":"2.0.1-1.2","repositories":{"buster":"1:3.5.2-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.0.1-1.2","repositories":{"stretch":"1:3.2-1.1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.0.1-1.2","repositories":{"jessie":"1:3.2-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.0.1-1.2","repositories":{"sid":"1:3.5.2-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-1959":{"debianbug":479039,"scope":"remote","description":"Stack-based buffer overflow in the get_remote_video_port_media function in call.cpp in SIPp 3.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted SIP message.  NOTE: some of these details are obtained from third party information.","releases":{"buster":{"fixed_version":"2.0.1-1.2","repositories":{"buster":"1:3.5.2-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.0.1-1.2","repositories":{"stretch":"1:3.2-1.1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.0.1-1.2","repositories":{"jessie":"1:3.2-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.0.1-1.2","repositories":{"sid":"1:3.5.2-1"},"urgency":"low","status":"resolved"}}}}
{"TEMP-0605160-28DAD2":{"debianbug":605150,"releases":{"buster":{"fixed_version":"3.8.0-2","repositories":{"buster":"5.5.0-5"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.8.0-2","repositories":{"stretch":"5.5.0-5"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3.8.0-2","repositories":{"jessie":"5.5.0-4"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"3.8.0-2","repositories":{"sid":"5.5.0-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2005-3862":{"debianbug":340842,"scope":"remote","description":"Buffer overflow in unalz before 0.53 allows remote attackers to execute arbitrary code via long file names in ALZ archives.","releases":{"buster":{"fixed_version":"0.55-1","repositories":{"buster":"0.65-7"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"0.55-1","repositories":{"stretch":"0.65-5"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"0.55-1","repositories":{"jessie":"0.65-4"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"0.55-1","repositories":{"sid":"0.65-7"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2006-0950":{"debianbug":356832,"scope":"remote","description":"unalz 0.53 allows user-assisted attackers to overwrite arbitrary files via an ALZ archive with \"..\" (dot dot) sequences in a filename.","releases":{"buster":{"fixed_version":"0.55-1","repositories":{"buster":"0.65-7"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.55-1","repositories":{"stretch":"0.65-5"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.55-1","repositories":{"jessie":"0.65-4"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.55-1","repositories":{"sid":"0.65-7"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-4998":{"scope":"local","description":"cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing multiple source files that are copied to the same destination.","releases":{"buster":{"fixed_version":"4.1.2","repositories":{"buster":"8.30-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.1.2","repositories":{"stretch":"8.26-3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.1.2","repositories":{"jessie":"8.23-4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.1.2","repositories":{"sid":"8.30-3"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0306076-4B7D89":{"debianbug":306076,"releases":{"buster":{"fixed_version":"5.93-1","repositories":{"buster":"8.30-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"5.93-1","repositories":{"stretch":"8.26-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"5.93-1","repositories":{"jessie":"8.23-4"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"5.93-1","repositories":{"sid":"8.30-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2003-0854":{"scope":"local","description":"ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.","releases":{"buster":{"fixed_version":"5.2.1-1","repositories":{"buster":"8.30-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"5.2.1-1","repositories":{"stretch":"8.26-3"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"5.2.1-1","repositories":{"jessie":"8.23-4"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"5.2.1-1","repositories":{"sid":"8.30-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-2781":{"debianbug":816320,"scope":"local","description":"chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.","releases":{"buster":{"nodsa":"Minor issue","repositories":{"buster":"8.30-3"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"8.26-3"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"8.23-4"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"sid":{"repositories":{"sid":"8.30-3"},"urgency":"low","status":"open"}}}}
{"CVE-2003-0853":{"scope":"remote","description":"An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd.","releases":{"buster":{"fixed_version":"5.2.1-1","repositories":{"buster":"8.30-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"5.2.1-1","repositories":{"stretch":"8.26-3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"5.2.1-1","repositories":{"jessie":"8.23-4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"5.2.1-1","repositories":{"sid":"8.30-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-2616":{"debianbug":855943,"scope":"local","description":"A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.","releases":{"buster":{"fixed_version":"8.20-1","repositories":{"buster":"8.30-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"8.20-1","repositories":{"stretch":"8.26-3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"8.20-1","repositories":{"jessie":"8.23-4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"8.20-1","repositories":{"sid":"8.30-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-0222":{"scope":"local","description":"The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"8.30-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"8.26-3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"8.23-4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"8.30-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-1946":{"scope":"local","description":"The default configuration of su in /etc/pam.d/su in GNU coreutils 5.2.1 allows local users to gain the privileges of a (1) locked or (2) expired account by entering the account name on the command line, related to improper use of the pam_succeed_if.so module.","releases":{"buster":{"fixed_version":"5.93-1","repositories":{"buster":"8.30-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"5.93-1","repositories":{"stretch":"8.26-3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"5.93-1","repositories":{"jessie":"8.23-4"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"5.93-1","repositories":{"sid":"8.30-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-0223":{"scope":"local","description":"The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i switch, which triggers a stack-based buffer overflow in the alloca function.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"8.30-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"8.26-3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"8.23-4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"8.30-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-4135":{"scope":"local","description":"The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"8.30-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"8.26-3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"8.23-4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"8.30-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-0221":{"scope":"remote","description":"The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the alloca function.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"8.30-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"8.26-3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"8.23-4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"8.30-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-1865":{"scope":"local","description":"fts.c in coreutils 8.4 allows local users to delete arbitrary files.","releases":{"buster":{"fixed_version":"8.13-1","repositories":{"buster":"8.30-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"8.13-1","repositories":{"stretch":"8.26-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"8.13-1","repositories":{"jessie":"8.23-4"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"8.13-1","repositories":{"sid":"8.30-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-4041":{"releases":{"buster":{"fixed_version":"0","repositories":{"buster":"8.30-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"8.26-3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"8.23-4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"8.30-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-4042":{"releases":{"buster":{"fixed_version":"0","repositories":{"buster":"8.30-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"8.26-3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"8.23-4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"8.30-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-18018":{"scope":"local","description":"In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX \"-R -L\" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.","releases":{"buster":{"repositories":{"buster":"8.30-3"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"8.26-3"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"8.23-4"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"8.30-3"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2014-9471":{"scope":"remote","description":"The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the \"--date=TZ=\"123\"345\" @1\" string to the touch or date command.","releases":{"buster":{"fixed_version":"8.23-1","repositories":{"buster":"8.30-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"8.23-1","repositories":{"stretch":"8.26-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"8.23-1","repositories":{"jessie":"8.23-4"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"8.23-1","repositories":{"sid":"8.30-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2005-1039":{"debianbug":304556,"scope":"local","description":"Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, (2) mknod, or (3) mkfifo is running with the -m switch, allows local users to modify permissions of other files.","releases":{"buster":{"fixed_version":"6.10-1","repositories":{"buster":"8.30-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"6.10-1","repositories":{"stretch":"8.26-3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"6.10-1","repositories":{"jessie":"8.23-4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"6.10-1","repositories":{"sid":"8.30-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-1626":{"debianbug":736275,"scope":"remote","description":"XML External Entity (XXE) vulnerability in MARC::File::XML module before 1.0.2 for Perl, as used in Evergreen, Koha, perl4lib, and possibly other products, allows context-dependent attackers to read arbitrary files via a crafted XML file.","releases":{"buster":{"fixed_version":"1.0.2-1","repositories":{"buster":"1.0.5-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.2-1","repositories":{"stretch":"1.0.3-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.2-1","repositories":{"jessie":"1.0.3-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.2-1","repositories":{"sid":"1.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-7404":{"debianbug":863547,"releases":{"buster":{"fixed_version":"3.1.1-5","repositories":{"buster":"7.1.0-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"3.1.1-5","repositories":{"stretch":"3.1.1-5"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"3.1.1-5","repositories":{"sid":"7.1.0-2"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2017-18184":{"scope":"remote","description":"An issue was discovered in QPDF before 7.0.0. There is a stack-based out-of-bounds read in the function iterate_rc4 in QPDF_encryption.cc.","releases":{"buster":{"fixed_version":"7.0.0-1","repositories":{"buster":"8.4.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"6.0.0-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"5.1.2-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"7.0.0-1","repositories":{"sid":"8.4.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-18185":{"scope":"remote","description":"An issue was discovered in QPDF before 7.0.0. There is a large heap-based out-of-bounds read in the Pl_Buffer::write function in Pl_Buffer.cc. It is caused by an integer overflow in the PNG filter.","releases":{"buster":{"fixed_version":"7.0.0-1","repositories":{"buster":"8.4.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"6.0.0-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"5.1.2-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"7.0.0-1","repositories":{"sid":"8.4.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-18186":{"scope":"remote","description":"An issue was discovered in QPDF before 7.0.0. There is an infinite loop due to looping xref tables in QPDF.cc.","releases":{"buster":{"fixed_version":"7.0.0-1","repositories":{"buster":"8.4.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"6.0.0-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"5.1.2-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"7.0.0-1","repositories":{"sid":"8.4.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-9918":{"debianbug":895443,"scope":"remote","description":"libqpdf.a in QPDF through 8.0.2 mishandles certain \"expected dictionary key but found non-name object\" cases, allowing remote attackers to cause a denial of service (stack exhaustion), related to the QPDFObjectHandle and QPDF_Dictionary classes, because nesting in direct objects is not restricted.","releases":{"buster":{"fixed_version":"8.0.2-3","repositories":{"buster":"8.4.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"6.0.0-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"5.1.2-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"8.0.2-3","repositories":{"sid":"8.4.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-18020":{"scope":"remote","description":"In QPDF 8.2.1, in libqpdf/QPDFWriter.cc, QPDFWriter::unparseObject and QPDFWriter::unparseChild have recursive calls for a long time, which allows remote attackers to cause a denial of service via a crafted PDF file.","releases":{"buster":{"nodsa":"Minor issue","repositories":{"buster":"8.4.0-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"6.0.0-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"5.1.2-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"8.4.2-1"},"urgency":"medium**","status":"open"}}}}
{"CVE-2017-9209":{"debianbug":863390,"scope":"remote","description":"libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to QPDFObjectHandle::parseInternal, aka qpdf-infiniteloop2.","releases":{"buster":{"fixed_version":"7.0.0-1","repositories":{"buster":"8.4.0-2"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"6.0.0-2"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"5.1.2-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"7.0.0-1","repositories":{"sid":"8.4.2-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-18183":{"scope":"remote","description":"An issue was discovered in QPDF before 7.0.0. There is an infinite loop in the QPDFWriter::enqueueObject() function in libqpdf/QPDFWriter.cc.","releases":{"buster":{"fixed_version":"7.0.0-1","repositories":{"buster":"8.4.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"6.0.0-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"5.1.2-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"7.0.0-1","repositories":{"sid":"8.4.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-9208":{"debianbug":863390,"scope":"remote","description":"libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1.","releases":{"buster":{"fixed_version":"7.0.0-1","repositories":{"buster":"8.4.0-2"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"6.0.0-2"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"5.1.2-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"7.0.0-1","repositories":{"sid":"8.4.2-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-12595":{"scope":"remote","description":"The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote attackers to cause a denial of service (stack consumption and segmentation fault) or possibly have unspecified other impact via a PDF document with a deep data structure, as demonstrated by a crash in QPDFObjectHandle::parseInternal in libqpdf/QPDFObjectHandle.cc.","releases":{"buster":{"fixed_version":"7.0.0-1","repositories":{"buster":"8.4.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"6.0.0-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"5.1.2-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"7.0.0-1","repositories":{"sid":"8.4.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-9252":{"scope":"remote","description":"An issue was discovered in QPDF before 7.0.0. Endless recursion causes stack exhaustion in QPDFTokenizer::resolveLiteral() in QPDFTokenizer.cc, related to the QPDF::resolve function in QPDF.cc.","releases":{"buster":{"fixed_version":"7.0.0-1","repositories":{"buster":"8.4.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"6.0.0-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"5.1.2-2"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"7.0.0-1","repositories":{"sid":"8.4.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-11627":{"debianbug":871320,"scope":"remote","description":"A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the PointerHolder function in PointerHolder.hh, aka an \"infinite loop.\"","releases":{"buster":{"fixed_version":"7.0.0-1","repositories":{"buster":"8.4.0-2"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"6.0.0-2"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"5.1.2-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"7.0.0-1","repositories":{"sid":"8.4.2-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-11626":{"debianbug":871320,"scope":"remote","description":"A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QPDFObjectHandle::parseInternal, aka an \"infinite loop.\"","releases":{"buster":{"fixed_version":"7.0.0-1","repositories":{"buster":"8.4.0-2"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"6.0.0-2"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"5.1.2-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"7.0.0-1","repositories":{"sid":"8.4.2-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-9210":{"debianbug":863390,"scope":"remote","description":"libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to unparse functions, aka qpdf-infiniteloop3.","releases":{"buster":{"fixed_version":"7.0.0-1","repositories":{"buster":"8.4.0-2"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"6.0.0-2"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"5.1.2-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"7.0.0-1","repositories":{"sid":"8.4.2-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-11625":{"debianbug":871320,"scope":"remote","description":"A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDF::resolveObjectsInStream function in QPDF.cc, aka an \"infinite loop.\"","releases":{"buster":{"fixed_version":"7.0.0-1","repositories":{"buster":"8.4.0-2"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"6.0.0-2"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"5.1.2-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"7.0.0-1","repositories":{"sid":"8.4.2-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-11624":{"debianbug":871320,"scope":"remote","description":"A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after two consecutive calls to QPDFObjectHandle::parseInternal, aka an \"infinite loop.\"","releases":{"buster":{"fixed_version":"7.0.0-1","repositories":{"buster":"8.4.0-2"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"6.0.0-2"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"5.1.2-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"7.0.0-1","repositories":{"sid":"8.4.2-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-4940":{"debianbug":496390,"scope":"local","description":"xmlfile.py in aptoncd 0.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/aptoncd temporary file.","releases":{"jessie":{"fixed_version":"0.1-1.2","repositories":{"jessie":"0.1.98+bzr117-1.4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-17282":{"scope":"remote","description":"An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue::copy in value.cpp has a NULL pointer dereference.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.25-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.25-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-20097":{"scope":"remote","description":"There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.","releases":{"buster":{"repositories":{"buster":"0.25-4"},"urgency":"low","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"0.24-4.1+deb8u3","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"repositories":{"sid":"0.25-4"},"urgency":"low","status":"open"}}}}
{"CVE-2018-20096":{"scope":"remote","description":"There is a heap-based buffer over-read in the Exiv2::tEXtToDataBuf function of pngimage.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.25-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.25-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-20099":{"scope":"remote","description":"There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.25-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.25-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-9449":{"debianbug":773846,"scope":"remote","description":"Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp in Exiv2 0.24 allows remote attackers to cause a denial of service (crash) via a long IKEY INFO tag value in an AVI file.","releases":{"buster":{"fixed_version":"0.24-4.1","repositories":{"buster":"0.25-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.24-4.1","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.24-4.1","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.24-4.1","repositories":{"sid":"0.25-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-20098":{"scope":"remote","description":"There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.25-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.25-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-11683":{"scope":"remote","description":"There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.","releases":{"buster":{"repositories":{"buster":"0.25-4"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"0.25-4"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-1000128":{"scope":"remote","description":"Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.25-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.25-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2005-4676":{"scope":"remote","description":"Buffer overflow in Andreas Huggel Exiv2 before 0.9 does not null terminate strings before calling the sscanf function, which allows remote attackers to cause a denial of service (application crash) via images with crafted IPTC metadata.","releases":{"buster":{"fixed_version":"0.9","repositories":{"buster":"0.25-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.9","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.9","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.9","repositories":{"sid":"0.25-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-11531":{"scope":"remote","description":"Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp.","releases":{"buster":{"fixed_version":"0.25-4","repositories":{"buster":"0.25-4"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.25-3.1+deb9u1","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.24-4.1+deb8u1","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.25-4","repositories":{"sid":"0.25-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-1000126":{"debianbug":888864,"scope":"remote","description":"exiv2 0.26 contains a Stack out of bounds read in webp parser","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.25-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.25-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-1000127":{"debianbug":888863,"scope":"remote","description":"Exiv2 0.26 contains a heap buffer overflow in tiff parser","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.25-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.25-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-17669":{"debianbug":886006,"scope":"remote","description":"There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack.","releases":{"buster":{"repositories":{"buster":"0.25-4"},"urgency":"medium**","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"sid":{"repositories":{"sid":"0.25-4"},"urgency":"medium**","status":"open"}}}}
{"CVE-2018-4868":{"scope":"remote","description":"The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.25-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.25-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-19535":{"debianbug":915135,"scope":"remote","description":"In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file.","releases":{"buster":{"repositories":{"buster":"0.25-4"},"urgency":"medium**","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"0.24-4.1+deb8u3","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"repositories":{"sid":"0.25-4"},"urgency":"medium**","status":"open"}}}}
{"CVE-2018-12264":{"debianbug":901707,"scope":"remote","description":"Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp.","releases":{"buster":{"fixed_version":"0.25-4","repositories":{"buster":"0.25-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.25-3.1+deb9u1","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.24-4.1+deb8u1","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.25-4","repositories":{"sid":"0.25-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-14046":{"debianbug":903763,"scope":"remote","description":"Exiv2 0.26 has a heap-based buffer over-read in WebPImage::decodeChunks in webpimage.cpp.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.25-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.25-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-12265":{"debianbug":901706,"scope":"remote","description":"Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp.","releases":{"buster":{"fixed_version":"0.25-4","repositories":{"buster":"0.25-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.25-3.1+deb9u1","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.24-4.1+deb8u1","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.25-4","repositories":{"sid":"0.25-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-14866":{"debianbug":880015,"scope":"remote","description":"There is a heap-based buffer overflow in the Exiv2::s2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.25-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.25-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-9953":{"scope":"remote","description":"There is an invalid free in Image::printIFDStructure that leads to a Segmentation fault in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.25-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.25-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-11553":{"debianbug":888874,"scope":"remote","description":"There is an illegal address access in the extend_alias_table function in localealias.c of Exiv2 0.26. A crafted input will lead to remote denial of service.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.25-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.25-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-14865":{"debianbug":888865,"scope":"remote","description":"There is a heap-based buffer overflow in the Exiv2::us2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.25-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.25-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-9239":{"debianbug":863410,"scope":"remote","description":"An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the value of pValue() to cause a segmentation fault. To exploit this vulnerability, someone must open a crafted tiff file.","releases":{"buster":{"fixed_version":"0.25-3.1","repositories":{"buster":"0.25-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.25-3.1","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"0.25-3.1","repositories":{"sid":"0.25-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-14864":{"scope":"remote","description":"An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.","releases":{"buster":{"repositories":{"buster":"0.25-4"},"urgency":"medium**","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"sid":{"repositories":{"sid":"0.25-4"},"urgency":"medium**","status":"open"}}}}
{"CVE-2017-14863":{"debianbug":888866,"scope":"remote","description":"A NULL pointer dereference was discovered in Exiv2::Image::printIFDStructure in image.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.25-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.25-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-14862":{"scope":"remote","description":"An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.","releases":{"buster":{"repositories":{"buster":"0.25-4"},"urgency":"medium**","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"sid":{"repositories":{"sid":"0.25-4"},"urgency":"medium**","status":"open"}}}}
{"CVE-2018-14338":{"scope":"remote","description":"samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms (other than Apple platforms) where glibc is not used, possibly leading to a buffer overflow.","releases":{"buster":{"repositories":{"buster":"0.25-4"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"0.25-4"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-14861":{"debianbug":880027,"scope":"remote","description":"There is a stack consumption vulnerability in the Exiv2::Internal::stringFormat function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.25-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.25-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-11592":{"debianbug":895568,"scope":"remote","description":"There is a Mismatched Memory Management Routines vulnerability in the Exiv2::FileIo::seek function of Exiv2 0.26 that will lead to a remote denial of service attack (heap memory corruption) via crafted input.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.25-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.25-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-14860":{"debianbug":888867,"scope":"remote","description":"There is a heap-based buffer over-read in the Exiv2::Jp2Image::readMetadata function of jp2image.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.25-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.25-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-19108":{"debianbug":913272,"scope":"remote","description":"In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file.","releases":{"buster":{"repositories":{"buster":"0.25-4"},"urgency":"medium**","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"0.24-4.1+deb8u3","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"repositories":{"sid":"0.25-4"},"urgency":"medium**","status":"open"}}}}
{"CVE-2018-19107":{"debianbug":913273,"scope":"remote","description":"In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file.","releases":{"buster":{"repositories":{"buster":"0.25-4"},"urgency":"medium**","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"0.24-4.1+deb8u3","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"repositories":{"sid":"0.25-4"},"urgency":"medium**","status":"open"}}}}
{"CVE-2018-10772":{"scope":"remote","description":"The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.25-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.25-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-9144":{"debianbug":923473,"scope":"remote","description":"An issue was discovered in Exiv2 0.27. There is infinite recursion at BigTiffImage::printIFD in the file bigtiffimage.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.25-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.25-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-5772":{"debianbug":888862,"scope":"remote","description":"In Exiv2 0.26, there is a segmentation fault caused by uncontrolled recursion in the Exiv2::Image::printIFDStructure function in the image.cpp file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.25-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.25-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-17581":{"debianbug":910060,"scope":"remote","description":"CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service.","releases":{"buster":{"repositories":{"buster":"0.25-4"},"urgency":"low","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"0.24-4.1+deb8u3","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"repositories":{"sid":"0.25-4"},"urgency":"low","status":"open"}}}}
{"CVE-2019-9143":{"debianbug":923472,"scope":"remote","description":"An issue was discovered in Exiv2 0.27. There is infinite recursion at Exiv2::Image::printTiffStructure in the file image.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.25-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.25-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-2696":{"debianbug":486328,"scope":"remote","description":"Exiv2 0.16 allows user-assisted remote attackers to cause a denial of service (divide-by-zero and application crash) via a zero value in Nikon lens information in the metadata of an image, related to \"pretty printing\" and the RationalValue::toLong function.","releases":{"buster":{"fixed_version":"0.17-1","repositories":{"buster":"0.25-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.17-1","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.17-1","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.17-1","repositories":{"sid":"0.25-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-11591":{"debianbug":876893,"scope":"remote","description":"There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.","releases":{"buster":{"nodsa":"Minor issue","repositories":{"buster":"0.25-4"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"sid":{"repositories":{"sid":"0.25-4"},"urgency":"low","status":"open"}}}}
{"CVE-2017-11340":{"debianbug":868578,"scope":"remote","description":"There is a Segmentation fault in the XmpParser::terminate() function in Exiv2 0.26, related to an exit call. A Crafted input will lead to a remote denial of service attack.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.25-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.25-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-10780":{"scope":"remote","description":"Exiv2::Image::byteSwap2 in image.cpp in Exiv2 0.26 has a heap-based buffer over-read.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.25-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.25-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-12957":{"scope":"remote","description":"There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that is triggered in the Exiv2::Image::io function in image.cpp. It will lead to remote denial of service.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.25-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.25-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-17722":{"debianbug":891044,"scope":"remote","description":"In Exiv2 0.26, there is a reachable assertion in the readHeader function in bigtiffimage.cpp, which will lead to a remote denial of service attack via a crafted TIFF file.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.25-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.25-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-12955":{"debianbug":888873,"scope":"remote","description":"There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The vulnerability causes an out-of-bounds write in Exiv2::Image::printIFDStructure(), which may lead to remote denial of service or possibly unspecified other impact.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.25-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.25-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-17723":{"scope":"remote","description":"In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::Image::byteSwap4 function in image.cpp. Remote attackers can exploit this vulnerability to disclose memory data or cause a denial of service via a crafted TIFF file.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.25-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.25-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-11037":{"scope":"remote","description":"In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimage.cpp allows remote attackers to cause an information leak via a crafted file.","releases":{"buster":{"repositories":{"buster":"0.25-4"},"urgency":"medium**","status":"undetermined"},"stretch":{"repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"medium**","status":"undetermined"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"repositories":{"sid":"0.25-4"},"urgency":"medium**","status":"undetermined"}}}}
{"CVE-2017-14859":{"scope":"remote","description":"An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.","releases":{"buster":{"repositories":{"buster":"0.25-4"},"urgency":"medium**","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"sid":{"repositories":{"sid":"0.25-4"},"urgency":"medium**","status":"open"}}}}
{"CVE-2017-12956":{"debianbug":888872,"scope":"remote","description":"There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() in basicio.cpp of libexiv2 in Exiv2 0.26 that will lead to remote denial of service.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.25-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.25-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-17724":{"debianbug":891783,"scope":"remote","description":"In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::IptcData::printStructure function in iptc.cpp, related to the \"!= 0x1c\" case. Remote attackers can exploit this vulnerability to cause a denial of service via a crafted TIFF file.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.25-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.25-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-14858":{"debianbug":897134,"scope":"remote","description":"There is a heap-based buffer overflow in the Exiv2::l2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.25-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.25-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-17725":{"scope":"remote","description":"In Exiv2 0.26, there is an integer overflow leading to a heap-based buffer over-read in the Exiv2::getULong function in types.cpp. Remote attackers can exploit the vulnerability to cause a denial of service via a crafted image file. Note that this vulnerability is different from CVE-2017-14864, which is an invalid memory address dereference.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.25-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.25-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-14857":{"debianbug":888869,"scope":"remote","description":"In Exiv2 0.26, there is an invalid free in the Image class in image.cpp that leads to a Segmentation fault. A crafted input will lead to a denial of service attack.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.25-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.25-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-17230":{"scope":"remote","description":"Exiv2::ul2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.25-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.25-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-10958":{"scope":"remote","description":"In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call.","releases":{"buster":{"fixed_version":"0.25-4","repositories":{"buster":"0.25-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.25-3.1+deb9u1","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.24-4.1+deb8u2","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.25-4","repositories":{"sid":"0.25-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-9144":{"scope":"remote","description":"In Exiv2 0.26, there is an out-of-bounds read in Exiv2::Internal::binaryToString in image.cpp. It could result in denial of service or information disclosure.","releases":{"buster":{"nodsa":"Minor issue","repositories":{"buster":"0.25-4"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"sid":{"repositories":{"sid":"0.25-4"},"urgency":"low","status":"open"}}}}
{"CVE-2018-18915":{"debianbug":912828,"scope":"remote","description":"There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.27-RC1. A crafted input will lead to a remote denial of service attack.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.25-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.25-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-9145":{"debianbug":910909,"scope":"remote","description":"In the DataBuf class in include/exiv2/types.hpp in Exiv2 0.26, an issue exists in the constructor with an initial buffer size. A large size value may lead to a SIGABRT during an attempt at memory allocation. NOTE: some third parties have been unable to reproduce the SIGABRT when using the 4-DataBuf-abort-1 PoC file.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.25-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.25-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-10999":{"scope":"remote","description":"An issue was discovered in Exiv2 0.26. The Exiv2::Internal::PngChunk::parseTXTChunk function has a heap-based buffer over-read.","releases":{"buster":{"fixed_version":"0.25-4","repositories":{"buster":"0.25-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.25-3.1+deb9u1","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.24-4.1+deb8u2","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.25-4","repositories":{"sid":"0.25-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-10998":{"scope":"remote","description":"An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call.","releases":{"buster":{"fixed_version":"0.25-4","repositories":{"buster":"0.25-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.25-3.1+deb9u1","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.24-4.1+deb8u1","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.25-4","repositories":{"sid":"0.25-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-19607":{"debianbug":915134,"scope":"remote","description":"Exiv2::isoSpeed in easyaccess.cpp in Exiv2 v0.27-RC2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.25-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.25-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-17229":{"scope":"remote","description":"Exiv2::d2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.25-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.25-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-18005":{"debianbug":885981,"scope":"remote","description":"Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file.","releases":{"buster":{"nodsa":"Minor issue","repositories":{"buster":"0.25-4"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"sid":{"repositories":{"sid":"0.25-4"},"urgency":"low","status":"open"}}}}
{"CVE-2018-16336":{"debianbug":916081,"scope":"remote","description":"Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, a different vulnerability than CVE-2018-10999.","releases":{"buster":{"repositories":{"buster":"0.25-4"},"urgency":"medium**","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"0.24-4.1+deb8u2","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"repositories":{"sid":"0.25-4"},"urgency":"medium**","status":"open"}}}}
{"CVE-2018-9303":{"scope":"remote","description":"In Exiv2 0.26, an assertion failure in BigTiffImage::readData in bigtiffimage.cpp results in an abort.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.25-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.25-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-9304":{"scope":"remote","description":"In Exiv2 0.26, a divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp could result in denial of service.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.25-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.25-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-6353":{"debianbug":456760,"scope":"remote","description":"Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"0.15-2","repositories":{"buster":"0.25-4"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"0.15-2","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"0.15-2","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"0.15-2","repositories":{"sid":"0.25-4"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2017-11337":{"debianbug":868578,"scope":"remote","description":"There is an invalid free in the Action::TaskFactory::cleanup function of actions.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.25-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.25-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-9305":{"scope":"remote","description":"In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could result in a crash or information leak, related to the \"== 0x1c\" case.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.25-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.25-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-11336":{"debianbug":868578,"scope":"remote","description":"There is a heap-based buffer over-read in the Image::printIFDStructure function in image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.25-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.25-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-8976":{"debianbug":903813,"scope":"remote","description":"In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file.","releases":{"buster":{"nodsa":"Minor issue","repositories":{"buster":"0.25-4"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"sid":{"repositories":{"sid":"0.25-4"},"urgency":"low","status":"open"}}}}
{"CVE-2017-11339":{"debianbug":868578,"scope":"remote","description":"There is a heap-based buffer overflow in the Image::printIFDStructure function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.25-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.25-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-8977":{"debianbug":894179,"scope":"remote","description":"In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp allows remote attackers to cause a denial of service (invalid memory access) via a crafted file.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.25-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.25-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-11338":{"debianbug":868578,"scope":"remote","description":"There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.25-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"0.25-3.1+deb9u1","stretch":"0.25-3.1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.24-4.1","jessie-security":"0.24-4.1+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.25-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-4453":{"debianbug":688956,"scope":"local","description":"dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to obtain sensitive information.","releases":{"buster":{"fixed_version":"020-1.1","repositories":{"buster":"048+80-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"020-1.1","repositories":{"stretch":"044+241-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"020-1.1","repositories":{"jessie":"040+1-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"020-1.1","repositories":{"sid":"048+80-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-4176":{"scope":"remote","description":"plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets weak permissions for the /dev/systty device file, which allows remote authenticated users to read terminal data from tty0 for local users.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"048+80-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"044+241-3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"040+1-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"048+80-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-8637":{"debianbug":843697,"scope":"local","description":"A local information disclosure issue was found in dracut before 045 when generating initramfs images with world-readable permissions when 'early cpio' is used, such as when including microcode updates. Local attacker can use this to obtain sensitive information from these files, such as encryption keys or credentials.","releases":{"buster":{"fixed_version":"044+189-1","repositories":{"buster":"048+80-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"044+189-1","repositories":{"stretch":"044+241-3"},"urgency":"low","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"040+1-1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"044+189-1","repositories":{"sid":"048+80-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-0794":{"scope":"local","description":"modules.d/90crypt/module-setup.sh in the dracut package before 037-17.30.1 in openSUSE 13.2 allows local users to have unspecified impact via a symlink attack on /tmp/dracut_block_uuid.map.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"048+80-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"044+241-3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"040+1-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"048+80-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-3277":{"debianbug":795657,"scope":"remote","description":"The mod_nss module before 1.0.11 in Fedora allows remote attackers to obtain cipher lists due to incorrect parsing of multi-keyword cipherstring.","releases":{"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.0.14-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.0.10-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-4566":{"debianbug":731627,"scope":"remote","description":"mod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions.","releases":{"stretch":{"fixed_version":"1.0.8-4","repositories":{"stretch":"1.0.14-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.0.8-4","repositories":{"jessie":"1.0.10-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-3099":{"debianbug":822461,"scope":"remote","description":"mod_ns in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to force the use of ciphers that were not intended to be enabled.","releases":{"stretch":{"fixed_version":"1.0.14-1","repositories":{"stretch":"1.0.14-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.0.10-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-4973":{"debianbug":729626,"scope":"remote","description":"Authentication bypass vulnerability in mod_nss 1.0.8 allows remote attackers to assume the identity of a valid user by using their certificate and entering 'password' as the password.","releases":{"stretch":{"fixed_version":"1.0.8-4","repositories":{"stretch":"1.0.14-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.0.8-4","repositories":{"jessie":"1.0.10-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-5244":{"debianbug":799464,"scope":"remote","description":"The NSSCipherSuite option with ciphersuites enabled in mod_nss before 1.0.12 allows remote attackers to bypass application restrictions.","releases":{"stretch":{"fixed_version":"1.0.12-1","repositories":{"stretch":"1.0.14-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.0.10-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-5030":{"debianbug":444002,"scope":"remote","description":"Multiple integer overflows in Dibbler 0.6.0 allow remote attackers to cause a denial of service (daemon crash) via packets containing options with large lengths, which trigger attempts at excessive memory allocation, as demonstrated by (1) the TSrvMsg constructor in SrvMessages/SrvMsg.cpp; the (2) TClntMsg, (3) TClntOptIAAddress, (4) TClntOptIAPrefix, (5) TOptVendorSpecInfo, and (6) TOptOptionRequest constructors; and the (7) TRelIfaceMgr::decodeRelayRepl, (8) TRelMsg::decodeOpts, and (9) TSrvIfaceMgr::decodeRelayForw methods.","releases":{"buster":{"fixed_version":"0.6.1-1","repositories":{"buster":"1.0.1-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.6.1-1","repositories":{"stretch":"1.0.1-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.6.1-1","repositories":{"jessie":"0.8.2-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.6.1-1","repositories":{"sid":"1.0.1-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-5031":{"debianbug":444002,"scope":"remote","description":"The TSrvOptIA_NA::rebind method in SrvOptions/SrvOptIA_NA.cpp in Dibbler 0.6.0 allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via an invalid IA_NA option in a REBIND message.","releases":{"buster":{"fixed_version":"0.6.1-1","repositories":{"buster":"1.0.1-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.6.1-1","repositories":{"stretch":"1.0.1-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.6.1-1","repositories":{"jessie":"0.8.2-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.6.1-1","repositories":{"sid":"1.0.1-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-5028":{"debianbug":444002,"scope":"remote","description":"Dibbler 0.6.0 on Linux uses weak world-writable permissions for unspecified files in /var/lib/dibbler, which has unknown impact and local attack vectors.","releases":{"buster":{"fixed_version":"0.6.1-1","repositories":{"buster":"1.0.1-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"0.6.1-1","repositories":{"stretch":"1.0.1-1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"0.6.1-1","repositories":{"jessie":"0.8.2-1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"0.6.1-1","repositories":{"sid":"1.0.1-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2007-5029":{"debianbug":444002,"scope":"remote","description":"Dibbler 0.6.0 does not verify that certain length parameters are appropriate for buffer sizes, which allows remote attackers to trigger a buffer over-read and cause a denial of service (daemon crash), as demonstrated by incorrect behavior of the TSrvMsg constructor in SrvMessages/SrvMsg.cpp when (1) reading the option code and option length and (2) parsing options.","releases":{"buster":{"fixed_version":"0.6.1-1","repositories":{"buster":"1.0.1-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.6.1-1","repositories":{"stretch":"1.0.1-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.6.1-1","repositories":{"jessie":"0.8.2-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.6.1-1","repositories":{"sid":"1.0.1-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2004-0645":{"debianbug":264972,"scope":"remote","description":"Buffer overflow in the wvHandleDateTimePicture function in wv library (wvWare) 0.7.4 through 0.7.6 and 1.0.0 allows remote attackers to execute arbitrary code via a document with a long DateTime field.","releases":{"buster":{"fixed_version":"1.0.2-0.1","repositories":{"buster":"1.2.9-4.2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0.2-0.1","repositories":{"stretch":"1.2.9-4.2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.0.2-0.1","repositories":{"jessie":"1.2.9-4.1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0.2-0.1","repositories":{"sid":"1.2.9-4.2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-4513":{"debianbug":396256,"scope":"remote","description":"Multiple integer overflows in the WV library in wvWare (formerly mswordview) before 1.2.3, as used by AbiWord, KWord, and possibly other products, allow user-assisted remote attackers to execute arbitrary code via a crafted Microsoft Word (DOC) file that produces (1) large LFO clfolvl values in the wvGetLFO_records function or (2) a large LFO nolfo value in the wvGetFLO_PLF function.","releases":{"buster":{"fixed_version":"1.2.4-1","repositories":{"buster":"1.2.9-4.2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.2.4-1","repositories":{"stretch":"1.2.9-4.2"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.2.4-1","repositories":{"jessie":"1.2.9-4.1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.2.4-1","repositories":{"sid":"1.2.9-4.2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2012-0208":{"scope":"remote","description":"Unspecified vulnerability in the Oracle Grid Engine component in Oracle Sun Products Suite 6.1 and 6.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to qrsh.","releases":{"buster":{"fixed_version":"6.2u5-6","repositories":{"buster":"8.1.9+dfsg-9"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"6.2u5-6","repositories":{"stretch":"8.1.9+dfsg-4+deb9u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"6.2u5-6","repositories":{"sid":"8.1.9+dfsg-9"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-0523":{"scope":"local","description":"Unspecified vulnerability in the Oracle Grid Engine component in Oracle Sun Products Suite 6.1 and 6.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to sgepasswd.","releases":{"buster":{"fixed_version":"6.2u5-7.1","repositories":{"buster":"8.1.9+dfsg-9"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"6.2u5-7.1","repositories":{"stretch":"8.1.9+dfsg-4+deb9u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"6.2u5-7.1","repositories":{"sid":"8.1.9+dfsg-9"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2019-1798":{"scope":"remote","description":"A vulnerability in the Portable Executable (PE) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for PE files sent an affected device. An attacker could exploit this vulnerability by sending malformed PE files to the device running an affected version ClamAV Software. An exploit could allow the attacker to cause an out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.","releases":{"buster":{"fixed_version":"0.101.2-1","repositories":{"buster":"0.101.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"0.100.1-0+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.99-0+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0.101.2-1","repositories":{"sid":"0.101.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-6706":{"debianbug":865461,"scope":"remote","description":"A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negative value of the \"DestPos\" variable, which allows the attacker to write out of bounds when setting Mem[DestPos].","releases":{"buster":{"fixed_version":"0.99-4","repositories":{"buster":"0.101.2-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.99-3+deb9u1","repositories":{"stretch":"0.100.1-0+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.99-0+deb8u3","repositories":{"jessie":"0.99-0+deb8u3"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.99-4","repositories":{"sid":"0.101.2-1"},"urgency":"high**","status":"resolved"}}}}
{"TEMP-0770647-53FAC2":{"debianbug":770647,"releases":{"buster":{"fixed_version":"0.97.7+dfsg-1","repositories":{"buster":"0.101.2-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"0.97.7+dfsg-1","repositories":{"stretch":"0.100.1-0+deb9u1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"0.97.7+dfsg-1","repositories":{"jessie":"0.99-0+deb8u3"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"0.97.7+dfsg-1","repositories":{"sid":"0.101.2-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2019-1785":{"scope":"remote","description":"A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper error-handling mechanisms when processing nested RAR files sent to an affected device. An attacker could exploit this vulnerability by sending a crafted RAR file to an affected device. An exploit could allow the attacker to view or create arbitrary files on the targeted system.","releases":{"buster":{"fixed_version":"0.101.2-1","repositories":{"buster":"0.101.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"0.100.1-0+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.99-0+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0.101.2-1","repositories":{"sid":"0.101.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-3237":{"debianbug":706557,"scope":"local","description":"The vsock_stream_sendmsg function in net/vmw_vsock/af_vsock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.","releases":{"buster":{"fixed_version":"2:9.2.2-893683-8","repositories":{"buster":"2:10.3.10-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2:9.2.2-893683-8","repositories":{"stretch":"2:10.1.5-5055683-4+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2:9.2.2-893683-8","repositories":{"jessie":"2:9.4.6-1770165-8"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2:9.2.2-893683-8","repositories":{"sid":"2:10.3.10-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-1787":{"debianbug":631506,"scope":"local","description":"Race condition in mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1 allows guest OS users to gain privileges on the guest OS by mounting a filesystem on top of an arbitrary directory.","releases":{"buster":{"fixed_version":"2:8.4.2+2011.08.21-471295-1","repositories":{"buster":"2:10.3.10-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:8.4.2+2011.08.21-471295-1","repositories":{"stretch":"2:10.1.5-5055683-4+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:8.4.2+2011.08.21-471295-1","repositories":{"jessie":"2:9.4.6-1770165-8"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:8.4.2+2011.08.21-471295-1","repositories":{"sid":"2:10.3.10-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-5191":{"debianbug":869633,"scope":"local","description":"VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. Successful exploitation of this issue may result in a local privilege escalation. CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H","releases":{"buster":{"fixed_version":"2:10.1.5-5055683-5","repositories":{"buster":"2:10.3.10-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2:10.1.5-5055683-4+deb9u1","repositories":{"stretch":"2:10.1.5-5055683-4+deb9u1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2:9.4.6-1770165-8"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2:10.1.5-5055683-5","repositories":{"sid":"2:10.3.10-1"},"urgency":"low","status":"resolved"}}}}
{"TEMP-0925959-45DD25":{"debianbug":925959,"releases":{"buster":{"fixed_version":"2:10.3.10-1","repositories":{"buster":"2:10.3.10-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2:10.1.5-5055683-4+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2:9.4.6-1770165-8"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2:10.3.10-1","repositories":{"sid":"2:10.3.10-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-4200":{"debianbug":770809,"scope":"local","description":"vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, uses 0644 permissions for the vm-support archive, which allows local users to obtain sensitive information by extracting files from this archive.","releases":{"buster":{"fixed_version":"2:9.4.6-1770165-1","repositories":{"buster":"2:10.3.10-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2:9.4.6-1770165-1","repositories":{"stretch":"2:10.1.5-5055683-4+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2:9.4.6-1770165-1","repositories":{"jessie":"2:9.4.6-1770165-8"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2:9.4.6-1770165-1","repositories":{"sid":"2:10.3.10-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-4199":{"debianbug":770809,"scope":"local","description":"vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp.","releases":{"buster":{"fixed_version":"2:9.4.6-1770165-7","repositories":{"buster":"2:10.3.10-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2:9.4.6-1770165-7","repositories":{"stretch":"2:10.1.5-5055683-4+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2:9.4.6-1770165-7","repositories":{"jessie":"2:9.4.6-1770165-8"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2:9.4.6-1770165-7","repositories":{"sid":"2:10.3.10-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-1681":{"debianbug":623968,"scope":"local","description":"vmware-hgfsmounter in VMware Open Virtual Machine Tools (aka open-vm-tools) 8.4.2-261024 and earlier attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to trigger corruption of this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.","releases":{"buster":{"fixed_version":"2:8.4.2+2011.08.21-471295-1","repositories":{"buster":"2:10.3.10-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2:8.4.2+2011.08.21-471295-1","repositories":{"stretch":"2:10.1.5-5055683-4+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2:8.4.2+2011.08.21-471295-1","repositories":{"jessie":"2:9.4.6-1770165-8"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2:8.4.2+2011.08.21-471295-1","repositories":{"sid":"2:10.3.10-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-2146":{"debianbug":631507,"scope":"local","description":"mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1 allows guest OS users to determine the existence of host OS files and directories via unspecified vectors.","releases":{"buster":{"fixed_version":"2:8.4.2+2011.08.21-471295-1","repositories":{"buster":"2:10.3.10-1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2:8.4.2+2011.08.21-471295-1","repositories":{"stretch":"2:10.1.5-5055683-4+deb9u1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"2:8.4.2+2011.08.21-471295-1","repositories":{"jessie":"2:9.4.6-1770165-8"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2:8.4.2+2011.08.21-471295-1","repositories":{"sid":"2:10.3.10-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2011-2145":{"debianbug":631508,"scope":"local","description":"mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1, when a Solaris or FreeBSD guest OS is used, allows guest OS users to modify arbitrary guest OS files via unspecified vectors, related to a \"procedural error.\"","releases":{"buster":{"fixed_version":"2:8.4.2+2011.08.21-471295-1","repositories":{"buster":"2:10.3.10-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:8.4.2+2011.08.21-471295-1","repositories":{"stretch":"2:10.1.5-5055683-4+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:8.4.2+2011.08.21-471295-1","repositories":{"jessie":"2:9.4.6-1770165-8"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:8.4.2+2011.08.21-471295-1","repositories":{"sid":"2:10.3.10-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-7439":{"scope":"remote","description":"An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the function read_mini_biff_next_record.","releases":{"buster":{"fixed_version":"1.0.5-1","repositories":{"buster":"1.0.5-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.2-2+deb9u2","repositories":{"stretch-security":"1.0.2-2+deb9u2","stretch":"1.0.2-2+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.0g-1+deb8u5","repositories":{"jessie":"1.0.0g-1+deb8u5","jessie-security":"1.0.0g-1+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.5-1","repositories":{"sid":"1.0.5-3"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0000000-80376F":{"releases":{"buster":{"fixed_version":"1.0.2-1","repositories":{"buster":"1.0.5-3"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"1.0.2-1","repositories":{"stretch-security":"1.0.2-2+deb9u2","stretch":"1.0.2-2+deb9u2"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"1.0.0g-1+deb8u2","repositories":{"jessie":"1.0.0g-1+deb8u5","jessie-security":"1.0.0g-1+deb8u5"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"1.0.2-1","repositories":{"sid":"1.0.5-3"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2015-2754":{"debianbug":781228,"scope":"remote","description":"FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) and possibly execute arbitrary code via a crafted workbook, related to a \"premature EOF.\"","releases":{"buster":{"fixed_version":"1.0.0g-1+deb8u1","repositories":{"buster":"1.0.5-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.0g-1+deb8u1","repositories":{"stretch-security":"1.0.2-2+deb9u2","stretch":"1.0.2-2+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.0g-1+deb8u1","repositories":{"jessie":"1.0.0g-1+deb8u5","jessie-security":"1.0.0g-1+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.0g-1+deb8u1","repositories":{"sid":"1.0.5-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-2776":{"debianbug":781228,"scope":"remote","description":"The parse_SST function in FreeXL before 1.0.0i allows remote attackers to cause a denial of service (memory consumption) via a crafted shared strings table in a workbook.","releases":{"buster":{"fixed_version":"1.0.0g-1+deb8u1","repositories":{"buster":"1.0.5-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.0g-1+deb8u1","repositories":{"stretch-security":"1.0.2-2+deb9u2","stretch":"1.0.2-2+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.0g-1+deb8u1","repositories":{"jessie":"1.0.0g-1+deb8u5","jessie-security":"1.0.0g-1+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.0g-1+deb8u1","repositories":{"sid":"1.0.5-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-2753":{"debianbug":781228,"scope":"remote","description":"FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) or possibly execute arbitrary code via a crafted sector in a workbook.","releases":{"buster":{"fixed_version":"1.0.0g-1+deb8u1","repositories":{"buster":"1.0.5-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.0g-1+deb8u1","repositories":{"stretch-security":"1.0.2-2+deb9u2","stretch":"1.0.2-2+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.0g-1+deb8u1","repositories":{"jessie":"1.0.0g-1+deb8u5","jessie-security":"1.0.0g-1+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.0g-1+deb8u1","repositories":{"sid":"1.0.5-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-7435":{"scope":"remote","description":"An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the freexl::destroy_cell function.","releases":{"buster":{"fixed_version":"1.0.5-1","repositories":{"buster":"1.0.5-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.2-2+deb9u2","repositories":{"stretch-security":"1.0.2-2+deb9u2","stretch":"1.0.2-2+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.0g-1+deb8u5","repositories":{"jessie":"1.0.0g-1+deb8u5","jessie-security":"1.0.0g-1+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.5-1","repositories":{"sid":"1.0.5-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-7436":{"scope":"remote","description":"An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in a pointer dereference of the parse_SST function.","releases":{"buster":{"fixed_version":"1.0.5-1","repositories":{"buster":"1.0.5-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.2-2+deb9u2","repositories":{"stretch-security":"1.0.2-2+deb9u2","stretch":"1.0.2-2+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.0g-1+deb8u5","repositories":{"jessie":"1.0.0g-1+deb8u5","jessie-security":"1.0.0g-1+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.5-1","repositories":{"sid":"1.0.5-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-2924":{"debianbug":875691,"scope":"remote","description":"An exploitable heap-based buffer overflow vulnerability exists in the read_legacy_biff function of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.","releases":{"buster":{"fixed_version":"1.0.4-1","repositories":{"buster":"1.0.5-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.2-2+deb9u1","repositories":{"stretch-security":"1.0.2-2+deb9u2","stretch":"1.0.2-2+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.0g-1+deb8u4","repositories":{"jessie":"1.0.0g-1+deb8u5","jessie-security":"1.0.0g-1+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.4-1","repositories":{"sid":"1.0.5-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-7437":{"scope":"remote","description":"An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in a memcpy call of the parse_SST function.","releases":{"buster":{"fixed_version":"1.0.5-1","repositories":{"buster":"1.0.5-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.2-2+deb9u2","repositories":{"stretch-security":"1.0.2-2+deb9u2","stretch":"1.0.2-2+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.0g-1+deb8u5","repositories":{"jessie":"1.0.0g-1+deb8u5","jessie-security":"1.0.0g-1+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.5-1","repositories":{"sid":"1.0.5-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-7438":{"scope":"remote","description":"An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the parse_unicode_string function.","releases":{"buster":{"fixed_version":"1.0.5-1","repositories":{"buster":"1.0.5-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.2-2+deb9u2","repositories":{"stretch-security":"1.0.2-2+deb9u2","stretch":"1.0.2-2+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.0g-1+deb8u5","repositories":{"jessie":"1.0.0g-1+deb8u5","jessie-security":"1.0.0g-1+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.5-1","repositories":{"sid":"1.0.5-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-2923":{"debianbug":875690,"scope":"remote","description":"An exploitable heap based buffer overflow vulnerability exists in the 'read_biff_next_record function' of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.","releases":{"buster":{"fixed_version":"1.0.4-1","repositories":{"buster":"1.0.5-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.2-2+deb9u1","repositories":{"stretch-security":"1.0.2-2+deb9u2","stretch":"1.0.2-2+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.0g-1+deb8u4","repositories":{"jessie":"1.0.0g-1+deb8u5","jessie-security":"1.0.0g-1+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.4-1","repositories":{"sid":"1.0.5-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-6263":{"debianbug":454733,"scope":"remote","description":"The dataconn function in ftpd.c in netkit ftpd (netkit-ftpd) 0.17, when certain modifications to support SSL have been introduced, calls fclose on an uninitialized file stream, which allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via some types of FTP over SSL protocol behavior, as demonstrated by breaking a passive FTP DATA connection in a way that triggers an error in the server's SSL_accept function. NOTE: the netkit ftp issue is covered by CVE-2007-5769.","releases":{"stretch":{"fixed_version":"0.17.18+0.3-9.1","repositories":{"stretch":"0.17.36+0.3-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.17.18+0.3-9.1","repositories":{"jessie":"0.17.33+0.3-1+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.17.18+0.3-9.1","repositories":{"sid":"0.17.36+0.3-2.1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-4247":{"debianbug":500278,"scope":"remote","description":"ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.","releases":{"stretch":{"fixed_version":"0.17.27+0.3-3","repositories":{"stretch":"0.17.36+0.3-2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.17.27+0.3-3","repositories":{"jessie":"0.17.33+0.3-1+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.17.27+0.3-3","repositories":{"sid":"0.17.36+0.3-2.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2005-3524":{"debianbug":339074,"scope":"remote","description":"Buffer overflow in the SSL-ready version of linux-ftpd (linux-ftpd-ssl) 0.17 allows remote attackers to execute arbitrary code by creating a long directory name, then executing the XPWD command.","releases":{"stretch":{"fixed_version":"0.17.18+0.3-5","repositories":{"stretch":"0.17.36+0.3-2"},"urgency":"high","status":"resolved"},"jessie":{"fixed_version":"0.17.18+0.3-5","repositories":{"jessie":"0.17.33+0.3-1+deb8u1"},"urgency":"high","status":"resolved"},"sid":{"fixed_version":"0.17.18+0.3-5","repositories":{"sid":"0.17.36+0.3-2.1"},"urgency":"high","status":"resolved"}}}}
{"CVE-2009-3591":{"debianbug":550913,"scope":"remote","description":"Dopewars 1.5.12 allows remote attackers to cause a denial of service (segmentation fault) via a REQUESTJET message with an invalid location.","releases":{"buster":{"fixed_version":"1.5.12-9","repositories":{"buster":"1.5.12-19"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.5.12-9","repositories":{"stretch":"1.5.12-18"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.5.12-9","repositories":{"jessie":"1.5.12-14"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.5.12-9","repositories":{"sid":"1.5.12-19"},"urgency":"low","status":"resolved"}}}}
{"CVE-2005-4610":{"scope":"remote","description":"Format string vulnerability in the server for Dopewars before 1.5.12, when running as an NT service, allows remote attackers to execute arbitrary code via unspecified attack vectors.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.5.12-19"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.5.12-18"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.5.12-14"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.5.12-19"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-5645":{"debianbug":696306,"releases":{"buster":{"fixed_version":"2.3.4-1","repositories":{"buster":"2.6.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.3.4-1","repositories":{"stretch":"2.5.6-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.3.4-1","repositories":{"jessie":"2.4.3-3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.3.4-1","repositories":{"sid":"2.6.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2006-3913":{"debianbug":381378,"scope":"remote","description":"Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul 2006 and earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) negative chunk_length or a (2) large chunk->offset value in a PACKET_PLAYER_ATTRIBUTE_CHUNK packet in the generic_handle_player_attribute_chunk function in common/packets.c, and (3) a large packet->length value in the handle_unit_orders function in server/unithand.c.","releases":{"buster":{"fixed_version":"2.0.8-3","repositories":{"buster":"2.6.0-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.0.8-3","repositories":{"stretch":"2.5.6-2"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.0.8-3","repositories":{"jessie":"2.4.3-3"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.0.8-3","repositories":{"sid":"2.6.0-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2012-6083":{"debianbug":696306,"releases":{"buster":{"fixed_version":"2.3.4-1","repositories":{"buster":"2.6.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.3.4-1","repositories":{"stretch":"2.5.6-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.3.4-1","repositories":{"jessie":"2.4.3-3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.3.4-1","repositories":{"sid":"2.6.0-2"},"urgency":"low","status":"resolved"}}}}
{"TEMP-0000000-E3DB33":{"releases":{"buster":{"fixed_version":"2.0.1-1","repositories":{"buster":"2.6.0-2"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"2.0.1-1","repositories":{"stretch":"2.5.6-2"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"2.0.1-1","repositories":{"jessie":"2.4.3-3"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"2.0.1-1","repositories":{"sid":"2.6.0-2"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2006-0047":{"debianbug":355211,"scope":"remote","description":"packets.c in Freeciv 2.0 before 2.0.8 allows remote attackers to cause a denial of service (server crash) via crafted packets with negative compressed size values.","releases":{"buster":{"fixed_version":"2.0.8-1","repositories":{"buster":"2.6.0-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.0.8-1","repositories":{"stretch":"2.5.6-2"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.0.8-1","repositories":{"jessie":"2.4.3-3"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.0.8-1","repositories":{"sid":"2.6.0-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2010-2445":{"debianbug":584589,"scope":"remote","description":"freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via a scenario that contains Lua functionality, related to the (1) os, (2) io, (3) package, (4) dofile, (5) loadfile, (6) loadlib, (7) module, and (8) require modules or functions.","releases":{"buster":{"fixed_version":"2.2.1-1","repositories":{"buster":"2.6.0-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.2.1-1","repositories":{"stretch":"2.5.6-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.2.1-1","repositories":{"jessie":"2.4.3-3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.2.1-1","repositories":{"sid":"2.6.0-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-7501":{"scope":"remote","description":"Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.","releases":{"buster":{"repositories":{"buster":"4.2-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"4.1-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"4.0-1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"4.2-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2010-2891":{"scope":"remote","description":"Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows context-dependent attackers to execute arbitrary code via an Object Identifier (aka OID) represented as a numerical string containing many components separated by . (dot) characters.","releases":{"buster":{"fixed_version":"0.4.8+dfsg2-3","repositories":{"buster":"0.4.8+dfsg2-16"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.4.8+dfsg2-3","repositories":{"stretch":"0.4.8+dfsg2-15"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.4.8+dfsg2-3","repositories":{"jessie":"0.4.8+dfsg2-10"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.4.8+dfsg2-3","repositories":{"sid":"0.4.8+dfsg2-16"},"urgency":"high**","status":"resolved"}}}}
{"TEMP-0409062-BD7B6D":{"debianbug":409062,"releases":{"jessie":{"fixed_version":"0.2.0-6","repositories":{"jessie":"0.4.4-6.2"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2008-6428":{"scope":"remote","description":"The CGI framework in Kaya 0.4.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-site scripting (XSS) attacks via unspecified vectors.","releases":{"jessie":{"fixed_version":"0.4.2-1","repositories":{"jessie":"0.4.4-6.2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-1839":{"debianbug":737051,"scope":"local","description":"The Execute class in shellutils in logilab-commons before 0.61.0 uses tempfile.mktemp, which allows local users to have an unspecified impact by pre-creating the temporary file.","releases":{"buster":{"fixed_version":"0.61.0-1","repositories":{"buster":"1.4.2-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.61.0-1","repositories":{"stretch":"1.3.0-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.61.0-1","repositories":{"jessie":"0.62.0-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.61.0-1","repositories":{"sid":"1.4.2-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-1838":{"debianbug":737051,"scope":"local","description":"The (1) extract_keys_from_pdf and (2) fill_pdf functions in pdf_ext.py in logilab-commons before 0.61.0 allows local users to overwrite arbitrary files and possibly have other unspecified impact via a symlink attack on /tmp/toto.fdf.","releases":{"buster":{"fixed_version":"0.61.0-1","repositories":{"buster":"1.4.2-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.61.0-1","repositories":{"stretch":"1.3.0-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.61.0-1","repositories":{"jessie":"0.62.0-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.61.0-1","repositories":{"sid":"1.4.2-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-1000159":{"debianbug":895728,"scope":"remote","description":"tlslite-ng version 0.7.3 and earlier, since commit d7b288316bca7bcdd082e6ccff5491e241305233 contains a CWE-354: Improper Validation of Integrity Check Value vulnerability in TLS implementation, tlslite/utils/constanttime.py: ct_check_cbc_mac_and_pad(); line \"end_pos = data_len - 1 - mac.digest_size\" that can result in an attacker manipulating the TLS ciphertext which will not be detected by receiving tlslite-ng. This attack appears to be exploitable via man in the middle on a network connection. This vulnerability appears to have been fixed after commit 3674815d1b0f7484454995e2737a352e0a6a93d8.","releases":{"buster":{"fixed_version":"0.7.4-1","repositories":{"buster":"0.7.5-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.6.0-1+deb9u1","repositories":{"stretch":"0.6.0-1+deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.7.4-1","repositories":{"sid":"0.7.5-2"},"urgency":"low","status":"resolved"}}}}
{"TEMP-0752092-218B4D":{"debianbug":752092,"releases":{"jessie":{"fixed_version":"1.3.7-2","repositories":{"jessie":"1.3.7-2+deb8u1","jessie-security":"1.3.7-2+deb8u1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-1002200":{"debianbug":900953,"scope":"remote","description":"plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.","releases":{"buster":{"fixed_version":"3.6.0-1","repositories":{"buster":"3.6.0-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.2-1+deb9u1","repositories":{"stretch-security":"2.2-1+deb9u1","stretch":"2.2-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.2-1+deb8u1","repositories":{"jessie":"1.2-1+deb8u1","jessie-security":"1.2-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.6.0-1","repositories":{"sid":"3.6.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9801":{"debianbug":847837,"scope":"remote","description":"In BlueZ 5.42, a buffer overflow was observed in \"set_ext_ctrl\" function in \"tools/parser/l2cap.c\" source file when processing corrupted dump file.","releases":{"buster":{"repositories":{"buster":"5.50-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"5.43-2+deb9u1","stretch":"5.43-2+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"5.23-2+deb8u1","jessie-security":"5.23-2+deb8u1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"5.50-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-9800":{"debianbug":847837,"scope":"remote","description":"In BlueZ 5.42, a buffer overflow was observed in \"pin_code_reply_dump\" function in \"tools/parser/hci.c\" source file. The issue exists because \"pin\" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame \"pin_code_reply_cp *cp\" parameter.","releases":{"buster":{"repositories":{"buster":"5.50-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"5.43-2+deb9u1","stretch":"5.43-2+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"5.23-2+deb8u1","jessie-security":"5.23-2+deb8u1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"5.50-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-9799":{"debianbug":847837,"scope":"remote","description":"In BlueZ 5.42, a buffer overflow was observed in \"pklg_read_hci\" function in \"btsnoop.c\" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.","releases":{"buster":{"repositories":{"buster":"5.50-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"5.43-2+deb9u1","stretch":"5.43-2+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"5.23-2+deb8u1","jessie-security":"5.23-2+deb8u1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"5.50-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-9798":{"debianbug":847837,"scope":"remote","description":"In BlueZ 5.42, a use-after-free was identified in \"conf_opt\" function in \"tools/parser/l2cap.c\" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.","releases":{"buster":{"repositories":{"buster":"5.50-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"5.43-2+deb9u1","stretch":"5.43-2+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"5.23-2+deb8u1","jessie-security":"5.23-2+deb8u1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"5.50-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-9797":{"debianbug":847837,"scope":"remote","description":"In BlueZ 5.42, a buffer over-read was observed in \"l2cap_dump\" function in \"tools/parser/l2cap.c\" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.","releases":{"buster":{"repositories":{"buster":"5.50-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"5.43-2+deb9u1","stretch":"5.43-2+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"5.23-2+deb8u1","jessie-security":"5.23-2+deb8u1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"5.50-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-9918":{"debianbug":847837,"scope":"remote","description":"In BlueZ 5.42, an out-of-bounds read was identified in \"packet_hexdump\" function in \"monitor/packet.c\" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.","releases":{"buster":{"repositories":{"buster":"5.50-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"5.43-2+deb9u1","stretch":"5.43-2+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"5.23-2+deb8u1","jessie-security":"5.23-2+deb8u1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"5.50-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-1000250":{"debianbug":875633,"scope":"remote","description":"All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests.","releases":{"buster":{"fixed_version":"5.46-1","repositories":{"buster":"5.50-1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"5.43-2+deb9u1","repositories":{"stretch-security":"5.43-2+deb9u1","stretch":"5.43-2+deb9u1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"5.23-2+deb8u1","repositories":{"jessie":"5.23-2+deb8u1","jessie-security":"5.23-2+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"5.46-1","repositories":{"sid":"5.50-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-7837":{"scope":"local","description":"Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities.","releases":{"buster":{"fixed_version":"5.43-1","repositories":{"buster":"5.50-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"5.43-1","repositories":{"stretch-security":"5.43-2+deb9u1","stretch":"5.43-2+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"5.23-2+deb8u1","jessie-security":"5.23-2+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"5.43-1","repositories":{"sid":"5.50-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9917":{"debianbug":847837,"scope":"remote","description":"In BlueZ 5.42, a buffer overflow was observed in \"read_n\" function in \"tools/hcidump.c\" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.","releases":{"buster":{"repositories":{"buster":"5.50-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"5.43-2+deb9u1","stretch":"5.43-2+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"5.23-2+deb8u1","jessie-security":"5.23-2+deb8u1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"5.50-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-9804":{"debianbug":847837,"scope":"remote","description":"In BlueZ 5.42, a buffer overflow was observed in \"commands_dump\" function in \"tools/parser/csr.c\" source file. The issue exists because \"commands\" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame \"frm->ptr\" parameter. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.","releases":{"buster":{"repositories":{"buster":"5.50-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"5.43-2+deb9u1","stretch":"5.43-2+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"5.23-2+deb8u1","jessie-security":"5.23-2+deb8u1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"5.50-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-9803":{"debianbug":847837,"scope":"remote","description":"In BlueZ 5.42, an out-of-bounds read was observed in \"le_meta_ev_dump\" function in \"tools/parser/hci.c\" source file. This issue exists because 'subevent' (which is used to read correct element from 'ev_le_meta_str' array) is overflowed.","releases":{"buster":{"repositories":{"buster":"5.50-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"5.43-2+deb9u1","stretch":"5.43-2+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"5.23-2+deb8u1","jessie-security":"5.23-2+deb8u1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"5.50-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-9802":{"debianbug":847837,"scope":"remote","description":"In BlueZ 5.42, a buffer over-read was identified in \"l2cap_packet\" function in \"monitor/packet.c\" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.","releases":{"buster":{"repositories":{"buster":"5.50-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"5.43-2+deb9u1","stretch":"5.43-2+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"5.23-2+deb8u1","jessie-security":"5.23-2+deb8u1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"5.50-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2018-10910":{"debianbug":925369,"scope":"local","description":"A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable.","releases":{"buster":{"nodsa":"Minor issue","repositories":{"buster":"5.50-1"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"stretch":{"nodsa":"Minor issue, does not affected Gnome Bluetooth in stretch","repositories":{"stretch-security":"5.43-2+deb9u1","stretch":"5.43-2+deb9u1"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Minor issue because in gnome-bluetooth <= 3.26 the D-Bus calls were synchronous and thus the issue in bluez will have no actual affect","repositories":{"jessie":"5.23-2+deb8u1","jessie-security":"5.23-2+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"5.50-1"},"urgency":"low","status":"open"}}}}
{"CVE-2009-3941":{"scope":"remote","description":"Martin Lambers mpop before 1.0.19, when OpenSSL is used, does not properly handle a '\\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.4.3-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.2.6-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.0.29-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.4.3-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-8337":{"debianbug":922345,"scope":"remote","description":"In msmtp 1.8.2 and mpop 1.4.3, when tls_trust_file has its default configuration, certificate-verification results are not properly checked.","releases":{"buster":{"fixed_version":"1.4.3-1","repositories":{"buster":"1.4.3-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.2.6-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.0.29-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.4.3-1","repositories":{"sid":"1.4.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-3340":{"scope":"local","description":"The tuxpaint-import.sh script in Tux Paint (tuxpaint) 0.9.14 and earlier creates temporary files insecurely, with unknown impact and attack vectors.","releases":{"buster":{"fixed_version":"1:0.9.15b-1","repositories":{"buster":"1:0.9.23-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:0.9.15b-1","repositories":{"stretch":"1:0.9.22-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:0.9.15b-1","repositories":{"jessie":"1:0.9.22-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:0.9.15b-1","repositories":{"sid":"1:0.9.23-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-7758":{"debianbug":756432,"scope":"local","description":"Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a (1) .aux, (2) .log, (3) .out, (4) .pdf, or (5) .toc extension for the file name, as demonstrated by .thesis.tex.aux.","releases":{"buster":{"fixed_version":"0.6.5-6","repositories":{"buster":"0.6.6-5"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"0.6.5-6","repositories":{"stretch":"0.6.6-2"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"0.6.5-3+deb8u1","repositories":{"jessie":"0.6.5-3+deb8u2"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"0.6.5-6","repositories":{"sid":"0.6.6-5"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2015-1029":{"debianbug":775535,"scope":"remote","description":"The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache.","releases":{"buster":{"fixed_version":"4.9.0-1","repositories":{"buster":"5.0.0-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.9.0-1","repositories":{"stretch":"4.14.0-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.3.2-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"4.9.0-1","repositories":{"sid":"5.0.0-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-0778":{"debianbug":780410,"scope":"remote","description":"osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file.","releases":{"buster":{"fixed_version":"0.149.0-2","repositories":{"buster":"0.164.2-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.149.0-2","repositories":{"stretch":"0.156.0-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.149.0-2","repositories":{"jessie":"0.149.0-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.149.0-2","repositories":{"sid":"0.164.2-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-9274":{"debianbug":887391,"scope":"remote","description":"A shell command injection in the obs-service-source_validator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs.","releases":{"buster":{"fixed_version":"0.162.1-1","repositories":{"buster":"0.164.2-1"},"urgency":"high**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.156.0-1"},"urgency":"high**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.149.0-2"},"urgency":"high**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.162.1-1","repositories":{"sid":"0.164.2-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-1095":{"scope":"remote","description":"osc before 0.134 might allow remote OBS repository servers or package maintainers to execute arbitrary commands via a crafted (1) build log or (2) build status that contains an escape sequence for a terminal emulator.","releases":{"buster":{"repositories":{"buster":"0.164.2-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"0.156.0-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"0.149.0-2"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"0.164.2-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-2810":{"debianbug":864818,"scope":"remote","description":"An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability.","releases":{"buster":{"fixed_version":"0.9.11-3","repositories":{"buster":"0.12.1-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.9.11-2+deb8u1","repositories":{"stretch":"0.9.11-2+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.9.11-2+deb8u1","repositories":{"jessie":"0.9.11-2+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.9.11-3","repositories":{"sid":"0.12.1-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-5215":{"scope":"local","description":"The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file.","releases":{"buster":{"fixed_version":"1:1.0.5-1","repositories":{"buster":"1:1.1.11-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:1.0.5-1","repositories":{"stretch":"1:1.1.11-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:1.0.5-1","repositories":{"jessie":"1:1.1.11-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:1.0.5-1","repositories":{"sid":"1:1.1.11-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2006-5214":{"scope":"local","description":"Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is performed, which allows local users to read Xsession errors files of other users.","releases":{"buster":{"fixed_version":"1:1.0.5-1","repositories":{"buster":"1:1.1.11-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:1.0.5-1","repositories":{"stretch":"1:1.1.11-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:1.0.5-1","repositories":{"jessie":"1:1.1.11-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:1.0.5-1","repositories":{"sid":"1:1.1.11-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-2179":{"scope":"remote","description":"X.Org xdm 1.1.10, 1.1.11, and possibly other versions, when performing authentication using certain implementations of the crypt API function that can return NULL, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by attempting to log into an account whose password field contains invalid characters, as demonstrated using the crypt function from glibc 2.17 and later with (1) the \"!\" character in the salt portion of a password field or (2) a password that has been encrypted using DES or MD5 in FIPS-140 mode.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:1.1.11-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1:1.1.11-3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:1.1.11-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:1.1.11-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-4447":{"scope":"local","description":"X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit.","releases":{"buster":{"fixed_version":"1:1.0.5-1","repositories":{"buster":"1:1.1.11-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1:1.0.5-1","repositories":{"stretch":"1:1.1.11-3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1:1.0.5-1","repositories":{"jessie":"1:1.1.11-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:1.0.5-1","repositories":{"sid":"1:1.1.11-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2004-0419":{"scope":"remote","description":"XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to connect to the port, in violation of the intended restrictions.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:1.1.11-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1:1.1.11-3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:1.1.11-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:1.1.11-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-3910":{"debianbug":497730,"scope":"remote","description":"dns2tcp before 0.4.1 does not properly handle negative values in a certain length field in the input argument to the (1) dns_simple_decode or (2) dns_decode function, which allows remote attackers to overwrite a buffer and have unspecified other impact.","releases":{"buster":{"fixed_version":"0.4.dfsg-2","repositories":{"buster":"0.5.2-1.1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"0.4.dfsg-2","repositories":{"stretch":"0.5.2-1.1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"0.4.dfsg-2","repositories":{"jessie":"0.5.2-1.1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"0.4.dfsg-2","repositories":{"sid":"0.5.2-1.1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2015-4495":{"scope":"remote","description":"The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015.","releases":{"stretch":{"fixed_version":"1.1.366+dfsg-1","repositories":{"stretch":"1.5.188+dfsg-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.907+dfsg-1+deb8u1","repositories":{"jessie":"1.0.907+dfsg-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.1.366+dfsg-1","repositories":{"sid":"1.5.188+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-7945":{"debianbug":809538,"scope":"remote","description":"The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2 allows remote attackers to obtain the DRBD secret via instance information job results.","releases":{"buster":{"fixed_version":"2.15.2-1","repositories":{"buster":"2.16.0-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.15.2-1","repositories":{"stretch":"2.15.2-7+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.12.4-1+deb8u2","repositories":{"jessie":"2.12.4-1+deb8u3","jessie-security":"2.12.4-1+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.15.2-1","repositories":{"sid":"2.16.0-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-7944":{"debianbug":809537,"scope":"remote","description":"The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2, when used in SSL mode, allows remote attackers to cause a denial of service (resource consumption) via SSL parameter renegotiation.","releases":{"buster":{"fixed_version":"2.15.2-1","repositories":{"buster":"2.16.0-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.15.2-1","repositories":{"stretch":"2.15.2-7+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.12.4-1+deb8u2","repositories":{"jessie":"2.12.4-1+deb8u3","jessie-security":"2.12.4-1+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.15.2-1","repositories":{"sid":"2.16.0-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-4261":{"scope":"remote","description":"Multiple directory traversal vulnerabilities in the iallocator framework in Ganeti 1.2.4 through 1.2.8, 2.0.0 through 2.0.4, and 2.1.0 before 2.1.0~rc2 allow (1) remote attackers to execute arbitrary programs via a crafted external script name supplied through the HTTP remote API (RAPI) and allow (2) local users to execute arbitrary programs and gain privileges via a crafted external script name supplied through a gnt-* command, related to \"path sanitization errors.\"","releases":{"buster":{"fixed_version":"2.0.5-1","repositories":{"buster":"2.16.0-5"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.0.5-1","repositories":{"stretch":"2.15.2-7+deb9u3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.0.5-1","repositories":{"jessie":"2.12.4-1+deb8u3","jessie-security":"2.12.4-1+deb8u3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.0.5-1","repositories":{"sid":"2.16.0-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-5247":{"scope":"local","description":"The _UpgradeBeforeConfigurationChange function in lib/client/gnt_cluster.py in Ganeti 2.10.0 before 2.10.7 and 2.11.0 before 2.11.5 uses world-readable permissions for the configuration backup file, which allows local users to obtain SSL keys, remote API credentials, and other sensitive information by reading the file, related to the upgrade command.","releases":{"buster":{"fixed_version":"2.11.5-1","repositories":{"buster":"2.16.0-5"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2.11.5-1","repositories":{"stretch":"2.15.2-7+deb9u3"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"2.11.5-1","repositories":{"jessie":"2.12.4-1+deb8u3","jessie-security":"2.12.4-1+deb8u3"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2.11.5-1","repositories":{"sid":"2.16.0-5"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-15365":{"debianbug":884065,"scope":"remote","description":"sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"2.2.3-2.1"},"urgency":"unimportant","status":"resolved"},"sid":{"repositories":{"sid":"2.2.3-2.1"},"urgency":"medium**","status":"undetermined"}}}}
{"CVE-2015-1027":{"scope":"remote","description":"The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response could be modified to allow the attacker to respond with modified command payload and have the client return additional running configuration information leading to an information disclosure of running configuration of MySQL.","releases":{"jessie":{"repositories":{"jessie":"2.2.3-2.1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2.2.3-2.1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-6225":{"debianbug":851244,"scope":"remote","description":"xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6394.","releases":{"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.2.3-2.1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"2.2.3-2.1"},"urgency":"medium**","status":"open"}}}}
{"CVE-2014-2029":{"debianbug":740846,"scope":"remote","description":"The automatic version check functionality in the tools in Percona Toolkit 2.1 allows man-in-the-middle attackers to obtain sensitive information or execute arbitrary code by leveraging use of HTTP to download configuration information from v.percona.com.","releases":{"jessie":{"fixed_version":"2.2.3-1","repositories":{"jessie":"2.2.3-2.1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.2.3-1","repositories":{"sid":"2.2.3-2.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-6394":{"debianbug":730544,"scope":"local","description":"Percona XtraBackup before 2.1.6 uses a constant string for the initialization vector (IV), which makes it easier for local users to defeat cryptographic protection mechanisms and conduct plaintext attacks.","releases":{"jessie":{"fixed_version":"2.1.6-2","repositories":{"jessie":"2.2.3-2.1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2.1.6-2","repositories":{"sid":"2.2.3-2.1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2009-4193":{"debianbug":548546,"scope":"local","description":"Merkaartor 0.14 allows local users to append data to arbitrary files via a symlink attack on the /tmp/merkaartor.log temporary file.","releases":{"buster":{"fixed_version":"0.14+svnfixes~20090912-2","repositories":{"buster":"0.18.3+ds-5"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.14+svnfixes~20090912-2","repositories":{"stretch":"0.18.3+ds-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.14+svnfixes~20090912-2","repositories":{"jessie":"0.18.1-3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.14+svnfixes~20090912-2","repositories":{"sid":"0.18.3+ds-5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-10897":{"debianbug":921131,"scope":"remote","description":"A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected.","releases":{"buster":{"fixed_version":"1.1.31-2.2","repositories":{"buster":"1.1.31-4"},"urgency":"high**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.1.31-2"},"urgency":"high**","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.1.31-2"},"urgency":"high**","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"1.1.31-2.2","repositories":{"sid":"1.1.31-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2004-0782":{"scope":"remote","description":"Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain n_col and cpp values that enable a heap-based buffer overflow.  NOTE: this identifier is ONLY for gtk+.  It was incorrectly referenced in an advisory for a different issue (CVE-2004-0687).","releases":{"buster":{"fixed_version":"0.22.0-7","repositories":{"buster":"2.38.1+dfsg-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.22.0-7","repositories":{"stretch-security":"2.36.5-2+deb9u2","stretch":"2.36.5-2+deb9u2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.22.0-7","repositories":{"jessie":"2.31.1-2+deb8u7","jessie-security":"2.31.1-2+deb8u7"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.22.0-7","repositories":{"sid":"2.38.1+dfsg-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2005-3186":{"debianbug":339431,"scope":"remote","description":"Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"0.22.0-11","repositories":{"buster":"2.38.1+dfsg-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"0.22.0-11","repositories":{"stretch-security":"2.36.5-2+deb9u2","stretch":"2.36.5-2+deb9u2"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"0.22.0-11","repositories":{"jessie":"2.31.1-2+deb8u7","jessie-security":"2.31.1-2+deb8u7"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"0.22.0-11","repositories":{"sid":"2.38.1+dfsg-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2011-2897":{"releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.38.1+dfsg-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"2.36.5-2+deb9u2","stretch":"2.36.5-2+deb9u2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.31.1-2+deb8u7","jessie-security":"2.31.1-2+deb8u7"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.38.1+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2004-0788":{"scope":"remote","description":"Integer overflow in the ICO image decoder for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted ICO file.","releases":{"buster":{"fixed_version":"0.22.0-7","repositories":{"buster":"2.38.1+dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.22.0-7","repositories":{"stretch-security":"2.36.5-2+deb9u2","stretch":"2.36.5-2+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.22.0-7","repositories":{"jessie":"2.31.1-2+deb8u7","jessie-security":"2.31.1-2+deb8u7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.22.0-7","repositories":{"sid":"2.38.1+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-0891":{"scope":"remote","description":"Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image.","releases":{"buster":{"fixed_version":"0.22.0-7.1","repositories":{"buster":"2.38.1+dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.22.0-7.1","repositories":{"stretch-security":"2.36.5-2+deb9u2","stretch":"2.36.5-2+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.22.0-7.1","repositories":{"jessie":"2.31.1-2+deb8u7","jessie-security":"2.31.1-2+deb8u7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.22.0-7.1","repositories":{"sid":"2.38.1+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-6352":{"debianbug":832496,"scope":"remote","description":"The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file.","releases":{"buster":{"fixed_version":"2.35.4-1","repositories":{"buster":"2.38.1+dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.35.4-1","repositories":{"stretch-security":"2.36.5-2+deb9u2","stretch":"2.36.5-2+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue, can be fixed along in a future DSA","repositories":{"jessie":"2.31.1-2+deb8u7","jessie-security":"2.31.1-2+deb8u7"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.35.4-1","repositories":{"sid":"2.38.1+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6311":{"debianbug":858491,"scope":"remote","description":"gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to printing an error message.","releases":{"buster":{"fixed_version":"2.36.10-1","repositories":{"buster":"2.38.1+dfsg-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch-security":"2.36.5-2+deb9u2","stretch":"2.36.5-2+deb9u2"},"urgency":"unimportant","status":"open"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.31.1-2+deb8u7","jessie-security":"2.31.1-2+deb8u7"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.36.10-1","repositories":{"sid":"2.38.1+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2870":{"debianbug":873787,"scope":"remote","description":"An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability.","releases":{"buster":{"fixed_version":"2.36.10-1","repositories":{"buster":"2.38.1+dfsg-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch-security":"2.36.5-2+deb9u2","stretch":"2.36.5-2+deb9u2"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.31.1-2+deb8u7","jessie-security":"2.31.1-2+deb8u7"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.36.10-1","repositories":{"sid":"2.38.1+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-6314":{"debianbug":856448,"scope":"remote","description":"The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.","releases":{"buster":{"fixed_version":"2.36.11-2","repositories":{"buster":"2.38.1+dfsg-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.36.5-2+deb9u2","repositories":{"stretch-security":"2.36.5-2+deb9u2","stretch":"2.36.5-2+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.31.1-2+deb8u7","jessie-security":"2.31.1-2+deb8u7"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"2.36.11-2","repositories":{"sid":"2.38.1+dfsg-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-1000422":{"scope":"remote","description":"Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution","releases":{"buster":{"fixed_version":"2.36.11-1","repositories":{"buster":"2.38.1+dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.36.5-2+deb9u2","repositories":{"stretch-security":"2.36.5-2+deb9u2","stretch":"2.36.5-2+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.31.1-2+deb8u7","repositories":{"jessie":"2.31.1-2+deb8u7","jessie-security":"2.31.1-2+deb8u7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.36.11-1","repositories":{"sid":"2.38.1+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6312":{"debianbug":856444,"scope":"remote","description":"Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations.","releases":{"buster":{"fixed_version":"2.36.11-2","repositories":{"buster":"2.38.1+dfsg-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.36.5-2+deb9u2","repositories":{"stretch-security":"2.36.5-2+deb9u2","stretch":"2.36.5-2+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.31.1-2+deb8u7","jessie-security":"2.31.1-2+deb8u7"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"2.36.11-2","repositories":{"sid":"2.38.1+dfsg-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-6313":{"debianbug":856445,"scope":"remote","description":"Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file.","releases":{"buster":{"fixed_version":"2.36.11-2","repositories":{"buster":"2.38.1+dfsg-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.36.5-2+deb9u2","repositories":{"stretch-security":"2.36.5-2+deb9u2","stretch":"2.36.5-2+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.31.1-2+deb8u7","jessie-security":"2.31.1-2+deb8u7"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"2.36.11-2","repositories":{"sid":"2.38.1+dfsg-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-7673":{"scope":"remote","description":"io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file.","releases":{"buster":{"fixed_version":"2.32.0-1","repositories":{"buster":"2.38.1+dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.32.0-1","repositories":{"stretch-security":"2.36.5-2+deb9u2","stretch":"2.36.5-2+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.31.1-2+deb8u3","repositories":{"jessie":"2.31.1-2+deb8u7","jessie-security":"2.31.1-2+deb8u7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.32.0-1","repositories":{"sid":"2.38.1+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-7552":{"scope":"remote","description":"Heap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixbuf-scale.c in gdk-pixbuf 2.30.x allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted BMP file.","releases":{"buster":{"fixed_version":"2.32.0-1","repositories":{"buster":"2.38.1+dfsg-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.32.0-1","repositories":{"stretch-security":"2.36.5-2+deb9u2","stretch":"2.36.5-2+deb9u2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.31.1-2+deb8u5","repositories":{"jessie":"2.31.1-2+deb8u7","jessie-security":"2.31.1-2+deb8u7"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.32.0-1","repositories":{"sid":"2.38.1+dfsg-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2005-2976":{"debianbug":339431,"scope":"remote","description":"Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186.","releases":{"buster":{"fixed_version":"0.22.0-11","repositories":{"buster":"2.38.1+dfsg-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"0.22.0-11","repositories":{"stretch-security":"2.36.5-2+deb9u2","stretch":"2.36.5-2+deb9u2"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"0.22.0-11","repositories":{"jessie":"2.31.1-2+deb8u7","jessie-security":"2.31.1-2+deb8u7"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"0.22.0-11","repositories":{"sid":"2.38.1+dfsg-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2015-7674":{"scope":"remote","description":"Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"2.32.1-1","repositories":{"buster":"2.38.1+dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.32.1-1","repositories":{"stretch-security":"2.36.5-2+deb9u2","stretch":"2.36.5-2+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.31.1-2+deb8u3","repositories":{"jessie":"2.31.1-2+deb8u7","jessie-security":"2.31.1-2+deb8u7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.32.1-1","repositories":{"sid":"2.38.1+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-2975":{"debianbug":339431,"scope":"remote","description":"io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before 2.8.7 allows attackers to cause a denial of service (infinite loop) via a crafted XPM image with a large number of colors.","releases":{"buster":{"fixed_version":"0.22.0-11","repositories":{"buster":"2.38.1+dfsg-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.22.0-11","repositories":{"stretch-security":"2.36.5-2+deb9u2","stretch":"2.36.5-2+deb9u2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.22.0-11","repositories":{"jessie":"2.31.1-2+deb8u7","jessie-security":"2.31.1-2+deb8u7"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.22.0-11","repositories":{"sid":"2.38.1+dfsg-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2004-0111":{"scope":"remote","description":"gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file.","releases":{"buster":{"fixed_version":"0.22.0-3","repositories":{"buster":"2.38.1+dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.22.0-3","repositories":{"stretch-security":"2.36.5-2+deb9u2","stretch":"2.36.5-2+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.22.0-3","repositories":{"jessie":"2.31.1-2+deb8u7","jessie-security":"2.31.1-2+deb8u7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.22.0-3","repositories":{"sid":"2.38.1+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2004-0753":{"scope":"remote","description":"The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted BMP file.","releases":{"buster":{"fixed_version":"0.22.0-7","repositories":{"buster":"2.38.1+dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.22.0-7","repositories":{"stretch-security":"2.36.5-2+deb9u2","stretch":"2.36.5-2+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.22.0-7","repositories":{"jessie":"2.31.1-2+deb8u7","jessie-security":"2.31.1-2+deb8u7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.22.0-7","repositories":{"sid":"2.38.1+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-2485":{"debianbug":631524,"scope":"remote","description":"The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in gdk-pixbuf before 2.23.5 does not properly handle certain return values, which allows remote attackers to cause a denial of service (memory consumption) via a crafted GIF image file.","releases":{"buster":{"fixed_version":"2.23.3-3.1","repositories":{"buster":"2.38.1+dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.23.3-3.1","repositories":{"stretch-security":"2.36.5-2+deb9u2","stretch":"2.36.5-2+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.23.3-3.1","repositories":{"jessie":"2.31.1-2+deb8u7","jessie-security":"2.31.1-2+deb8u7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.23.3-3.1","repositories":{"sid":"2.38.1+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-2862":{"debianbug":874552,"scope":"remote","description":"An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability.","releases":{"buster":{"fixed_version":"2.36.10-1","repositories":{"buster":"2.38.1+dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.36.5-2+deb9u1","repositories":{"stretch-security":"2.36.5-2+deb9u2","stretch":"2.36.5-2+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.31.1-2+deb8u6","repositories":{"jessie":"2.31.1-2+deb8u7","jessie-security":"2.31.1-2+deb8u7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.36.10-1","repositories":{"sid":"2.38.1+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-4491":{"scope":"remote","description":"Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.","releases":{"buster":{"fixed_version":"2.31.7-1","repositories":{"buster":"2.38.1+dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.31.7-1","repositories":{"stretch-security":"2.36.5-2+deb9u2","stretch":"2.36.5-2+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.31.1-2+deb8u4","repositories":{"jessie":"2.31.1-2+deb8u7","jessie-security":"2.31.1-2+deb8u7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.31.7-1","repositories":{"sid":"2.38.1+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8875":{"scope":"remote","description":"Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functions in pixops/pixops.c in gdk-pixbuf before 2.33.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image, which triggers a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"2.34.0-1","repositories":{"buster":"2.38.1+dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.34.0-1","repositories":{"stretch-security":"2.36.5-2+deb9u2","stretch":"2.36.5-2+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.31.1-2+deb8u5","repositories":{"jessie":"2.31.1-2+deb8u7","jessie-security":"2.31.1-2+deb8u7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.34.0-1","repositories":{"sid":"2.38.1+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-2370":{"scope":"remote","description":"Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service (application crash) via a negative (1) height or (2) width in an XBM file, which triggers a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"2.26.1-1","repositories":{"buster":"2.38.1+dfsg-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.26.1-1","repositories":{"stretch-security":"2.36.5-2+deb9u2","stretch":"2.36.5-2+deb9u2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.26.1-1","repositories":{"jessie":"2.31.1-2+deb8u7","jessie-security":"2.31.1-2+deb8u7"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.26.1-1","repositories":{"sid":"2.38.1+dfsg-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-12447":{"scope":"remote","description":"GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact via a crafted file folder.","releases":{"buster":{"fixed_version":"2.34.0-1","repositories":{"buster":"2.38.1+dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.34.0-1","repositories":{"stretch-security":"2.36.5-2+deb9u2","stretch":"2.36.5-2+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.31.1-2+deb8u5","repositories":{"jessie":"2.31.1-2+deb8u7","jessie-security":"2.31.1-2+deb8u7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.34.0-1","repositories":{"sid":"2.38.1+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-14938":{"debianbug":905483,"scope":"remote","description":"An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. There is an integer overflow in the function handle_prism during caplen processing. If the caplen is less than 144, one can cause an integer overflow in the function handle_80211, which will result in an out-of-bounds read and may allow access to sensitive memory (or a denial of service).","releases":{"buster":{"fixed_version":"1.5.0+repack1-1","repositories":{"buster":"1.5.2+repack1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.4.5+repack1-3"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.4.4+repack1-3"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.5.0+repack1-1","repositories":{"sid":"1.5.2+repack1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-18409":{"debianbug":911263,"scope":"remote","description":"A stack-based buffer over-read exists in setbit() at iptree.h of TCPFLOW 1.5.0, due to received incorrect values causing incorrect computation, leading to denial of service during an address_histogram call or a get_histogram call.","releases":{"buster":{"fixed_version":"1.5.2+repack1-1","repositories":{"buster":"1.5.2+repack1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"1.4.5+repack1-3"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1.4.4+repack1-3"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"1.5.2+repack1-1","repositories":{"sid":"1.5.2+repack1-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-1000546":{"debianbug":902719,"scope":"remote","description":"Triplea version <= 1.9.0.0.10291 contains a XML External Entity (XXE) vulnerability in Importing game data that can result in Possible information disclosure, server-side request forgery, or remote code execution. This attack appear to be exploitable via Specially crafted game data file (XML).","releases":{"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.8.0.9+dfsg-1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.7.0.3+dfsg-1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"1.9.0.0.7062-2"},"urgency":"low","status":"open"}}}}
{"CVE-2014-5340":{"debianbug":758883,"scope":"remote","description":"The wato component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to an automation URL.","releases":{"sid":{"fixed_version":"1.2.6p4-1","repositories":{"sid":"1.2.8p26-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-2329":{"debianbug":742689,"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allow remote authenticated users to inject arbitrary web script or HTML via the (1) agent string for a check_mk agent, a (2) crafted request to a monitored host, which is not properly handled by the logwatch module, or other unspecified vectors.","releases":{"sid":{"fixed_version":"1.2.2p3-1","repositories":{"sid":"1.2.8p26-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2014-2330":{"debianbug":742689,"scope":"remote","description":"Multiple cross-site request forgery (CSRF) vulnerabilities in the Multisite GUI in Check_MK before 1.2.5i2 allow remote attackers to hijack the authentication of users for requests that (1) upload arbitrary snapshots, (2) delete arbitrary files, or possibly have other unspecified impact via unknown vectors.","releases":{"sid":{"fixed_version":"1.2.6p4-1","repositories":{"sid":"1.2.8p26-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-9781":{"debianbug":865497,"scope":"remote","description":"A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.4.0x prior to 1.4.0p6, allowing an unauthenticated remote attacker to inject arbitrary HTML or JavaScript via the _username parameter when attempting authentication to webapi.py, which is returned unencoded with content type text/html.","releases":{"sid":{"repositories":{"sid":"1.2.8p26-1"},"urgency":"medium**","status":"open"}}}}
{"CVE-2014-2331":{"debianbug":742689,"scope":"remote","description":"Check_MK 1.2.2p2, 1.2.2p3, and 1.2.3i5 allows remote authenticated users to execute arbitrary Python code via a crafted rules.mk file in a snapshot.  NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330.","releases":{"sid":{"fixed_version":"1.2.6p4-1","repositories":{"sid":"1.2.8p26-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-2332":{"debianbug":742689,"scope":"remote","description":"Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allows remote authenticated users to delete arbitrary files via a request to an unspecified link, related to \"Insecure Direct Object References.\" NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330.","releases":{"sid":{"fixed_version":"1.2.2p3-1","repositories":{"sid":"1.2.8p26-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-0243":{"scope":"local","description":"Check_MK through 1.2.5i2p1 allows local users to read arbitrary files via a symlink attack to a file in /var/lib/check_mk_agent/job.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"1.2.8p26-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-11507":{"scope":"remote","description":"A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the output_format parameter, and the username parameter of failed HTTP basic authentication attempts, which is returned unencoded in an internal server error page.","releases":{"sid":{"fixed_version":"1.2.8p26-1","repositories":{"sid":"1.2.8p26-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-5339":{"debianbug":758883,"scope":"remote","description":"Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allows remote authenticated users to write check_mk config files (.mk files) to arbitrary locations via vectors related to row selections.","releases":{"sid":{"fixed_version":"1.2.6p4-1","repositories":{"sid":"1.2.8p26-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-5338":{"debianbug":758883,"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in the multisite component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the (1) render_status_icons function in htmllib.py or (2) ajax_action function in actions.py.","releases":{"sid":{"fixed_version":"1.2.6p4-1","repositories":{"sid":"1.2.8p26-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-14955":{"scope":"remote","description":"Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report.","releases":{"sid":{"fixed_version":"1.2.8p26-1","repositories":{"sid":"1.2.8p26-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-9390":{"debianbug":773640,"releases":{"buster":{"fixed_version":"3.7.0-1","repositories":{"buster":"3.7.1-6"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"3.7.0-1","repositories":{"stretch":"3.7.1-4"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.4.0-2"},"urgency":"not yet assigned","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3.7.0-1","repositories":{"sid":"3.7.1-6"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2013-2099":{"debianbug":708530,"scope":"remote","description":"Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate.","releases":{"buster":{"fixed_version":"2.6.0~bzr6574-1","repositories":{"buster":"2.7.0+bzr6622-15"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.6.0~bzr6574-1","repositories":{"stretch-security":"2.7.0+bzr6619-7+deb9u1","stretch":"2.7.0+bzr6619-7+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.6.0~bzr6574-1","repositories":{"jessie":"2.6.0+bzr6595-6+deb8u1","jessie-security":"2.6.0+bzr6595-6+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.6.0~bzr6574-1","repositories":{"sid":"2.7.0+bzr6622-15"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-14176":{"debianbug":874429,"scope":"remote","description":"Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117.","releases":{"buster":{"fixed_version":"2.7.0+bzr6622-7","repositories":{"buster":"2.7.0+bzr6622-15"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.7.0+bzr6619-7+deb9u1","repositories":{"stretch-security":"2.7.0+bzr6619-7+deb9u1","stretch":"2.7.0+bzr6619-7+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.6.0+bzr6595-6+deb8u1","repositories":{"jessie":"2.6.0+bzr6595-6+deb8u1","jessie-security":"2.6.0+bzr6595-6+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.7.0+bzr6622-7","repositories":{"sid":"2.7.0+bzr6622-15"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-9586":{"releases":{"buster":{"fixed_version":"0.43-1","repositories":{"buster":"0.51-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"0.43-1","repositories":{"stretch":"0.46-1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"0.43-1","repositories":{"sid":"0.51-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2009-4664":{"debianbug":547390,"scope":"local","description":"Firewall Builder 3.0.4, 3.0.5, and 3.0.6, when running on Linux, allows local users to gain privileges via a symlink attack on an unspecified temporary file that is created by the iptables script.","releases":{"buster":{"fixed_version":"3.0.7-1","repositories":{"buster":"5.3.7-3"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"3.0.7-1","repositories":{"stretch":"5.1.0-4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"3.0.7-1","repositories":{"jessie":"5.1.0-4"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"3.0.7-1","repositories":{"sid":"5.3.7-3"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2008-4956":{"debianbug":496406,"scope":"local","description":"fwb_install in fwbuilder 2.1.19 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/ssh-agent.##### temporary file.","releases":{"buster":{"fixed_version":"2.1.19-5","repositories":{"buster":"5.3.7-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.1.19-5","repositories":{"stretch":"5.1.0-4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.1.19-5","repositories":{"jessie":"5.1.0-4"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.1.19-5","repositories":{"sid":"5.3.7-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-7835":{"scope":"local","description":"The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping.","releases":{"buster":{"fixed_version":"4.6.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.6.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u2","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.6.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-4551":{"scope":"remote","description":"Xen 4.2.x and 4.3.x, when nested virtualization is disabled, does not properly check the emulation paths for (1) VMLAUNCH and (2) VMRESUME, which allows local HVM guest users to cause a denial of service (host crash) via unspecified vectors related to \"guest VMX instruction execution.\"","releases":{"buster":{"fixed_version":"4.4.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.4.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.0-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.4.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-4255":{"debianbug":609531,"scope":"remote","description":"The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and earlier on 64-bit platforms, when paravirtualization is enabled, does not verify that kernel mode is used to call the handle_gdt_ldt_mapping_fault function, which allows guest OS users to cause a denial of service (host OS BUG_ON) via a crafted memory access.","releases":{"buster":{"fixed_version":"4.0.1-2","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.0.1-2","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.0.1-2","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.0.1-2","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-4554":{"scope":"remote","description":"Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a crafted application running in ring 1 or 2.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-4553":{"scope":"remote","description":"The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always obtain the page_alloc_lock and mm_rwlock in the same order, which allows local guest administrators to cause a denial of service (host deadlock).","releases":{"buster":{"fixed_version":"4.4.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.4.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.0-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.4.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-1964":{"scope":"local","description":"Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possibly have other impacts via unspecified vectors.","releases":{"buster":{"fixed_version":"4.1.4-3","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.1.4-3","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.1.4-3","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.1.4-3","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0000000-839329":{"releases":{"buster":{"repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"not yet assigned","status":"open"},"stretch":{"repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"not yet assigned","status":"open"},"jessie":{"repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"not yet assigned","status":"open"},"sid":{"repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"not yet assigned","status":"open"}}}}
{"CVE-2018-3665":{"scope":"local","description":"System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.","releases":{"buster":{"fixed_version":"4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u8","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u8","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"open"},"sid":{"fixed_version":"4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u8","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-6333":{"scope":"local","description":"Multiple HVM control operations in Xen 3.4 through 4.2 allow local HVM guest OS administrators to cause a denial of service (physical CPU consumption) via a large input.","releases":{"buster":{"fixed_version":"4.1.3-8","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.1.3-8","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.1.3-8","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.1.3-8","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-3340":{"debianbug":784011,"scope":"remote","description":"Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request.","releases":{"buster":{"fixed_version":"4.6.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"4.6.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u3","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.6.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-8866":{"debianbug":770230,"scope":"local","description":"The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving altering the high halves of registers while in 64-bit mode.","releases":{"buster":{"fixed_version":"4.4.1-5","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.4.1-5","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-5","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.4.1-5","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-1571":{"debianbug":823620,"scope":"local","description":"The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID instruction, which triggers a hypervisor bug check.","releases":{"buster":{"fixed_version":"4.8.0~rc3-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.0~rc3-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u4","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.8.0~rc3-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-8867":{"debianbug":770230,"scope":"local","description":"The acceleration support for the \"REP MOVS\" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM guests to cause a denial of service (host crash) via unspecified vectors.","releases":{"buster":{"fixed_version":"4.4.1-5","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.4.1-5","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-5","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.4.1-5","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-1570":{"debianbug":823620,"scope":"local","description":"The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier (MFN) to the (1) MMUEXT_MARK_SUPER or (2) MMUEXT_UNMARK_SUPER sub-op in the HYPERVISOR_mmuext_op hypercall or (3) unknown vectors related to page table updates.","releases":{"buster":{"fixed_version":"4.8.0~rc3-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.0~rc3-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u4","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.8.0~rc3-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-4963":{"scope":"local","description":"The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore.","releases":{"buster":{"fixed_version":"4.8.0~rc3-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.8.0~rc3-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.4.4lts1-0+deb8u1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.8.0~rc3-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-4962":{"scope":"local","description":"The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore.","releases":{"buster":{"fixed_version":"4.8.0~rc3-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.0~rc3-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u6","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.8.0~rc3-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-4022":{"scope":"remote","description":"The alloc_domain_struct function in arch/arm/domain.c in Xen 4.4.x, when running on an ARM platform, does not properly initialize the structure containing the grant table pages for a domain, which allows local guest administrators to obtain sensitive information via the GNTTABOP_setup_table subhypercall.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-4021":{"debianbug":751894,"scope":"remote","description":"Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from guests, which allows local guest OS users to obtain sensitive information via unspecified vectors.","releases":{"buster":{"fixed_version":"4.4.1-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.4.1-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.4.1-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2014-9030":{"debianbug":770230,"scope":"remote","description":"The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE.","releases":{"buster":{"fixed_version":"4.4.1-4","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"4.4.1-4","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"4.4.1-4","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"4.4.1-4","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-4329":{"scope":"remote","description":"The xenlight library (libxl) in Xen 4.0.x through 4.2.x, when IOMMU is disabled, provides access to a busmastering-capable PCI passthrough device before the IOMMU setup is complete, which allows local HVM guest domains to gain privileges or cause a denial of service via a DMA instruction.","releases":{"buster":{"fixed_version":"4.3.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.3.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.3.0-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.3.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-3969":{"scope":"remote","description":"Xen 4.4.x, when running on an ARM system, does not properly check write permissions on virtual addresses, which allows local guest administrators to gain privileges via unspecified vectors.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-4103":{"debianbug":787547,"scope":"local","description":"Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a denial of service (host interrupt handling confusion) via vectors related to qemu and accessing spanning multiple fields.","releases":{"buster":{"fixed_version":"4.4.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.4.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.4.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-19961":{"scope":"local","description":"An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes.","releases":{"buster":{"fixed_version":"4.11.1-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.5+shim4.10.2+xsa282-1+deb9u11","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"open"},"sid":{"fixed_version":"4.11.1-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-2045":{"scope":"local","description":"The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors.","releases":{"buster":{"fixed_version":"4.4.1-8","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.4.1-8","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-8","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.4.1-8","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2015-4104":{"debianbug":787547,"scope":"remote","description":"Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI mask bits, which allows local x86 HVM guest users to cause a denial of service (unexpected interrupt and host crash) via unspecified vectors.","releases":{"buster":{"fixed_version":"4.4.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.4.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.4.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-2044":{"scope":"local","description":"The emulation routines for unspecified X86 devices in Xen 3.2.x through 4.5.x does not properly initialize data, which allow local HVM guest users to obtain sensitive information via vectors involving an unsupported access size.","releases":{"buster":{"fixed_version":"4.4.1-8","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.4.1-8","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-8","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.4.1-8","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2014-3967":{"debianbug":757724,"scope":"remote","description":"The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors.","releases":{"buster":{"fixed_version":"4.4.1-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.4.1-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.4.1-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-4105":{"debianbug":787547,"scope":"local","description":"Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through error messages, which allows local x86 HVM guests to cause a denial of service (host disk consumption) via certain invalid operations.","releases":{"buster":{"fixed_version":"4.4.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.4.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.4.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-3968":{"debianbug":757724,"scope":"remote","description":"The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows local guest HVM administrators to cause a denial of service (host crash) via a large number of crafted requests, which trigger an error messages to be logged.","releases":{"buster":{"fixed_version":"4.4.1-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.4.1-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.4.1-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-4106":{"debianbug":787547,"scope":"local","description":"QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors.","releases":{"buster":{"fixed_version":"4.4.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.4.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.4.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"}}}}
{"TEMP-0000000-332628":{"releases":{"buster":{"repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"not yet assigned","status":"open"},"stretch":{"repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"not yet assigned","status":"open"},"jessie":{"repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"not yet assigned","status":"open"},"sid":{"repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"not yet assigned","status":"open"}}}}
{"CVE-2012-3515":{"debianbug":686764,"scope":"local","description":"Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a \"device model's address space.\"","releases":{"buster":{"fixed_version":"4.1.3-2","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.1.3-2","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.1.3-2","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.1.3-2","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-9603":{"debianbug":857744,"scope":"remote","description":"A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.","releases":{"buster":{"fixed_version":"4.4.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.4.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.4.0-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.4.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-3516":{"scope":"local","description":"The GNTTABOP_swap_grant_ref sub-operation in the grant table hypercall in Xen 4.2 and Citrix XenServer 6.0.2 allows local guest kernels or administrators to cause a denial of service (host crash) and possibly gain privileges via a crafted grant reference that triggers a write to an arbitrary hypervisor memory location.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-1666":{"scope":"remote","description":"The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix operations, which allows local PV guests to cause a denial of service (host or guest malfunction) or possibly gain privileges via unspecified vectors.","releases":{"buster":{"fixed_version":"4.4.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.4.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.4.0-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.4.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-5242":{"scope":"local","description":"The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (NULL pointer dereference and host OS crash) by creating concurrent domains and holding references to them, related to VMID exhaustion.","releases":{"buster":{"fixed_version":"4.8.0~rc3-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.0~rc3-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u6","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.8.0~rc3-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-4416":{"scope":"remote","description":"The Ocaml xenstored implementation (oxenstored) in Xen 4.1.x, 4.2.x, and 4.3.x allows local guest domains to cause a denial of service (domain shutdown) via a large message reply.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-3639":{"scope":"local","description":"Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.","releases":{"buster":{"fixed_version":"4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"open"},"sid":{"fixed_version":"4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-17565":{"scope":"local","description":"An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P.","releases":{"buster":{"fixed_version":"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.3+comet2+shim4.10.0+comet3-1+deb9u4.1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.4lts2-0+deb8u1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-17566":{"scope":"local","description":"An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page.","releases":{"buster":{"fixed_version":"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.3+comet2+shim4.10.0+comet3-1+deb9u4.1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.4lts2-0+deb8u1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-7970":{"scope":"local","description":"The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen 3.4.x, 3.5.x, and 3.6.x is not preemptible, which allows local x86 HVM guest administrators to cause a denial of service (CPU consumption and possibly reboot) via crafted memory contents that triggers a \"time-consuming linear scan,\" related to Populate-on-Demand.","releases":{"buster":{"fixed_version":"4.6.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.6.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u3","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.6.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-7972":{"scope":"local","description":"The (1) libxl_set_memory_target function in tools/libxl/libxl.c and (2) libxl__build_post function in tools/libxl/libxl_dom.c in Xen 3.4.x through 4.6.x do not properly calculate the balloon size when using the populate-on-demand (PoD) system, which allows local HVM guest users to cause a denial of service (guest crash) via unspecified vectors related to \"heavy memory pressure.\"","releases":{"buster":{"fixed_version":"4.6.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.6.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u3","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.6.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2015-3259":{"debianbug":795721,"scope":"local","description":"Stack-based buffer overflow in the xl command line utility in Xen 4.1.x through 4.5.x allows local guest administrators to gain privileges via a long configuration argument.","releases":{"buster":{"fixed_version":"4.6.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"4.6.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u3","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.6.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-7971":{"scope":"local","description":"Xen 3.2.x through 4.6.x does not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allows local guests to cause a denial of service via a sequence of crafted (1) HYPERCALL_xenoprof_op hypercalls, which are not properly handled in the do_xenoprof_op function in common/xenoprof.c, or (2) HYPERVISOR_xenpmu_op hypercalls, which are not properly handled in the do_xenpmu_op function in arch/x86/cpu/vpmu.c.","releases":{"buster":{"fixed_version":"4.6.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.6.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u3","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.6.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-18883":{"scope":"local","description":"An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms, allowing x86 HVM and PVH guests to cause a host OS denial of service (NULL pointer dereference) or possibly have unspecified other impact because nested VT-x is not properly restricted.","releases":{"buster":{"fixed_version":"4.11.1-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"4.11.1-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-3716":{"scope":"local","description":"Xen 4.4.x does not properly check alignment, which allows local users to cause a denial of service (crash) via an unspecified field in a DTB header in a 32-bit guest kernel.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-3717":{"scope":"local","description":"Xen 4.4.x does not properly validate the load address for 64-bit ARM guest kernels, which allows local users to read system memory or cause a denial of service (crash) via a crafted kernel, which triggers a buffer overflow.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-3714":{"scope":"local","description":"The ARM image loading functionality in Xen 4.4.x does not properly validate kernel length, which allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit ARM guest kernel in an image, which triggers a buffer overflow.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-2152":{"debianbug":780975,"scope":"local","description":"Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3) 127.0.0.1, when not compiled with SDL support.","releases":{"buster":{"fixed_version":"4.4.1-9","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"4.4.1-9","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"4.4.1-9","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-3715":{"scope":"local","description":"Buffer overflow in Xen 4.4.x allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit guest kernel, related to searching for an appended DTB.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-7093":{"scope":"local","description":"Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-2151":{"debianbug":780227,"scope":"local","description":"The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors.","releases":{"buster":{"fixed_version":"4.4.1-8","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.4.1-8","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-8","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.4.1-8","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-7969":{"scope":"local","description":"Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with certain permission to cause a denial of service (memory consumption) via a large number of \"teardowns\" of domains with the vcpu pointer array allocated using the (1) XEN_DOMCTL_max_vcpus hypercall or the xenoprofile state vcpu pointer array allocated using the (2) XENOPROF_get_buffer or (3) XENOPROF_set_passive hypercall.","releases":{"buster":{"fixed_version":"4.6.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.6.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u3","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.6.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-7094":{"scope":"local","description":"Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update.","releases":{"buster":{"fixed_version":"4.8.0~rc3-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.8.0~rc3-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u7","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.8.0~rc3-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2015-5307":{"debianbug":823620,"scope":"local","description":"The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c.","releases":{"buster":{"fixed_version":"4.8.0~rc3-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.0~rc3-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u3","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.8.0~rc3-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-17563":{"scope":"local","description":"An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode.","releases":{"buster":{"fixed_version":"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.3+comet2+shim4.10.0+comet3-1+deb9u4.1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.4lts2-0+deb8u1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-7092":{"scope":"local","description":"The get_page_from_l3e function in arch/x86/mm.c in Xen allows local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables.","releases":{"buster":{"fixed_version":"4.8.0~rc3-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.0~rc3-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u7","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.8.0~rc3-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-2901":{"scope":"remote","description":"Off-by-one error in the __addr_ok macro in Xen 3.3 and earlier allows local 64 bit PV guest administrators to cause a denial of service (host crash) via unspecified hypercalls that ignore virtual-address bits.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-17564":{"scope":"local","description":"An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode.","releases":{"buster":{"fixed_version":"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.3+comet2+shim4.10.0+comet3-1+deb9u4.1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.4lts2-0+deb8u1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-1893":{"scope":"remote","description":"Multiple integer overflows in the (1) FLASK_GETBOOL and (2) FLASK_SETBOOL suboperations in the flask hypercall in Xen 4.1.x, 3.3.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1891, CVE-2014-1892, and CVE-2014-1894.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-2620":{"debianbug":855791,"scope":"remote","description":"Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.","releases":{"buster":{"fixed_version":"4.4.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.4.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.4.0-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.4.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1894":{"scope":"remote","description":"Multiple integer overflows in unspecified suboperations in the flask hypercall in Xen 3.2.x and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1891, CVE-2014-1892, and CVE-2014-1893.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-7777":{"scope":"local","description":"Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it.","releases":{"buster":{"fixed_version":"4.8.0~rc3-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.8.0~rc3-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u8","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.8.0~rc3-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2014-1891":{"scope":"remote","description":"Multiple integer overflows in the (1) FLASK_GETBOOL, (2) FLASK_SETBOOL, (3) FLASK_USER, and (4) FLASK_CONTEXT_TO_SID suboperations in the flask hypercall in Xen 4.3.x, 4.2.x, 4.1.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1892, CVE-2014-1893, and CVE-2014-1894.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-1892":{"scope":"remote","description":"Xen 3.3 through 4.1, when XSM is enabled, allows local users to cause a denial of service via vectors related to a \"large memory allocation,\" a different vulnerability than CVE-2014-1891, CVE-2014-1893, and CVE-2014-1894.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-2986":{"scope":"remote","description":"The vgic_distr_mmio_write function in the virtual guest interrupt controller (GIC) distributor (arch/arm/vgic.c) in Xen 4.4.x, when running on an ARM system, allows local guest users to cause a denial of service (NULL pointer dereference and host crash) via unspecified vectors.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-1895":{"scope":"remote","description":"Off-by-one error in the flask_security_avc_cachestats function in xsm/flask/flask_op.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a denial of service (host crash) or obtain sensitive information from hypervisor memory by leveraging a FLASK_AVC_CACHESTAT hypercall, which triggers a buffer over-read.","releases":{"buster":{"fixed_version":"4.4.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.4.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.0-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.4.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0000000-341CE5":{"releases":{"buster":{"repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"not yet assigned","status":"open"},"stretch":{"repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"not yet assigned","status":"open"},"jessie":{"repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"not yet assigned","status":"open"},"sid":{"repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"not yet assigned","status":"open"}}}}
{"CVE-2014-1896":{"scope":"remote","description":"The (1) do_send and (2) do_recv functions in io.c in libvchan in Xen 4.2.x, 4.3.x, and 4.4-RC series allows local guests to cause a denial of service or possibly gain privileges via crafted xenstore ring indexes, which triggers a \"read or write past the end of the ring.\"","releases":{"buster":{"fixed_version":"4.4.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.4.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.0-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.4.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-1952":{"scope":"local","description":"Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, does not properly check the source when accessing a bridge device's interrupt remapping table entries for MSI interrupts, which allows local guest domains to cause a denial of service (interrupt injection) via unspecified vectors.","releases":{"buster":{"fixed_version":"4.1.4-4","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.1.4-4","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.1.4-4","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.1.4-4","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"}}}}
{"TEMP-0000000-F97A6B":{"releases":{"buster":{"repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"not yet assigned","status":"open"},"stretch":{"repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"not yet assigned","status":"open"},"jessie":{"repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"not yet assigned","status":"open"},"sid":{"repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"not yet assigned","status":"open"}}}}
{"CVE-2017-7995":{"scope":"local","description":"Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL.","releases":{"buster":{"fixed_version":"4.3.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.3.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.3.0-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.3.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-10472":{"scope":"local","description":"An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot.","releases":{"buster":{"fixed_version":"4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.4.4lts3-0+deb8u1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-12893":{"scope":"local","description":"An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can crash Xen, leading to a Denial of Service. All Xen systems which have applied the XSA-260 fix are vulnerable. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only x86 PV guests can exploit the vulnerability. x86 HVM and PVH guests cannot exploit the vulnerability. An attacker needs to be able to control hardware debugging facilities to exploit the vulnerability, but such permissions are typically available to unprivileged users.","releases":{"buster":{"fixed_version":"4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.4.4lts4-0+deb8u1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-10923":{"scope":"remote","description":"Xen through 4.8.x does not validate a vCPU array index upon the sending of an SGI, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-225.","releases":{"buster":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-10471":{"scope":"local","description":"An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754.","releases":{"buster":{"fixed_version":"4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.4lts2-0+deb8u1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-10922":{"scope":"remote","description":"The grant-table feature in Xen through 4.8.x mishandles MMIO region grant references, which allows guest OS users to cause a denial of service (loss of grant trackability), aka XSA-224 bug 3.","releases":{"buster":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u10","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-19967":{"scope":"local","description":"An issue was discovered in Xen through 4.11.x on Intel x86 platforms allowing guest OS users to cause a denial of service (host OS hang) because Xen does not work around Intel's mishandling of certain HLE transactions associated with the KACQUIRE instruction prefix.","releases":{"buster":{"fixed_version":"4.11.1-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.5+shim4.10.2+xsa282-1+deb9u11","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.4lts4-0+deb8u1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.11.1-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-8897":{"scope":"local","description":"A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.","releases":{"buster":{"fixed_version":"4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.4.4lts4-0+deb8u1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-19966":{"scope":"local","description":"An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because of an interpretation conflict for a union data structure associated with shadow paging. NOTE: this issue exists because of an incorrect fix for CVE-2017-15595.","releases":{"buster":{"fixed_version":"4.11.1-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.8.5+shim4.10.2+xsa282-1+deb9u11","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"high**","status":"open"},"sid":{"fixed_version":"4.11.1-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-19965":{"scope":"local","description":"An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of an incorrect CVE-2017-5754 (aka Meltdown) mitigation.","releases":{"buster":{"fixed_version":"4.11.1-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.5+shim4.10.2+xsa282-1+deb9u11","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"open"},"sid":{"fixed_version":"4.11.1-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-3646":{"scope":"local","description":"Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.","releases":{"buster":{"fixed_version":"4.11.1~pre.20180911.5acdd26fdc+dfsg-2","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.4+xsa273+shim4.10.1+xsa273-1+deb9u10","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"open"},"sid":{"fixed_version":"4.11.1~pre.20180911.5acdd26fdc+dfsg-2","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-19964":{"scope":"local","description":"An issue was discovered in Xen 4.11.x allowing x86 guest OS users to cause a denial of service (host OS hang) because the p2m lock remains unavailable indefinitely in certain error conditions.","releases":{"buster":{"fixed_version":"4.11.1-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"4.11.1-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-10921":{"scope":"remote","description":"The grant-table feature in Xen through 4.8.x does not ensure sufficient type counts for a GNTMAP_device_map and GNTMAP_host_map mapping, which allows guest OS users to cause a denial of service (count mismanagement and memory corruption) or obtain privileged host OS access, aka XSA-224 bug 2.","releases":{"buster":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u10","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-19963":{"scope":"local","description":"An issue was discovered in Xen 4.11 allowing HVM guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because x86 IOREQ server resource accounting (for external emulators) was mishandled.","releases":{"buster":{"fixed_version":"4.11.1-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"4.11.1-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-12891":{"scope":"local","description":"An issue was discovered in Xen through 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing the conditions through its own page table contents, a malicious guest may cause such bypasses to be used for an unbounded number of iterations. A malicious or buggy PV guest may cause a Denial of Service (DoS) affecting the entire host. Specifically, it may prevent use of a physical CPU for an indeterminate period of time. All Xen versions from 3.4 onwards are vulnerable. Xen versions 3.3 and earlier are vulnerable to an even wider class of attacks, due to them lacking preemption checks altogether in the affected code paths. Only x86 systems are affected. ARM systems are not affected. Only multi-vCPU x86 PV guests can leverage the vulnerability. x86 HVM or PVH guests as well as x86 single-vCPU PV ones cannot leverage the vulnerability.","releases":{"buster":{"fixed_version":"4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.4lts4-0+deb8u1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-12892":{"scope":"remote","description":"An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution. Malicious guest administrators or (in some situations) users may be able to write to supposedly read-only disk images. Only emulated SCSI disks (specified as \"sd\" in the libxl disk configuration, or an equivalent) are affected. IDE disks (\"hd\") are not affected (because attempts to make them readonly are rejected). Additionally, CDROM devices (that is, devices specified to be presented to the guest as CDROMs, regardless of the nature of the backing storage on the host) are not affected; they are always read only. Only systems using qemu-xen (rather than qemu-xen-traditional) as the device model version are vulnerable. Only systems using libxl or libxl-based toolstacks are vulnerable. (This includes xl, and libvirt with the libxl driver.) The vulnerability is present in Xen versions 4.7 and later. (In earlier versions, provided that the patch for XSA-142 has been applied, attempts to create read only disks are rejected.) If the host and guest together usually support PVHVM, the issue is exploitable only if the malicious guest administrator has control of the guest kernel or guest kernel command line.","releases":{"buster":{"fixed_version":"4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-10920":{"scope":"remote","description":"The grant-table feature in Xen through 4.8.x mishandles a GNTMAP_device_map and GNTMAP_host_map mapping, when followed by only a GNTMAP_host_map unmapping, which allows guest OS users to cause a denial of service (count mismanagement and memory corruption) or obtain privileged host OS access, aka XSA-224 bug 1.","releases":{"buster":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u10","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-19962":{"scope":"local","description":"An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones.","releases":{"buster":{"fixed_version":"4.11.1-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.5+shim4.10.2+xsa282-1+deb9u11","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"open"},"sid":{"fixed_version":"4.11.1-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0000000-6BCADF":{"releases":{"buster":{"repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"not yet assigned","status":"open"},"stretch":{"repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"not yet assigned","status":"open"},"jessie":{"repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"not yet assigned","status":"open"},"sid":{"repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"not yet assigned","status":"open"}}}}
{"CVE-2016-9386":{"debianbug":845663,"scope":"local","description":"The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving \"unexpected\" base/limit values.","releases":{"buster":{"fixed_version":"4.8.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u8","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.8.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9385":{"debianbug":845665,"scope":"local","description":"The x86 segment base write emulation functionality in Xen 4.4.x through 4.7.x allows local x86 PV guest OS administrators to cause a denial of service (host crash) by leveraging lack of canonical address checks.","releases":{"buster":{"fixed_version":"4.8.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u8","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.8.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9384":{"debianbug":845667,"scope":"local","description":"Xen 4.7 allows local guest OS users to obtain sensitive host information by loading a 32-bit ELF symbol table.","releases":{"buster":{"fixed_version":"4.8.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.8.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"4.8.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-9383":{"debianbug":845668,"scope":"local","description":"Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service (host crash), or execute arbitrary code on the host by leveraging broken emulation of bit test instructions.","releases":{"buster":{"fixed_version":"4.8.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.8.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u8","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.8.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-9382":{"debianbug":845664,"scope":"local","description":"Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switching and allows a new task to start in VM86 mode.","releases":{"buster":{"fixed_version":"4.8.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u8","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.8.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-1918":{"scope":"local","description":"Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are not preemptible, which allows local PV kernels to cause a denial of service via vectors related to \"deep page table traversal.\"","releases":{"buster":{"fixed_version":"4.1.4-4","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.1.4-4","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.1.4-4","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.1.4-4","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-1917":{"scope":"local","description":"Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not clear the NT flag when using an IRET after a SYSENTER instruction, which allows PV guest users to cause a denial of service (hypervisor crash) by triggering a #GP fault, which is not properly handled by another IRET instruction.","releases":{"buster":{"fixed_version":"4.1.4-3","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.1.4-3","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.1.4-3","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.1.4-3","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-9381":{"scope":"local","description":"Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a \"double fetch\" vulnerability.","releases":{"buster":{"fixed_version":"4.4.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.4.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.0-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.4.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9380":{"debianbug":845670,"scope":"local","description":"The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file.","releases":{"buster":{"fixed_version":"4.8.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u8","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.8.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-1919":{"scope":"local","description":"Xen 4.2.x and 4.1.x does not properly restrict access to IRQs, which allows local stub domain clients to gain access to IRQs and cause a denial of service via vectors related to \"passed-through IRQs or PCI devices.\"","releases":{"buster":{"fixed_version":"4.1.4-3","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.1.4-3","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.1.4-3","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.1.4-3","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-6375":{"debianbug":730254,"scope":"remote","description":"Xen 4.2.x and 4.3.x, when using Intel VT-d for PCI passthrough, does not properly flush the TLB after clearing a present translation table entry, which allows local guest administrators to cause a denial of service or gain privileges via unspecified vectors related to an \"inverted boolean parameter.\"","releases":{"buster":{"fixed_version":"4.4.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.4.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.4.0-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.4.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-10025":{"scope":"local","description":"VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (aka SVM) allows local HVM guest OS users to cause a denial of service (hypervisor crash) by leveraging a missing NULL pointer check.","releases":{"buster":{"fixed_version":"4.8.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.8.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"4.8.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-3960":{"debianbug":823620,"scope":"local","description":"Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping.","releases":{"buster":{"fixed_version":"4.8.0~rc3-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.8.0~rc3-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u5","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.8.0~rc3-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-0151":{"scope":"remote","description":"The do_hvm_op function in xen/arch/x86/hvm/hvm.c in Xen 4.2.x on the x86_32 platform does not prevent HVM_PARAM_NESTEDHVM (aka nested virtualization) operations, which allows guest OS users to cause a denial of service (long-duration page mappings and host OS crash) by leveraging administrative access to an HVM guest in a domain with a large number of VCPUs.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-10024":{"scope":"local","description":"Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations.","releases":{"buster":{"fixed_version":"4.8.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u9","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.8.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-14316":{"scope":"local","description":"A parameter verification issue was discovered in Xen through 4.9.x. The function `alloc_heap_pages` allows callers to specify the first NUMA node that should be used for allocations through the `memflags` parameter; the node is extracted using the `MEMF_get_node` macro. While the function checks to see if the special constant `NUMA_NO_NODE` is specified, it otherwise does not handle the case where `node >= MAX_NUMNODES`. This allows an out-of-bounds access to an internal array.","releases":{"buster":{"fixed_version":"4.8.2+xsa245-0+deb9u1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.8.2+xsa245-0+deb9u1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.4.4lts2-0+deb8u1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.8.2+xsa245-0+deb9u1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-12137":{"scope":"local","description":"arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref.","releases":{"buster":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u10","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-12135":{"scope":"local","description":"Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants.","releases":{"buster":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u10","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-12136":{"scope":"local","description":"Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling.","releases":{"buster":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-0152":{"scope":"local","description":"Memory leak in Xen 4.2 and unstable allows local HVM guests to cause a denial of service (host memory consumption) by performing nested virtualization in a way that triggers errors that are not properly handled.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-0029":{"scope":"remote","description":"Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets.","releases":{"buster":{"fixed_version":"4.1.3~rc1+hg-20120614.a9c0a89c08f2-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"4.1.3~rc1+hg-20120614.a9c0a89c08f2-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"4.1.3~rc1+hg-20120614.a9c0a89c08f2-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"4.1.3~rc1+hg-20120614.a9c0a89c08f2-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2013-0153":{"scope":"local","description":"The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, when using AMD-Vi for PCI passthrough, uses the same interrupt remapping table for the host and all guests, which allows guests to cause a denial of service by injecting an interrupt into other guests.","releases":{"buster":{"fixed_version":"4.1.4-2","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.1.4-2","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.1.4-2","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.1.4-2","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-2212":{"scope":"remote","description":"The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling caches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service (CPU consumption and possibly hypervisor or guest kernel panic) via a crafted GFN range.","releases":{"buster":{"fixed_version":"4.3.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"4.3.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"4.3.0-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"4.3.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-0154":{"scope":"local","description":"The get_page_type function in xen/arch/x86/mm.c in Xen 4.2, when debugging is enabled, allows local PV or HVM guest administrators to cause a denial of service (assertion failure and hypervisor crash) via unspecified vectors related to a hypercall.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-14431":{"debianbug":856229,"scope":"local","description":"Memory leak in Xen 3.3 through 4.8.x allows guest OS users to cause a denial of service (ARM or x86 AMD host OS memory consumption) by continually rebooting, because certain cleanup is skipped if no pass-through device was ever assigned, aka XSA-207.","releases":{"buster":{"fixed_version":"4.8.1-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.1-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.4lts1-0+deb8u1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.8.1-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-2211":{"scope":"remote","description":"The libxenlight (libxl) toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak permissions for xenstore keys for paravirtualised and emulated serial console devices, which allows local guest administrators to modify the xenstore value via unspecified vectors.","releases":{"buster":{"fixed_version":"4.3.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.3.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.3.0-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.3.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-1920":{"scope":"local","description":"Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is running \"under memory pressure\" and the Xen Security Module (XSM) is enabled, uses the wrong ordering of operations when extending the per-domain event channel tracking table, which causes a use-after-free and allows local guest kernels to inject arbitrary events and gain privileges via unspecified vectors.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-14319":{"scope":"local","description":"A grant unmapping issue was discovered in Xen through 4.9.x. When removing or replacing a grant mapping, the x86 PV specific path needs to make sure page table entries remain in sync with other accounting done. Although the identity of the page frame was validated correctly, neither the presence of the mapping nor page writability were taken into account.","releases":{"buster":{"fixed_version":"4.8.2+xsa245-0+deb9u1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.8.2+xsa245-0+deb9u1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.4.4lts2-0+deb8u1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.8.2+xsa245-0+deb9u1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-14318":{"scope":"local","description":"An issue was discovered in Xen 4.5.x through 4.9.x. The function `__gnttab_cache_flush` handles GNTTABOP_cache_flush grant table operations. It checks to see if the calling domain is the owner of the page that is to be operated on. If it is not, the owner's grant table is checked to see if a grant mapping to the calling domain exists for the page in question. However, the function does not check to see if the owning domain actually has a grant table or not. Some special domains, such as `DOMID_XEN`, `DOMID_IO` and `DOMID_COW` are created without grant tables. Hence, if __gnttab_cache_flush operates on a page owned by these special domains, it will attempt to dereference a NULL pointer in the domain struct.","releases":{"buster":{"fixed_version":"4.8.2+xsa245-0+deb9u1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.2+xsa245-0+deb9u1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"4.8.2+xsa245-0+deb9u1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-1922":{"debianbug":705544,"scope":"local","description":"qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw disk image based on the header, which allows local guest OS administrators to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted, a different vulnerability than CVE-2008-2004.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-14317":{"scope":"local","description":"A domain cleanup issue was discovered in the C xenstore daemon (aka cxenstored) in Xen through 4.9.x. When shutting down a VM with a stubdomain, a race in cxenstored may cause a double-free. The xenstored daemon may crash, resulting in a DoS of any parts of the system relying on it (including domain creation / destruction, ballooning, device changes, etc.).","releases":{"buster":{"fixed_version":"4.8.2+xsa245-0+deb9u1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.2+xsa245-0+deb9u1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.4lts2-0+deb8u1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.8.2+xsa245-0+deb9u1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-4480":{"scope":"local","description":"The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory.","releases":{"buster":{"fixed_version":"4.8.0~rc3-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.8.0~rc3-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u6","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.8.0~rc3-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-2938":{"scope":"local","description":"arch/x86/hvm/vmx/vmcs.c in the virtual-machine control structure (VMCS) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when an Intel platform without Extended Page Tables (EPT) functionality is used, accesses VMCS fields without verifying hardware support for these fields, which allows local users to cause a denial of service (host OS crash) by requesting a VMCS dump for a fully virtualized Xen guest.","releases":{"buster":{"fixed_version":"4.0.1-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.0.1-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.0.1-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.0.1-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-8904":{"debianbug":861660,"scope":"local","description":"Xen through 4.8.x mishandles the \"contains segment descriptors\" property during GNTTABOP_transfer (aka guest transfer) operations, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-214.","releases":{"buster":{"fixed_version":"4.8.1-1+deb9u1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.1-1+deb9u1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u9","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.8.1-1+deb9u1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9932":{"debianbug":848081,"scope":"local","description":"CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain sensitive information from host stack memory via a \"supposedly-ignored\" operand size prefix.","releases":{"buster":{"fixed_version":"4.8.0~rc3-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.8.0~rc3-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u9","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.8.0~rc3-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-8903":{"debianbug":861659,"scope":"local","description":"Xen through 4.8.x on 64-bit platforms mishandles page tables after an IRET hypercall, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-213.","releases":{"buster":{"fixed_version":"4.8.1-1+deb9u1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.8.1-1+deb9u1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u9","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.8.1-1+deb9u1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-3131":{"scope":"local","description":"Xen 4.1.1 and earlier allows local guest OS kernels with control of a PCI[E] device to cause a denial of service (CPU consumption and host hang) via many crafted DMA requests that are denied by the IOMMU, which triggers a livelock.","releases":{"buster":{"fixed_version":"4.1.2-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.1.2-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.1.2-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.1.2-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9379":{"debianbug":845670,"scope":"local","description":"The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file.","releases":{"buster":{"fixed_version":"4.8.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u8","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.8.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9378":{"debianbug":845669,"scope":"local","description":"Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging an incorrect choice for software interrupt delivery.","releases":{"buster":{"fixed_version":"4.8.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.8.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"4.8.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-9377":{"debianbug":845669,"scope":"local","description":"Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging IDT entry miscalculation.","releases":{"buster":{"fixed_version":"4.8.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.8.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"4.8.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-8905":{"debianbug":861662,"scope":"local","description":"Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215.","releases":{"buster":{"fixed_version":"4.8.0~rc3-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.0~rc3-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u9","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.8.0~rc3-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-3712":{"debianbug":823830,"scope":"local","description":"Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.","releases":{"buster":{"fixed_version":"4.4.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.4.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.4.0-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.4.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-9818":{"scope":"local","description":"Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at HYP.","releases":{"buster":{"fixed_version":"4.8.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"4.8.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0000000-CE3B44":{"releases":{"buster":{"fixed_version":"4.8.0~rc3-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"4.8.0~rc3-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u4","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"4.8.0~rc3-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2016-9817":{"scope":"local","description":"Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving a (1) data or (2) prefetch abort with the ESR_EL2.EA bit set.","releases":{"buster":{"fixed_version":"4.8.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"4.8.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9816":{"scope":"local","description":"Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at EL2.","releases":{"buster":{"fixed_version":"4.8.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"4.8.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-3158":{"debianbug":823620,"scope":"local","description":"The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.","releases":{"buster":{"fixed_version":"4.8.0~rc3-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.8.0~rc3-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u5","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.8.0~rc3-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-9815":{"scope":"local","description":"Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host panic) by sending an asynchronous abort.","releases":{"buster":{"fixed_version":"4.8.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"4.8.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-3159":{"debianbug":823620,"scope":"local","description":"The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.","releases":{"buster":{"fixed_version":"4.8.0~rc3-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.8.0~rc3-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u5","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.8.0~rc3-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-3710":{"debianbug":823830,"scope":"local","description":"The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the \"Dark Portal\" issue.","releases":{"buster":{"fixed_version":"4.4.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.4.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.4.0-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.4.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-6654":{"debianbug":800128,"scope":"local","description":"The xenmem_add_to_physmap_one function in arch/arm/mm.c in Xen 4.5.x, 4.4.x, and earlier does not limit the number of printk console messages when reporting a failure to retrieve a reference on a foreign page, which allows remote domains to cause a denial of service by leveraging permissions to map the memory of a foreign guest.","releases":{"buster":{"fixed_version":"4.8.0~rc3-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.8.0~rc3-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u3","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.8.0~rc3-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2012-3432":{"debianbug":683279,"scope":"local","description":"The handle_mmio function in arch/x86/hvm/io.c in the MMIO operations emulator for Xen 3.3 and 4.x, when running an HVM guest, does not properly reset certain state information between emulation cycles, which allows local guest OS users to cause a denial of service (guest OS crash) via unspecified operations on MMIO regions.","releases":{"buster":{"fixed_version":"4.1.3-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.1.3-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.1.3-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.1.3-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2012-3433":{"debianbug":683279,"scope":"local","description":"Xen 4.0 and 4.1 allows local HVM guest OS kernels to cause a denial of service (domain 0 VCPU hang and kernel panic) by modifying the physical address space in a way that triggers excessive shared page search time during the p2m teardown.","releases":{"buster":{"fixed_version":"4.1.3-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.1.3-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.1.3-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.1.3-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-5149":{"debianbug":770230,"scope":"local","description":"Certain MMU virtualization operations in Xen 4.2.x through 4.4.x, when using shadow pagetables, are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5146.","releases":{"buster":{"fixed_version":"4.4.1-4","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"4.4.1-4","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"4.4.1-4","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"4.4.1-4","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-5148":{"scope":"local","description":"Xen 4.4.x, when running on an ARM system and \"handling an unknown system register access from 64-bit userspace,\" returns to an instruction of the trap handler for kernel space faults instead of an instruction that is associated with faults in 64-bit userspace, which allows local guest users to cause a denial of service (crash) and possibly gain privileges via a crafted process.","releases":{"buster":{"fixed_version":"4.4.1-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.4.1-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.4.1-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-5147":{"scope":"remote","description":"Xen 4.4.x, when running a 64-bit kernel on an ARM system, does not properly handle traps from the guest domain that use a different address width, which allows local guest users to cause a denial of service (host crash) via a crafted 32-bit process.","releases":{"buster":{"fixed_version":"4.4.1-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.4.1-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.4.1-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0000000-4E12B0":{"releases":{"buster":{"repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"not yet assigned","status":"open"},"stretch":{"repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"not yet assigned","status":"open"},"jessie":{"repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"not yet assigned","status":"open"},"sid":{"repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"not yet assigned","status":"open"}}}}
{"CVE-2011-1166":{"scope":"remote","description":"Xen, possibly before 4.0.2, allows local 64-bit PV guests to cause a denial of service (host crash) by specifying user mode execution without user-mode pagetables.","releases":{"buster":{"fixed_version":"4.1.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.1.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.1.0-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.1.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-5146":{"debianbug":770230,"scope":"local","description":"Certain MMU virtualization operations in Xen 4.2.x through 4.4.x before the xsa97-hap patch, when using Hardware Assisted Paging (HAP), are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5149.","releases":{"buster":{"fixed_version":"4.4.1-4","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"4.4.1-4","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"4.4.1-4","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"4.4.1-4","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-9066":{"scope":"local","description":"Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability than CVE-2014-9065.","releases":{"buster":{"repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2014-9065":{"scope":"local","description":"common/spinlock.c in Xen 4.4.x and earlier does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability to CVE-2014-9066.","releases":{"buster":{"fixed_version":"4.4.1-6","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.4.1-6","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-6","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.4.1-6","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8615":{"debianbug":823620,"scope":"local","description":"The hvm_set_callback_via function in arch/x86/hvm/irq.c in Xen 4.6 does not limit the number of printk console messages when logging the new callback method, which allows local HVM guest OS users to cause a denial of service via a large number of changes to the callback method (HVM_PARAM_CALLBACK_IRQ).","releases":{"buster":{"fixed_version":"4.8.0~rc3-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.8.0~rc3-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"4.8.0~rc3-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2012-6036":{"debianbug":686764,"scope":"local","description":"The (1) memc_save_get_next_page, (2) tmemc_restore_put_page and (3) tmemc_restore_flush_page functions in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 do not check for negative id pools, which allows local guest OS users to cause a denial of service (memory corruption and host crash) or possibly execute arbitrary code via unspecified vectors.  NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.","releases":{"buster":{"fixed_version":"4.1.4-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"4.1.4-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"4.1.4-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"4.1.4-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-4411":{"scope":"local","description":"The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest administrators to obtain sensitive host resource information via the qemu monitor.  NOTE: this might be a duplicate of CVE-2007-0998.","releases":{"buster":{"fixed_version":"4.1.3-2","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.1.3-2","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.1.3-2","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.1.3-2","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-4536":{"scope":"local","description":"The (1) domain_pirq_to_emuirq and (2) physdev_unmap_pirq functions in Xen 2.2 allows local guest OS administrators to cause a denial of service (Xen crash) via a crafted pirq value that triggers an out-of-bounds read.","releases":{"buster":{"fixed_version":"4.1.3-4","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.1.3-4","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.1.3-4","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.1.3-4","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2012-4535":{"scope":"local","description":"Xen 3.4 through 4.2, and possibly earlier versions, allows local guest OS administrators to cause a denial of service (Xen infinite loop and physical CPU consumption) by setting a VCPU with an \"inappropriate deadline.\"","releases":{"buster":{"fixed_version":"4.1.3-4","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.1.3-4","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.1.3-4","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.1.3-4","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2012-4538":{"scope":"local","description":"The HVMOP_pagetable_dying hypercall in Xen 4.0, 4.1, and 4.2 does not properly check the pagetable state when running on shadow pagetables, which allows a local HVM guest OS to cause a denial of service (hypervisor crash) via unspecified vectors.","releases":{"buster":{"fixed_version":"4.1.3-4","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.1.3-4","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.1.3-4","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.1.3-4","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-4537":{"scope":"local","description":"Xen 3.4 through 4.2, and possibly earlier versions, does not properly synchronize the p2m and m2p tables when the set_p2m_entry function fails, which allows local HVM guest OS administrators to cause a denial of service (memory consumption and assertion failure), aka \"Memory mapping failure DoS vulnerability.\"","releases":{"buster":{"fixed_version":"4.1.3-4","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.1.3-4","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.1.3-4","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.1.3-4","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2012-4539":{"scope":"local","description":"Xen 4.0 through 4.2, when running 32-bit x86 PV guests on 64-bit hypervisors, allows local guest OS administrators to cause a denial of service (infinite loop and hang or crash) via invalid arguments to GNTTABOP_get_status_frames, aka \"Grant table hypercall infinite loop DoS vulnerability.\"","releases":{"buster":{"fixed_version":"4.1.3-4","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.1.3-4","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.1.3-4","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.1.3-4","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2012-6030":{"debianbug":686764,"scope":"local","description":"The do_tmem_op function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (host crash) and possibly have other unspecified impacts via unspecified vectors related to \"broken locking checks\" in an \"error path.\" NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.","releases":{"buster":{"fixed_version":"4.1.4-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"4.1.4-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"4.1.4-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"4.1.4-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-2756":{"debianbug":781620,"scope":"local","description":"QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.","releases":{"buster":{"fixed_version":"4.2.0~rc2-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.2.0~rc2-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.2.0~rc2-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.2.0~rc2-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-6031":{"debianbug":686764,"scope":"local","description":"The do_tmem_get function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (CPU hang and host crash) via unspecified vectors related to a spinlock being held in the \"bad_copy error path.\" NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.","releases":{"buster":{"fixed_version":"4.1.4-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"4.1.4-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"4.1.4-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"4.1.4-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-6034":{"debianbug":686764,"scope":"local","description":"The (1) tmemc_save_get_next_page and (2) tmemc_save_get_next_inv functions and the (3) TMEMC_SAVE_GET_POOL_UUID sub-operation in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 \"do not check incoming guest output buffer pointers,\" which allows local guest OS users to cause a denial of service (memory corruption and host crash) or execute arbitrary code via unspecified vectors.  NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.","releases":{"buster":{"fixed_version":"4.1.4-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"4.1.4-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"4.1.4-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"4.1.4-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-6035":{"debianbug":686764,"scope":"local","description":"The do_tmem_destroy_pool function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly validate pool ids, which allows local guest OS users to cause a denial of service (memory corruption and host crash) or execute arbitrary code via unspecified vectors.  NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.","releases":{"buster":{"fixed_version":"4.1.4-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"4.1.4-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"4.1.4-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"4.1.4-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-2752":{"debianbug":781620,"scope":"local","description":"The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptible, which allows local x86 HVM domain users to cause a denial of service (host CPU consumption) via a crafted request to the device model (qemu-dm).","releases":{"buster":{"fixed_version":"4.4.1-9","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.4.1-9","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.4.1-9","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-6032":{"debianbug":686764,"scope":"local","description":"Multiple integer overflows in the (1) tmh_copy_from_client and (2) tmh_copy_to_client functions in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (memory corruption and host crash) via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.","releases":{"buster":{"fixed_version":"4.1.4-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"4.1.4-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"4.1.4-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"4.1.4-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-2751":{"debianbug":781620,"scope":"remote","description":"Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial of service (host lock) via unspecified domctl operations.","releases":{"buster":{"fixed_version":"4.4.1-9","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.4.1-9","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.4.1-9","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"}}}}
{"TEMP-0000000-4F975A":{"releases":{"buster":{"repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"not yet assigned","status":"open"},"stretch":{"repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"not yet assigned","status":"open"},"jessie":{"repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"not yet assigned","status":"open"},"sid":{"repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"not yet assigned","status":"open"}}}}
{"CVE-2012-6033":{"debianbug":686764,"scope":"local","description":"The do_tmem_control function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly check privileges, which allows local guest OS users to access control stack operations via unspecified vectors.  NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.","releases":{"buster":{"fixed_version":"4.1.4-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"4.1.4-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"4.1.4-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"4.1.4-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-5510":{"scope":"local","description":"Xen 4.x, when downgrading the grant table version, does not properly remove the status page from the tracking list when freeing the page, which allows local guest OS administrators to cause a denial of service (hypervisor crash) via unspecified vectors.","releases":{"buster":{"fixed_version":"4.1.3-5","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.1.3-5","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.1.3-5","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.1.3-5","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-0361":{"debianbug":776319,"scope":"remote","description":"Use-after-free vulnerability in Xen 4.2.x, 4.3.x, and 4.4.x allows remote domains to cause a denial of service (system crash) via a crafted hypercall during HVM guest teardown.","releases":{"buster":{"fixed_version":"4.4.1-7","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.4.1-7","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-7","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.4.1-7","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-5511":{"scope":"local","description":"Stack-based buffer overflow in the dirty video RAM tracking functionality in Xen 3.4 through 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) via a large bitmap image.","releases":{"buster":{"fixed_version":"4.1.3-5","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.1.3-5","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.1.3-5","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.1.3-5","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-5514":{"scope":"local","description":"The guest_physmap_mark_populate_on_demand function in Xen 4.2 and earlier does not properly unlock the subject GFNs when checking if they are in use, which allows local guest HVM administrators to cause a denial of service (hang) via unspecified vectors.","releases":{"buster":{"fixed_version":"4.1.3-6","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.1.3-6","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.1.3-6","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.1.3-6","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-2519":{"scope":"remote","description":"Xen in the Linux kernel, when running a guest on a host without hardware assisted paging (HAP), allows guest users to cause a denial of service (invalid pointer dereference and hypervisor crash) via the SAHF instruction.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-5515":{"scope":"local","description":"The (1) XENMEM_decrease_reservation, (2) XENMEM_populate_physmap, and (3) XENMEM_exchange hypercalls in Xen 4.2 and earlier allow local guest administrators to cause a denial of service (long loop and hang) via a crafted extent_order value.","releases":{"buster":{"fixed_version":"4.1.3-5","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.1.3-5","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.1.3-5","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.1.3-5","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-4544":{"debianbug":688125,"scope":"local","description":"The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk.","releases":{"buster":{"fixed_version":"4.1.3-4","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"4.1.3-4","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"4.1.3-4","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"4.1.3-4","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-5512":{"scope":"local","description":"Array index error in the HVMOP_set_mem_access handler in Xen 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) or obtain sensitive information via unspecified vectors.","releases":{"buster":{"fixed_version":"4.1.3-5","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.1.3-5","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.1.3-5","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.1.3-5","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2012-5513":{"scope":"local","description":"The XENMEM_exchange handler in Xen 4.2 and earlier does not properly check the memory address, which allows local PV guest OS administrators to cause a denial of service (crash) or possibly gain privileges via unspecified vectors that overwrite memory in the hypervisor reserved range.","releases":{"buster":{"fixed_version":"4.1.3-5","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.1.3-5","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.1.3-5","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.1.3-5","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-5634":{"scope":"remote","description":"Xen 4.2.x, 4.1.x, and 4.0, when using Intel VT-d for PCI passthrough, does not properly configure VT-d when supporting a device that is behind a legacy PCI Bridge, which allows local guests to cause a denial of service to other guests by injecting an interrupt.","releases":{"buster":{"fixed_version":"4.1.3-8","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"4.1.3-8","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"4.1.3-8","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"4.1.3-8","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-2270":{"scope":"local","description":"Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings.","releases":{"buster":{"fixed_version":"4.8.0~rc3-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.0~rc3-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u4","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.8.0~rc3-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2271":{"debianbug":823620,"scope":"local","description":"VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP.","releases":{"buster":{"fixed_version":"4.8.0~rc3-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.8.0~rc3-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u4","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.8.0~rc3-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2014-8594":{"debianbug":770230,"scope":"remote","description":"The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL pointer dereference) by leveraging hardware emulation services for HVM guests using Hardware Assisted Paging (HAP).","releases":{"buster":{"fixed_version":"4.4.1-4","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"4.4.1-4","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"4.4.1-4","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"4.4.1-4","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-1442":{"scope":"local","description":"Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not properly clear previous data from registers when using an XSAVE or XRSTOR to extend the state components of a saved or restored vCPU after touching other restored extended registers, which allows local guest OSes to obtain sensitive information by reading the registers.","releases":{"buster":{"fixed_version":"4.4.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.4.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.4.0-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.4.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2014-8595":{"debianbug":770230,"scope":"local","description":"arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service (crash) via a crafted (1) CALL, (2) JMP, (3) RETF, (4) LCALL, (5) LJMP, or (6) LRET far branch instruction.","releases":{"buster":{"fixed_version":"4.4.1-4","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.4.1-4","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-4","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.4.1-4","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2015-4163":{"debianbug":795721,"scope":"local","description":"GNTTABOP_swap_grant_ref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service (NULL pointer dereference) via a hypercall without a GNTTABOP_setup_table or GNTTABOP_set_version.","releases":{"buster":{"fixed_version":"4.6.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.6.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.6.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-4164":{"debianbug":795721,"scope":"local","description":"The compat_iret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service (large loop and system hang) via a hypercall_iret call with EFLAGS.VM set.","releases":{"buster":{"fixed_version":"4.6.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.6.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.6.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-7311":{"debianbug":823620,"scope":"local","description":"libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image.","releases":{"buster":{"fixed_version":"4.8.0~rc3-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.8.0~rc3-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u3","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.8.0~rc3-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-12855":{"scope":"local","description":"Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform the guest that a grant is in use. A guest is expected not to modify the grant details while it is in use, whereas the guest is free to modify/reuse the grant entry when it is not in use. Under some circumstances, Xen will clear the status bits too early, incorrectly informing the guest that the grant is no longer in use. A guest may prematurely believe that a granted frame is safely private again, and reuse it in a way which contains sensitive information, while the domain on the far end of the grant is still using the grant. Xen 4.9, 4.8, 4.7, 4.6, and 4.5 are affected.","releases":{"buster":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u10","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2012-5525":{"scope":"local","description":"The get_page_from_gfn hypercall function in Xen 4.2 allows local PV guest OS administrators to cause a denial of service (crash) via a crafted GFN that triggers a buffer over-read.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-2934":{"scope":"local","description":"Xen 4.0, and 4.1, when running a 64-bit PV guest on \"older\" AMD CPUs, does not properly protect against a certain AMD processor bug, which allows local guest OS users to cause a denial of service (host hang) via sequential execution of instructions across a non-canonical boundary, a different vulnerability than CVE-2012-0217.","releases":{"buster":{"fixed_version":"4.1.3~rc1+hg-20120614.a9c0a89c08f2-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.1.3~rc1+hg-20120614.a9c0a89c08f2-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.1.3~rc1+hg-20120614.a9c0a89c08f2-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.1.3~rc1+hg-20120614.a9c0a89c08f2-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"}}}}
{"TEMP-0000000-09CDD1":{"releases":{"buster":{"repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"not yet assigned","status":"open"},"stretch":{"repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"not yet assigned","status":"open"},"jessie":{"repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"not yet assigned","status":"open"},"sid":{"repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"not yet assigned","status":"open"}}}}
{"CVE-2016-7154":{"scope":"local","description":"Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service (host crash) and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number.","releases":{"buster":{"fixed_version":"4.6.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.6.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u7","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.6.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-1950":{"scope":"local","description":"Use-after-free vulnerability in the xc_cpupool_getinfo function in Xen 4.1.x through 4.3.x, when using a multithreaded toolstack, does not properly handle a failure by the xc_cpumap_alloc function, which allows local users with access to management functions to cause a denial of service (heap corruption) and possibly gain privileges via unspecified vectors.","releases":{"buster":{"fixed_version":"4.4.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.4.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.0-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.4.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-1563":{"debianbug":776319,"scope":"local","description":"The ARM GIC distributor virtualization in Xen 4.4.x and 4.5.x allows local guests to cause a denial of service by causing a large number messages to be logged.","releases":{"buster":{"fixed_version":"4.4.1-7","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"4.4.1-7","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"4.4.1-7","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"4.4.1-7","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-2915":{"scope":"remote","description":"Xen 4.4.x, when running on ARM systems, does not properly restrict access to hardware features, which allows local guest users to cause a denial of service (host or guest crash) via unspecified vectors, related to (1) cache control, (2) coprocessors, (3) debug registers, and (4) other unspecified registers.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-2195":{"scope":"local","description":"The Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to \"pointer dereferences\" involving unexpected calculations.","releases":{"buster":{"fixed_version":"4.3.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.3.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.3.0-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.3.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-2194":{"scope":"local","description":"Multiple integer overflows in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel.","releases":{"buster":{"fixed_version":"4.3.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.3.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.3.0-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.3.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-4375":{"scope":"remote","description":"The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other versions, allows local HVM guests to cause a denial of service (domain grant reference consumption) via unspecified vectors.","releases":{"buster":{"fixed_version":"4.2","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.2","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.2","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.2","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2013-2076":{"scope":"remote","description":"Xen 4.0.x, 4.1.x, and 4.2.x, when running on AMD64 processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one domain to determine portions of the state of floating point instructions of other domains, which can be leveraged to obtain sensitive information such as cryptographic keys, a similar vulnerability to CVE-2006-1056.  NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processors in a security-relevant fashion that was not addressed by the kernels.","releases":{"buster":{"fixed_version":"4.2.2-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.2.2-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.2.2-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.2.2-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-2196":{"scope":"local","description":"Multiple unspecified vulnerabilities in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to \"other problems\" that are not CVE-2013-2194 or CVE-2013-2195.","releases":{"buster":{"fixed_version":"4.3.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.3.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.3.0-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.3.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-4494":{"scope":"remote","description":"Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local guest administrators with access to multiple vcpus to cause a denial of service (host deadlock) via unspecified vectors.","releases":{"buster":{"fixed_version":"4.4.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.4.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.0-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.4.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-4370":{"scope":"local","description":"The ocaml binding for the xc_vcpu_getaffinity function in Xen 4.2.x and 4.3.x frees certain memory that may still be intended for use, which allows local users to cause a denial of service (heap corruption and crash) and possibly execute arbitrary code via unspecified vectors that trigger a (1) use-after-free or (2) double free.","releases":{"buster":{"fixed_version":"4.4.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.4.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.0-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.4.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-4371":{"scope":"local","description":"Use-after-free vulnerability in the libxl_list_cpupool function in the libxl toolstack library in Xen 4.2.x and 4.3.x, when running \"under memory pressure,\" returns the original pointer when the realloc function fails, which allows local users to cause a denial of service (heap corruption and crash) and possibly execute arbitrary code via unspecified vectors.","releases":{"buster":{"fixed_version":"4.4.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.4.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.0-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.4.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-4111":{"scope":"remote","description":"Buffer overflow in the ccid_card_vscard_handle_message function in hw/ccid-card-passthru.c in QEMU before 0.15.2 and 1.x before 1.0-rc4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VSC_ATR message.","releases":{"buster":{"fixed_version":"4.4.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.4.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.0-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.4.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-2599":{"debianbug":757724,"scope":"local","description":"The HVMOP_set_mem_access HVM control operations in Xen 4.1.x for 32-bit and 4.1.x through 4.4.x for 64-bit allow local guest administrators to cause a denial of service (CPU consumption) by leveraging access to certain service domains for HVM guests and a large input.","releases":{"buster":{"fixed_version":"4.4.1-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.4.1-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.4.1-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-2072":{"scope":"remote","description":"Buffer overflow in the Python bindings for the xc_vcpu_setaffinity call in Xen 4.0.x, 4.1.x, and 4.2.x allows local administrators with permissions to configure VCPU affinity to cause a denial of service (memory corruption and xend toolstack crash) and possibly gain privileges via a crafted cpumap.","releases":{"buster":{"fixed_version":"4.2.2-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"4.2.2-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"4.2.2-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"4.2.2-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-3262":{"scope":"local","description":"tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allows local users to cause a denial of service (management software infinite loop and management domain resource consumption) via unspecified vectors related to \"Lack of error checking in the decompression loop.\"","releases":{"buster":{"fixed_version":"4.1.1-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.1.1-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.1.1-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.1.1-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-12127":{"debianbug":929067,"releases":{"buster":{"repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"not yet assigned","status":"open"},"stretch":{"repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"not yet assigned","status":"open"},"jessie":{"repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"not yet assigned","status":"open"},"sid":{"repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"not yet assigned","status":"open"}}}}
{"CVE-2013-2078":{"scope":"local","description":"Xen 4.0.2 through 4.0.4, 4.1.x, and 4.2.x allows local PV guest users to cause a denial of service (hypervisor crash) via certain bit combinations to the XSETBV instruction.","releases":{"buster":{"fixed_version":"4.2.2-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.2.2-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.2.2-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.2.2-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7228":{"debianbug":859560,"scope":"local","description":"An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays.","releases":{"buster":{"fixed_version":"4.8.1-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.8.1-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u9","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.8.1-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-2077":{"scope":"remote","description":"Xen 4.0.x, 4.1.x, and 4.2.x does not properly restrict the contents of a XRSTOR, which allows local PV guest users to cause a denial of service (unhandled exception and hypervisor crash) via unspecified vectors.","releases":{"buster":{"fixed_version":"4.2.2-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.2.2-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.2.2-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.2.2-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-0268":{"scope":"local","description":"The vgic_v2_to_sgi function in arch/arm/vgic-v2.c in Xen 4.5.x, when running on ARM hardware with general interrupt controller (GIC) version 2, allows local guest users to cause a denial of service (host crash) by writing an invalid value to the GICD.SGIR register.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-5154":{"debianbug":793811,"scope":"local","description":"Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.","releases":{"buster":{"fixed_version":"4.4.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.4.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.4.0-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.4.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-12126":{"debianbug":929067,"releases":{"buster":{"repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"not yet assigned","status":"open"},"stretch":{"repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"not yet assigned","status":"open"},"jessie":{"repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"not yet assigned","status":"open"},"sid":{"repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"not yet assigned","status":"open"}}}}
{"CVE-2013-0215":{"scope":"remote","description":"oxenstored in Xen 4.1.x, Xen 4.2.x, and xen-unstable does not properly consider the state of the Xenstore ring during read operations, which allows guest OS users to cause a denial of service (daemon crash and host-control outage, or memory consumption) or obtain sensitive control-plane data by leveraging guest administrative access.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-10982":{"scope":"local","description":"An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in IO-APIC mode, aka vHPET interrupt injection.","releases":{"buster":{"fixed_version":"4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.4.4lts2-0+deb8u1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-10981":{"scope":"local","description":"An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (host OS infinite loop) in situations where a QEMU device model attempts to make invalid transitions between states of a request.","releases":{"buster":{"fixed_version":"4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.4lts3-0+deb8u1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-1898":{"scope":"remote","description":"Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by \"using DMA to generate MSI interrupts by writing to the interrupt injection registers.\"","releases":{"buster":{"fixed_version":"4.1.1-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.1.1-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.1.1-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.1.1-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"}}}}
{"TEMP-0860565-9E8C4B":{"debianbug":860565,"releases":{"buster":{"fixed_version":"4.8.1-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"4.8.1-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"4.4.4lts1-0+deb8u1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"4.8.1-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2017-17044":{"scope":"local","description":"An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to cause a denial of service (infinite loop and host OS hang) by leveraging the mishandling of Populate on Demand (PoD) errors.","releases":{"buster":{"fixed_version":"4.8.2+xsa245-0+deb9u1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.2+xsa245-0+deb9u1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.4lts3-0+deb8u1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.8.2+xsa245-0+deb9u1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-17045":{"scope":"local","description":"An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to gain privileges on the host OS, obtain sensitive information, or cause a denial of service (BUG and host OS crash) by leveraging the mishandling of Populate on Demand (PoD) Physical-to-Machine (P2M) errors.","releases":{"buster":{"fixed_version":"4.8.2+xsa245-0+deb9u1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.8.2+xsa245-0+deb9u1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.4.4lts3-0+deb8u1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.8.2+xsa245-0+deb9u1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-17046":{"scope":"local","description":"An issue was discovered in Xen through 4.9.x on the ARM platform allowing guest OS users to obtain sensitive information from DRAM after a reboot, because disjoint blocks, and physical addresses that do not start at zero, are mishandled.","releases":{"buster":{"fixed_version":"4.8.2+xsa245-0+deb9u1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.8.2+xsa245-0+deb9u1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.4.4lts2-0+deb8u1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.8.2+xsa245-0+deb9u1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2014-4883":{"scope":"remote","description":"resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle attackers to conduct cache-poisoning attacks via spoofed reply packets.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-10013":{"debianbug":848713,"scope":"local","description":"Xen through 4.8.x allows local 64-bit x86 HVM guest OS users to gain privileges by leveraging mishandling of SYSCALL singlestep during emulation.","releases":{"buster":{"fixed_version":"4.8.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u9","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.8.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-1432":{"scope":"remote","description":"Xen 4.1.x and 4.2.x, when the XSA-45 patch is in place, does not properly maintain references on pages stored for deferred cleanup, which allows local PV guest kernels to cause a denial of service (premature page free and hypervisor crash) or possibly gain privileges via unspecified vectors.","releases":{"buster":{"fixed_version":"4.3.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.3.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.3.0-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.3.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-6268":{"scope":"local","description":"The evtchn_fifo_set_pending function in Xen 4.4.x allows local guest users to cause a denial of service (host crash) via vectors involving an uninitialized FIFO-based event channel control block when (1) binding or (2) moving an event to a different VCPU.","releases":{"buster":{"fixed_version":"4.4.1-3","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.4.1-3","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-3","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.4.1-3","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-3672":{"scope":"local","description":"The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr.","releases":{"buster":{"fixed_version":"4.4.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.4.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.4.0-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.4.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2012-6075":{"debianbug":696051,"scope":"remote","description":"Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet.","releases":{"buster":{"fixed_version":"4.1.3-8","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.1.3-8","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.1.3-8","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.1.3-8","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-12130":{"debianbug":929067,"releases":{"buster":{"repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"not yet assigned","status":"open"},"stretch":{"repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"not yet assigned","status":"open"},"jessie":{"repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"not yet assigned","status":"open"},"sid":{"repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"not yet assigned","status":"open"}}}}
{"TEMP-0000000-A28E7B":{"releases":{"buster":{"repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"not yet assigned","status":"open"},"stretch":{"repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"not yet assigned","status":"open"},"jessie":{"repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"not yet assigned","status":"open"},"sid":{"repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"not yet assigned","status":"open"}}}}
{"CVE-2012-3496":{"debianbug":686764,"scope":"local","description":"XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows local PV OS guest kernels to cause a denial of service (BUG triggered and host crash) via invalid flags such as MEMF_populate_on_demand.","releases":{"buster":{"fixed_version":"4.1.3-2","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.1.3-2","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.1.3-2","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.1.3-2","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-10919":{"scope":"remote","description":"Xen through 4.8.x mishandles virtual interrupt injection, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-223.","releases":{"buster":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"No backport available, limited to arm","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-3495":{"debianbug":686764,"scope":"local","description":"The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking that the return value indicates an error, which allows guest OS users to cause a denial of service (invalid memory write and host crash) and possibly gain privileges via unspecified vectors.","releases":{"buster":{"fixed_version":"4.1.3-2","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.1.3-2","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.1.3-2","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.1.3-2","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-3498":{"debianbug":686764,"scope":"local","description":"PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and earlier allows local HVM guest OS kernels to cause a denial of service (host crash) and possibly read hypervisor or guest memory via vectors related to a missing range check of map->index.","releases":{"buster":{"fixed_version":"4.1.3-2","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.1.3-2","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.1.3-2","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.1.3-2","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-3497":{"debianbug":686764,"scope":"local","description":"(1) TMEMC_SAVE_GET_CLIENT_WEIGHT, (2) TMEMC_SAVE_GET_CLIENT_CAP, (3) TMEMC_SAVE_GET_CLIENT_FLAGS and (4) TMEMC_SAVE_END in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (NULL pointer dereference or memory corruption and host crash) or possibly have other unspecified impacts via a NULL client id.","releases":{"buster":{"fixed_version":"4.1.4-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"4.1.4-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"4.1.4-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"4.1.4-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-10916":{"scope":"remote","description":"The vCPU context-switch implementation in Xen through 4.8.x improperly interacts with the Memory Protection Extensions (MPX) and Protection Key (PKU) features, which makes it easier for guest OS users to defeat ASLR and other protection mechanisms, aka XSA-220.","releases":{"buster":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-10915":{"scope":"remote","description":"The shadow-paging feature in Xen through 4.8.x mismanages page references and consequently introduces a race condition, which allows guest OS users to obtain Xen privileges, aka XSA-219.","releases":{"buster":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u10","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-10918":{"scope":"remote","description":"Xen through 4.8.x does not validate memory allocations during certain P2M operations, which allows guest OS users to obtain privileged host OS access, aka XSA-222.","releases":{"buster":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u10","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-10917":{"scope":"remote","description":"Xen through 4.8.x does not validate the port numbers of polled event channel ports, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) or possibly obtain sensitive information, aka XSA-221.","releases":{"buster":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u10","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-1583":{"scope":"local","description":"Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers (1) a buffer overflow during a decompression loop or (2) an out-of-bounds read in the loader involving unspecified length fields.","releases":{"buster":{"fixed_version":"4.1.1-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.1.1-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.1.1-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.1.1-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-1642":{"scope":"local","description":"The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough and configured to support a large number of CPUs, frees certain memory that may still be intended for use, which allows local guest administrators to cause a denial of service (memory corruption and hypervisor crash) and possibly execute arbitrary code via vectors related to an out-of-memory error that triggers a (1) use-after-free or (2) double free.","releases":{"buster":{"fixed_version":"4.4.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.4.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.0-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.4.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-4356":{"scope":"remote","description":"Xen 4.3.x writes hypervisor mappings to certain shadow pagetables when live migration is performed on hosts with more than 5TB of RAM, which allows local 64-bit PV guests to read or write to invalid memory and cause a denial of service (crash).","releases":{"buster":{"fixed_version":"4.4.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.4.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.0-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.4.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-7188":{"scope":"remote","description":"The hvm_msr_read_intercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local HVM guests to cause a denial of service (host crash) or read data from the hypervisor or other guests via unspecified vectors.","releases":{"buster":{"fixed_version":"4.4.1-3","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.4.1-3","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-3","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.4.1-3","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-4355":{"scope":"local","description":"Xen 4.3.x and earlier does not properly handle certain errors, which allows local HVM guests to obtain hypervisor stack memory via a (1) port or (2) memory mapped I/O write or (3) other unspecified operations related to addresses without associated memory.","releases":{"buster":{"fixed_version":"4.4.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.4.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.4.0-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.4.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-10912":{"scope":"remote","description":"Xen through 4.8.x mishandles page transfer, which allows guest OS users to obtain privileged host OS access, aka XSA-217.","releases":{"buster":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u10","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-10914":{"scope":"remote","description":"The grant-table feature in Xen through 4.8.x has a race condition leading to a double free, which allows guest OS users to cause a denial of service (memory consumption), or possibly obtain sensitive information or gain privileges, aka XSA-218 bug 2.","releases":{"buster":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u10","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-10913":{"scope":"remote","description":"The grant-table feature in Xen through 4.8.x provides false mapping information in certain cases of concurrent unmap calls, which allows backend attackers to obtain sensitive information or gain privileges, aka XSA-218 bug 1.","releases":{"buster":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u10","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-3494":{"debianbug":686764,"scope":"local","description":"The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when running on x86-64 systems, allows local OS guest users to cause a denial of service (host crash) by writing to the reserved bits of the DR7 debug control register.","releases":{"buster":{"fixed_version":"4.1.3-2","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.1.3-2","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.1.3-2","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.1.3-2","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-3620":{"scope":"local","description":"Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.","releases":{"buster":{"fixed_version":"4.11.1~pre.20180911.5acdd26fdc+dfsg-2","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.4+xsa273+shim4.10.1+xsa273-1+deb9u10","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"open"},"sid":{"fixed_version":"4.11.1~pre.20180911.5acdd26fdc+dfsg-2","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-15470":{"scope":"local","description":"An issue was discovered in Xen through 4.11.x. The logic in oxenstored for handling writes depended on the order of evaluation of expressions making up a tuple. As indicated in section 7.7.3 \"Operations on data structures\" of the OCaml manual, the order of evaluation of subexpressions is not specified. In practice, different implementations behave differently. Thus, oxenstored may not enforce the configured quota-maxentity. This allows a malicious or buggy guest to write as many xenstore entries as it wishes, causing unbounded memory usage in oxenstored. This can lead to a system-wide DoS.","releases":{"buster":{"fixed_version":"4.11.1~pre.20180911.5acdd26fdc+dfsg-2","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"4.8.4+xsa273+shim4.10.1+xsa273-1+deb9u10","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.4lts4-0+deb8u1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.11.1~pre.20180911.5acdd26fdc+dfsg-2","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-5244":{"scope":"local","description":"In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. Unfortunately, one tracking structure isn't freed when a vcpu is destroyed. This allows guest OS administrators to cause a denial of service (host OS memory consumption) by rebooting many times.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-4361":{"scope":"local","description":"The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use the correct variable for the source effective address, which allows local HVM guests to obtain hypervisor stack information by reading the values used by the instruction.","releases":{"buster":{"fixed_version":"4.4.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.4.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.4.0-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.4.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2013-4369":{"scope":"local","description":"The xlu_vif_parse_rate function in the libxlu library in Xen 4.2.x and 4.3.x allows local users to cause a denial of service (NULL pointer dereference) by using the \"@\" character as the VIF rate configuration.","releases":{"buster":{"fixed_version":"4.4.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.4.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.4.0-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.4.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2013-4368":{"scope":"local","description":"The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests to obtain sensitive information (hypervisor stack content) via unspecified vectors related to stale data in a segment register.","releases":{"buster":{"fixed_version":"4.4.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.4.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.4.0-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.4.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-15597":{"scope":"remote","description":"An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not match up with that assumption. When such a grant copy operation is being done on a grant of a dying domain, the assumption turns out wrong. A malicious guest administrator can cause hypervisor memory corruption, most likely resulting in host crash and a Denial of Service. Privilege escalation and information leaks cannot be ruled out.","releases":{"buster":{"fixed_version":"4.8.2+xsa245-0+deb9u1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.8.2+xsa245-0+deb9u1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.4.4lts2-0+deb8u1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.8.2+xsa245-0+deb9u1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-7540":{"scope":"local","description":"An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing.","releases":{"buster":{"fixed_version":"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.4lts4-0+deb8u1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-15596":{"scope":"local","description":"An issue was discovered in Xen 4.4.x through 4.9.x allowing ARM guest OS users to cause a denial of service (prevent physical CPU usage) because of lock mishandling upon detection of an add-to-physmap error.","releases":{"buster":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u10","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.8.1-1+deb9u3","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-7541":{"scope":"local","description":"An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1.","releases":{"buster":{"fixed_version":"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.4lts4-0+deb8u1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-15468":{"scope":"local","description":"An issue was discovered in Xen through 4.11.x. The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the processor, and software has to be careful to configure it suitably not to lock up the core. As a result, it must only be available to fully trusted guests. Unfortunately, in the case that vPMU is disabled, all value checking was skipped, allowing the guest to choose any MSR_DEBUGCTL setting it likes. A malicious or buggy guest administrator (on Intel x86 HVM or PVH) can lock up the entire host, causing a Denial of Service.","releases":{"buster":{"fixed_version":"4.11.1~pre.20180911.5acdd26fdc+dfsg-2","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.4+xsa273+shim4.10.1+xsa273-1+deb9u10","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"4.11.1~pre.20180911.5acdd26fdc+dfsg-2","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-7542":{"scope":"local","description":"An issue was discovered in Xen 4.8.x through 4.10.x allowing x86 PVH guest OS users to cause a denial of service (NULL pointer dereference and hypervisor crash) by leveraging the mishandling of configurations that lack a Local APIC.","releases":{"buster":{"fixed_version":"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8550":{"debianbug":809229,"scope":"local","description":"Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability.","releases":{"buster":{"fixed_version":"4.8.0~rc3-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.0~rc3-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u4","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.8.0~rc3-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-15469":{"scope":"local","description":"An issue was discovered in Xen through 4.11.x. ARM never properly implemented grant table v2, either in the hypervisor or in Linux. Unfortunately, an ARM guest can still request v2 grant tables; they will simply not be properly set up, resulting in subsequent grant-related hypercalls hitting BUG() checks. An unprivileged guest can cause a BUG() check in the hypervisor, resulting in a denial-of-service (crash).","releases":{"buster":{"fixed_version":"4.11.1~pre.20180911.5acdd26fdc+dfsg-2","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.4+xsa273+shim4.10.1+xsa273-1+deb9u10","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.4lts4-0+deb8u1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.11.1~pre.20180911.5acdd26fdc+dfsg-2","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-5165":{"debianbug":794610,"scope":"remote","description":"The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.","releases":{"buster":{"fixed_version":"4.4.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.4.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.0-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.4.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8555":{"debianbug":823620,"scope":"remote","description":"Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vectors.","releases":{"buster":{"fixed_version":"4.8.0~rc3-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.0~rc3-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u4","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.8.0~rc3-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-5166":{"debianbug":794611,"scope":"local","description":"Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.","releases":{"buster":{"fixed_version":"4.4.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.4.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.4.0-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.4.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-8554":{"scope":"local","description":"Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using the qemu-xen-traditional (aka qemu-dm) device model, allows local x86 HVM guest administrators to gain privileges by leveraging a system with access to a passed-through MSI-X capable physical PCI device and MSI-X table entries, related to a \"write path.\"","releases":{"buster":{"fixed_version":"4.4.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.4.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.0-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.4.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-11091":{"debianbug":929067,"releases":{"buster":{"repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"not yet assigned","status":"open"},"stretch":{"repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"not yet assigned","status":"open"},"jessie":{"repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"not yet assigned","status":"open"},"sid":{"repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"not yet assigned","status":"open"}}}}
{"CVE-2015-7813":{"scope":"local","description":"Xen 4.4.x, 4.5.x, and 4.6.x does not limit the number of printk console messages when reporting unimplemented hypercalls, which allows local guests to cause a denial of service via a sequence of (1) HYPERVISOR_physdev_op hypercalls, which are not properly handled in the do_physdev_op function in arch/arm/physdev.c, or (2) HYPERVISOR_hvm_op hypercalls, which are not properly handled in the do_hvm_op function in arch/arm/hvm.c.","releases":{"buster":{"fixed_version":"4.6.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.6.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u3","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.6.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2015-7812":{"scope":"local","description":"The hypercall_create_continuation function in arch/arm/domain.c in Xen 4.4.x through 4.6.x allows local guest users to cause a denial of service (host crash) via a preemptible hypercall to the multicall interface.","releases":{"buster":{"fixed_version":"4.6.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.6.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u3","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.6.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-7814":{"scope":"local","description":"Race condition in the relinquish_memory function in arch/arm/domain.c in Xen 4.6.x and earlier allows local domains with partial management control to cause a denial of service (host crash) via vectors involving the destruction of a domain and using XENMEM_decrease_reservation to reduce the memory of the domain.","releases":{"buster":{"fixed_version":"4.6.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.6.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u3","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.6.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-15595":{"scope":"local","description":"An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking.","releases":{"buster":{"fixed_version":"4.8.2+xsa245-0+deb9u1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.8.2+xsa245-0+deb9u1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.4.4lts3-0+deb8u1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.8.2+xsa245-0+deb9u1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-3125":{"scope":"remote","description":"Xen 4.4.x, when running on an ARM system, does not properly context switch the CNTKCTL_EL1 register, which allows local guest users to modify the hardware timers and cause a denial of service (crash) via unspecified vectors.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-15594":{"scope":"local","description":"An issue was discovered in Xen through 4.9.x allowing x86 SVM PV guest OS users to cause a denial of service (hypervisor crash) or gain privileges because IDT settings are mishandled during CPU hotplugging.","releases":{"buster":{"fixed_version":"4.8.2+xsa245-0+deb9u1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.2+xsa245-0+deb9u1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.4lts3-0+deb8u1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.8.2+xsa245-0+deb9u1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-6259":{"scope":"local","description":"Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check.","releases":{"buster":{"fixed_version":"4.8.0~rc3-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.0~rc3-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"4.8.0~rc3-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-2625":{"debianbug":688125,"scope":"remote","description":"The PyGrub boot loader in Xen unstable before changeset 25589:60f09d1ab1fe, 4.2.x, and 4.1.x allows local para-virtualized guest users to cause a denial of service (memory consumption) via a large (1) bzip2 or (2) lzma compressed kernel image.","releases":{"buster":{"fixed_version":"4.1.3-4","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"4.1.3-4","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"4.1.3-4","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"4.1.3-4","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-15593":{"scope":"local","description":"An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (memory leak) because reference counts are mishandled.","releases":{"buster":{"fixed_version":"4.8.2+xsa245-0+deb9u1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.2+xsa245-0+deb9u1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.4lts3-0+deb8u1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.8.2+xsa245-0+deb9u1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-3124":{"debianbug":757724,"scope":"remote","description":"The HVMOP_set_mem_type control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service (hypervisor crash) or possibly execute arbitrary code by leveraging a separate qemu-dm vulnerability to trigger invalid page table translations for unspecified memory page types.","releases":{"buster":{"fixed_version":"4.4.1-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.4.1-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.4.1-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-6258":{"scope":"local","description":"The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.","releases":{"buster":{"fixed_version":"4.8.0~rc3-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.8.0~rc3-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u6","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.8.0~rc3-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-15592":{"scope":"local","description":"An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because self-linear shadow mappings are mishandled for translated guests.","releases":{"buster":{"fixed_version":"4.8.2+xsa245-0+deb9u1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.8.2+xsa245-0+deb9u1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.4.4lts3-0+deb8u1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.8.2+xsa245-0+deb9u1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-15591":{"scope":"local","description":"An issue was discovered in Xen 4.5.x through 4.9.x allowing attackers (who control a stub domain kernel or tool stack) to cause a denial of service (host OS crash) because of a missing comparison (of range start to range end) within the DMOP map/unmap implementation.","releases":{"buster":{"fixed_version":"4.8.2+xsa245-0+deb9u1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.2+xsa245-0+deb9u1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"4.8.2+xsa245-0+deb9u1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-15590":{"scope":"local","description":"An issue was discovered in Xen through 4.9.x allowing x86 guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because MSI mapping was mishandled.","releases":{"buster":{"fixed_version":"4.8.2+xsa245-0+deb9u1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.2+xsa245-0+deb9u1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.4lts2-0+deb8u1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.8.2+xsa245-0+deb9u1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-15589":{"scope":"local","description":"An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS (or an arbitrary guest OS) because intercepted I/O operations can cause a write of data from uninitialized hypervisor stack memory.","releases":{"buster":{"fixed_version":"4.8.2+xsa245-0+deb9u1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.8.2+xsa245-0+deb9u1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.4.4lts2-0+deb8u1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.8.2+xsa245-0+deb9u1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-15588":{"scope":"local","description":"An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to execute arbitrary code on the host OS because of a race condition that can cause a stale TLB entry.","releases":{"buster":{"fixed_version":"4.8.2+xsa245-0+deb9u1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.2+xsa245-0+deb9u1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.4lts2-0+deb8u1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.8.2+xsa245-0+deb9u1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8340":{"debianbug":823620,"scope":"local","description":"The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly release locks, which might allow guest OS administrators to cause a denial of service (deadlock or host crash) via unspecified vectors, related to XENMEM_exchange error handling.","releases":{"buster":{"fixed_version":"4.8.0~rc3-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.0~rc3-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u4","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.8.0~rc3-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8341":{"debianbug":823620,"scope":"remote","description":"The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service (memory and disk consumption) by starting domains.","releases":{"buster":{"fixed_version":"4.8.0~rc3-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.8.0~rc3-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u4","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.8.0~rc3-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-8104":{"debianbug":823620,"scope":"local","description":"The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.","releases":{"buster":{"fixed_version":"4.8.0~rc3-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.0~rc3-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u3","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.8.0~rc3-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-3214":{"debianbug":795461,"scope":"local","description":"The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.","releases":{"buster":{"fixed_version":"4.4.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.4.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.0-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.4.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-3456":{"debianbug":785424,"scope":"remote","description":"The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.","releases":{"buster":{"fixed_version":"4.4.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.4.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.4.0-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.4.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-8339":{"debianbug":823620,"scope":"local","description":"The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly hand back pages to a domain, which might allow guest OS administrators to cause a denial of service (host crash) via unspecified vectors related to domain teardown.","releases":{"buster":{"fixed_version":"4.8.0~rc3-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8.0~rc3-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u4","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.8.0~rc3-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8338":{"debianbug":823620,"scope":"local","description":"Xen 4.6.x and earlier does not properly enforce limits on page order inputs for the (1) XENMEM_increase_reservation, (2) XENMEM_populate_physmap, (3) XENMEM_exchange, and possibly other HYPERVISOR_memory_op suboperations, which allows ARM guest OS administrators to cause a denial of service (CPU consumption, guest reboot, or watchdog timeout and host reboot) and possibly have unspecified other impact via unknown vectors.","releases":{"buster":{"fixed_version":"4.8.0~rc3-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.8.0~rc3-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u6","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.8.0~rc3-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-3495":{"scope":"local","description":"The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x allows local guests to cause a denial of service (kernel panic) via a malformed Message Signaled Interrupt (MSI) from a PCI device that is bus mastering capable that triggers a System Error Reporting (SERR) Non-Maskable Interrupt (NMI).","releases":{"buster":{"fixed_version":"4.4.1-3","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"4.4.1-3","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"4.4.1-3","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"4.4.1-3","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-7156":{"scope":"remote","description":"The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 3.3.x through 4.4.x does not check the supervisor mode permissions for instructions that generate software interrupts, which allows local HVM guest users to cause a denial of service (guest crash) via unspecified vectors.","releases":{"buster":{"fixed_version":"4.4.1-3","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.4.1-3","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-3","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.4.1-3","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2012-0218":{"scope":"local","description":"Xen 3.4, 4.0, and 4.1, when the guest OS has not registered a handler for a syscall or sysenter instruction, does not properly clear a flag for exception injection when injecting a General Protection Fault, which allows local PV guest OS users to cause a denial of service (guest crash) by later triggering an exception that would normally be handled within Xen.","releases":{"buster":{"fixed_version":"4.1.3~rc1+hg-20120614.a9c0a89c08f2-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.1.3~rc1+hg-20120614.a9c0a89c08f2-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.1.3~rc1+hg-20120614.a9c0a89c08f2-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.1.3~rc1+hg-20120614.a9c0a89c08f2-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2012-0217":{"debianbug":677297,"scope":"local","description":"The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application.  NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.","releases":{"buster":{"fixed_version":"4.1.3~rc1+hg-20120614.a9c0a89c08f2-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.1.3~rc1+hg-20120614.a9c0a89c08f2-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.1.3~rc1+hg-20120614.a9c0a89c08f2-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.1.3~rc1+hg-20120614.a9c0a89c08f2-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-7154":{"scope":"remote","description":"Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via unspecified vectors.","releases":{"buster":{"fixed_version":"4.4.1-3","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.4.1-3","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-3","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.4.1-3","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-3209":{"debianbug":788460,"scope":"remote","description":"Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.","releases":{"buster":{"fixed_version":"4.4.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.4.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-9+deb8u1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.4.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-7155":{"scope":"remote","description":"The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain guest kernel mode privileges via vectors involving an (1) HLT, (2) LGDT, (3) LIDT, or (4) LMSW instruction.","releases":{"buster":{"fixed_version":"4.4.1-3","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.4.1-3","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.1-3","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.4.1-3","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-6400":{"scope":"remote","description":"Xen 4.2.x and 4.3.x, when using Intel VT-d and a PCI device has been assigned, does not clear the flag that suppresses IOMMU TLB flushes when unspecified errors occur, which causes the TLB entries to not be flushed and allows local guest administrators to cause a denial of service (host crash) or gain privileges via unspecified vectors.","releases":{"buster":{"fixed_version":"4.4.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.4.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.4.0-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.4.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-4344":{"debianbug":725944,"scope":"local","description":"Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command.","releases":{"buster":{"fixed_version":"4.2-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.2-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.2-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.2-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9637":{"scope":"local","description":"The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access.","releases":{"buster":{"fixed_version":"4.4.0-1","repositories":{"buster":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.4.0-1","repositories":{"stretch-security":"4.8.5+shim4.10.2+xsa282-1+deb9u11","stretch":"4.8.5+shim4.10.2+xsa282-1+deb9u11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.4.0-1","repositories":{"jessie":"4.4.1-9+deb8u10","jessie-security":"4.4.4lts4-0+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.4.0-1","repositories":{"sid":"4.11.1+26-g87f51bf366-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2012-4562":{"scope":"remote","description":"Multiple integer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (infinite loop or crash) and possibly execute arbitrary code via unspecified vectors, which triggers a buffer overflow, infinite loop, or possibly some other unspecified vulnerabilities.","releases":{"buster":{"fixed_version":"0.5.3-1","repositories":{"buster":"0.8.6-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.5.3-1","repositories":{"stretch-security":"0.7.3-2+deb9u1","stretch":"0.7.3-2+deb9u2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.5.3-1","repositories":{"jessie":"0.6.3-4+deb8u2","jessie-security":"0.6.3-4+deb8u3"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.5.3-1","repositories":{"sid":"0.8.6-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-8132":{"debianbug":773577,"scope":"remote","description":"Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet.","releases":{"buster":{"fixed_version":"0.6.3-4","repositories":{"buster":"0.8.6-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.6.3-4","repositories":{"stretch-security":"0.7.3-2+deb9u1","stretch":"0.7.3-2+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.6.3-4","repositories":{"jessie":"0.6.3-4+deb8u2","jessie-security":"0.6.3-4+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.6.3-4","repositories":{"sid":"0.8.6-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-0176":{"debianbug":698963,"scope":"remote","description":"The publickey_from_privatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a \"Client: Diffie-Hellman Key Exchange Init\" packet.","releases":{"buster":{"fixed_version":"0.5.4-1","repositories":{"buster":"0.8.6-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.5.4-1","repositories":{"stretch-security":"0.7.3-2+deb9u1","stretch":"0.7.3-2+deb9u2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.5.4-1","repositories":{"jessie":"0.6.3-4+deb8u2","jessie-security":"0.6.3-4+deb8u3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.5.4-1","repositories":{"sid":"0.8.6-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-10933":{"debianbug":911149,"scope":"remote","description":"A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.","releases":{"buster":{"fixed_version":"0.8.4-1","repositories":{"buster":"0.8.6-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.7.3-2+deb9u1","repositories":{"stretch-security":"0.7.3-2+deb9u1","stretch":"0.7.3-2+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.6.3-4+deb8u3","repositories":{"jessie":"0.6.3-4+deb8u2","jessie-security":"0.6.3-4+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.8.4-1","repositories":{"sid":"0.8.6-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-6063":{"scope":"remote","description":"Double free vulnerability in the sftp_mkdir function in sftp.c in libssh before 0.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors, a different vector than CVE-2012-4559.","releases":{"buster":{"fixed_version":"0.5.3-1","repositories":{"buster":"0.8.6-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.5.3-1","repositories":{"stretch-security":"0.7.3-2+deb9u1","stretch":"0.7.3-2+deb9u2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.5.3-1","repositories":{"jessie":"0.6.3-4+deb8u2","jessie-security":"0.6.3-4+deb8u3"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.5.3-1","repositories":{"sid":"0.8.6-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-4559":{"scope":"remote","description":"Multiple double free vulnerabilities in the (1) agent_sign_data function in agent.c, (2) channel_request function in channels.c, (3) ssh_userauth_pubkey function in auth.c, (4) sftp_parse_attr_3 function in sftp.c, and (5) try_publickey_from_file function in keyfiles.c in libssh before 0.5.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.","releases":{"buster":{"fixed_version":"0.5.3-1","repositories":{"buster":"0.8.6-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.5.3-1","repositories":{"stretch-security":"0.7.3-2+deb9u1","stretch":"0.7.3-2+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.5.3-1","repositories":{"jessie":"0.6.3-4+deb8u2","jessie-security":"0.6.3-4+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.5.3-1","repositories":{"sid":"0.8.6-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-4561":{"scope":"remote","description":"The (1) publickey_make_dss, (2) publickey_make_rsa, (3) signature_from_string, (4) ssh_do_sign, and (5) ssh_sign_session_id functions in keys.c in libssh before 0.5.3 free \"an invalid pointer on an error path,\" which might allow remote attackers to cause a denial of service (crash) via unspecified vectors.","releases":{"buster":{"fixed_version":"0.5.3-1","repositories":{"buster":"0.8.6-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.5.3-1","repositories":{"stretch-security":"0.7.3-2+deb9u1","stretch":"0.7.3-2+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.5.3-1","repositories":{"jessie":"0.6.3-4+deb8u2","jessie-security":"0.6.3-4+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.5.3-1","repositories":{"sid":"0.8.6-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-0017":{"scope":"local","description":"The RAND_bytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator (PRNG), which causes the state to be shared between children processes and allows local users to obtain sensitive information by leveraging a pid collision.","releases":{"buster":{"fixed_version":"0.5.4-3","repositories":{"buster":"0.8.6-3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"0.5.4-3","repositories":{"stretch-security":"0.7.3-2+deb9u1","stretch":"0.7.3-2+deb9u2"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"0.5.4-3","repositories":{"jessie":"0.6.3-4+deb8u2","jessie-security":"0.6.3-4+deb8u3"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"0.5.4-3","repositories":{"sid":"0.8.6-3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-0739":{"debianbug":815663,"scope":"remote","description":"libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a \"bits/bytes confusion bug.\"","releases":{"buster":{"fixed_version":"0.6.3-4.3","repositories":{"buster":"0.8.6-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.6.3-4.3","repositories":{"stretch-security":"0.7.3-2+deb9u1","stretch":"0.7.3-2+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.6.3-4+deb8u2","repositories":{"jessie":"0.6.3-4+deb8u2","jessie-security":"0.6.3-4+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.6.3-4.3","repositories":{"sid":"0.8.6-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-4560":{"scope":"remote","description":"Multiple buffer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors.","releases":{"buster":{"fixed_version":"0.5.3-1","repositories":{"buster":"0.8.6-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.5.3-1","repositories":{"stretch-security":"0.7.3-2+deb9u1","stretch":"0.7.3-2+deb9u2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.5.3-1","repositories":{"jessie":"0.6.3-4+deb8u2","jessie-security":"0.6.3-4+deb8u3"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.5.3-1","repositories":{"sid":"0.8.6-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-3146":{"debianbug":784404,"scope":"remote","description":"The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet.","releases":{"buster":{"fixed_version":"0.6.3-4.2","repositories":{"buster":"0.8.6-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.6.3-4.2","repositories":{"stretch-security":"0.7.3-2+deb9u1","stretch":"0.7.3-2+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.6.3-4+deb8u1","repositories":{"jessie":"0.6.3-4+deb8u2","jessie-security":"0.6.3-4+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.6.3-4.2","repositories":{"sid":"0.8.6-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-9778":{"debianbug":865607,"scope":"remote","description":"GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB.","releases":{"buster":{"repositories":{"buster":"8.2.1-2"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"7.12-6"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"7.7.1+dfsg-5"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"8.2.1-2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2005-1704":{"scope":"local","description":"Integer overflow in the Binary File Descriptor (BFD) library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of section headers, leading to a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"6.3-6","repositories":{"buster":"8.2.1-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"6.3-6","repositories":{"stretch":"7.12-6"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"6.3-6","repositories":{"jessie":"7.7.1+dfsg-5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"6.3-6","repositories":{"sid":"8.2.1-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-8501":{"scope":"remote","description":"The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable.","releases":{"buster":{"repositories":{"buster":"8.2.1-2"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"7.12-6"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"7.7.1+dfsg-5"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"8.2.1-2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2005-1705":{"scope":"local","description":"gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb.","releases":{"buster":{"fixed_version":"6.3-6","repositories":{"buster":"8.2.1-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"6.3-6","repositories":{"stretch":"7.12-6"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"6.3-6","repositories":{"jessie":"7.7.1+dfsg-5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"6.3-6","repositories":{"sid":"8.2.1-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-4146":{"scope":"remote","description":"Buffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2 (dwarf2read.c) debugging code in GNU Debugger (GDB) 6.5 allows user-assisted attackers, or restricted users, to execute arbitrary code via a crafted file with a location block (DW_FORM_block) that contains a large number of operations.","releases":{"buster":{"fixed_version":"7.3-1","repositories":{"buster":"8.2.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"7.3-1","repositories":{"stretch":"7.12-6"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"7.3-1","repositories":{"jessie":"7.7.1+dfsg-5"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"7.3-1","repositories":{"sid":"8.2.1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-9939":{"scope":"remote","description":"ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects.","releases":{"buster":{"fixed_version":"7.10-1","repositories":{"buster":"8.2.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"7.10-1","repositories":{"stretch":"7.12-6"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"7.7.1+dfsg-5"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"7.10-1","repositories":{"sid":"8.2.1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-4355":{"scope":"local","description":"GNU Project Debugger (GDB) before 7.5, when .debug_gdb_scripts is defined, automatically loads certain files from the current working directory, which allows local users to gain privileges via crafted files such as Python scripts.","releases":{"buster":{"fixed_version":"7.6-1","repositories":{"buster":"8.2.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"7.6-1","repositories":{"stretch":"7.12-6"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"7.6-1","repositories":{"jessie":"7.7.1+dfsg-5"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"7.6-1","repositories":{"sid":"8.2.1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2003-0685":{"scope":"remote","description":"Buffer overflow in Netris 0.52 and earlier, and possibly other versions, allows remote malicious Netris servers to execute arbitrary code on netris clients via a long server response.","releases":{"buster":{"fixed_version":"0.52-1","repositories":{"buster":"0.52-10"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.52-1","repositories":{"stretch":"0.52-10"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.52-1","repositories":{"jessie":"0.52-9"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.52-1","repositories":{"sid":"0.52-10"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2002-1566":{"scope":"remote","description":"netris 0.5, and possibly other versions before 0.52, when running with the -w (wait) option, allows remote attackers to cause a denial of service (crash) via a long string to port 9284.","releases":{"buster":{"fixed_version":"0.52-1","repositories":{"buster":"0.52-10"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.52-1","repositories":{"stretch":"0.52-10"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.52-1","repositories":{"jessie":"0.52-9"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.52-1","repositories":{"sid":"0.52-10"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-9128":{"debianbug":864664,"scope":"remote","description":"The quicktime_video_width function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted mp4 file.","releases":{"buster":{"fixed_version":"2:1.2.4-11","repositories":{"buster":"2:1.2.4-12"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2:1.2.4-10+deb9u1","repositories":{"stretch":"2:1.2.4-10+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2:1.2.4-7+deb8u1","jessie-security":"2:1.2.4-7+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2:1.2.4-11","repositories":{"sid":"2:1.2.4-12"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-2399":{"debianbug":855099,"scope":"remote","description":"Integer overflow in the quicktime_read_pascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted hdlr MP4 atom.","releases":{"buster":{"fixed_version":"2:1.2.4-10","repositories":{"buster":"2:1.2.4-12"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:1.2.4-10","repositories":{"stretch":"2:1.2.4-10+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:1.2.4-7+deb8u1","repositories":{"jessie":"2:1.2.4-7+deb8u1","jessie-security":"2:1.2.4-7+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:1.2.4-10","repositories":{"sid":"2:1.2.4-12"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-9124":{"debianbug":864664,"scope":"remote","description":"The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.","releases":{"buster":{"fixed_version":"2:1.2.4-11","repositories":{"buster":"2:1.2.4-12"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2:1.2.4-10+deb9u1","repositories":{"stretch":"2:1.2.4-10+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2:1.2.4-7+deb8u1","jessie-security":"2:1.2.4-7+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2:1.2.4-11","repositories":{"sid":"2:1.2.4-12"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-9125":{"debianbug":864664,"scope":"remote","description":"The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mp4 file.","releases":{"buster":{"fixed_version":"2:1.2.4-11","repositories":{"buster":"2:1.2.4-12"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2:1.2.4-10+deb9u1","repositories":{"stretch":"2:1.2.4-10+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2:1.2.4-7+deb8u1","jessie-security":"2:1.2.4-7+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2:1.2.4-11","repositories":{"sid":"2:1.2.4-12"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-12145":{"scope":"remote","description":"In libquicktime 1.2.4, an allocation failure was found in the function quicktime_read_ftyp in ftyp.c, which allows attackers to cause a denial of service via a crafted file.","releases":{"buster":{"repositories":{"buster":"2:1.2.4-12"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"2:1.2.4-10+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2:1.2.4-7+deb8u1","jessie-security":"2:1.2.4-7+deb8u1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2:1.2.4-12"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-9126":{"debianbug":864664,"scope":"remote","description":"The quicktime_read_dref_table function in dref.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file.","releases":{"buster":{"fixed_version":"2:1.2.4-11","repositories":{"buster":"2:1.2.4-12"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2:1.2.4-10+deb9u1","repositories":{"stretch":"2:1.2.4-10+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2:1.2.4-7+deb8u1","jessie-security":"2:1.2.4-7+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2:1.2.4-11","repositories":{"sid":"2:1.2.4-12"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-9127":{"debianbug":864664,"scope":"remote","description":"The quicktime_user_atoms_read_atom function in useratoms.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file.","releases":{"buster":{"fixed_version":"2:1.2.4-11","repositories":{"buster":"2:1.2.4-12"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2:1.2.4-10+deb9u1","repositories":{"stretch":"2:1.2.4-10+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2:1.2.4-7+deb8u1","jessie-security":"2:1.2.4-7+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2:1.2.4-11","repositories":{"sid":"2:1.2.4-12"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-12143":{"scope":"remote","description":"In libquicktime 1.2.4, an allocation failure was found in the function quicktime_read_info in lqt_quicktime.c, which allows attackers to cause a denial of service via a crafted file.","releases":{"buster":{"repositories":{"buster":"2:1.2.4-12"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"2:1.2.4-10+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2:1.2.4-7+deb8u1","jessie-security":"2:1.2.4-7+deb8u1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2:1.2.4-12"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-9122":{"debianbug":864664,"scope":"remote","description":"The quicktime_read_moov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file.","releases":{"buster":{"fixed_version":"2:1.2.4-11","repositories":{"buster":"2:1.2.4-12"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2:1.2.4-10+deb9u1","repositories":{"stretch":"2:1.2.4-10+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2:1.2.4-7+deb8u1","jessie-security":"2:1.2.4-7+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2:1.2.4-11","repositories":{"sid":"2:1.2.4-12"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-9123":{"debianbug":864664,"scope":"remote","description":"The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.","releases":{"buster":{"fixed_version":"2:1.2.4-11","repositories":{"buster":"2:1.2.4-12"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2:1.2.4-10+deb9u1","repositories":{"stretch":"2:1.2.4-10+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2:1.2.4-7+deb8u1","jessie-security":"2:1.2.4-7+deb8u1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2:1.2.4-11","repositories":{"sid":"2:1.2.4-12"},"urgency":"low","status":"resolved"}}}}
{"CVE-2006-6678":{"debianbug":404233,"scope":"remote","description":"The edit_textarea function in form-file.c in Netrik 1.15.4 and earlier does not properly verify temporary filenames when editing textarea fields, which allows attackers to execute arbitrary commands via shell metacharacters in the filename.","releases":{"buster":{"fixed_version":"1.15.3-1.1","repositories":{"buster":"1.16.1-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.15.3-1.1","repositories":{"stretch":"1.16.1-2"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.15.3-1.1","repositories":{"jessie":"1.16.1-1.1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.15.3-1.1","repositories":{"sid":"1.16.1-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2011-0432":{"scope":"remote","description":"Multiple SQL injection vulnerabilities in the get_userinfo method in the MySQLAuthHandler class in DAVServer/mysqlauth.py in PyWebDAV before 0.9.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) pw argument.  NOTE: some of these details are obtained from third party information.","releases":{"buster":{"fixed_version":"0.9.4-3","repositories":{"buster":"0.9.11~git20180601.5d7d16a-5"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.9.4-3","repositories":{"stretch":"0.9.8-12"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.9.4-3","repositories":{"jessie":"0.9.8-9"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.9.4-3","repositories":{"sid":"0.9.11~git20180601.5d7d16a-5"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-2277":{"debianbug":740670,"scope":"local","description":"The make_temporary_filename function in perltidy 20120701-1 and earlier allows local users to obtain sensitive information or write to arbitrary files via a symlink attack, related to use of the tmpnam function.","releases":{"buster":{"fixed_version":"20130922-1","repositories":{"buster":"20180220-1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"20130922-1","repositories":{"stretch":"20140328-2"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"20130922-1","repositories":{"jessie":"20140328-1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"20130922-1","repositories":{"sid":"20180220-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-10374":{"debianbug":862667,"scope":"local","description":"perltidy through 20160302, as used by perlcritic, check-all-the-things, and other software, relies on the current working directory for certain output files and does not have a symlink-attack protection mechanism, which allows local users to overwrite arbitrary files by creating a symlink, as demonstrated by creating a perltidy.ERR symlink that the victim cannot delete.","releases":{"buster":{"fixed_version":"20140328-2","repositories":{"buster":"20180220-1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"20140328-2","repositories":{"stretch":"20140328-2"},"urgency":"low**","status":"resolved"},"jessie":{"nodsa":"Minor issue; can be fixed via point release","repositories":{"jessie":"20140328-1"},"urgency":"low**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"20140328-2","repositories":{"sid":"20180220-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2004-2215":{"scope":"local","description":"RXVT-Unicode 3.4 and 3.5 does not properly close file descriptors, which allows local users to access the terminals of other users and possibly gain privileges.","releases":{"buster":{"fixed_version":"3.8-1","repositories":{"buster":"9.22-6"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.8-1","repositories":{"stretch":"9.22-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.8-1","repositories":{"jessie":"9.20-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.8-1","repositories":{"sid":"9.22-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-3121":{"debianbug":746593,"scope":"remote","description":"rxvt-unicode before 9.20 does not properly handle OSC escape sequences, which allows user-assisted remote attackers to manipulate arbitrary X window properties and execute arbitrary commands.","releases":{"buster":{"fixed_version":"9.20-1","repositories":{"buster":"9.22-6"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"9.20-1","repositories":{"stretch":"9.22-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"9.20-1","repositories":{"jessie":"9.20-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"9.20-1","repositories":{"sid":"9.22-6"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2005-0764":{"scope":"remote","description":"Buffer overflow in command.C for rxvt-unicode before 5.3 allows remote attackers to execute arbitrary code via a crafted file containing long escape sequences.","releases":{"buster":{"fixed_version":"5.3-1","repositories":{"buster":"9.22-6"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"5.3-1","repositories":{"stretch":"9.22-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"5.3-1","repositories":{"jessie":"9.20-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"5.3-1","repositories":{"sid":"9.22-6"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-0126":{"scope":"local","description":"rxvt-unicode before 6.3, on certain platforms that use openpty and non-Unix pty devices such as Linux and most BSD platforms, does not maintain the intended permissions of tty devices, which allows local users to gain read and write access to the devices.","releases":{"buster":{"fixed_version":"6.3-1","repositories":{"buster":"9.22-6"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"6.3-1","repositories":{"stretch":"9.22-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"6.3-1","repositories":{"jessie":"9.20-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"6.3-1","repositories":{"sid":"9.22-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2791":{"scope":"remote","description":"The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.","releases":{"buster":{"fixed_version":"1.3.6-1","repositories":{"buster":"1.3.13-7"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.3.6-1","repositories":{"stretch":"1.3.10-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.3.6-1~deb8u1","repositories":{"jessie":"1.3.10-1~deb8u1","jessie-security":"1.3.10-1~deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.3.6-1","repositories":{"sid":"1.3.13-7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2792":{"scope":"remote","description":"The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2800.","releases":{"buster":{"fixed_version":"1.3.6-1","repositories":{"buster":"1.3.13-7"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.3.6-1","repositories":{"stretch":"1.3.10-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.3.6-1~deb8u1","repositories":{"jessie":"1.3.10-1~deb8u1","jessie-security":"1.3.10-1~deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.3.6-1","repositories":{"sid":"1.3.13-7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2793":{"scope":"remote","description":"CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.","releases":{"buster":{"fixed_version":"1.3.6-1","repositories":{"buster":"1.3.13-7"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.3.6-1","repositories":{"stretch":"1.3.10-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.3.6-1~deb8u1","repositories":{"jessie":"1.3.10-1~deb8u1","jessie-security":"1.3.10-1~deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.3.6-1","repositories":{"sid":"1.3.13-7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2794":{"scope":"remote","description":"The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.","releases":{"buster":{"fixed_version":"1.3.6-1","repositories":{"buster":"1.3.13-7"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.3.6-1","repositories":{"stretch":"1.3.10-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.3.6-1~deb8u1","repositories":{"jessie":"1.3.10-1~deb8u1","jessie-security":"1.3.10-1~deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.3.6-1","repositories":{"sid":"1.3.13-7"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-2790":{"scope":"remote","description":"The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font.","releases":{"buster":{"fixed_version":"1.3.6-1","repositories":{"buster":"1.3.13-7"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.3.6-1","repositories":{"stretch":"1.3.10-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.3.6-1~deb8u1","repositories":{"jessie":"1.3.10-1~deb8u1","jessie-security":"1.3.10-1~deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.3.6-1","repositories":{"sid":"1.3.13-7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-1522":{"scope":"remote","description":"Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via a crafted Graphite smart font.","releases":{"buster":{"fixed_version":"1.3.5-1","repositories":{"buster":"1.3.13-7"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.3.5-1","repositories":{"stretch":"1.3.10-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.3.5-1~deb8u1","repositories":{"jessie":"1.3.10-1~deb8u1","jessie-security":"1.3.10-1~deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.3.5-1","repositories":{"sid":"1.3.13-7"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-2799":{"scope":"remote","description":"Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font.","releases":{"buster":{"fixed_version":"1.3.6-1","repositories":{"buster":"1.3.13-7"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.3.6-1","repositories":{"stretch":"1.3.10-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.3.6-1~deb8u1","repositories":{"jessie":"1.3.10-1~deb8u1","jessie-security":"1.3.10-1~deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.3.6-1","repositories":{"sid":"1.3.13-7"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-1521":{"scope":"remote","description":"The directrun function in directmachine.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not validate a certain skip operation, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.","releases":{"buster":{"fixed_version":"1.3.5-1","repositories":{"buster":"1.3.13-7"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.3.5-1","repositories":{"stretch":"1.3.10-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.3.5-1~deb8u1","repositories":{"jessie":"1.3.10-1~deb8u1","jessie-security":"1.3.10-1~deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.3.5-1","repositories":{"sid":"1.3.13-7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-1526":{"scope":"remote","description":"The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.","releases":{"buster":{"fixed_version":"1.3.5-1","repositories":{"buster":"1.3.13-7"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.3.5-1","repositories":{"stretch":"1.3.10-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.3.5-1~deb8u1","repositories":{"jessie":"1.3.10-1~deb8u1","jessie-security":"1.3.10-1~deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.3.5-1","repositories":{"sid":"1.3.13-7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2795":{"scope":"remote","description":"The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font.","releases":{"buster":{"fixed_version":"1.3.6-1","repositories":{"buster":"1.3.13-7"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.3.6-1","repositories":{"stretch":"1.3.10-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.3.6-1~deb8u1","repositories":{"jessie":"1.3.10-1~deb8u1","jessie-security":"1.3.10-1~deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.3.6-1","repositories":{"sid":"1.3.13-7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2796":{"scope":"remote","description":"Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font.","releases":{"buster":{"fixed_version":"1.3.6-1","repositories":{"buster":"1.3.13-7"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.3.6-1","repositories":{"stretch":"1.3.10-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.3.6-1~deb8u1","repositories":{"jessie":"1.3.10-1~deb8u1","jessie-security":"1.3.10-1~deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.3.6-1","repositories":{"sid":"1.3.13-7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2797":{"scope":"remote","description":"The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2801.","releases":{"buster":{"fixed_version":"1.3.6-1","repositories":{"buster":"1.3.13-7"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.3.6-1","repositories":{"stretch":"1.3.10-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.3.6-1~deb8u1","repositories":{"jessie":"1.3.10-1~deb8u1","jessie-security":"1.3.10-1~deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.3.6-1","repositories":{"sid":"1.3.13-7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-1523":{"scope":"remote","description":"The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (missing initialization, NULL pointer dereference, and application crash) via a crafted Graphite smart font.","releases":{"buster":{"fixed_version":"1.3.5-1","repositories":{"buster":"1.3.13-7"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.3.5-1","repositories":{"stretch":"1.3.10-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.3.5-1~deb8u1","repositories":{"jessie":"1.3.10-1~deb8u1","jessie-security":"1.3.10-1~deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.3.5-1","repositories":{"sid":"1.3.13-7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2798":{"scope":"remote","description":"The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.","releases":{"buster":{"fixed_version":"1.3.6-1","repositories":{"buster":"1.3.13-7"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.3.6-1","repositories":{"stretch":"1.3.10-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.3.6-1~deb8u1","repositories":{"jessie":"1.3.10-1~deb8u1","jessie-security":"1.3.10-1~deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.3.6-1","repositories":{"sid":"1.3.13-7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-1969":{"scope":"remote","description":"The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.6.1, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted Graphite smart font.","releases":{"buster":{"fixed_version":"1.3.6-1","repositories":{"buster":"1.3.13-7"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.3.6-1","repositories":{"stretch":"1.3.10-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.3.6-1~deb8u1","repositories":{"jessie":"1.3.10-1~deb8u1","jessie-security":"1.3.10-1~deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.3.6-1","repositories":{"sid":"1.3.13-7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-7999":{"debianbug":892590,"scope":"remote","description":"In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference vulnerability was found in Segment.cpp during a dumbRendering operation, which may allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ttf file.","releases":{"buster":{"fixed_version":"1.3.11-2","repositories":{"buster":"1.3.13-7"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.3.10-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.3.10-1~deb8u1","jessie-security":"1.3.10-1~deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.3.11-2","repositories":{"sid":"1.3.13-7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7774":{"scope":"remote","description":"Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function.","releases":{"buster":{"fixed_version":"1.3.10-1","repositories":{"buster":"1.3.13-7"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.3.10-1","repositories":{"stretch":"1.3.10-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.3.10-1~deb8u1","repositories":{"jessie":"1.3.10-1~deb8u1","jessie-security":"1.3.10-1~deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.3.10-1","repositories":{"sid":"1.3.13-7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7773":{"scope":"remote","description":"Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor.","releases":{"buster":{"fixed_version":"1.3.10-1","repositories":{"buster":"1.3.13-7"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.3.10-1","repositories":{"stretch":"1.3.10-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.3.10-1~deb8u1","repositories":{"jessie":"1.3.10-1~deb8u1","jessie-security":"1.3.10-1~deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.3.10-1","repositories":{"sid":"1.3.13-7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2800":{"scope":"remote","description":"The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2792.","releases":{"buster":{"fixed_version":"1.3.6-1","repositories":{"buster":"1.3.13-7"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.3.6-1","repositories":{"stretch":"1.3.10-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.3.6-1~deb8u1","repositories":{"jessie":"1.3.10-1~deb8u1","jessie-security":"1.3.10-1~deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.3.6-1","repositories":{"sid":"1.3.13-7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7772":{"scope":"remote","description":"Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function.","releases":{"buster":{"fixed_version":"1.3.10-1","repositories":{"buster":"1.3.13-7"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.3.10-1","repositories":{"stretch":"1.3.10-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.3.10-1~deb8u1","repositories":{"jessie":"1.3.10-1~deb8u1","jessie-security":"1.3.10-1~deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.3.10-1","repositories":{"sid":"1.3.13-7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2801":{"scope":"remote","description":"The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2797.","releases":{"buster":{"fixed_version":"1.3.6-1","repositories":{"buster":"1.3.13-7"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.3.6-1","repositories":{"stretch":"1.3.10-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.3.6-1~deb8u1","repositories":{"jessie":"1.3.10-1~deb8u1","jessie-security":"1.3.10-1~deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.3.6-1","repositories":{"sid":"1.3.13-7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7771":{"scope":"remote","description":"Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function.","releases":{"buster":{"fixed_version":"1.3.10-1","repositories":{"buster":"1.3.13-7"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.3.10-1","repositories":{"stretch":"1.3.10-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.3.10-1~deb8u1","repositories":{"jessie":"1.3.10-1~deb8u1","jessie-security":"1.3.10-1~deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.3.10-1","repositories":{"sid":"1.3.13-7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2802":{"scope":"remote","description":"The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.","releases":{"buster":{"fixed_version":"1.3.6-1","repositories":{"buster":"1.3.13-7"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.3.6-1","repositories":{"stretch":"1.3.10-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.3.6-1~deb8u1","repositories":{"jessie":"1.3.10-1~deb8u1","jessie-security":"1.3.10-1~deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.3.6-1","repositories":{"sid":"1.3.13-7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7778":{"scope":"remote","description":"A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.","releases":{"buster":{"fixed_version":"1.3.10-1","repositories":{"buster":"1.3.13-7"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.3.10-1","repositories":{"stretch":"1.3.10-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.3.10-1~deb8u1","repositories":{"jessie":"1.3.10-1~deb8u1","jessie-security":"1.3.10-1~deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.3.10-1","repositories":{"sid":"1.3.13-7"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-1977":{"scope":"remote","description":"The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font.","releases":{"buster":{"fixed_version":"1.3.6-1","repositories":{"buster":"1.3.13-7"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.3.6-1","repositories":{"stretch":"1.3.10-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.3.6-1~deb8u1","repositories":{"jessie":"1.3.10-1~deb8u1","jessie-security":"1.3.10-1~deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.3.6-1","repositories":{"sid":"1.3.13-7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7777":{"scope":"remote","description":"Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function.","releases":{"buster":{"fixed_version":"1.3.10-1","repositories":{"buster":"1.3.13-7"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.3.10-1","repositories":{"stretch":"1.3.10-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.3.10-1~deb8u1","repositories":{"jessie":"1.3.10-1~deb8u1","jessie-security":"1.3.10-1~deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.3.10-1","repositories":{"sid":"1.3.13-7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7776":{"scope":"remote","description":"Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph.","releases":{"buster":{"fixed_version":"1.3.10-1","repositories":{"buster":"1.3.13-7"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.3.10-1","repositories":{"stretch":"1.3.10-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.3.10-1~deb8u1","repositories":{"jessie":"1.3.10-1~deb8u1","jessie-security":"1.3.10-1~deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.3.10-1","repositories":{"sid":"1.3.13-7"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-2709":{"debianbug":670256,"scope":"local","description":"libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPI_MECH_CONF environment variable, as demonstrated using mount.nfs.","releases":{"buster":{"fixed_version":"0.4-1","repositories":{"buster":"0.4-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.4-1","repositories":{"stretch":"0.4-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.4-1","repositories":{"jessie":"0.4-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.4-1","repositories":{"sid":"0.4-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-2079":{"debianbug":739536,"scope":"local","description":"X File Explorer (aka xfe) might allow local users to bypass intended access restrictions and gain access to arbitrary files by leveraging failure to use directory masks when creating files on Samba and NFS shares.","releases":{"buster":{"fixed_version":"1.37-2","repositories":{"buster":"1.43.1-1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.37-2","repositories":{"stretch":"1.42-1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.37-2","repositories":{"jessie":"1.37-4"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.37-2","repositories":{"sid":"1.43.1-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2011-2185":{"debianbug":629003,"scope":"local","description":"Fabric before 1.1.0 allows local users to overwrite arbitrary files via a symlink attack on (1) a /tmp/fab.*.tar file or (2) certain other files in the top level of /tmp/.","releases":{"buster":{"fixed_version":"1.1.2-1","repositories":{"buster":"1.14.0-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.1.2-1","repositories":{"stretch":"1.13.1-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.1.2-1","repositories":{"jessie":"1.10.0-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.1.2-1","repositories":{"sid":"1.14.0-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-3507":{"scope":"remote","description":"Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function.","releases":{"buster":{"fixed_version":"1.0.1i-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.1i-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1i-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.1i-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-3508":{"scope":"remote","description":"The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions.","releases":{"buster":{"fixed_version":"1.0.1i-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.1i-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1i-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.1i-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-3505":{"scope":"remote","description":"Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition.","releases":{"buster":{"fixed_version":"1.0.1i-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.1i-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1i-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.1i-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-3506":{"scope":"remote","description":"d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values.","releases":{"buster":{"fixed_version":"1.0.1i-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.1i-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1i-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.1i-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-3207":{"scope":"remote","description":"crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past.","releases":{"buster":{"fixed_version":"1.0.0e-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.0e-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.0e-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.0e-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-1945":{"scope":"remote","description":"The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation.","releases":{"buster":{"fixed_version":"1.0.0e-1","repositories":{"buster":"1.1.1b-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.0.0e-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.0.0e-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.0.0e-1","repositories":{"sid":"1.1.1b-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-3509":{"scope":"remote","description":"Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service (memory overwrite and client application crash) or possibly have unspecified other impact by sending Elliptic Curve (EC) Supported Point Formats Extension data.","releases":{"buster":{"fixed_version":"1.0.1i-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.1i-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1i-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.1i-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-4252":{"scope":"remote","description":"OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2003-0544":{"scope":"remote","description":"OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used.","releases":{"buster":{"fixed_version":"0.9.7c","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.9.7c","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.9.7c","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.9.7c","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2003-0545":{"scope":"remote","description":"Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.","releases":{"buster":{"fixed_version":"0.9.7c","repositories":{"buster":"1.1.1b-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.9.7c","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.9.7c","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.9.7c","repositories":{"sid":"1.1.1b-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-2409":{"debianbug":539895,"scope":"remote","description":"The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time.  NOTE: the scope of this issue is currently limited because the amount of computation required is still large.","releases":{"buster":{"fixed_version":"0.9.8k-4","repositories":{"buster":"1.1.1b-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.9.8k-4","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.9.8k-4","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.9.8k-4","repositories":{"sid":"1.1.1b-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-0221":{"debianbug":750665,"scope":"remote","description":"The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.","releases":{"buster":{"fixed_version":"1.0.1h-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.1h-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1h-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.1h-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-0166":{"scope":"remote","description":"OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.","releases":{"buster":{"fixed_version":"0.9.8g-9","repositories":{"buster":"1.1.1b-2"},"urgency":"high","status":"resolved"},"stretch":{"fixed_version":"0.9.8g-9","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"high","status":"resolved"},"jessie":{"fixed_version":"0.9.8g-9","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"high","status":"resolved"},"sid":{"fixed_version":"0.9.8g-9","repositories":{"sid":"1.1.1b-2"},"urgency":"high","status":"resolved"}}}}
{"CVE-2003-0543":{"scope":"remote","description":"Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values.","releases":{"buster":{"fixed_version":"0.9.7c","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.9.7c","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.9.7c","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.9.7c","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-0224":{"debianbug":750665,"scope":"remote","description":"OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the \"CCS Injection\" vulnerability.","releases":{"buster":{"fixed_version":"1.0.1h-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.1h-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1h-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.1h-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-3210":{"scope":"remote","description":"The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service (daemon crash) via out-of-order messages that violate the TLS protocol.","releases":{"buster":{"fixed_version":"1.0.0e-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.0e-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.0e-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.0e-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-0800":{"scope":"remote","description":"The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a \"DROWN\" attack.","releases":{"buster":{"fixed_version":"1.0.0c-2","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.0c-2","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.0c-2","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.0c-2","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-7250":{"scope":"remote","description":"The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message.","releases":{"buster":{"fixed_version":"1.0.0h-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.0h-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.0h-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.0h-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2003-0078":{"scope":"remote","description":"ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the \"Vaudenay timing attack.\"","releases":{"buster":{"fixed_version":"0.9.7a-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.9.7a-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.9.7a-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.9.7a-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-1543":{"scope":"remote","description":"ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12 bytes. However it also incorrectly allows a nonce to be set of up to 16 bytes. In this case only the last 12 bytes are significant and any additional leading bytes are ignored. It is a requirement of using this cipher that nonce values are unique. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks. If an application changes the default nonce length to be longer than 12 bytes and then makes a change to the leading bytes of the nonce expecting the new value to be a new unique nonce then such an application could inadvertently encrypt messages with a reused nonce. Additionally the ignored bytes in a long nonce are not covered by the integrity guarantee of this cipher. Any application that relies on the integrity of these ignored leading bytes of a long nonce may be further affected. Any OpenSSL internal use of this cipher, including in SSL/TLS, is safe because no such use sets such a long nonce value. However user applications that use this cipher directly and set a non-default nonce length to be longer than 12 bytes may be vulnerable. OpenSSL versions 1.1.1 and 1.1.0 are affected by this issue. Due to the limited scope of affected deployments this has been assessed as low severity and therefore we are not creating new releases at this time. Fixed in OpenSSL 1.1.1c-dev (Affected 1.1.1-1.1.1b). Fixed in OpenSSL 1.1.0k-dev (Affected 1.1.0-1.1.0j).","releases":{"buster":{"nodsa":"Minor issue, fix along in next 1.1.x","repositories":{"buster":"1.1.1b-2"},"urgency":"low","nodsa_reason":"postponed","status":"open"},"stretch":{"nodsa":"Minor issue, fix along in future DSA","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"low","nodsa_reason":"postponed","status":"open"},"jessie":{"nodsa":"Minor issue, fix along in future DLA","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"low","nodsa_reason":"postponed","status":"open"},"sid":{"repositories":{"sid":"1.1.1b-2"},"urgency":"low","status":"open"}}}}
{"CVE-2009-0591":{"scope":"remote","description":"The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-8176":{"scope":"remote","description":"The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data.","releases":{"buster":{"fixed_version":"1.0.1h-1","repositories":{"buster":"1.1.1b-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0.1h-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.0.1k-3+deb8u1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0.1h-1","repositories":{"sid":"1.1.1b-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-0590":{"debianbug":522002,"scope":"remote","description":"The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.","releases":{"buster":{"fixed_version":"0.9.8g-16","repositories":{"buster":"1.1.1b-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.9.8g-16","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.9.8g-16","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.9.8g-16","repositories":{"sid":"1.1.1b-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-3864":{"scope":"remote","description":"Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography.","releases":{"buster":{"fixed_version":"0.9.8o-3","repositories":{"buster":"1.1.1b-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.9.8o-3","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.9.8o-3","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.9.8o-3","repositories":{"sid":"1.1.1b-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2004-0975":{"scope":"local","description":"The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.","releases":{"buster":{"fixed_version":"0.9.7e-3","repositories":{"buster":"1.1.1b-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"0.9.7e-3","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"0.9.7e-3","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"0.9.7e-3","repositories":{"sid":"1.1.1b-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2005-2969":{"debianbug":333500,"scope":"remote","description":"The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.","releases":{"buster":{"fixed_version":"0.9.8-3","repositories":{"buster":"1.1.1b-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.9.8-3","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.9.8-3","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.9.8-3","repositories":{"sid":"1.1.1b-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2019-1559":{"scope":"remote","description":"If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).","releases":{"buster":{"fixed_version":"1.1.0b-2","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.1.0b-2","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1t-1+deb8u11","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.1.0b-2","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-2686":{"debianbug":699889,"scope":"remote","description":"crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data.","releases":{"buster":{"fixed_version":"1.0.1e-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.1e-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1e-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.1e-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-4576":{"scope":"remote","description":"The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.","releases":{"buster":{"fixed_version":"1.0.0f-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.0f-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.0f-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.0f-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-4577":{"scope":"remote","description":"OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers.","releases":{"buster":{"fixed_version":"1.0.0f-1","repositories":{"buster":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.0.0f-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1.0.0f-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.0.0f-1","repositories":{"sid":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-0891":{"debianbug":483379,"scope":"remote","description":"Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet.  NOTE: some of these details are obtained from third party information.","releases":{"buster":{"fixed_version":"0.9.8g-10.1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.9.8g-10.1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.9.8g-10.1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.9.8g-10.1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-8610":{"scope":"remote","description":"A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.","releases":{"buster":{"fixed_version":"1.0.2j-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.2j-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1t-1+deb8u6","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.2j-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-0208":{"scope":"remote","description":"The ASN.1 signature-verification implementation in the rsa_item_verify function in crypto/rsa/rsa_ameth.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted RSA PSS parameters to an endpoint that uses the certificate-verification feature.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-5146":{"releases":{"buster":{"fixed_version":"0.9.8k-1","repositories":{"buster":"1.1.1b-2"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"0.9.8k-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"0.9.8k-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"0.9.8k-1","repositories":{"sid":"1.1.1b-2"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2015-0209":{"scope":"remote","description":"Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import.","releases":{"buster":{"fixed_version":"1.0.1k-2","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.1k-2","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1k-2","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.1k-2","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-0206":{"scope":"remote","description":"Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection.","releases":{"buster":{"fixed_version":"1.0.1k-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.1k-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1k-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.1k-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-0027":{"scope":"remote","description":"The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client.","releases":{"buster":{"fixed_version":"1.0.0f-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.0f-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.0f-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.0f-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-0207":{"scope":"remote","description":"The dtls1_listen function in d1_lib.c in OpenSSL 1.0.2 before 1.0.2a does not properly isolate the state information of independent data streams, which allows remote attackers to cause a denial of service (application crash) via crafted DTLS traffic, as demonstrated by DTLS 1.0 traffic to a DTLS 1.2 server.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-0204":{"scope":"remote","description":"The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the \"FREAK\" issue.  NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.","releases":{"buster":{"fixed_version":"1.0.1k-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.1k-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1k-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.1k-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-0205":{"scope":"remote","description":"The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support.","releases":{"buster":{"fixed_version":"1.0.1k-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.1k-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1k-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.1k-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-4000":{"scope":"remote","description":"The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the \"Logjam\" issue.","releases":{"buster":{"fixed_version":"1.0.2b-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.2b-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1k-3+deb8u1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.2b-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-3108":{"debianbug":438142,"scope":"local","description":"The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.","releases":{"buster":{"fixed_version":"0.9.8e-6","repositories":{"buster":"1.1.1b-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.9.8e-6","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.9.8e-6","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.9.8e-6","repositories":{"sid":"1.1.1b-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2004-0112":{"scope":"remote","description":"The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.","releases":{"buster":{"fixed_version":"0.9.7d-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.9.7d-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.9.7d-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.9.7d-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2180":{"scope":"remote","description":"The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the \"openssl ts\" command.","releases":{"buster":{"fixed_version":"1.0.2i-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.2i-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1t-1+deb8u4","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.2i-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2181":{"scope":"remote","description":"The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c.","releases":{"buster":{"fixed_version":"1.0.2i-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.2i-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1t-1+deb8u4","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.2i-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-2333":{"debianbug":672452,"scope":"remote","description":"Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.","releases":{"buster":{"fixed_version":"1.0.1c-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.1c-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1c-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.1c-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-4108":{"debianbug":645805,"scope":"remote","description":"The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.","releases":{"buster":{"fixed_version":"1.0.0f-1","repositories":{"buster":"1.1.1b-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.0.0f-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.0.0f-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.0.0f-1","repositories":{"sid":"1.1.1b-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-2939":{"debianbug":594415,"scope":"remote","description":"Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime.  NOTE: some sources refer to this as a use-after-free issue.","releases":{"buster":{"fixed_version":"0.9.8o-2","repositories":{"buster":"1.1.1b-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.9.8o-2","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.9.8o-2","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.9.8o-2","repositories":{"sid":"1.1.1b-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-4109":{"scope":"remote","description":"Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check.","releases":{"buster":{"fixed_version":"1.0.0c-1","repositories":{"buster":"1.1.1b-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0.0c-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.0.0c-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0.0c-1","repositories":{"sid":"1.1.1b-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-3738":{"debianbug":389940,"scope":"remote","description":"Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.","releases":{"buster":{"fixed_version":"0.9.8c-2","repositories":{"buster":"1.1.1b-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.9.8c-2","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.9.8c-2","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.9.8c-2","repositories":{"sid":"1.1.1b-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-7270":{"scope":"remote","description":"OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing network traffic to discover a session identifier, a different vulnerability than CVE-2010-4180.","releases":{"buster":{"fixed_version":"0.9.8k-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.9.8k-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.9.8k-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.9.8k-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-6303":{"scope":"remote","description":"Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.","releases":{"buster":{"fixed_version":"1.0.2i-1","repositories":{"buster":"1.1.1b-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0.2i-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.0.1t-1+deb8u4","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0.2i-1","repositories":{"sid":"1.1.1b-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-6302":{"scope":"remote","description":"The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.","releases":{"buster":{"fixed_version":"1.0.2i-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.2i-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1t-1+deb8u4","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.2i-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2182":{"scope":"remote","description":"The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.","releases":{"buster":{"fixed_version":"1.0.2i-1","repositories":{"buster":"1.1.1b-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0.2i-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.0.1t-1+deb8u4","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0.2i-1","repositories":{"sid":"1.1.1b-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-6309":{"scope":"remote","description":"statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-6308":{"scope":"remote","description":"statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted DTLS messages.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-0169":{"debianbug":699885,"scope":"remote","description":"The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the \"Lucky Thirteen\" issue.","releases":{"buster":{"fixed_version":"1.0.1e-1","repositories":{"buster":"1.1.1b-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.0.1e-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.0.1e-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.0.1e-1","repositories":{"sid":"1.1.1b-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-6305":{"scope":"remote","description":"The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-6304":{"scope":"remote","description":"Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.","releases":{"buster":{"fixed_version":"1.0.2i-1","repositories":{"buster":"1.1.1b-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0.2i-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.0.1t-1+deb8u4","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0.2i-1","repositories":{"sid":"1.1.1b-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-6307":{"scope":"remote","description":"The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted TLS messages, related to statem/statem.c and statem/statem_lib.c.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-6306":{"scope":"remote","description":"The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.","releases":{"buster":{"fixed_version":"1.0.2i-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.2i-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1t-1+deb8u4","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.2i-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-0166":{"debianbug":699889,"scope":"remote","description":"OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.","releases":{"buster":{"fixed_version":"1.0.1e-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.1e-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1e-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.1e-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-5407":{"scope":"local","description":"Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.","releases":{"buster":{"fixed_version":"1.1.1~~pre9-1","repositories":{"buster":"1.1.1b-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.1.0j-1~deb9u1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.0.1t-1+deb8u10","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.1.1~~pre9-1","repositories":{"sid":"1.1.1b-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2015-1791":{"scope":"remote","description":"Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier.","releases":{"buster":{"fixed_version":"1.0.2b-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.2b-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1k-3+deb8u1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.2b-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-1792":{"scope":"remote","description":"The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function.","releases":{"buster":{"fixed_version":"1.0.2b-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.2b-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1k-3+deb8u1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.2b-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-1790":{"scope":"remote","description":"The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data.","releases":{"buster":{"fixed_version":"1.0.2b-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.2b-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1k-3+deb8u1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.2b-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2176":{"scope":"remote","description":"The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-2177":{"scope":"remote","description":"OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.","releases":{"buster":{"fixed_version":"1.0.2i-1","repositories":{"buster":"1.1.1b-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.0.2i-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.0.1t-1+deb8u4","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0.2i-1","repositories":{"sid":"1.1.1b-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-2178":{"scope":"local","description":"The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.","releases":{"buster":{"fixed_version":"1.0.2i-1","repositories":{"buster":"1.1.1b-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.0.2i-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.0.1t-1+deb8u4","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.0.2i-1","repositories":{"sid":"1.1.1b-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-2179":{"scope":"remote","description":"The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.","releases":{"buster":{"fixed_version":"1.0.2i-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.2i-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1t-1+deb8u4","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.2i-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-0799":{"scope":"remote","description":"The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.","releases":{"buster":{"fixed_version":"1.0.2g-1","repositories":{"buster":"1.1.1b-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0.2g-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.0.1k-3+deb8u4","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0.2g-1","repositories":{"sid":"1.1.1b-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-0798":{"scope":"remote","description":"Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.","releases":{"buster":{"fixed_version":"1.0.2g-1","repositories":{"buster":"1.1.1b-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0.2g-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.0.1k-3+deb8u4","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0.2g-1","repositories":{"sid":"1.1.1b-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-0797":{"scope":"remote","description":"Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.","releases":{"buster":{"fixed_version":"1.0.2g-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.2g-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1k-3+deb8u4","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.2g-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-1793":{"scope":"remote","description":"The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.","releases":{"buster":{"fixed_version":"1.0.2d-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.2d-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.0.2d-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-0433":{"scope":"remote","description":"The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-1794":{"scope":"remote","description":"The ssl3_get_key_exchange function in ssl/s3_clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote servers to cause a denial of service (segmentation fault) via a zero p value in an anonymous Diffie-Hellman (DH) ServerKeyExchange message.","releases":{"buster":{"fixed_version":"1.0.2e-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.2e-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.0.2e-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-7053":{"scope":"remote","description":"In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected.","releases":{"buster":{"fixed_version":"1.1.0c-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.1.0c-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.1.0c-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-0050":{"scope":"remote","description":"OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108.","releases":{"buster":{"fixed_version":"1.0.0g-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.0g-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.0g-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.0g-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-7054":{"scope":"remote","description":"In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS.","releases":{"buster":{"fixed_version":"1.1.0c-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.1.0c-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.1.0c-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-2110":{"scope":"remote","description":"The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.","releases":{"buster":{"fixed_version":"1.0.1a-1","repositories":{"buster":"1.1.1b-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0.1a-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.0.1a-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0.1a-1","repositories":{"sid":"1.1.1b-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-7052":{"scope":"remote","description":"crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation.","releases":{"buster":{"fixed_version":"1.0.2j-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.2j-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.0.2j-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-5139":{"scope":"remote","description":"The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client.","releases":{"buster":{"fixed_version":"1.0.1i-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.1i-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1i-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.1i-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-3510":{"scope":"remote","description":"The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersuite.","releases":{"buster":{"fixed_version":"1.0.1i-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.1i-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1i-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.1i-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-3511":{"scope":"remote","description":"The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a \"protocol downgrade\" issue.","releases":{"buster":{"fixed_version":"1.0.1i-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.1i-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1i-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.1i-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-7055":{"scope":"remote","description":"There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker's direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected.","releases":{"buster":{"fixed_version":"1.1.0c-1","repositories":{"buster":"1.1.1b-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.1.0c-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.1.0c-1","repositories":{"sid":"1.1.1b-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-3512":{"scope":"remote","description":"Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid SRP (1) g, (2) A, or (3) B parameter.","releases":{"buster":{"fixed_version":"1.0.1i-1","repositories":{"buster":"1.1.1b-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0.1i-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.0.1i-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0.1i-1","repositories":{"sid":"1.1.1b-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-3513":{"scope":"remote","description":"Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message.","releases":{"buster":{"fixed_version":"1.0.1j-1","repositories":{"buster":"1.1.1b-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0.1j-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.0.1j-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0.1j-1","repositories":{"sid":"1.1.1b-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-5077":{"scope":"remote","description":"OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.","releases":{"buster":{"fixed_version":"0.9.8g-15","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.9.8g-15","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.9.8g-15","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.9.8g-15","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-7056":{"scope":"local","description":"A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.","releases":{"buster":{"fixed_version":"1.0.2a-1","repositories":{"buster":"1.1.1b-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.0.2a-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.0.1t-1+deb8u6","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.0.2a-1","repositories":{"sid":"1.1.1b-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2009-3555":{"debianbug":704946,"scope":"remote","description":"The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue.","releases":{"buster":{"fixed_version":"0.9.8k-6","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.9.8k-6","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.9.8k-6","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.9.8k-6","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-1379":{"debianbug":530400,"scope":"remote","description":"Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate.","releases":{"buster":{"fixed_version":"0.9.8k-1","repositories":{"buster":"1.1.1b-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.9.8k-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.9.8k-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.9.8k-1","repositories":{"sid":"1.1.1b-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-0737":{"debianbug":895844,"scope":"remote","description":"The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).","releases":{"buster":{"fixed_version":"1.1.0h-3","repositories":{"buster":"1.1.1b-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.1.0j-1~deb9u1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1t-1+deb8u9","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.1.0h-3","repositories":{"sid":"1.1.1b-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-1378":{"debianbug":530400,"scope":"remote","description":"Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka \"DTLS fragment handling memory leak.\"","releases":{"buster":{"fixed_version":"0.9.8k-1","repositories":{"buster":"1.1.1b-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.9.8k-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.9.8k-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.9.8k-1","repositories":{"sid":"1.1.1b-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-5095":{"debianbug":684527,"scope":"remote","description":"The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when FIPS mode is enabled, does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-1923.","releases":{"buster":{"fixed_version":"0.9.8a-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.9.8a-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.9.8a-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.9.8a-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-0739":{"scope":"remote","description":"Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).","releases":{"buster":{"fixed_version":"1.1.0h-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.1.0f-3+deb9u2","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1t-1+deb8u8","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.1.0h-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-1377":{"debianbug":530400,"scope":"remote","description":"The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of \"future epoch\" DTLS records that are buffered in a queue, aka \"DTLS record buffer limitation bug.\"","releases":{"buster":{"fixed_version":"0.9.8k-1","repositories":{"buster":"1.1.1b-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.9.8k-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.9.8k-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.9.8k-1","repositories":{"sid":"1.1.1b-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-2842":{"scope":"remote","description":"The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.","releases":{"buster":{"fixed_version":"1.0.2g-1","repositories":{"buster":"1.1.1b-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0.2g-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.0.1k-3+deb8u4","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0.2g-1","repositories":{"sid":"1.1.1b-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-1788":{"scope":"remote","description":"The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication.","releases":{"buster":{"fixed_version":"1.0.2b-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.2b-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1k-3+deb8u1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.2b-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-0733":{"scope":"remote","description":"Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security claims of the scheme. The module can only be compiled by the HP-UX assembler, so that only HP-UX PA-RISC targets are affected. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g).","releases":{"buster":{"fixed_version":"1.1.0h-1","repositories":{"buster":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.1.0f-3+deb9u2","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.1.0h-1","repositories":{"sid":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-1789":{"scope":"remote","description":"The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.","releases":{"buster":{"fixed_version":"1.0.2b-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.2b-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1k-3+deb8u1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.2b-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-0734":{"scope":"remote","description":"The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).","releases":{"buster":{"fixed_version":"1.1.1a-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.1.0j-1~deb9u1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"vulnerable code not present, but see note below","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","nodsa_reason":"postponed","status":"open"},"sid":{"fixed_version":"1.1.1a-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-6755":{"scope":"remote","description":"The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain \"skeleton key\" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values.  NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.","releases":{"buster":{"repositories":{"buster":"1.1.1b-2"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"1.1.1b-2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2018-0735":{"scope":"remote","description":"The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).","releases":{"buster":{"fixed_version":"1.1.1a-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.1.0j-1~deb9u1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1t-1+deb8u10","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.1.1a-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-1787":{"scope":"remote","description":"The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote attackers to cause a denial of service (daemon crash) via a ClientKeyExchange message with a length of zero.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-1633":{"scope":"remote","description":"RSA verification recovery in the EVP_PKEY_verify_recover function in OpenSSL 1.x before 1.0.0a, as used by pkeyutl and possibly other applications, returns uninitialized memory upon failure, which might allow context-dependent attackers to bypass intended key requirements or obtain sensitive information via unspecified vectors.  NOTE: some of these details are obtained from third party information.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-0732":{"scope":"remote","description":"During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).","releases":{"buster":{"fixed_version":"1.1.1-1","repositories":{"buster":"1.1.1b-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.1.0j-1~deb9u1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1t-1+deb8u9","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.1.1-1","repositories":{"sid":"1.1.1b-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-3197":{"scope":"remote","description":"ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions.","releases":{"buster":{"fixed_version":"1.0.0c-2","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.0c-2","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.0c-2","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.0c-2","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-3196":{"scope":"remote","description":"ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message.","releases":{"buster":{"fixed_version":"1.0.2d-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.2d-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1k-3+deb8u2","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.2d-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-3195":{"scope":"remote","description":"The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.","releases":{"buster":{"fixed_version":"1.0.2e-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.2e-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1k-3+deb8u2","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.2e-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-3194":{"scope":"remote","description":"crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.","releases":{"buster":{"fixed_version":"1.0.2e-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.2e-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1k-3+deb8u2","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.2e-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-3193":{"scope":"remote","description":"The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite.","releases":{"buster":{"fixed_version":"1.0.2e-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.2e-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.0.2e-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-0198":{"debianbug":747432,"scope":"remote","description":"The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.","releases":{"buster":{"fixed_version":"1.0.1g-4","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.1g-4","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1g-4","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.1g-4","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-0076":{"debianbug":742923,"scope":"local","description":"The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.","releases":{"buster":{"fixed_version":"1.0.1g-1","repositories":{"buster":"1.1.1b-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.0.1g-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.0.1g-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.0.1g-1","repositories":{"sid":"1.1.1b-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-6450":{"scope":"remote","description":"The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c.","releases":{"buster":{"fixed_version":"1.0.1e-5","repositories":{"buster":"1.1.1b-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.0.1e-5","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.0.1e-5","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.0.1e-5","repositories":{"sid":"1.1.1b-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2003-0131":{"scope":"remote","description":"The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the \"Klima-Pokorny-Rosa attack.\"","releases":{"buster":{"fixed_version":"0.9.7b-1","repositories":{"buster":"1.1.1b-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.9.7b-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.9.7b-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.9.7b-1","repositories":{"sid":"1.1.1b-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2002-0656":{"scope":"remote","description":"Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3.","releases":{"buster":{"fixed_version":"0.9.6e-1","repositories":{"buster":"1.1.1b-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.9.6e-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.9.6e-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.9.6e-1","repositories":{"sid":"1.1.1b-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-1386":{"debianbug":532037,"scope":"remote","description":"ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.","releases":{"buster":{"fixed_version":"0.9.8k-1","repositories":{"buster":"1.1.1b-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.9.8k-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.9.8k-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.9.8k-1","repositories":{"sid":"1.1.1b-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2002-0655":{"scope":"remote","description":"OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code.","releases":{"buster":{"fixed_version":"0.9.6e-1","repositories":{"buster":"1.1.1b-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.9.6e-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.9.6e-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.9.6e-1","repositories":{"sid":"1.1.1b-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2002-0657":{"scope":"remote","description":"Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos enabled, allows attackers to execute arbitrary code via a long master key.","releases":{"buster":{"fixed_version":"0.9.6e-1","repositories":{"buster":"1.1.1b-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.9.6e-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.9.6e-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.9.6e-1","repositories":{"sid":"1.1.1b-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2002-0659":{"scope":"remote","description":"The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.","releases":{"buster":{"fixed_version":"0.9.6e-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.9.6e-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.9.6e-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.9.6e-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-0195":{"debianbug":750665,"scope":"remote","description":"The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.","releases":{"buster":{"fixed_version":"1.0.1h-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.1h-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1h-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.1h-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-1387":{"debianbug":532037,"scope":"remote","description":"The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a \"fragment bug.\"","releases":{"buster":{"fixed_version":"0.9.8k-2","repositories":{"buster":"1.1.1b-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.9.8k-2","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.9.8k-2","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.9.8k-2","repositories":{"sid":"1.1.1b-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-2131":{"scope":"remote","description":"Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-1165":{"debianbug":663642,"scope":"remote","description":"The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250.","releases":{"buster":{"fixed_version":"1.0.0h-1","repositories":{"buster":"1.1.1b-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.0.0h-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.0.0h-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.0.0h-1","repositories":{"sid":"1.1.1b-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2003-0147":{"scope":"remote","description":"OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms (\"Karatsuba\" and normal).","releases":{"buster":{"fixed_version":"0.9.7b-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.9.7b-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.9.7b-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.9.7b-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-4343":{"debianbug":389940,"scope":"remote","description":"The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.","releases":{"buster":{"fixed_version":"0.9.8c-2","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.9.8c-2","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.9.8c-2","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.9.8c-2","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-3572":{"scope":"remote","description":"The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.","releases":{"buster":{"fixed_version":"1.0.1k-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.1k-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1k-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.1k-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-3570":{"scope":"remote","description":"The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.","releases":{"buster":{"fixed_version":"1.0.1k-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.1k-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1k-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.1k-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-3571":{"scope":"remote","description":"OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c.","releases":{"buster":{"fixed_version":"1.0.1k-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.1k-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1k-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.1k-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-5298":{"scope":"remote","description":"Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.","releases":{"buster":{"fixed_version":"1.0.1g-3","repositories":{"buster":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.0.1g-3","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1.0.1g-3","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.0.1g-3","repositories":{"sid":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-4995":{"scope":"remote","description":"Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors.","releases":{"buster":{"fixed_version":"0.9.8f-1","repositories":{"buster":"1.1.1b-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.9.8f-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.9.8f-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.9.8f-1","repositories":{"sid":"1.1.1b-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-1378":{"scope":"remote","description":"OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform arithmetic, which allows remote attackers to bypass X.509 certificate authentication via an arbitrary certificate issued by a legitimate Certification Authority.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-2234":{"scope":"remote","description":"A certain Apple patch for OpenSSL in Apple OS X 10.9.2 and earlier uses a Trust Evaluation Agent (TEA) feature without terminating certain TLS/SSL handshakes as specified in the SSL_CTX_set_verify callback function's documentation, which allows remote attackers to bypass extra verification within a custom application via a crafted certificate chain that is acceptable to TEA but not acceptable to that application.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-3566":{"debianbug":765539,"scope":"remote","description":"The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the \"POODLE\" issue.","releases":{"buster":{"fixed_version":"1.0.1j-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.1j-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1j-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.1j-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-3569":{"scope":"remote","description":"The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling.  NOTE: this issue became relevant after the CVE-2014-3568 fix.","releases":{"buster":{"fixed_version":"1.0.1k-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.1k-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1k-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.1k-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-4339":{"scope":"remote","description":"OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.","releases":{"buster":{"fixed_version":"0.9.8b-3","repositories":{"buster":"1.1.1b-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"0.9.8b-3","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"0.9.8b-3","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"0.9.8b-3","repositories":{"sid":"1.1.1b-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2014-3567":{"scope":"remote","description":"Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure.","releases":{"buster":{"fixed_version":"1.0.1j-1","repositories":{"buster":"1.1.1b-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0.1j-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.0.1j-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0.1j-1","repositories":{"sid":"1.1.1b-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-4354":{"debianbug":650621,"scope":"remote","description":"crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving ECDH or ECDHE cipher suites, uses an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves, which allows remote attackers to obtain the private key of a TLS server via multiple handshake attempts.","releases":{"buster":{"fixed_version":"0.9.8o-4squeeze3","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.9.8o-4squeeze3","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.9.8o-4squeeze3","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.9.8o-4squeeze3","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-3568":{"scope":"remote","description":"OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c.","releases":{"buster":{"fixed_version":"1.0.1j-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.1j-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1j-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.1j-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-0884":{"scope":"remote","description":"The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack.","releases":{"buster":{"fixed_version":"1.0.0h-1","repositories":{"buster":"1.1.1b-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.0.0h-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.0.0h-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.0.0h-1","repositories":{"sid":"1.1.1b-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-7575":{"scope":"remote","description":"Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.","releases":{"buster":{"fixed_version":"1.0.1f-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.1f-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1f-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.1f-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-2940":{"debianbug":389940,"scope":"remote","description":"OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) \"public exponent\" or (2) \"public modulus\" values in X.509 certificates that require extra time to process when using RSA signature verification.","releases":{"buster":{"fixed_version":"0.9.8c-2","repositories":{"buster":"1.1.1b-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.9.8c-2","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.9.8c-2","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.9.8c-2","repositories":{"sid":"1.1.1b-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-6449":{"debianbug":732754,"scope":"remote","description":"The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client.","releases":{"buster":{"fixed_version":"1.0.1e-5","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.1e-5","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1e-5","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.1e-5","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-0160":{"debianbug":743883,"scope":"remote","description":"The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.","releases":{"buster":{"fixed_version":"1.0.1g-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.1g-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1g-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.1g-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-0742":{"debianbug":584592,"scope":"remote","description":"The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors.","releases":{"buster":{"fixed_version":"1.0.0e-1","repositories":{"buster":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.0.0e-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1.0.0e-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.0.0e-1","repositories":{"sid":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-0740":{"debianbug":575607,"scope":"remote","description":"The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number.  NOTE: some of these details are obtained from third party information.","releases":{"buster":{"fixed_version":"0.9.8n-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"0.9.8n-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"0.9.8n-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"0.9.8n-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2015-0285":{"scope":"remote","description":"The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 before 1.0.2a does not ensure that the PRNG is seeded before proceeding with a handshake, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and then conducting a brute-force attack.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-0928":{"scope":"local","description":"OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a \"fault-based attack.\"","releases":{"buster":{"repositories":{"buster":"1.1.1b-2"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"1.1.1b-2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2011-4619":{"scope":"remote","description":"The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.","releases":{"buster":{"fixed_version":"1.0.0h-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.0h-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.0h-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.0h-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-2937":{"debianbug":389940,"scope":"remote","description":"OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.","releases":{"buster":{"fixed_version":"0.9.8c-2","repositories":{"buster":"1.1.1b-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.9.8c-2","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.9.8c-2","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.9.8c-2","repositories":{"sid":"1.1.1b-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-5738":{"scope":"remote","description":"The RSA-CRT implementation in the Cavium Software Development Kit (SDK) 2.x, when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy (PFS), makes it easier for remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-4353":{"scope":"remote","description":"The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake.","releases":{"buster":{"fixed_version":"1.0.1f-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.1f-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1f-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.1f-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-0014":{"scope":"remote","description":"ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka \"OCSP stapling vulnerability.\"","releases":{"buster":{"fixed_version":"0.9.8o-5","repositories":{"buster":"1.1.1b-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.9.8o-5","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.9.8o-5","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.9.8o-5","repositories":{"sid":"1.1.1b-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-0653":{"debianbug":517791,"scope":"remote","description":"OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-0970.","releases":{"buster":{"fixed_version":"0.9.8-1","repositories":{"buster":"1.1.1b-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.9.8-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.9.8-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.9.8-1","repositories":{"sid":"1.1.1b-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2000-1254":{"scope":"remote","description":"crypto/rsa/rsa_gen.c in OpenSSL before 0.9.6 mishandles C bitwise-shift operations that exceed the size of an expression, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging improper RSA key generation on 64-bit HP-UX platforms.","releases":{"buster":{"fixed_version":"0.9.6-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.9.6-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.9.6-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.9.6-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-8275":{"scope":"remote","description":"OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c.","releases":{"buster":{"fixed_version":"1.0.1k-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.1k-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1k-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.1k-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-3245":{"debianbug":575433,"scope":"remote","description":"OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors.","releases":{"buster":{"fixed_version":"0.9.8m-1","repositories":{"buster":"1.1.1b-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.9.8m-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.9.8m-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.9.8m-1","repositories":{"sid":"1.1.1b-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-0288":{"scope":"remote","description":"The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key.","releases":{"buster":{"fixed_version":"1.0.1k-2","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.1k-2","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1k-2","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.1k-2","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-0289":{"scope":"remote","description":"The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c.","releases":{"buster":{"fixed_version":"1.0.1k-2","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.1k-2","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1k-2","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.1k-2","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-0286":{"scope":"remote","description":"The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature.","releases":{"buster":{"fixed_version":"1.0.1k-2","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.1k-2","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1k-2","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.1k-2","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-5135":{"debianbug":444435,"scope":"remote","description":"Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow.  NOTE: this issue was introduced as a result of a fix for CVE-2006-3738.  As of 20071012, it is unknown whether code execution is possible.","releases":{"buster":{"fixed_version":"0.9.8e-9","repositories":{"buster":"1.1.1b-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.9.8e-9","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.9.8e-9","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.9.8e-9","repositories":{"sid":"1.1.1b-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-0287":{"scope":"remote","description":"The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse.","releases":{"buster":{"fixed_version":"1.0.1k-2","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.1k-2","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1k-2","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.1k-2","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2004-0079":{"scope":"remote","description":"The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.","releases":{"buster":{"fixed_version":"0.9.7d-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.9.7d-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.9.7d-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.9.7d-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-3732":{"scope":"remote","description":"There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem.","releases":{"buster":{"fixed_version":"1.1.0d-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.1.0d-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.1.0d-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-0789":{"scope":"remote","description":"OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and application crash) by placing this structure in the public key of a certificate, as demonstrated by an RSA public key.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-3731":{"scope":"remote","description":"If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.","releases":{"buster":{"fixed_version":"1.1.0d-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.1.0d-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1t-1+deb8u6","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.1.0d-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-3733":{"scope":"remote","description":"During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected.","releases":{"buster":{"fixed_version":"1.1.0e-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.1.0e-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.1.0e-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-3736":{"scope":"remote","description":"There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.","releases":{"buster":{"fixed_version":"1.1.0g-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.1.0f-3+deb9u1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.1.0g-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-3735":{"scope":"remote","description":"While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.","releases":{"buster":{"fixed_version":"1.1.0g-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.1.0f-3+deb9u1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1t-1+deb8u7","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.1.0g-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-3738":{"scope":"remote","description":"There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository.","releases":{"buster":{"fixed_version":"1.1.0h-1","repositories":{"buster":"1.1.1b-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.1.0f-3+deb9u2","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.1.0h-1","repositories":{"sid":"1.1.1b-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-3737":{"scope":"remote","description":"OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an \"error state\" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected.","releases":{"buster":{"fixed_version":"1.1.0b-2","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.1.0b-2","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.1.0b-2","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2106":{"scope":"remote","description":"Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.","releases":{"buster":{"fixed_version":"1.0.2h-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.2h-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1k-3+deb8u5","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.2h-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-2946":{"debianbug":314465,"scope":"remote","description":"The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signature.","releases":{"buster":{"fixed_version":"0.9.8-1","repositories":{"buster":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0.9.8-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0.9.8-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0.9.8-1","repositories":{"sid":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-2107":{"scope":"remote","description":"The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.","releases":{"buster":{"fixed_version":"1.0.2h-1","repositories":{"buster":"1.1.1b-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.0.2h-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.0.1k-3+deb8u5","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.0.2h-1","repositories":{"sid":"1.1.1b-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-2108":{"scope":"remote","description":"The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the \"negative zero\" issue.","releases":{"buster":{"fixed_version":"1.0.2c-1","repositories":{"buster":"1.1.1b-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0.2c-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.0.1k-3+deb8u5","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0.2c-1","repositories":{"sid":"1.1.1b-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-2109":{"scope":"remote","description":"The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.","releases":{"buster":{"fixed_version":"1.0.2h-1","repositories":{"buster":"1.1.1b-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0.2h-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.0.1k-3+deb8u5","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0.2h-1","repositories":{"sid":"1.1.1b-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-3730":{"scope":"remote","description":"In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack.","releases":{"buster":{"fixed_version":"1.1.0d-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.1.0d-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.1.0d-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2105":{"scope":"remote","description":"Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.","releases":{"buster":{"fixed_version":"1.0.2h-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.2h-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1k-3+deb8u5","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.2h-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-4929":{"debianbug":689936,"scope":"remote","description":"The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a \"CRIME\" attack.","releases":{"buster":{"fixed_version":"1.0.1e-5","repositories":{"buster":"1.1.1b-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.0.1e-5","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.0.1e-5","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.0.1e-5","repositories":{"sid":"1.1.1b-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2002-1568":{"scope":"remote","description":"OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks instead of less severe mechanisms, which allows remote attackers to cause a denial of service (crash) via certain messages that cause OpenSSL to abort from a failed assertion, as demonstrated using SSLv2 CLIENT_MASTER_KEY messages, which are not properly handled in s2_srvr.c.","releases":{"buster":{"fixed_version":"0.9.6g-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.9.6g-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.9.6g-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.9.6g-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-4355":{"scope":"remote","description":"Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.","releases":{"buster":{"fixed_version":"0.9.8k-8","repositories":{"buster":"1.1.1b-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.9.8k-8","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.9.8k-8","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.9.8k-8","repositories":{"sid":"1.1.1b-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2004-0081":{"scope":"remote","description":"OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.","releases":{"buster":{"fixed_version":"0.9.6d-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.9.6d-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.9.6d-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.9.6d-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-3216":{"scope":"remote","description":"Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (application crash) by establishing many TLS sessions to a multithreaded server, leading to use of a negative value for a certain length field.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-0293":{"scope":"remote","description":"The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message.","releases":{"buster":{"fixed_version":"1.0.0c-2","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.0c-2","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.0c-2","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.0c-2","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-0291":{"scope":"remote","description":"The sigalgs implementation in t1_lib.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by using an invalid signature_algorithms extension in the ClientHello message during a renegotiation.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-0292":{"scope":"remote","description":"Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted base64 data that triggers a buffer overflow.","releases":{"buster":{"fixed_version":"1.0.1h-1","repositories":{"buster":"1.1.1b-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0.1h-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.0.1h-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0.1h-1","repositories":{"sid":"1.1.1b-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-0290":{"scope":"remote","description":"The multi-block feature in the ssl3_write_bytes function in s3_pkt.c in OpenSSL 1.0.2 before 1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain non-blocking I/O cases, which allows remote attackers to cause a denial of service (pointer corruption and application crash) via unspecified vectors.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.1.1b-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-1672":{"debianbug":483379,"scope":"remote","description":"OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses \"particular cipher suites,\" which triggers a NULL pointer dereference.","releases":{"buster":{"fixed_version":"0.9.8g-10.1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.9.8g-10.1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.9.8g-10.1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.9.8g-10.1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-4180":{"scope":"remote","description":"OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.","releases":{"buster":{"fixed_version":"0.9.8o-4","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.9.8o-4","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.9.8o-4","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.9.8o-4","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-3470":{"debianbug":750665,"scope":"remote","description":"The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.","releases":{"buster":{"fixed_version":"1.0.1h-1","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.1h-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1h-1","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.1h-1","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-0701":{"scope":"remote","description":"The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file.","releases":{"buster":{"fixed_version":"1.0.2f-2","repositories":{"buster":"1.1.1b-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.0.2f-2","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.0.2f-2","repositories":{"sid":"1.1.1b-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-0705":{"scope":"remote","description":"Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.","releases":{"buster":{"fixed_version":"1.0.2g-1","repositories":{"buster":"1.1.1b-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0.2g-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.0.1k-3+deb8u4","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0.2g-1","repositories":{"sid":"1.1.1b-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-0704":{"scope":"remote","description":"An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.","releases":{"buster":{"fixed_version":"1.0.0c-2","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.0c-2","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.0c-2","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.0c-2","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-0703":{"scope":"remote","description":"The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.","releases":{"buster":{"fixed_version":"1.0.0c-2","repositories":{"buster":"1.1.1b-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.0c-2","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.0c-2","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.0c-2","repositories":{"sid":"1.1.1b-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-0702":{"scope":"local","description":"The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a \"CacheBleed\" attack.","releases":{"buster":{"fixed_version":"1.0.2g-1","repositories":{"buster":"1.1.1b-2"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.0.2g-1","repositories":{"stretch-security":"1.1.0j-1~deb9u1","stretch":"1.1.0j-1~deb9u1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.0.1k-3+deb8u4","repositories":{"jessie":"1.0.1t-1+deb8u8","jessie-security":"1.0.1t-1+deb8u11"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.0.2g-1","repositories":{"sid":"1.1.1b-2"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2012-5572":{"debianbug":694279,"scope":"remote","description":"CRLF injection vulnerability in the cookie method (lib/Dancer/Cookie.pm) in Dancer before 1.3114 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a cookie name, a different vulnerability than CVE-2012-5526.","releases":{"buster":{"fixed_version":"1.3114+dfsg-1","repositories":{"buster":"1.3500+dfsg-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.3114+dfsg-1","repositories":{"stretch":"1.3202+dfsg-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.3114+dfsg-1","repositories":{"jessie":"1.3132+dfsg-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.3114+dfsg-1","repositories":{"sid":"1.3500+dfsg-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-4617":{"debianbug":752497,"scope":"remote","description":"The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.","releases":{"jessie":{"fixed_version":"1.4.16-1.2","repositories":{"jessie":"1.4.18-7+deb8u5","jessie-security":"1.4.18-7+deb8u5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2003-0971":{"scope":"remote","description":"GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature.","releases":{"jessie":{"fixed_version":"1.2.4-1","repositories":{"jessie":"1.4.18-7+deb8u5","jessie-security":"1.4.18-7+deb8u5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-3746":{"debianbug":381204,"scope":"remote","description":"Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote attackers to cause a denial of service (segmentation fault) via a crafted message.","releases":{"jessie":{"fixed_version":"1.4.5-1","repositories":{"jessie":"1.4.18-7+deb8u5","jessie-security":"1.4.18-7+deb8u5"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2017-7526":{"scope":"remote","description":"libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.","releases":{"jessie":{"fixed_version":"1.4.18-7+deb8u4","repositories":{"jessie":"1.4.18-7+deb8u5","jessie-security":"1.4.18-7+deb8u5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-4351":{"debianbug":722722,"scope":"remote","description":"GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey.","releases":{"jessie":{"fixed_version":"1.4.15-1","repositories":{"jessie":"1.4.18-7+deb8u5","jessie-security":"1.4.18-7+deb8u5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-6313":{"debianbug":834893,"scope":"remote","description":"The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.","releases":{"jessie":{"fixed_version":"1.4.18-7+deb8u2","repositories":{"jessie":"1.4.18-7+deb8u5","jessie-security":"1.4.18-7+deb8u5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2003-0255":{"scope":"remote","description":"The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path.","releases":{"jessie":{"fixed_version":"1.2.2","repositories":{"jessie":"1.4.18-7+deb8u5","jessie-security":"1.4.18-7+deb8u5"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-0455":{"debianbug":353017,"scope":"local","description":"gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded.  Note: this also occurs when running the equivalent command \"gpg --verify\".","releases":{"jessie":{"fixed_version":"1.4.2.2-1","repositories":{"jessie":"1.4.18-7+deb8u5","jessie-security":"1.4.18-7+deb8u5"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2006-6235":{"debianbug":401894,"scope":"remote","description":"A \"stack overwrite\" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.","releases":{"jessie":{"fixed_version":"1.4.6-1","repositories":{"jessie":"1.4.18-7+deb8u5","jessie-security":"1.4.18-7+deb8u5"},"urgency":"high","status":"resolved"}}}}
{"CVE-2013-4576":{"scope":"local","description":"GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not typically expected to protect themselves from acoustic side-channel attacks, since this is arguably the responsibility of the physical device. Accordingly, issues of this type would not normally receive a CVE identifier. However, for this issue, the developer has specified a security policy in which GnuPG should offer side-channel resistance, and developer-specified security-policy violations are within the scope of CVE.","releases":{"jessie":{"fixed_version":"1.4.15-3","repositories":{"jessie":"1.4.18-7+deb8u5","jessie-security":"1.4.18-7+deb8u5"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2012-6085":{"debianbug":697108,"scope":"remote","description":"The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service (application crash) via a crafted length field of an OpenPGP packet.","releases":{"jessie":{"fixed_version":"1.4.12-7","repositories":{"jessie":"1.4.18-7+deb8u5","jessie-security":"1.4.18-7+deb8u5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-6829":{"scope":"remote","description":"cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.","releases":{"jessie":{"repositories":{"jessie":"1.4.18-7+deb8u5","jessie-security":"1.4.18-7+deb8u5"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2006-3082":{"debianbug":375052,"scope":"remote","description":"parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option.","releases":{"jessie":{"fixed_version":"1.4.3-2","repositories":{"jessie":"1.4.18-7+deb8u5","jessie-security":"1.4.18-7+deb8u5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-12020":{"debianbug":901088,"scope":"remote","description":"mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the \"--status-fd 2\" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.","releases":{"jessie":{"fixed_version":"1.4.18-7+deb8u5","repositories":{"jessie":"1.4.18-7+deb8u5","jessie-security":"1.4.18-7+deb8u5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-4242":{"debianbug":717880,"scope":"local","description":"GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.","releases":{"jessie":{"fixed_version":"1.4.14-1","repositories":{"jessie":"1.4.18-7+deb8u5","jessie-security":"1.4.18-7+deb8u5"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2008-1530":{"debianbug":472928,"scope":"remote","description":"GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers \"memory corruption around deduplication of user IDs.\"","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1.4.18-7+deb8u5","jessie-security":"1.4.18-7+deb8u5"},"urgency":"unimportant","status":"resolved"}}}}
{"TEMP-0107374-DF37E7":{"debianbug":107374,"releases":{"jessie":{"fixed_version":"1.0.7-1","repositories":{"jessie":"1.4.18-7+deb8u5","jessie-security":"1.4.18-7+deb8u5"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2006-0049":{"debianbug":356125,"scope":"remote","description":"gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455.","releases":{"jessie":{"fixed_version":"1.4.2.2-1","repositories":{"jessie":"1.4.18-7+deb8u5","jessie-security":"1.4.18-7+deb8u5"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2014-3591":{"releases":{"jessie":{"fixed_version":"1.4.18-7","repositories":{"jessie":"1.4.18-7+deb8u5","jessie-security":"1.4.18-7+deb8u5"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2015-0837":{"releases":{"jessie":{"fixed_version":"1.4.18-7","repositories":{"jessie":"1.4.18-7+deb8u5","jessie-security":"1.4.18-7+deb8u5"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2013-4402":{"debianbug":725433,"scope":"remote","description":"The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message.","releases":{"jessie":{"fixed_version":"1.4.15-1","repositories":{"jessie":"1.4.18-7+deb8u5","jessie-security":"1.4.18-7+deb8u5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-1607":{"debianbug":778577,"releases":{"jessie":{"fixed_version":"1.4.18-7","repositories":{"jessie":"1.4.18-7+deb8u5","jessie-security":"1.4.18-7+deb8u5"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2006-6169":{"debianbug":400777,"scope":"remote","description":"Heap-based buffer overflow in the ask_outfile_name function in openfile.c for GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages with \"C-escape\" expansions, which cause the make_printable_string function to return a longer string than expected while constructing a prompt.","releases":{"jessie":{"fixed_version":"1.4.5-3","repositories":{"jessie":"1.4.18-7+deb8u5","jessie-security":"1.4.18-7+deb8u5"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2015-1606":{"debianbug":778577,"releases":{"jessie":{"fixed_version":"1.4.18-7","repositories":{"jessie":"1.4.18-7+deb8u5","jessie-security":"1.4.18-7+deb8u5"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-1000858":{"scope":"remote","description":"GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window of Thunderbird/Enigmail. This vulnerability appears to have been fixed in after commit 4a4bb874f63741026bd26264c43bb32b1099f060.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"1.4.18-7+deb8u5","jessie-security":"1.4.18-7+deb8u5"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-1263":{"debianbug":413922,"scope":"remote","description":"GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection.","releases":{"jessie":{"fixed_version":"1.4.6-2","repositories":{"jessie":"1.4.18-7+deb8u5","jessie-security":"1.4.18-7+deb8u5"},"urgency":"low","status":"resolved"}}}}
{"CVE-2005-0366":{"scope":"remote","description":"The integrity check feature in OpenPGP, when handling a message that was encrypted using cipher feedback (CFB) mode, allows remote attackers to recover part of the plaintext via a chosen-ciphertext attack when the first 2 bytes of a message block are known, and an oracle or other mechanism is available to determine whether an integrity check failed.","releases":{"jessie":{"fixed_version":"1.4.1-1","repositories":{"jessie":"1.4.18-7+deb8u5","jessie-security":"1.4.18-7+deb8u5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-5270":{"scope":"local","description":"Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576.","releases":{"jessie":{"fixed_version":"1.4.16-1","repositories":{"jessie":"1.4.18-7+deb8u5","jessie-security":"1.4.18-7+deb8u5"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2009-3720":{"debianbug":551936,"scope":"remote","description":"The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.","releases":{"jessie":{"fixed_version":"0.6.1-2","repositories":{"jessie":"0.6.3-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-3560":{"debianbug":560901,"scope":"remote","description":"The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.","releases":{"jessie":{"fixed_version":"0.6.1-2","repositories":{"jessie":"0.6.3-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2019-11471":{"debianbug":928210,"scope":"remote","description":"libheif 1.4.0 has a use-after-free in heif::HeifContext::Image::set_alpha_channel in heif_context.h because heif_context.cc mishandles references to non-existing alpha images.","releases":{"buster":{"repositories":{"buster":"1.3.2-1"},"urgency":"medium**","status":"open"},"sid":{"repositories":{"sid":"1.3.2-1"},"urgency":"medium**","status":"open"}}}}
{"TEMP-0506961-3C07AF":{"debianbug":506961,"releases":{"buster":{"fixed_version":"11.83-7.3","repositories":{"buster":"11.91-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"11.83-7.3","repositories":{"stretch":"11.90-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"11.83-7.3","repositories":{"jessie":"11.87-3+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"11.83-7.3","repositories":{"sid":"11.91-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-7560":{"scope":"local","description":"It was found that rhnsd PID files are created as world-writable that allows local attackers to fill the disks or to kill selected processes.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"5.0.4-3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"5.0.4-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-5037":{"debianbug":443913,"scope":"remote","description":"Buffer overflow in the inotifytools_snprintf function in src/inotifytools.c in the inotify-tools library before 3.11 allows context-dependent attackers to execute arbitrary code via a long filename.","releases":{"buster":{"fixed_version":"3.11-1","repositories":{"buster":"3.14-7"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"3.11-1","repositories":{"stretch":"3.14-2"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"3.11-1","repositories":{"jessie":"3.14-1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"3.11-1","repositories":{"sid":"3.14-7"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2005-1759":{"scope":"local","description":"Race condition in shtool 2.0.1 and earlier allows local users to modify or create arbitrary files via a symlink attack on temporary files after they have been created, a different vulnerability than CVE-2005-1751.","releases":{"buster":{"fixed_version":"2.0.1-2","repositories":{"buster":"2.0.8-9"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.0.1-2","repositories":{"stretch":"2.0.8-9"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.0.1-2","repositories":{"jessie":"2.0.8-6"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.0.1-2","repositories":{"sid":"2.0.8-9"},"urgency":"low","status":"resolved"}}}}
{"CVE-2005-1751":{"debianbug":311206,"scope":"local","description":"Race condition in shtool 2.0.1 and earlier allows local users to create or modify arbitrary files via a symlink attack on the .shtool.$$ temporary file, a different vulnerability than CVE-2005-1759.","releases":{"buster":{"fixed_version":"2.0.1-2","repositories":{"buster":"2.0.8-9"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.0.1-2","repositories":{"stretch":"2.0.8-9"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.0.1-2","repositories":{"jessie":"2.0.8-6"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.0.1-2","repositories":{"sid":"2.0.8-9"},"urgency":"low","status":"resolved"}}}}
{"CVE-2019-8331":{"scope":"remote","description":"In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.","releases":{"buster":{"fixed_version":"4.3.1+dfsg2-1","repositories":{"buster":"4.3.1+dfsg2-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.3.1+dfsg2-1","repositories":{"sid":"4.3.1+dfsg2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-10735":{"scope":"remote","description":"In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"4.3.1+dfsg2-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"4.3.1+dfsg2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-16471":{"debianbug":913005,"scope":"remote","description":"There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable.","releases":{"buster":{"fixed_version":"1.6.4-6","repositories":{"buster":"2.0.6-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.6.4-4+deb9u1","repositories":{"stretch":"1.6.4-4+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.5.2-3+deb8u2","repositories":{"jessie":"1.5.2-3+deb8u1","jessie-security":"1.5.2-3+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.6.4-6","repositories":{"sid":"2.0.6-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-0262":{"debianbug":700173,"scope":"remote","description":"rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka \"symlink path traversals.\"","releases":{"buster":{"fixed_version":"1.4.1-2.1","repositories":{"buster":"2.0.6-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.4.1-2.1","repositories":{"stretch":"1.6.4-4+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.4.1-2.1","repositories":{"jessie":"1.5.2-3+deb8u1","jessie-security":"1.5.2-3+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.4.1-2.1","repositories":{"sid":"2.0.6-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-6109":{"debianbug":698440,"scope":"remote","description":"lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header.","releases":{"buster":{"fixed_version":"1.4.1-2.1","repositories":{"buster":"2.0.6-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.4.1-2.1","repositories":{"stretch":"1.6.4-4+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.4.1-2.1","repositories":{"jessie":"1.5.2-3+deb8u1","jessie-security":"1.5.2-3+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.4.1-2.1","repositories":{"sid":"2.0.6-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-16470":{"debianbug":913003,"scope":"remote","description":"There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.0.6-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.6.4-4+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.5.2-3+deb8u1","jessie-security":"1.5.2-3+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.0.6-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-0263":{"debianbug":700226,"scope":"remote","description":"Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time.","releases":{"buster":{"fixed_version":"1.4.1-2.1","repositories":{"buster":"2.0.6-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.4.1-2.1","repositories":{"stretch":"1.6.4-4+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.4.1-2.1","repositories":{"jessie":"1.5.2-3+deb8u1","jessie-security":"1.5.2-3+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.4.1-2.1","repositories":{"sid":"2.0.6-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-0183":{"debianbug":698440,"scope":"remote","description":"multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.","releases":{"buster":{"fixed_version":"1.4.1-2.1","repositories":{"buster":"2.0.6-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.4.1-2.1","repositories":{"stretch":"1.6.4-4+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.4.1-2.1","repositories":{"jessie":"1.5.2-3+deb8u1","jessie-security":"1.5.2-3+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.4.1-2.1","repositories":{"sid":"2.0.6-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-0184":{"debianbug":698440,"scope":"remote","description":"Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before 1.4.4 allows remote attackers to cause a denial of service via unknown vectors related to \"symbolized arbitrary strings.\"","releases":{"buster":{"fixed_version":"1.4.1-2.1","repositories":{"buster":"2.0.6-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.4.1-2.1","repositories":{"stretch":"1.6.4-4+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.4.1-2.1","repositories":{"jessie":"1.5.2-3+deb8u1","jessie-security":"1.5.2-3+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.4.1-2.1","repositories":{"sid":"2.0.6-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-3225":{"debianbug":789311,"scope":"remote","description":"lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.","releases":{"buster":{"fixed_version":"1.5.2-4","repositories":{"buster":"2.0.6-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.5.2-4","repositories":{"stretch":"1.6.4-4+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.5.2-3+deb8u1","repositories":{"jessie":"1.5.2-3+deb8u1","jessie-security":"1.5.2-3+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.5.2-4","repositories":{"sid":"2.0.6-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-5036":{"debianbug":653963,"scope":"remote","description":"Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.","releases":{"buster":{"fixed_version":"1.4.0-1","repositories":{"buster":"2.0.6-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.4.0-1","repositories":{"stretch":"1.6.4-4+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.4.0-1","repositories":{"jessie":"1.5.2-3+deb8u1","jessie-security":"1.5.2-3+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.4.0-1","repositories":{"sid":"2.0.6-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-3461":{"debianbug":918956,"scope":"local","description":"Debian tmpreaper version 1.6.13+nmu1 has a race condition when doing a (bind) mount via rename() which could result in local privilege escalation. Mounting via rename() could potentially lead to a file being placed elsewhereon the filesystem hierarchy (e.g. /etc/cron.d/) if the directory being cleaned up was on the same physical filesystem. Fixed versions include 1.6.13+nmu1+deb9u1 and 1.6.14.","releases":{"buster":{"fixed_version":"1.6.14","repositories":{"buster":"1.6.14"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.6.13+nmu1+deb9u1","repositories":{"stretch-security":"1.6.13+nmu1+deb9u1","stretch":"1.6.13+nmu1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.6.13+nmu1+deb8u1","repositories":{"jessie":"1.6.13+nmu1","jessie-security":"1.6.13+nmu1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.6.14","repositories":{"sid":"1.6.14"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-8962":{"debianbug":770918,"scope":"remote","description":"Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.","releases":{"buster":{"fixed_version":"1.3.0-3","repositories":{"buster":"1.3.2-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.3.0-3","repositories":{"stretch":"1.3.2-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.3.0-3","repositories":{"jessie":"1.3.0-3"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.3.0-3","repositories":{"sid":"1.3.2-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-9028":{"debianbug":770918,"scope":"remote","description":"Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.","releases":{"buster":{"fixed_version":"1.3.0-3","repositories":{"buster":"1.3.2-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.3.0-3","repositories":{"stretch":"1.3.2-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.3.0-3","repositories":{"jessie":"1.3.0-3"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.3.0-3","repositories":{"sid":"1.3.2-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-4619":{"scope":"remote","description":"Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"1.2.1-1","repositories":{"buster":"1.3.2-3"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.2.1-1","repositories":{"stretch":"1.3.2-1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.2.1-1","repositories":{"jessie":"1.3.0-3"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.2.1-1","repositories":{"sid":"1.3.2-3"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2017-6888":{"debianbug":897015,"scope":"remote","description":"An error in the \"read_metadata_vorbiscomment_()\" function (src/libFLAC/stream_decoder.c) in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file.","releases":{"buster":{"fixed_version":"1.3.2-2","repositories":{"buster":"1.3.2-3"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.3.2-1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.3.0-3"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.3.2-2","repositories":{"sid":"1.3.2-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-6277":{"scope":"remote","description":"Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via large (1) Metadata Block Size, (2) VORBIS Comment String Size, (3) Picture Metadata MIME-TYPE Size, (4) Picture Description Size, (5) Picture Data Length, (6) Padding Length, and (7) PICTURE Metadata width and height values in a .FLAC file, which result in a heap-based overflow; and large (8) VORBIS Comment String Size Length, (9) Picture MIME-Type, (10) Picture MIME-Type URL, and (11) Picture Description Length values in a .FLAC file, which result in a stack-based overflow.  NOTE: some of these issues may overlap CVE-2007-4619.","releases":{"buster":{"fixed_version":"1.2.1-1","repositories":{"buster":"1.3.2-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.2.1-1","repositories":{"stretch":"1.3.2-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.2.1-1","repositories":{"jessie":"1.3.0-3"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.2.1-1","repositories":{"sid":"1.3.2-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-6278":{"scope":"remote","description":"Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (-->) for the FLAC image file in a crafted .FLAC file.","releases":{"buster":{"fixed_version":"1.2.1-1","repositories":{"buster":"1.3.2-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.2.1-1","repositories":{"stretch":"1.3.2-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1.2.1-1","repositories":{"jessie":"1.3.0-3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.2.1-1","repositories":{"sid":"1.3.2-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-6279":{"scope":"remote","description":"Multiple double free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed (1) Seektable values or (2) Seektable Data Offsets in a .FLAC file.","releases":{"buster":{"fixed_version":"1.2.1-1","repositories":{"buster":"1.3.2-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.2.1-1","repositories":{"stretch":"1.3.2-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1.2.1-1","repositories":{"jessie":"1.3.0-3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.2.1-1","repositories":{"sid":"1.3.2-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-7723":{"debianbug":803517,"scope":"local","description":"AMD fglrx-driver before 15.7 allows local users to gain privileges via a symlink attack.","releases":{"jessie":{"nodsa":"Non-free not supported","fixed_version":"1:15.7-1","repositories":{"jessie":"1:15.9-4~deb8u2"},"urgency":"high**","nodsa_reason":"","status":"resolved"}}}}
{"CVE-2015-7724":{"debianbug":803517,"scope":"local","description":"AMD fglrx-driver before 15.9 allows local users to gain privileges via a symlink attack.  NOTE: This vulnerability exists due to an incomplete fix for CVE-2015-7723.","releases":{"jessie":{"nodsa":"Non-free not supported","fixed_version":"1:15.9-1","repositories":{"jessie":"1:15.9-4~deb8u2"},"urgency":"high**","nodsa_reason":"","status":"resolved"}}}}
{"TEMP-0625868-9433A0":{"debianbug":625868,"releases":{"jessie":{"fixed_version":"1:11-6-3","repositories":{"jessie":"1:15.9-4~deb8u2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-14505":{"debianbug":904293,"scope":"remote","description":"mitmweb in mitmproxy v4.0.3 allows DNS Rebinding attacks, related to tools/web/app.py.","releases":{"buster":{"fixed_version":"3.0.4-1","repositories":{"buster":"4.0.4-5"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.18.2-6"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.10.1-2"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"3.0.4-1","repositories":{"sid":"4.0.4-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-3720":{"debianbug":551936,"scope":"remote","description":"The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.","releases":{"buster":{"fixed_version":"1.6.5-1.2","repositories":{"buster":"1.6.8-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.6.5-1.2","repositories":{"stretch":"1.6.8-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.6.5-1.2","repositories":{"jessie":"1.6.8-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.6.5-1.2","repositories":{"sid":"1.6.8-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-3560":{"debianbug":560901,"scope":"remote","description":"The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.6.8-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.6.8-3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.6.8-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.6.8-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-1753":{"scope":"local","description":"Coccinelle 0.1.7 allows local users to overwrite arbitrary files via a symlink attack on an unspecified \"result file.\"","releases":{"buster":{"fixed_version":"0.1.7.deb-3","repositories":{"buster":"1.0.4.deb-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.1.7.deb-3","repositories":{"stretch":"1.0.4.deb-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.1.7.deb-3","repositories":{"jessie":"1.0.0~rc22.deb-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.1.7.deb-3","repositories":{"sid":"1.0.4.deb-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-3822":{"debianbug":858213,"scope":"remote","description":"exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds access) via crafted EXIF data, aka internal bug 28868315.","releases":{"buster":{"fixed_version":"1:3.00-4","repositories":{"buster":"1:3.00-8"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:3.00-4","repositories":{"stretch":"1:3.00-4+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:2.97-1+deb8u1","repositories":{"jessie":"1:2.97-1+deb8u1","jessie-security":"1:2.97-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:3.00-4","repositories":{"sid":"1:3.03-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-6612":{"debianbug":889272,"scope":"remote","description":"An integer underflow bug in the process_EXIF function of the exif.c file of jhead 3.00 raises a heap-based buffer over-read when processing a malicious JPEG file, which may allow a remote attacker to cause a denial-of-service attack or unspecified other impact.","releases":{"buster":{"fixed_version":"1:3.00-6","repositories":{"buster":"1:3.00-8"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"1:3.00-4+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1:2.97-1+deb8u1","jessie-security":"1:2.97-1+deb8u1"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"1:3.00-6","repositories":{"sid":"1:3.03-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-4640":{"debianbug":504194,"scope":"local","description":"The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which (1) a final \"z\" character is replaced by a \"t\" character or (2) a final \"t\" character is replaced by a \"z\" character.","releases":{"buster":{"fixed_version":"2.85-1","repositories":{"buster":"1:3.00-8"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.85-1","repositories":{"stretch":"1:3.00-4+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.85-1","repositories":{"jessie":"1:2.97-1+deb8u1","jessie-security":"1:2.97-1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.85-1","repositories":{"sid":"1:3.03-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-17088":{"debianbug":907925,"scope":"remote","description":"The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because there is an integer overflow during a check for whether a location exceeds the EXIF data length. This is analogous to the CVE-2016-3822 integer overflow in exif.c. This gpsinfo.c vulnerability is unrelated to the CVE-2018-16554 gpsinfo.c vulnerability.","releases":{"buster":{"fixed_version":"1:3.00-8","repositories":{"buster":"1:3.00-8"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:3.00-4+deb9u1","repositories":{"stretch":"1:3.00-4+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1:2.97-1+deb8u1","jessie-security":"1:2.97-1+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1:3.00-8","repositories":{"sid":"1:3.03-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-4575":{"debianbug":502353,"scope":"remote","description":"Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) via (1) a long -cmd argument and (2) unspecified vectors related to \"a bunch of potential string overflows.\"","releases":{"buster":{"fixed_version":"2.84-1","repositories":{"buster":"1:3.00-8"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.84-1","repositories":{"stretch":"1:3.00-4+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.84-1","repositories":{"jessie":"1:2.97-1+deb8u1","jessie-security":"1:2.97-1+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.84-1","repositories":{"sid":"1:3.03-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-4641":{"debianbug":503645,"scope":"remote","description":"The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input.","releases":{"buster":{"fixed_version":"2.84-2","repositories":{"buster":"1:3.00-8"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.84-2","repositories":{"stretch":"1:3.00-4+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.84-2","repositories":{"jessie":"1:2.97-1+deb8u1","jessie-security":"1:2.97-1+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.84-2","repositories":{"sid":"1:3.03-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-16554":{"debianbug":908176,"scope":"remote","description":"The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because of inconsistency between float and double in a sprintf format string during TAG_GPS_ALT handling.","releases":{"buster":{"fixed_version":"1:3.00-8","repositories":{"buster":"1:3.00-8"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:3.00-4+deb9u1","repositories":{"stretch":"1:3.00-4+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1:2.97-1+deb8u1","jessie-security":"1:2.97-1+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1:3.00-8","repositories":{"sid":"1:3.03-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-4639":{"scope":"local","description":"jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.","releases":{"buster":{"fixed_version":"2.84-1","repositories":{"buster":"1:3.00-8"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.84-1","repositories":{"stretch":"1:3.00-4+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.84-1","repositories":{"jessie":"1:2.97-1+deb8u1","jessie-security":"1:2.97-1+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.84-1","repositories":{"sid":"1:3.03-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2006-1905":{"debianbug":363370,"scope":"remote","description":"Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file.","releases":{"buster":{"fixed_version":"0.99.4-1","repositories":{"buster":"0.99.9-1.3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0.99.4-1","repositories":{"stretch":"0.99.9-1.3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0.99.4-1","repositories":{"jessie":"0.99.9-1.2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0.99.4-1","repositories":{"sid":"0.99.9-1.3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-2230":{"debianbug":363370,"scope":"remote","description":"Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905.  In addition, if the only attack vectors involve a user-assisted, local command line argument of a non-setuid program, this issue might not be a vulnerability.","releases":{"buster":{"fixed_version":"0.99.4-2","repositories":{"buster":"0.99.9-1.3"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"0.99.4-2","repositories":{"stretch":"0.99.9-1.3"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"0.99.4-2","repositories":{"jessie":"0.99.9-1.2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"0.99.4-2","repositories":{"sid":"0.99.9-1.3"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2004-1951":{"scope":"remote","description":"xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link.","releases":{"buster":{"fixed_version":"0.99.1","repositories":{"buster":"0.99.9-1.3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.99.1","repositories":{"stretch":"0.99.9-1.3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.99.1","repositories":{"jessie":"0.99.9-1.2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.99.1","repositories":{"sid":"0.99.9-1.3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2004-0372":{"scope":"local","description":"xine allows local users to overwrite arbitrary files via a symlink attack on a bug report email that is generated by the (1) xine-bugreport or (2) xine-check scripts.","releases":{"buster":{"fixed_version":"0.99.1-1","repositories":{"buster":"0.99.9-1.3"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"0.99.1-1","repositories":{"stretch":"0.99.9-1.3"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"0.99.1-1","repositories":{"jessie":"0.99.9-1.2"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"0.99.1-1","repositories":{"sid":"0.99.9-1.3"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2007-0254":{"debianbug":407369,"scope":"remote","description":"Format string vulnerability in the errors_create_window function in errors.c in xine-ui allows attackers to execute arbitrary code via unknown vectors.","releases":{"buster":{"fixed_version":"0.99.4+dfsg+cvs20061111-1","repositories":{"buster":"0.99.9-1.3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.99.4+dfsg+cvs20061111-1","repositories":{"stretch":"0.99.9-1.3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.99.4+dfsg+cvs20061111-1","repositories":{"jessie":"0.99.9-1.2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.99.4+dfsg+cvs20061111-1","repositories":{"sid":"0.99.9-1.3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-6891":{"debianbug":863186,"scope":"remote","description":"Two errors in the \"asn1_find_node()\" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.","releases":{"buster":{"fixed_version":"4.10-1.1","repositories":{"buster":"4.13-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.10-1.1","repositories":{"stretch-security":"4.10-1.1+deb9u1","stretch":"4.10-1.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.2-3+deb8u3","repositories":{"jessie":"4.2-3+deb8u3","jessie-security":"4.2-3+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.10-1.1","repositories":{"sid":"4.13-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-2806":{"scope":"remote","description":"Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.","releases":{"buster":{"fixed_version":"4.2-3","repositories":{"buster":"4.13-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.2-3","repositories":{"stretch-security":"4.10-1.1+deb9u1","stretch":"4.10-1.1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.2-3","repositories":{"jessie":"4.2-3+deb8u3","jessie-security":"4.2-3+deb8u3"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.2-3","repositories":{"sid":"4.13-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-10790":{"debianbug":867398,"scope":"remote","description":"The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack.","releases":{"buster":{"fixed_version":"4.12-2.1","repositories":{"buster":"4.13-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.10-1.1+deb9u1","repositories":{"stretch-security":"4.10-1.1+deb9u1","stretch":"4.10-1.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"4.2-3+deb8u3","jessie-security":"4.2-3+deb8u3"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"4.12-2.1","repositories":{"sid":"4.13-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-6003":{"scope":"remote","description":"An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS.","releases":{"buster":{"fixed_version":"4.13-2","repositories":{"buster":"4.13-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.10-1.1+deb9u1","repositories":{"stretch-security":"4.10-1.1+deb9u1","stretch":"4.10-1.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.2-3+deb8u3","jessie-security":"4.2-3+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"4.13-2","repositories":{"sid":"4.13-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-4008":{"scope":"remote","description":"The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.","releases":{"buster":{"fixed_version":"4.8-1","repositories":{"buster":"4.13-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.8-1","repositories":{"stretch-security":"4.10-1.1+deb9u1","stretch":"4.10-1.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.2-3+deb8u2","repositories":{"jessie":"4.2-3+deb8u3","jessie-security":"4.2-3+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.8-1","repositories":{"sid":"4.13-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-3467":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.","releases":{"buster":{"fixed_version":"3.6-1","repositories":{"buster":"4.13-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.6-1","repositories":{"stretch-security":"4.10-1.1+deb9u1","stretch":"4.10-1.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.6-1","repositories":{"jessie":"4.2-3+deb8u3","jessie-security":"4.2-3+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.6-1","repositories":{"sid":"4.13-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-3622":{"scope":"remote","description":"The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.","releases":{"buster":{"fixed_version":"4.4-3","repositories":{"buster":"4.13-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.4-3","repositories":{"stretch-security":"4.10-1.1+deb9u1","stretch":"4.10-1.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.2-3+deb8u1","repositories":{"jessie":"4.2-3+deb8u3","jessie-security":"4.2-3+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.4-3","repositories":{"sid":"4.13-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-3468":{"scope":"remote","description":"The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.","releases":{"buster":{"fixed_version":"3.6-1","repositories":{"buster":"4.13-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.6-1","repositories":{"stretch-security":"4.10-1.1+deb9u1","stretch":"4.10-1.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.6-1","repositories":{"jessie":"4.2-3+deb8u3","jessie-security":"4.2-3+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.6-1","repositories":{"sid":"4.13-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-1000654":{"debianbug":906768,"scope":"remote","description":"GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.","releases":{"buster":{"repositories":{"buster":"4.13-3"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"4.10-1.1+deb9u1","stretch":"4.10-1.1+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"4.2-3+deb8u3","jessie-security":"4.2-3+deb8u3"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"4.13-3"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2014-3469":{"scope":"remote","description":"The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.","releases":{"buster":{"fixed_version":"3.6-1","repositories":{"buster":"4.13-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.6-1","repositories":{"stretch-security":"4.10-1.1+deb9u1","stretch":"4.10-1.1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.6-1","repositories":{"jessie":"4.2-3+deb8u3","jessie-security":"4.2-3+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.6-1","repositories":{"sid":"4.13-3"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0593829-E6A4BC":{"debianbug":593829,"releases":{"buster":{"fixed_version":"0.5.4-1","repositories":{"buster":"2.3.6+dfsg-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.5.4-1","repositories":{"stretch":"1.1.1+dfsg-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.5.4-1","repositories":{"jessie":"0.7.18-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.5.4-1","repositories":{"sid":"2.3.6+dfsg-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-4972":{"debianbug":828062,"scope":"remote","description":"OpenStack Murano before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), Murano-dashboard before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), and python-muranoclient before 0.7.3 (liberty) and 0.8.x before 0.8.5 (mitaka) improperly use loaders inherited from yaml.Loader when parsing MuranoPL and UI files, which allows remote attackers to create arbitrary Python objects and execute arbitrary code via crafted extended YAML tags in UI definitions in packages.","releases":{"buster":{"fixed_version":"0.8.3-4","repositories":{"buster":"1.1.1-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.8.3-4","repositories":{"stretch":"0.11.1-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.8.3-4","repositories":{"sid":"1.1.1-2"},"urgency":"high**","status":"resolved"}}}}
{"TEMP-0105562-0FE13B":{"debianbug":105562,"releases":{"buster":{"fixed_version":"2.91-2.1","repositories":{"buster":"2.94-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.91-2.1","repositories":{"stretch":"2.94-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.91-2.1","repositories":{"jessie":"2.94-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.91-2.1","repositories":{"sid":"2.94-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-3155":{"debianbug":692035,"scope":"remote","description":"Unspecified vulnerability in the CORBA ORB component in Sun GlassFish Enterprise Server 2.1.1, Oracle GlassFish Server 3.0.1 and 3.1.2, and Sun Java System Application Server 8.1 and 8.2 allows remote attackers to affect availability, related to CORBA ORB.","releases":{"stretch":{"nodsa":"Only used a build dep, specific details withheld","repositories":{"stretch":"1:2.1.1-b31g+dfsg1-4"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"jessie":{"repositories":{"jessie":"1:2.1.1-b31g+dfsg1-2"},"urgency":"end-of-life","status":"open"}}}}
{"CVE-2012-0081":{"scope":"local","description":"Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.1.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Administration.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"1:2.1.1-b31g+dfsg1-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.1.1-b31g+dfsg1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-4744":{"scope":"remote","description":"Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect integrity via unknown vectors related to Java Server Faces.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"1:2.1.1-b31g+dfsg1-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.1.1-b31g+dfsg1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-3564":{"scope":"local","description":"Unspecified vulnerability in Oracle GlassFish Enterprise Server 2.1.1 allows local users to affect confidentiality via unknown vectors related to Administration.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"1:2.1.1-b31g+dfsg1-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.1.1-b31g+dfsg1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-3247":{"scope":"remote","description":"Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMTP to compromise Oracle GlassFish Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data. CVSS v3.0 Base Score 4.3 (Integrity impacts).","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"1:2.1.1-b31g+dfsg1-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.1.1-b31g+dfsg1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-3249":{"scope":"remote","description":"Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via LDAP to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data as well as unauthorized read access to a subset of Oracle GlassFish Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GlassFish Server. CVSS v3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts).","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"1:2.1.1-b31g+dfsg1-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.1.1-b31g+dfsg1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-3626":{"scope":"remote","description":"Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). The supported version that is affected is 3.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GlassFish Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GlassFish Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"1:2.1.1-b31g+dfsg1-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.1.1-b31g+dfsg1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-5528":{"scope":"remote","description":"Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GlassFish Server. While the vulnerability is in Oracle GlassFish Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle GlassFish Server. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts).","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"1:2.1.1-b31g+dfsg1-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.1.1-b31g+dfsg1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-0453":{"scope":"remote","description":"Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.1.2 allows remote attackers to affect integrity via unknown vectors related to Embedded Server.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"1:2.1.1-b31g+dfsg1-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.1.1-b31g+dfsg1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-10393":{"scope":"remote","description":"Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data as well as unauthorized read access to a subset of Oracle GlassFish Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GlassFish Server. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L).","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"1:2.1.1-b31g+dfsg1-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.1.1-b31g+dfsg1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-0104":{"scope":"remote","description":"Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.0.1 and 3.1.1 allows remote attackers to affect availability via unknown vectors related to Web Container.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"1:2.1.1-b31g+dfsg1-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.1.1-b31g+dfsg1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-14324":{"scope":"remote","description":"The demo feature in Oracle GlassFish Open Source Edition 5.0 has TCP port 7676 open by default with a password of admin for the admin account. This allows remote attackers to obtain potentially sensitive information, perform database operations, or manipulate the demo via a JMX RMI session, aka a \"jmx_rmi remote monitoring and control problem.\" NOTE: this is not an Oracle supported product.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"1:2.1.1-b31g+dfsg1-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.1.1-b31g+dfsg1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-1000029":{"scope":"remote","description":"Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Local File Inclusion vulnerability, that makes it possible to include arbitrary files on the server, this vulnerability can be exploited without any prior authentication.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"1:2.1.1-b31g+dfsg1-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.1.1-b31g+dfsg1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-3827":{"scope":"remote","description":"Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors related to Java Server Faces or Web Container.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"1:2.1.1-b31g+dfsg1-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.1.1-b31g+dfsg1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-2623":{"scope":"remote","description":"Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2, and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0, allows remote attackers to affect integrity via unknown vectors related to Java Server Faces.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"1:2.1.1-b31g+dfsg1-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.1.1-b31g+dfsg1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-1508":{"scope":"remote","description":"Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Middleware Products 3.0.1 and 3.1.2 allows remote attackers to affect integrity via vectors related to REST Interface.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"1:2.1.1-b31g+dfsg1-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.1.1-b31g+dfsg1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-1000028":{"scope":"remote","description":"Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"1:2.1.1-b31g+dfsg1-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.1.1-b31g+dfsg1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-4438":{"scope":"local","description":"Unspecified vulnerability in Oracle GlassFish 2.1, 2.1.1, and 3.0.1, and Java System Message Queue 4.1 allows local users to affect confidentiality, integrity, and availability, related to Java Message Service (JMS).","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"1:2.1.1-b31g+dfsg1-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.1.1-b31g+dfsg1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-3607":{"scope":"remote","description":"Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Web Container.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"1:2.1.1-b31g+dfsg1-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.1.1-b31g+dfsg1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-3608":{"scope":"remote","description":"Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 allows remote attackers to affect confidentiality via vectors related to Administration.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"1:2.1.1-b31g+dfsg1-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.1.1-b31g+dfsg1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-4899":{"scope":"remote","description":"Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2 allows remote attackers to affect confidentiality via unknown vectors related to Security.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"1:2.1.1-b31g+dfsg1-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.1.1-b31g+dfsg1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-3239":{"scope":"local","description":"Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle GlassFish Server executes to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GlassFish Server accessible data. CVSS v3.0 Base Score 3.3 (Confidentiality impacts).","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"1:2.1.1-b31g+dfsg1-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.1.1-b31g+dfsg1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-5477":{"scope":"remote","description":"Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1 and 3.0.1 allows remote attackers to affect confidentiality via vectors related to Administration.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"1:2.1.1-b31g+dfsg1-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.1.1-b31g+dfsg1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-10391":{"scope":"remote","description":"Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data as well as unauthorized read access to a subset of Oracle GlassFish Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GlassFish Server. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"1:2.1.1-b31g+dfsg1-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.1.1-b31g+dfsg1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-5035":{"scope":"remote","description":"Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"1:2.1.1-b31g+dfsg1-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.1.1-b31g+dfsg1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-3250":{"scope":"remote","description":"Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data as well as unauthorized read access to a subset of Oracle GlassFish Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GlassFish Server. CVSS v3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts).","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"1:2.1.1-b31g+dfsg1-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.1.1-b31g+dfsg1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-1000030":{"scope":"remote","description":"Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Java Key Store Password Disclosure vulnerability, that makes it possible to provide an unauthenticated attacker plain text password of administrative user and grant access to the web-based administration interface.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"1:2.1.1-b31g+dfsg1-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.1.1-b31g+dfsg1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-10400":{"scope":"remote","description":"Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration Graphical User Interface). The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data as well as unauthorized read access to a subset of Oracle GlassFish Server accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"1:2.1.1-b31g+dfsg1-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.1.1-b31g+dfsg1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-5519":{"scope":"remote","description":"Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to Java Server Faces.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"1:2.1.1-b31g+dfsg1-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.1.1-b31g+dfsg1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-0441":{"scope":"remote","description":"Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.1.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Embedded Server.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"1:2.1.1-b31g+dfsg1-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.1.1-b31g+dfsg1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-10385":{"scope":"remote","description":"Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data as well as unauthorized read access to a subset of Oracle GlassFish Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GlassFish Server. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L).","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"1:2.1.1-b31g+dfsg1-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.1.1-b31g+dfsg1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-0551":{"scope":"remote","description":"Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE 7 update 4 and earlier and 6 update 32 and earlier, and the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Web Container or Deployment.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"1:2.1.1-b31g+dfsg1-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.1.1-b31g+dfsg1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-5816":{"scope":"remote","description":"Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2 allows remote attackers to affect availability via unknown vectors related to Metro.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"1:2.1.1-b31g+dfsg1-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.1.1-b31g+dfsg1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2012-0550":{"scope":"remote","description":"Unspecified vulnerability in the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web Container.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"1:2.1.1-b31g+dfsg1-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.1.1-b31g+dfsg1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-0396":{"scope":"remote","description":"Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Admin Console.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"1:2.1.1-b31g+dfsg1-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.1.1-b31g+dfsg1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-1515":{"scope":"remote","description":"Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Middleware Products 3.0.1 and 3.1.2 allows remote attackers to affect integrity via vectors related to ADMIN Interface.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"1:2.1.1-b31g+dfsg1-4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.1.1-b31g+dfsg1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-14178":{"scope":"remote","description":"In snapd 2.27 through 2.29.2 the 'snap logs' command could be made to call journalctl without match arguments and therefore allow unprivileged, unauthenticated users to bypass systemd-journald's access restrictions.","releases":{"buster":{"fixed_version":"2.30-1","repositories":{"buster":"2.37.4-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.21-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.30-1","repositories":{"sid":"2.37.4-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-7304":{"scope":"remote","description":"Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.","releases":{"buster":{"fixed_version":"2.37.1-1","repositories":{"buster":"2.37.4-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.21-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.37.1-1","repositories":{"sid":"2.37.4-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2019-11502":{"debianbug":928052,"scope":"remote","description":"snap-confine in snapd before 2.38 incorrectly set the ownership of a snap application to the uid and gid of the first calling user. Consequently, that user had unintended access to a private /tmp directory.","releases":{"buster":{"repositories":{"buster":"2.37.4-1"},"urgency":"low","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.21-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"2.37.4-1"},"urgency":"low","status":"open"}}}}
{"CVE-2019-11503":{"debianbug":928052,"scope":"remote","description":"snap-confine as included in snapd before 2.39 did not guard against symlink races when performing the chdir() to the current working directory of the calling user, aka a \"cwd restore permission bypass.\"","releases":{"buster":{"repositories":{"buster":"2.37.4-1"},"urgency":"low","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.21-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"2.37.4-1"},"urgency":"low","status":"open"}}}}
{"CVE-2019-7303":{"scope":"remote","description":"A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert characters into a terminal on a 64-bit host. The seccomp rules were generated to match 64-bit ioctl(2) commands on a 64-bit platform; however, the Linux kernel only uses the lower 32 bits to determine which ioctl(2) commands to run. This issue affects: Canonical snapd versions prior to 2.37.4.","releases":{"buster":{"fixed_version":"2.37.4-1","repositories":{"buster":"2.37.4-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.21-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.37.4-1","repositories":{"sid":"2.37.4-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-2686":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.6-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-2685":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.6-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-2690":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"6.0.6-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-2451":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.24-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2019-2450":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.24-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-0495":{"scope":"remote","description":"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.36 and 5.0.14 allows remote attackers to affect availability via unknown vectors related to Core.","releases":{"jessie":{"fixed_version":"4.3.36-dfsg-1+deb8u1","repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"5.0.14-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-3091":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.16-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2019-2574":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"6.0.6-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-3090":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.16-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-2696":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"6.0.6-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5545":{"scope":"remote","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: GUI). Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS v3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.1.14-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-3309":{"releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.24-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-2845":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.10-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-2842":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.10-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-2688":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.6-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-2687":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.6-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-2844":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.10-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-2843":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.10-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-2689":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.6-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-3221":{"debianbug":690777,"scope":"local","description":"Unspecified vulnerability in the Oracle VM Virtual Box component in Oracle Virtualization 3.2, 4.0, and 4.1 allows local users to affect availability via unknown vectors related to VirtualBox Core.  NOTE: The previous information was obtained from the October 2012 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"incorrect interrupt handling.\"","releases":{"jessie":{"fixed_version":"4.1.18-dfsg-1.1","repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.1.18-dfsg-1.1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-2694":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.6-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-2690":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.6-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-2487":{"scope":"local","description":"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.14, when running on Windows, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-4261.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-5892":{"debianbug":735410,"scope":"local","description":"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.22, and 4.3.6 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.","releases":{"jessie":{"fixed_version":"4.3.6-dfsg-1","repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"4.3.6-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-2488":{"debianbug":754939,"scope":"local","description":"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality via unknown vectors related to Core.","releases":{"jessie":{"fixed_version":"4.3.12-dfsg-1","repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.3.12-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2014-0981":{"debianbug":741602,"scope":"local","description":"VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromium server via crafted Chromium network pointer in a (1) CR_MESSAGE_READBACK or (2) CR_MESSAGE_WRITEBACK message to the VBoxSharedCrOpenGL service, which triggers an arbitrary pointer dereference and memory corruption.  NOTE: this issue was MERGED with CVE-2014-0982 because it is the same type of vulnerability affecting the same set of versions. All CVE users should reference CVE-2014-0981 instead of CVE-2014-0982.","releases":{"jessie":{"fixed_version":"4.3.10-dfsg-1","repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.3.10-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-10392":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.30. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.1.30-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-2486":{"debianbug":754939,"scope":"local","description":"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-2477.","releases":{"jessie":{"fixed_version":"4.3.12-dfsg-1","repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.3.12-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-3597":{"scope":"local","description":"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.26 allows local users to affect availability via vectors related to Core.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"5.1.4-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2014-0983":{"debianbug":741602,"scope":"local","description":"Multiple array index errors in programs that are automatically generated by VBox/HostServices/SharedOpenGL/crserverlib/server_dispatch.py in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8, when using 3D Acceleration, allow local guest OS users to execute arbitrary code on the Chromium server via certain CR_MESSAGE_OPCODES messages with a crafted index, which are not properly handled by the (1) CR_VERTEXATTRIB4NUBARB_OPCODE to the crServerDispatchVertexAttrib4NubARB function, (2) CR_VERTEXATTRIB1DARB_OPCODE to the crServerDispatchVertexAttrib1dARB function, (3) CR_VERTEXATTRIB1FARB_OPCODE to the crServerDispatchVertexAttrib1fARB function, (4) CR_VERTEXATTRIB1SARB_OPCODE to the crServerDispatchVertexAttrib1sARB function, (5) CR_VERTEXATTRIB2DARB_OPCODE to the crServerDispatchVertexAttrib2dARB function, (6) CR_VERTEXATTRIB2FARB_OPCODE to the crServerDispatchVertexAttrib2fARB function, (7) CR_VERTEXATTRIB2SARB_OPCODE to the crServerDispatchVertexAttrib2sARB function, (8) CR_VERTEXATTRIB3DARB_OPCODE to the crServerDispatchVertexAttrib3dARB function, (9) CR_VERTEXATTRIB3FARB_OPCODE to the crServerDispatchVertexAttrib3fARB function, (10) CR_VERTEXATTRIB3SARB_OPCODE to the crServerDispatchVertexAttrib3sARB function, (11) CR_VERTEXATTRIB4DARB_OPCODE to the crServerDispatchVertexAttrib4dARB function, (12) CR_VERTEXATTRIB4FARB_OPCODE to the crServerDispatchVertexAttrib4fARB function, and (13) CR_VERTEXATTRIB4SARB_OPCODE to the crServerDispatchVertexAttrib4sARB function.","releases":{"jessie":{"fixed_version":"4.3.10-dfsg-1","repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.3.10-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-3538":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Supported versions that are affected are Prior to 5.0.34 and Prior to 5.1.16. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.1.16-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-2500":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.24-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-2489":{"debianbug":754939,"scope":"local","description":"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.","releases":{"jessie":{"fixed_version":"4.3.12-dfsg-1","repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.3.12-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5715":{"debianbug":886532,"scope":"local","description":"Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.6-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-2504":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.24-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2014-4261":{"scope":"local","description":"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.14 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-2487.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-5538":{"scope":"local","description":"Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core, a different vulnerability than CVE-2016-5501.","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.1.8-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2019-2501":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.24-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2019-2508":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.24-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-2505":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.24-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2019-2506":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.24-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-10428":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.30. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 5.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.1.30-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-3309":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is prior to 5.2.22. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.22-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-2509":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.24-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-0111":{"debianbug":659950,"scope":"local","description":"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality and integrity via unknown vectors related to Shared Folders.","releases":{"jessie":{"fixed_version":"4.1.8-dfsg-1","repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.1.8-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-2698":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.6-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-2477":{"debianbug":754939,"scope":"local","description":"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-2486.","releases":{"jessie":{"fixed_version":"4.3.12-dfsg-1","repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.3.12-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2019-2511":{"scope":"remote","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via SOAP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.24-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-0592":{"scope":"local","description":"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.36 and before 5.0.14 allows local users to affect availability via unknown vectors related to Core.","releases":{"jessie":{"fixed_version":"4.3.36-dfsg-1+deb8u1","repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"5.0.14-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2015-0427":{"debianbug":775888,"scope":"local","description":"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2014-6595.","releases":{"jessie":{"fixed_version":"4.3.18-dfsg-2","repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.3.18-dfsg-2","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-3005":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 4.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.16-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-3088":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.16-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-4856":{"scope":"local","description":"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.0.30, 4.1.38, 4.2.30, 4.3.26, and 5.0.0 allows local users to affect availability via unknown vectors related to Core.","releases":{"jessie":{"fixed_version":"4.3.30-dfsg-1+deb8u1","repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"5.0.0-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-3089":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.16-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-5307":{"debianbug":823620,"scope":"local","description":"The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c.","releases":{"jessie":{"fixed_version":"4.3.36-dfsg-1+deb8u1","repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"5.0.10-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-3086":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.16-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-3087":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.16-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-3085":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.16-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-3558":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily \"exploitable\" vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.1.20-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-3316":{"scope":"remote","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: GUI). Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS v3.0 Base Score 8.4 (Confidentiality, Integrity and Availability impacts).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.1.14-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-2521":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.24-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-3559":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.1.20-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-2522":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.24-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-2520":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.24-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-2525":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 5.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.24-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2019-2526":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.24-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-2523":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.24-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-2524":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.24-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-10240":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.1.24-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-0418":{"debianbug":775888,"scope":"local","description":"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0377.","releases":{"jessie":{"fixed_version":"4.3.2-dfsg-1","repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"4.3.2-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-10242":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.1.24-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-2527":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.26 and prior to 6.0.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.24-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-10241":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.1.24-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-3612":{"scope":"remote","description":"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.22 allows remote attackers to affect confidentiality via vectors related to Core.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"5.0.22-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-2835":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.10-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-2837":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.10-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-10408":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.30. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.1.30-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-2836":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.10-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-10407":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.30. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.1.30-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-2831":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.10-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2015-0377":{"debianbug":775888,"scope":"local","description":"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0418.","releases":{"jessie":{"fixed_version":"4.3.2-dfsg-1","repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.3.2-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-2830":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.10-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-2676":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.6-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-10129":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.1.24-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-3297":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.20-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-3055":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.16-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-3298":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.20-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-3295":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.20-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-3296":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.20-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-3293":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.20-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-3294":{"scope":"remote","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows low privileged attacker with network access via VRDP to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.20-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-3291":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.20-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-3292":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.20-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-3290":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.20-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-10233":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.1.24-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2019-2657":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"6.0.6-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-10235":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.7 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.1.24-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-3561":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.1.20-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-2656":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"6.0.6-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-3563":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.1.20-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5501":{"scope":"local","description":"Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core, a different vulnerability than CVE-2016-5538.","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.1.8-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"high**","status":"resolved"}}}}
{"TEMP-0913137-22A98C":{"debianbug":913137,"releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.22-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2017-10237":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.1.24-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-10236":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.1.24-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-10239":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.1.24-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-10238":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.1.24-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-3792":{"debianbug":715327,"scope":"local","description":"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.18, 4.0.20, 4.1.28, and 4.2.18 allows local users to affect availability via unknown vectors related to Core.","releases":{"jessie":{"fixed_version":"4.2.16-dfsg-1","repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.2.16-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-5610":{"scope":"local","description":"Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core.","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.1.8-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-4228":{"debianbug":754939,"scope":"local","description":"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality, integrity, and availability via vectors related to Graphics driver (WDDM) for Windows guests.","releases":{"jessie":{"fixed_version":"4.3.12-dfsg-1","repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.3.12-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-2548":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.24-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-7183":{"scope":"remote","description":"Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.","releases":{"jessie":{"fixed_version":"4.3.36-dfsg-1+deb8u1","repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"5.0.10-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-3332":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: VirtualBox SVGA Emulation). Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS v3.0 Base Score 8.4 (Integrity and Availability impacts).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.1.14-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-0602":{"scope":"local","description":"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.14 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Windows Installer.  NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is an untrusted search path issue that allows local users to gain privileges via a Trojan horse dll in the \"application directory.\"","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-5611":{"scope":"local","description":"Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality via vectors related to Core.","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.1.8-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-3576":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.1.20-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-2703":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"6.0.6-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-10187":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 4.6 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.1.24-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-3575":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily \"exploitable\" vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.1.20-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-5613":{"scope":"local","description":"Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a different vulnerability than CVE-2016-5608.","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.1.8-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-3290":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS v3.0 Base Score 7.9 (Integrity and Availability impacts).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.1.14-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-2860":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.10-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-2554":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.24-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2019-2555":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.24-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2019-2552":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.24-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-2553":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.24-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2019-2679":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"6.0.6-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2014-6595":{"debianbug":775888,"scope":"local","description":"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2015-0427.","releases":{"jessie":{"fixed_version":"4.3.18-dfsg-2","repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.3.18-dfsg-2","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-2909":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.20-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5605":{"scope":"remote","description":"Unspecified vulnerability in the Oracle VM VirtualBox component before 5.1.4 in Oracle Virtualization allows remote attackers to affect confidentiality and integrity via vectors related to VRDE.","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.1.4-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-10210":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.1.24-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-2556":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.24-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2019-2678":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"6.0.6-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-0678":{"scope":"local","description":"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.18 allows local users to affect confidentiality, integrity, and availability via vectors related to Core.","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.0.18-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-3587":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.1.20-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2014-6590":{"debianbug":775888,"scope":"local","description":"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6595, and CVE-2015-0427.","releases":{"jessie":{"fixed_version":"4.3.18-dfsg-2","repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.3.18-dfsg-2","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2015-8104":{"debianbug":823620,"scope":"local","description":"The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.","releases":{"jessie":{"fixed_version":"4.3.36-dfsg-1+deb8u1","repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"5.0.10-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5608":{"scope":"local","description":"Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a different vulnerability than CVE-2016-5613.","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.1.8-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2015-3456":{"debianbug":785424,"scope":"remote","description":"The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.","releases":{"jessie":{"fixed_version":"4.3.18-dfsg-3+deb8u2","repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.3.28-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-0404":{"debianbug":735410,"scope":"local","description":"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0406.","releases":{"jessie":{"fixed_version":"4.3.6-dfsg-1","repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"4.3.6-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-2594":{"debianbug":792446,"scope":"local","description":"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.0.32, 4.1.40, 4.2.32, and 4.3.30 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.","releases":{"jessie":{"fixed_version":"4.3.30-dfsg-1+deb8u1","repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.3.30-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-2305":{"scope":"local","description":"Unspecified vulnerability in Oracle VM VirtualBox 4.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors.","releases":{"jessie":{"fixed_version":"4.0.10-dfsg-1","repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.0.10-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-4896":{"scope":"remote","description":"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when a VM has the Remote Display feature (RDP) enabled, allows remote attackers to affect availability via unknown vectors related to Core.","releases":{"jessie":{"fixed_version":"4.3.32-dfsg-1+deb8u2","repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"5.0.8-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-3288":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.20-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-0406":{"debianbug":735410,"scope":"local","description":"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0404.","releases":{"jessie":{"fixed_version":"4.3.6-dfsg-1","repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"4.3.6-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-3289":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.20-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-3287":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.20-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-0407":{"debianbug":735410,"scope":"local","description":"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0405.","releases":{"jessie":{"fixed_version":"4.3.6-dfsg-1","repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"4.3.6-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-4813":{"scope":"local","description":"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when using a Windows guest, allows local users to affect availability via unknown vectors related to Core.","releases":{"jessie":{"fixed_version":"4.3.32-dfsg-1+deb8u2","repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"5.0.8-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2019-2680":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"6.0.6-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-3513":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 2.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.1.20-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2014-6588":{"debianbug":775888,"scope":"local","description":"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6589, CVE-2014-6590, CVE-2014-6595, and CVE-2015-0427.","releases":{"jessie":{"fixed_version":"4.3.18-dfsg-2","repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.3.18-dfsg-2","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2014-6589":{"debianbug":775888,"scope":"local","description":"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6590, CVE-2014-6595, and CVE-2015-0427.","releases":{"jessie":{"fixed_version":"4.3.18-dfsg-2","repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.3.18-dfsg-2","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2013-0420":{"debianbug":698292,"scope":"local","description":"Unspecified vulnerability in the VirtualBox component in Oracle Virtualization 4.0, 4.1, and 4.2 allows local users to affect integrity and availability via unknown vectors related to Core.  NOTE: The previous information was obtained from the January 2013 Oracle CPU. Oracle has not commented on claims from another vendor that this issue is related to an incorrect comparison in the vga_draw_text function in Devices/Graphics/DevVGA.cpp, which can cause VirtualBox to \"draw more lines than necessary.\"","releases":{"jessie":{"fixed_version":"4.1.18-dfsg-2","repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.1.18-dfsg-2","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2019-2723":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"6.0.6-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-2448":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.24-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2019-2721":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"6.0.6-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-2446":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.2.24-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2019-2722":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"6.0.6-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-10209":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 5.2 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.1.24-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-10204":{"scope":"local","description":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).","releases":{"jessie":{"repositories":{"jessie":"4.3.36-dfsg-1+deb8u1","jessie-security":"4.3.36-dfsg-1+deb8u1"},"urgency":"end-of-life","status":"open"},"sid":{"fixed_version":"5.1.24-dfsg-1","repositories":{"sid":"6.0.8-dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8315":{"scope":"remote","description":"The ms package before 0.7.1 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a \"regular expression denial of service (ReDoS).\"","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.1.1-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.1.1-1"},"urgency":"unimportant","status":"resolved"}}}}
{"TEMP-0827346-22ED59":{"debianbug":760455,"releases":{"buster":{"fixed_version":"1:1.15-3","repositories":{"buster":"1:1.15.1-5"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1:1.15-3","repositories":{"stretch":"1:1.15-6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:1.15-3","repositories":{"sid":"1:1.15.1-5"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2004-1341":{"debianbug":281655,"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in info2www before 1.2.2.9 allows remote attackers to inject arbitrary web script or HTML via the arguments to info2www.","releases":{"buster":{"fixed_version":"1.2.2.9-23","repositories":{"buster":"1.2.2.9-24"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.2.2.9-23","repositories":{"stretch":"1.2.2.9-24"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.2.2.9-23","repositories":{"jessie":"1.2.2.9-24"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.2.2.9-23","repositories":{"sid":"1.2.2.9-24"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0827346-22ED59":{"debianbug":760455,"releases":{"jessie":{"fixed_version":"1:1.14.1-4+deb8u1","repositories":{"jessie":"1:1.14.1-4+deb8u1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2011-2732":{"debianbug":670901,"scope":"remote","description":"CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter.","releases":{"jessie":{"fixed_version":"2.0.7.RELEASE-1","repositories":{"jessie":"2.0.7.RELEASE-3","jessie-security":"2.0.7.RELEASE-3+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-15801":{"scope":"remote","description":"Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could fashion signed JWTs with the malicious issuer URL that may be granted for the honest issuer.","releases":{"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.0.7.RELEASE-3","jessie-security":"2.0.7.RELEASE-3+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"}}}}
{"CVE-2018-1258":{"scope":"remote","description":"Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"2.0.7.RELEASE-3","jessie-security":"2.0.7.RELEASE-3+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-2731":{"debianbug":670901,"scope":"remote","description":"Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread.","releases":{"jessie":{"fixed_version":"2.0.7.RELEASE-1","repositories":{"jessie":"2.0.7.RELEASE-3","jessie-security":"2.0.7.RELEASE-3+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-2894":{"debianbug":670901,"scope":"remote","description":"Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class.","releases":{"jessie":{"fixed_version":"2.0.7.RELEASE-1","repositories":{"jessie":"2.0.7.RELEASE-3","jessie-security":"2.0.7.RELEASE-3+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-3795":{"scope":"remote","description":"Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make the resulting random material available to an attacker for inspection.","releases":{"jessie":{"fixed_version":"2.0.7.RELEASE-3+deb8u1","repositories":{"jessie":"2.0.7.RELEASE-3","jessie-security":"2.0.7.RELEASE-3+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2312":{"debianbug":814355,"scope":"local","description":"Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again.","releases":{"buster":{"fixed_version":"4:5.4.3-2","repositories":{"buster":"4:5.14.5.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4:5.4.3-2","repositories":{"stretch-security":"4:5.8.6-2.1+deb9u1","stretch":"4:5.8.6-2.1+deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4:5.4.3-2","repositories":{"sid":"4:5.14.5.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-6791":{"scope":"local","description":"An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains `` or $() in its volume label is plugged in and mounted through the device notifier, it's interpreted as a shell command, leading to a possibility of arbitrary command execution. An example of an offending volume label is \"$(touch b)\" -- this will create a file called b in the home folder.","releases":{"buster":{"fixed_version":"4:5.12.0-2","repositories":{"buster":"4:5.14.5.1-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4:5.8.6-2.1+deb9u1","repositories":{"stretch-security":"4:5.8.6-2.1+deb9u1","stretch":"4:5.8.6-2.1+deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4:5.12.0-2","repositories":{"sid":"4:5.14.5.1-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-6790":{"scope":"remote","description":"An issue was discovered in KDE Plasma Workspace before 5.12.0. dataengines/notifications/notificationsengine.cpp allows remote attackers to discover client IP addresses via a URL in a notification, as demonstrated by the src attribute of an IMG element.","releases":{"buster":{"fixed_version":"4:5.12.0-2","repositories":{"buster":"4:5.14.5.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue, too intrusive to backport","repositories":{"stretch-security":"4:5.8.6-2.1+deb9u1","stretch":"4:5.8.6-2.1+deb9u1"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"4:5.12.0-2","repositories":{"sid":"4:5.14.5.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-2598":{"debianbug":904112,"scope":"remote","description":"Vulnerability in the MySQL Workbench component of Oracle MySQL (subcomponent: Workbench: Security: Encryption). Supported versions that are affected are 6.3.10 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Workbench. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Workbench accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).","releases":{"stretch":{"nodsa":"Exact details undisclosed, but marginal CVSS score","repositories":{"stretch":"6.3.8+dfsg-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Exact details undisclosed, but marginal CVSS score","repositories":{"jessie":"6.2.3+dfsg-7"},"urgency":"medium**","nodsa_reason":"postponed","status":"open"},"sid":{"repositories":{"sid":"6.3.10+dfsg-3"},"urgency":"medium**","status":"open"}}}}
{"CVE-2017-3469":{"debianbug":861487,"scope":"remote","description":"Vulnerability in the MySQL Workbench component of Oracle MySQL (subcomponent: Workbench: Security : Encryption). Supported versions that are affected are 6.3.8 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Workbench. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Workbench accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).","releases":{"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"6.3.8+dfsg-1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"6.2.3+dfsg-7"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"6.3.10+dfsg-1","repositories":{"sid":"6.3.10+dfsg-3"},"urgency":"low","status":"resolved"}}}}
{"TEMP-0784712-056A32":{"debianbug":784712,"releases":{"buster":{"fixed_version":"1.14.7~0.20120428-17","repositories":{"buster":"1.14.7~0.20120428-24"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"1.14.7~0.20120428-17","repositories":{"stretch":"1.14.7~0.20120428-21"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"1.14.7~0.20120428-14+deb8u1","repositories":{"jessie":"1.14.7~0.20120428-14+deb8u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"1.14.7~0.20120428-17","repositories":{"sid":"1.14.7~0.20120428-24"},"urgency":"not yet assigned","status":"resolved"}}}}
{"TEMP-0784712-E83200":{"debianbug":784712,"releases":{"buster":{"fixed_version":"1.14.7~0.20120428-17","repositories":{"buster":"1.14.7~0.20120428-24"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"1.14.7~0.20120428-17","repositories":{"stretch":"1.14.7~0.20120428-21"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"1.14.7~0.20120428-14+deb8u1","repositories":{"jessie":"1.14.7~0.20120428-14+deb8u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"1.14.7~0.20120428-17","repositories":{"sid":"1.14.7~0.20120428-24"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2003-0440":{"debianbug":223456,"scope":"local","description":"The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and possibly other versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files.","releases":{"buster":{"fixed_version":"1.14.5+20030609-1","repositories":{"buster":"1.14.7~0.20120428-24"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.14.5+20030609-1","repositories":{"stretch":"1.14.7~0.20120428-21"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.14.5+20030609-1","repositories":{"jessie":"1.14.7~0.20120428-14+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.14.5+20030609-1","repositories":{"sid":"1.14.7~0.20120428-24"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-2053":{"scope":"local","description":"emesenelib/ProfileManager.py in emesene before 1.6.2 allows local users to overwrite arbitrary files via a symlink attack on the emsnpic temporary file.","releases":{"jessie":{"fixed_version":"1.6.2-1","repositories":{"jessie":"2.12.5+dfsg-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2006-1062":{"scope":"remote","description":"Unspecified vulnerability in lurker.cgi for Lurker 2.0 and earlier allows attackers to read arbitrary files via unknown vectors.","releases":{"buster":{"fixed_version":"2.1-1","repositories":{"buster":"2.3-6"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.1-1","repositories":{"stretch":"2.3-6"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.1-1","repositories":{"jessie":"2.3-5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.1-1","repositories":{"sid":"2.3-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-1064":{"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in Lurker 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.","releases":{"buster":{"fixed_version":"2.1-1","repositories":{"buster":"2.3-6"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2.1-1","repositories":{"stretch":"2.3-6"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"2.1-1","repositories":{"jessie":"2.3-5"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2.1-1","repositories":{"sid":"2.3-6"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2006-1063":{"scope":"remote","description":"Unspecified vulnerability in Lurker 2.0 and earlier allows remote attackers to create or overwrite files in any writable directory that is named \"mbox\".","releases":{"buster":{"fixed_version":"2.1-1","repositories":{"buster":"2.3-6"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.1-1","repositories":{"stretch":"2.3-6"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.1-1","repositories":{"jessie":"2.3-5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.1-1","repositories":{"sid":"2.3-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-1940":{"debianbug":478133,"scope":"local","description":"The RBAC functionality in grsecurity before 2.1.11-2.6.24.5 and 2.1.11-2.4.36.2 does not enforce user_transition_deny and user_transition_allow rules for the (1) sys_setfsuid and (2) sys_setfsgid calls, which allows local users to bypass restrictions for those calls.","releases":{"jessie":{"fixed_version":"2.1.11+2.6.24.5+200804211829-1","repositories":{"jessie":"3.0+3.14.22-201410250026-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-18586":{"debianbug":911639,"scope":"remote","description":"** DISPUTED ** chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. NOTE: the vendor disputes that this is a libmspack vulnerability, because chmextract.c was only intended as a source-code example, not a supported application.","releases":{"buster":{"fixed_version":"0.8-1","repositories":{"buster":"0.8-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch-security":"0.5-1+deb9u2","stretch":"0.5-1+deb9u3"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"0.5-1+deb8u1","jessie-security":"0.5-1+deb8u3"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"0.8-1","repositories":{"sid":"0.10.1-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-18585":{"debianbug":911637,"scope":"remote","description":"chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\\0' as its first or second character (such as the \"/\\0\" name).","releases":{"buster":{"fixed_version":"0.8-1","repositories":{"buster":"0.8-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.5-1+deb9u3","repositories":{"stretch-security":"0.5-1+deb9u2","stretch":"0.5-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.5-1+deb8u3","repositories":{"jessie":"0.5-1+deb8u1","jessie-security":"0.5-1+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.8-1","repositories":{"sid":"0.10.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-4467":{"debianbug":774725,"scope":"remote","description":"The chmd_init_decomp function in chmd.c in libmspack before 0.5 does not properly validate the reset interval, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted CHM file.","releases":{"buster":{"fixed_version":"0.4-3","repositories":{"buster":"0.8-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.4-3","repositories":{"stretch-security":"0.5-1+deb9u2","stretch":"0.5-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.4-3","repositories":{"jessie":"0.5-1+deb8u1","jessie-security":"0.5-1+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.4-3","repositories":{"sid":"0.10.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0000000-970209":{"releases":{"buster":{"fixed_version":"0.5-1","repositories":{"buster":"0.8-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"0.5-1","repositories":{"stretch-security":"0.5-1+deb9u2","stretch":"0.5-1+deb9u3"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"0.5-1","repositories":{"jessie":"0.5-1+deb8u1","jessie-security":"0.5-1+deb8u3"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"0.5-1","repositories":{"sid":"0.10.1-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-14681":{"debianbug":904799,"scope":"remote","description":"An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.","releases":{"buster":{"fixed_version":"0.7-1","repositories":{"buster":"0.8-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.5-1+deb9u2","repositories":{"stretch-security":"0.5-1+deb9u2","stretch":"0.5-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.5-1+deb8u2","repositories":{"jessie":"0.5-1+deb8u1","jessie-security":"0.5-1+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.7-1","repositories":{"sid":"0.10.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-4468":{"debianbug":774726,"scope":"remote","description":"Multiple integer overflows in the search_chunk function in chmd.c in libmspack before 0.5 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CHM file.","releases":{"buster":{"fixed_version":"0.4-3","repositories":{"buster":"0.8-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.4-3","repositories":{"stretch-security":"0.5-1+deb9u2","stretch":"0.5-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.4-3","repositories":{"jessie":"0.5-1+deb8u1","jessie-security":"0.5-1+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.4-3","repositories":{"sid":"0.10.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-18584":{"debianbug":911640,"scope":"remote","description":"In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.","releases":{"buster":{"fixed_version":"0.8-1","repositories":{"buster":"0.8-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.5-1+deb9u3","repositories":{"stretch-security":"0.5-1+deb9u2","stretch":"0.5-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.5-1+deb8u3","repositories":{"jessie":"0.5-1+deb8u1","jessie-security":"0.5-1+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.8-1","repositories":{"sid":"0.10.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-14680":{"debianbug":904801,"scope":"remote","description":"An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.","releases":{"buster":{"fixed_version":"0.7-1","repositories":{"buster":"0.8-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.5-1+deb9u2","repositories":{"stretch-security":"0.5-1+deb9u2","stretch":"0.5-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.5-1+deb8u2","repositories":{"jessie":"0.5-1+deb8u1","jessie-security":"0.5-1+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.7-1","repositories":{"sid":"0.10.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-4469":{"debianbug":774726,"scope":"remote","description":"The chmd_read_headers function in chmd.c in libmspack before 0.5 does not validate name lengths, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CHM file.","releases":{"buster":{"fixed_version":"0.4-3","repositories":{"buster":"0.8-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.4-3","repositories":{"stretch-security":"0.5-1+deb9u2","stretch":"0.5-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.4-3","repositories":{"jessie":"0.5-1+deb8u1","jessie-security":"0.5-1+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.4-3","repositories":{"sid":"0.10.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6419":{"debianbug":871263,"scope":"remote","description":"mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file.","releases":{"buster":{"fixed_version":"0.6-1","repositories":{"buster":"0.8-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.5-1+deb9u1","repositories":{"stretch-security":"0.5-1+deb9u2","stretch":"0.5-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.5-1+deb8u1","repositories":{"jessie":"0.5-1+deb8u1","jessie-security":"0.5-1+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.6-1","repositories":{"sid":"0.10.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-11423":{"debianbug":868956,"scope":"remote","description":"The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file.","releases":{"buster":{"fixed_version":"0.6-1","repositories":{"buster":"0.8-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.5-1+deb9u1","repositories":{"stretch-security":"0.5-1+deb9u2","stretch":"0.5-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.5-1+deb8u1","repositories":{"jessie":"0.5-1+deb8u1","jessie-security":"0.5-1+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.6-1","repositories":{"sid":"0.10.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-9556":{"debianbug":772891,"scope":"remote","description":"Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (hang) via a crafted CAB file, which triggers an infinite loop.","releases":{"buster":{"fixed_version":"0.4-2","repositories":{"buster":"0.8-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.4-2","repositories":{"stretch-security":"0.5-1+deb9u2","stretch":"0.5-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.4-2","repositories":{"jessie":"0.5-1+deb8u1","jessie-security":"0.5-1+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.4-2","repositories":{"sid":"0.10.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-9732":{"debianbug":774665,"scope":"remote","description":"The cabd_extract function in cabd.c in libmspack before 0.5 does not properly maintain decompression callbacks in certain cases where an invalid file follows a valid file, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted CAB archive.","releases":{"buster":{"fixed_version":"0.5-1","repositories":{"buster":"0.8-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.5-1","repositories":{"stretch-security":"0.5-1+deb9u2","stretch":"0.5-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.5-1","repositories":{"jessie":"0.5-1+deb8u1","jessie-security":"0.5-1+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.5-1","repositories":{"sid":"0.10.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0000000-A4F3DE":{"releases":{"buster":{"fixed_version":"0.5-1","repositories":{"buster":"0.8-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"0.5-1","repositories":{"stretch-security":"0.5-1+deb9u2","stretch":"0.5-1+deb9u3"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"0.5-1","repositories":{"jessie":"0.5-1+deb8u1","jessie-security":"0.5-1+deb8u3"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"0.5-1","repositories":{"sid":"0.10.1-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-14679":{"debianbug":904802,"scope":"remote","description":"An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).","releases":{"buster":{"fixed_version":"0.7-1","repositories":{"buster":"0.8-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.5-1+deb9u2","repositories":{"stretch-security":"0.5-1+deb9u2","stretch":"0.5-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.5-1+deb8u2","repositories":{"jessie":"0.5-1+deb8u1","jessie-security":"0.5-1+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.7-1","repositories":{"sid":"0.10.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-4470":{"debianbug":775498,"scope":"remote","description":"Off-by-one error in the inflate function in mszipd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CAB archive.","releases":{"buster":{"fixed_version":"0.5-1","repositories":{"buster":"0.8-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.5-1","repositories":{"stretch-security":"0.5-1+deb9u2","stretch":"0.5-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.5-1","repositories":{"jessie":"0.5-1+deb8u1","jessie-security":"0.5-1+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.5-1","repositories":{"sid":"0.10.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-4471":{"debianbug":775499,"scope":"remote","description":"Off-by-one error in the lzxd_decompress function in lzxd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer under-read and application crash) via a crafted CAB archive.","releases":{"buster":{"fixed_version":"0.5-1","repositories":{"buster":"0.8-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.5-1","repositories":{"stretch-security":"0.5-1+deb9u2","stretch":"0.5-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.5-1","repositories":{"jessie":"0.5-1+deb8u1","jessie-security":"0.5-1+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.5-1","repositories":{"sid":"0.10.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-4472":{"debianbug":775687,"scope":"remote","description":"Off-by-one error in the READ_ENCINT macro in chmd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CHM file.","releases":{"buster":{"fixed_version":"0.5-1","repositories":{"buster":"0.8-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.5-1","repositories":{"stretch-security":"0.5-1+deb9u2","stretch":"0.5-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.5-1","repositories":{"jessie":"0.5-1+deb8u1","jessie-security":"0.5-1+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.5-1","repositories":{"sid":"0.10.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-14682":{"debianbug":904800,"scope":"remote","description":"An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.","releases":{"buster":{"fixed_version":"0.7-1","repositories":{"buster":"0.8-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.5-1+deb9u2","repositories":{"stretch-security":"0.5-1+deb9u2","stretch":"0.5-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.5-1+deb8u2","repositories":{"jessie":"0.5-1+deb8u1","jessie-security":"0.5-1+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.7-1","repositories":{"sid":"0.10.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-16248":{"debianbug":880458,"scope":"remote","description":"The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows remote attackers to read arbitrary files if there is a '.' character anywhere in the pathname, which differs from the intended policy of allowing access only when the filename itself has a '.' character.","releases":{"buster":{"fixed_version":"0.34-1","repositories":{"buster":"0.36-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.33-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.32-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.34-1","repositories":{"sid":"0.36-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-0433":{"debianbug":614668,"scope":"remote","description":"Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, a different vulnerability than CVE-2010-2642.","releases":{"jessie":{"fixed_version":"2.0alpha-4.1","repositories":{"jessie":"2.0alpha-4.1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2005-1141":{"scope":"remote","description":"Integer overflow in the readpgm function in pnm.c for GOCR 0.40, when using the netpbm library, allows remote attackers to execute arbitrary code via a PNM file with large width and height values, which leads to a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"0.39-5","repositories":{"buster":"0.52-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.39-5","repositories":{"stretch":"0.49-2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.39-5","repositories":{"jessie":"0.49-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.39-5","repositories":{"sid":"0.52-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2005-1142":{"scope":"remote","description":"Heap-based buffer overflow in the readpgm function in pnm.c for GOCR 0.40, when it is not using netpbm, allows remote attackers to execute arbitrary code via a P3 format PNM file with more data than implied by its width and height values.","releases":{"buster":{"fixed_version":"0.39-5","repositories":{"buster":"0.52-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.39-5","repositories":{"stretch":"0.49-2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.39-5","repositories":{"jessie":"0.49-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.39-5","repositories":{"sid":"0.52-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-7143":{"debianbug":761983,"releases":{"buster":{"fixed_version":"14.0.2-1","repositories":{"buster":"18.9.0-3"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"14.0.2-1","repositories":{"stretch":"16.6.0-2"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"14.0.2-1","repositories":{"jessie":"14.0.2-3"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"14.0.2-1","repositories":{"sid":"18.9.0-3"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2016-1000111":{"releases":{"buster":{"repositories":{"buster":"18.9.0-3"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"16.6.0-2"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"14.0.2-3"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"18.9.0-3"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-17519":{"scope":"remote","description":"batteriesConfig.mlp in OCaml Batteries Included (aka ocaml-batteries) 2.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.","releases":{"buster":{"repositories":{"buster":"2.6.0-1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"2.4-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.2-1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2.6.0-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2002-1948":{"scope":"local","description":"Multiple buffer overflows in Gringotts 0.5.9 allows local users to execute arbitrary commands via unknown attack vectors.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.2.10-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.2.10-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.2.10-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.2.10-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-3604":{"debianbug":759526,"scope":"remote","description":"Certificates.java in Not Yet Commons SSL before 0.3.15 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.","releases":{"stretch":{"fixed_version":"0.3.15-1","repositories":{"stretch":"0.3.15-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.3.15-1","repositories":{"jessie":"0.3.15-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-9432":{"debianbug":864207,"scope":"remote","description":"Document Liberation Project libstaroffice before 2017-04-07 has an out-of-bounds write caused by a stack-based buffer overflow related to the DatabaseName::read function in lib/StarWriterStruct.cxx.","releases":{"buster":{"fixed_version":"0.0.3-3","repositories":{"buster":"0.0.6-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.0.3-3","repositories":{"sid":"0.0.6-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-5837":{"debianbug":448721,"scope":"remote","description":"GUI.pm in yarssr 0.2.2, when Gnome default URL handling is disabled, allows remote attackers to execute arbitrary commands via shell metacharacters in a link element in a feed.","releases":{"stretch":{"fixed_version":"0.2.2-3","repositories":{"stretch":"0.2.2-9"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.2.2-3","repositories":{"jessie":"0.2.2-9"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2004-1272":{"scope":"remote","description":"Buffer overflow in the save_embedded_address function in filter.c for elm/bolthole filter 2.6.1 allows remote attackers to execute arbitrary code via a crafted email message.","releases":{"buster":{"fixed_version":"2.4.2-1.1","repositories":{"buster":"2.6.3+ds1-3"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.4.2-1.1","repositories":{"stretch":"2.6.3+ds1-3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.4.2-1.1","repositories":{"jessie":"2.6.3-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.4.2-1.1","repositories":{"sid":"2.6.3+ds1-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-6232":{"debianbug":832620,"scope":"remote","description":"Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads.","releases":{"buster":{"fixed_version":"5.24.0-1","repositories":{"buster":"5.54.0-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"5.24.0-1","repositories":{"stretch":"5.28.0-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"5.24.0-1","repositories":{"sid":"5.54.0-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-0115":{"debianbug":522813,"scope":"local","description":"The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.","releases":{"buster":{"fixed_version":"0.4.8-15","repositories":{"buster":"0.7.9-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.4.8-15","repositories":{"stretch":"0.6.4-5+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.4.8-15","repositories":{"jessie":"0.5.0-6+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.4.8-15","repositories":{"sid":"0.7.9-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2001-1467":{"scope":"remote","description":"mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, seeds its random number generator with its process ID, which limits the space of possible seeds and makes it easier for attackers to conduct brute force password attacks.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.45.4-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"5.45-7+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"5.45-6"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.45.4-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2002-2253":{"scope":"remote","description":"Multiple buffer overflows in Cyrus Sieve / libSieve 2.1.2 and earlier allow remote attackers to execute arbitrary code via (1) a long header name, (2) a long IMAP flag, or (3) a script that generates a large number of errors that overflow the resulting error string.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.2.6-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.2.6-1.3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.2.6-1.2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.2.6-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2005-0638":{"debianbug":298926,"scope":"remote","description":"xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command.","releases":{"buster":{"fixed_version":"4.1-14.1","repositories":{"buster":"4.1-25"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.1-14.1","repositories":{"stretch":"4.1-24"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.1-14.1","repositories":{"jessie":"4.1-23"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.1-14.1","repositories":{"sid":"4.1-25"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2005-0639":{"scope":"remote","description":"Multiple vulnerabilities in xli before 1.17 may allow remote attackers to execute arbitrary code via \"buffer management errors\" from certain image properties, some of which may be related to integer overflows in PPM files.","releases":{"buster":{"fixed_version":"4.1-14.2","repositories":{"buster":"4.1-25"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.1-14.2","repositories":{"stretch":"4.1-24"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.1-14.2","repositories":{"jessie":"4.1-23"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.1-14.2","repositories":{"sid":"4.1-25"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-4484":{"debianbug":384838,"scope":"remote","description":"Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.","releases":{"buster":{"repositories":{"buster":"4.1-25"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"4.1-24"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"4.1-23"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"4.1-25"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2005-3178":{"debianbug":332524,"scope":"remote","description":"Buffer overflow in xloadimage 4.1 and earlier, and xli, might allow user-assisted attackers to execute arbitrary code via a long title name in a NIFF file, which triggers the overflow during (1) zoom, (2) reduce, or (3) rotate operations.","releases":{"buster":{"fixed_version":"4.1-15","repositories":{"buster":"4.1-25"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"4.1-15","repositories":{"stretch":"4.1-24"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"4.1-15","repositories":{"jessie":"4.1-23"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"4.1-15","repositories":{"sid":"4.1-25"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2015-1554":{"debianbug":776424,"scope":"remote","description":"kgb-bot 1.33-2 allows remote attackers to cause a denial of service (crash).","releases":{"buster":{"repositories":{"buster":"1.54-1"},"urgency":"low","status":"undetermined"},"stretch":{"repositories":{"stretch":"1.34-2"},"urgency":"low","status":"undetermined"},"jessie":{"repositories":{"jessie":"1.33-2"},"urgency":"low","status":"undetermined"},"sid":{"repositories":{"sid":"1.54-1"},"urgency":"low","status":"undetermined"}}}}
{"CVE-2018-14041":{"scope":"remote","description":"In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.4.1+dfsg-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"3.3.7+dfsg-2+deb9u2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.2.0+dfsg-1","jessie-security":"3.2.0+dfsg-1+deb7u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.4.1+dfsg-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-8331":{"scope":"remote","description":"In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.","releases":{"buster":{"fixed_version":"3.4.1+dfsg-1","repositories":{"buster":"3.4.1+dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.3.7+dfsg-2+deb9u2","repositories":{"stretch":"3.3.7+dfsg-2+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.2.0+dfsg-1","jessie-security":"3.2.0+dfsg-1+deb7u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3.4.1+dfsg-1","repositories":{"sid":"3.4.1+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-14040":{"debianbug":907414,"scope":"remote","description":"In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.","releases":{"buster":{"fixed_version":"3.4.0+dfsg-1","repositories":{"buster":"3.4.1+dfsg-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.3.7+dfsg-2+deb9u1","repositories":{"stretch":"3.3.7+dfsg-2+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.2.0+dfsg-1+deb7u1","repositories":{"jessie":"3.2.0+dfsg-1","jessie-security":"3.2.0+dfsg-1+deb7u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.4.0+dfsg-1","repositories":{"sid":"3.4.1+dfsg-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-20677":{"scope":"remote","description":"In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.","releases":{"buster":{"fixed_version":"3.4.0+dfsg-1","repositories":{"buster":"3.4.1+dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.3.7+dfsg-2+deb9u1","repositories":{"stretch":"3.3.7+dfsg-2+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.2.0+dfsg-1","jessie-security":"3.2.0+dfsg-1+deb7u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3.4.0+dfsg-1","repositories":{"sid":"3.4.1+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-14042":{"debianbug":907414,"scope":"remote","description":"In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.","releases":{"buster":{"fixed_version":"3.4.0+dfsg-1","repositories":{"buster":"3.4.1+dfsg-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.3.7+dfsg-2+deb9u1","repositories":{"stretch":"3.3.7+dfsg-2+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.2.0+dfsg-1","jessie-security":"3.2.0+dfsg-1+deb7u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"3.4.0+dfsg-1","repositories":{"sid":"3.4.1+dfsg-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-20676":{"scope":"remote","description":"In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.","releases":{"buster":{"fixed_version":"3.4.0+dfsg-1","repositories":{"buster":"3.4.1+dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.3.7+dfsg-2+deb9u1","repositories":{"stretch":"3.3.7+dfsg-2+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.2.0+dfsg-1","jessie-security":"3.2.0+dfsg-1+deb7u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3.4.0+dfsg-1","repositories":{"sid":"3.4.1+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-10735":{"scope":"remote","description":"In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.","releases":{"buster":{"fixed_version":"3.4.0+dfsg-1","repositories":{"buster":"3.4.1+dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.3.7+dfsg-2+deb9u1","repositories":{"stretch":"3.3.7+dfsg-2+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.2.0+dfsg-1","jessie-security":"3.2.0+dfsg-1+deb7u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"3.4.0+dfsg-1","repositories":{"sid":"3.4.1+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-4790":{"scope":"local","description":"Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0, and possibly other distributions, cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) beagle, (2) tomboy, or (3) blam.  NOTE: in August 2007, the tomboy vector was reported for other distributions.","releases":{"stretch":{"fixed_version":"0.8.1-2","repositories":{"stretch":"1.14.1-4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.8.1-2","repositories":{"jessie":"1.14.1-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-4005":{"debianbug":605096,"scope":"local","description":"The (1) tomboy and (2) tomboy-panel scripts in GNOME Tomboy 1.5.2 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.  NOTE: vector 1 exists because of an incorrect fix for CVE-2005-4790.2.","releases":{"stretch":{"fixed_version":"1.2.2-2","repositories":{"stretch":"1.14.1-4"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.2.2-2","repositories":{"jessie":"1.14.1-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2009-3736":{"debianbug":559797,"scope":"local","description":"ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.31-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.31-3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.31-3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.31-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-1217":{"debianbug":408530,"scope":"local","description":"Buffer overflow in the bufprint function in capiutil.c in libcapi, as used in Linux kernel 2.6.9 to 2.6.20 and isdn4k-utils, allows local users to cause a denial of service (crash) and possibly gain privileges via a crafted CAPI packet.","releases":{"buster":{"fixed_version":"1:3.9.20060704-3","repositories":{"buster":"1:3.25+dfsg1-10"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:3.9.20060704-3","repositories":{"stretch":"1:3.25+dfsg1-8"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:3.9.20060704-3","repositories":{"jessie":"1:3.25+dfsg1-3.5"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:3.9.20060704-3","repositories":{"sid":"1:3.25+dfsg1-10"},"urgency":"low","status":"resolved"}}}}
{"CVE-2002-0851":{"scope":"local","description":"Format string vulnerability in ISDN Point to Point Protocol (PPP) daemon (ipppd) in the ISDN4Linux (i4l) package allows local users to gain root privileges via format strings in the device name command line argument, which is not properly handled in a call to syslog.","releases":{"buster":{"fixed_version":"1:3.2","repositories":{"buster":"1:3.25+dfsg1-10"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:3.2","repositories":{"stretch":"1:3.25+dfsg1-8"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:3.2","repositories":{"jessie":"1:3.25+dfsg1-3.5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:3.2","repositories":{"sid":"1:3.25+dfsg1-10"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-4607":{"debianbug":752861,"releases":{"buster":{"fixed_version":"2.08-1","repositories":{"buster":"2.10-0.1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"2.08-1","repositories":{"stretch":"2.08-1.2"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"2.08-1","repositories":{"jessie":"2.08-1.2"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"2.08-1","repositories":{"sid":"2.10-0.1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2016-9910":{"scope":"remote","description":"The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of special characters in attribute values, a different vulnerability than CVE-2016-9909.","releases":{"buster":{"fixed_version":"0.999999999-1","repositories":{"buster":"1.0.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.999999999-1","repositories":{"stretch":"0.999999999-1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.999-3"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.999999999-1","repositories":{"sid":"1.0.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9909":{"scope":"remote","description":"The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of the < (less than) character in attribute values.","releases":{"buster":{"fixed_version":"0.999999999-1","repositories":{"buster":"1.0.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.999999999-1","repositories":{"stretch":"0.999999999-1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.999-3"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.999999999-1","repositories":{"sid":"1.0.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-6409":{"debianbug":730691,"scope":"local","description":"Debian adequate before 0.8.1, when run by root with the --user option, allows local users to hijack the tty and possibly gain privileges via the TIOCSTI ioctl.","releases":{"buster":{"fixed_version":"0.8.1","repositories":{"buster":"0.15.2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.8.1","repositories":{"stretch":"0.15.1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.8.1","repositories":{"jessie":"0.12.1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.8.1","repositories":{"sid":"0.15.2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-16789":{"scope":"remote","description":"libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing logic. By sending a crafted multipart/form-data HTTP request, an attacker could exploit this to force shellinaboxd into an infinite loop, exhausting available CPU resources and taking the service down.","releases":{"buster":{"fixed_version":"2.21","repositories":{"buster":"2.21"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.20"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.14-1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.21","repositories":{"sid":"2.21"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-8400":{"scope":"remote","description":"The HTTPS fallback implementation in Shell In A Box (aka shellinabox) before 2.19 makes it easier for remote attackers to conduct DNS rebinding attacks via the \"/plain\" URL.","releases":{"buster":{"fixed_version":"2.19","repositories":{"buster":"2.21"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.19","repositories":{"stretch":"2.20"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.14-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.19","repositories":{"sid":"2.21"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-0363":{"debianbug":515118,"scope":"remote","description":"Multiple buffer overflows in (a) BarnOwl before 1.0.5 and (b) owl 2.1.11 allow remote attackers to execute arbitrary code via vectors involving (1) a crafted zcrypt message, related to zcrypt.c; (2) a reply command on a message with a Zephyr Cc: list, related to zwrite.c; and unspecified other use of the products.","releases":{"stretch":{"fixed_version":"2.2.2-1","repositories":{"stretch":"2.2.2-4.1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.2.2-1","repositories":{"jessie":"2.2.2-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-6687":{"debianbug":681591,"scope":"remote","description":"FastCGI (aka fcgi and libfcgi) 2.4.0 allows remote attackers to cause a denial of service (segmentation fault and crash) via a large number of connections.","releases":{"buster":{"fixed_version":"2.4.0-8.3","repositories":{"buster":"2.4.0-10"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.4.0-8.3","repositories":{"stretch":"2.4.0-8.4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.4.0-8.3","repositories":{"jessie":"2.4.0-8.3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.4.0-8.3","repositories":{"sid":"2.4.0-10"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5261":{"scope":"remote","description":"Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before 48.0 and Firefox ESR < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets that trigger incorrect buffer-resize operations during buffering.","releases":{"sid":{"fixed_version":"48.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-5260":{"scope":"remote","description":"Mozilla Firefox before 48.0 mishandles changes from 'INPUT type=\"password\"' to 'INPUT type=\"text\"' within a single Session Manager session, which might allow attackers to discover cleartext passwords by reading a session restoration file.","releases":{"sid":{"fixed_version":"48.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5267":{"scope":"remote","description":"Mozilla Firefox before 48.0 on Android allows remote attackers to spoof the address bar via left-to-right characters in conjunction with a right-to-left character set.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-9802":{"scope":"remote","description":"If a Sandbox content process is compromised, it can initiate an FTP download which will then use a child process to render the downloaded data. The downloaded data can then be passed to the Chrome process with an arbitrary file length supplied by an attacker, bypassing sandbox protections and allow for a potential memory read of adjacent data from the privileged Chrome process, which may include sensitive data. This vulnerability affects Firefox < 66.","releases":{"sid":{"fixed_version":"66.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5266":{"scope":"remote","description":"Mozilla Firefox before 48.0 does not properly restrict drag-and-drop (aka dataTransfer) actions for file: URIs, which allows user-assisted remote attackers to access local files via a crafted web site.","releases":{"sid":{"fixed_version":"48.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-9801":{"scope":"remote","description":"Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows operating systems. This should only happen if the program has specifically registered itself as a \"URL Handler\" in the Windows registry. *Note: This issue only affects Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-9804":{"scope":"remote","description":"In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if the URL was maliciously crafted. This is the result of an issue with the native version of Bash on macOS. *Note: This issue only affects macOS. Other operating systems are unaffected.*. This vulnerability affects Firefox < 66.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-5268":{"scope":"remote","description":"Mozilla Firefox before 48.0 does not properly set the LINKABLE and URI_SAFE_FOR_UNTRUSTED_CONTENT flags of about: URLs that are used for error pages, which makes it easier for remote attackers to conduct spoofing attacks via a crafted URL, as demonstrated by misleading text after an about:neterror?d= substring.","releases":{"sid":{"fixed_version":"48.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-9803":{"scope":"remote","description":"The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content Security Policy (CSP), navigation to a same-origin URL must be upgraded to HTTPS. Firefox will incorrectly navigate to an HTTP URL rather than perform the security upgrade requested by the CSP in some circumstances, allowing for potential man-in-the-middle attacks on the linked resources. This vulnerability affects Firefox < 66.","releases":{"sid":{"fixed_version":"66.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5263":{"scope":"remote","description":"The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 mishandles rendering display transformation, which allows remote attackers to execute arbitrary code via a crafted web site that leverages \"type confusion.\"","releases":{"sid":{"fixed_version":"48.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5262":{"scope":"remote","description":"Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process JavaScript event-handler attributes of a MARQUEE element within a sandboxed IFRAME element that lacks the sandbox=\"allow-scripts\" attribute value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.","releases":{"sid":{"fixed_version":"48.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5265":{"scope":"remote","description":"Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS (UXSS) attacks or read arbitrary files, by arranging for the presence of a crafted HTML document and a crafted shortcut file in the same local directory.","releases":{"sid":{"fixed_version":"48.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5264":{"scope":"remote","description":"Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildListChange function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG element that is mishandled during effect application.","releases":{"sid":{"fixed_version":"48.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-9809":{"scope":"remote","description":"If the source for resources on a page is through an FTP connection, it is possible to trigger a series of modal alert messages for these resources through invalid credentials or locations. These messages cannot be immediately dismissed, allowing for a denial of service (DOS) attack. This vulnerability affects Firefox < 66.","releases":{"sid":{"fixed_version":"66.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-2332":{"scope":"remote","description":"Mozilla Firefox 1.5.0.3 allows remote attackers to cause a denial of service via a web page with a large number of IMG elements in which the SRC attribute is a mailto URI.  NOTE: another researcher found that the web page caused a temporary browser slowdown instead of a crash.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.3-2","repositories":{"sid":"66.0.5-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2019-9806":{"scope":"remote","description":"A vulnerability exists during authorization prompting for FTP transaction where successive modal prompts are displayed and cannot be immediately dismissed. This allows for a denial of service (DOS) attack. This vulnerability affects Firefox < 66.","releases":{"sid":{"fixed_version":"66.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-9805":{"scope":"remote","description":"A latent vulnerability exists in the Prio library where data may be read from uninitialized memory for some functions, leading to potential memory corruption. This vulnerability affects Firefox < 66.","releases":{"sid":{"fixed_version":"66.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2019-9808":{"scope":"remote","description":"If WebRTC permission is requested from documents with data: or blob: URLs, the permission notifications do not properly display the originating domain. The notification states \"Unknown origin\" as the requestee, leading to user confusion about which site is asking for this permission. This vulnerability affects Firefox < 66.","releases":{"sid":{"fixed_version":"66.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-9807":{"scope":"remote","description":"When arbitrary text is sent over an FTP connection and a page reload is initiated, it is possible to create a modal alert message with this text as the content. This could potentially be used for social engineering attacks. This vulnerability affects Firefox < 66.","releases":{"sid":{"fixed_version":"66.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5250":{"scope":"remote","description":"Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls.","releases":{"sid":{"fixed_version":"48.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5256":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"sid":{"fixed_version":"49.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2019-9813":{"scope":"remote","description":"Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1.","releases":{"sid":{"fixed_version":"66.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5255":{"scope":"remote","description":"Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandled during incremental garbage collection.","releases":{"sid":{"fixed_version":"48.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5258":{"scope":"remote","description":"Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code by leveraging incorrect free operations on DTLS objects during the shutdown of a WebRTC session.","releases":{"sid":{"fixed_version":"48.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5257":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"sid":{"fixed_version":"49.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-5252":{"scope":"remote","description":"Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via crafted two-dimensional graphics data that is mishandled during clipping-region calculations.","releases":{"sid":{"fixed_version":"48.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5251":{"scope":"remote","description":"Mozilla Firefox before 48.0 allows remote attackers to spoof the location bar via crafted characters in the media type of a data: URL.","releases":{"sid":{"fixed_version":"48.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5254":{"scope":"remote","description":"Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by leveraging keyboard access to use the Alt key during selection of top-level menu items.","releases":{"sid":{"fixed_version":"48.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-5253":{"scope":"local","description":"The Updater in Mozilla Firefox before 48.0 on Windows allows local users to write to arbitrary files via vectors involving the callback application-path parameter and a hard link.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-9810":{"scope":"remote","description":"Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1.","releases":{"sid":{"fixed_version":"66.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5259":{"scope":"remote","description":"Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop.","releases":{"sid":{"fixed_version":"48.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-4809":{"scope":"remote","description":"Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-12406":{"scope":"remote","description":"Mozilla developers and community members reported memory safety bugs present in Firefox 63. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 64.","releases":{"sid":{"fixed_version":"64.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-12407":{"scope":"remote","description":"A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content, when working with the VertexBuffer11 module. This results in a potentially exploitable crash. This vulnerability affects Firefox < 64.","releases":{"sid":{"fixed_version":"64.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-12402":{"scope":"remote","description":"The internal WebBrowserPersist code does not use correct origin context for a resource being saved. This manifests when sub-resources are loaded as part of \"Save Page As...\" functionality. For example, a malicious page could recover a visitor's Windows username and NTLM hash by including resources otherwise unreachable to the malicious page, if they can convince the visitor to save the complete web page. Similarly, SameSite cookies are sent on cross-origin requests when the \"Save Page As...\" menu item is selected to save a page, which can result in saving the wrong version of resources based on those cookies. This vulnerability affects Firefox < 63.","releases":{"sid":{"fixed_version":"63.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-12403":{"scope":"remote","description":"If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed content warning is not displayed to users. This vulnerability affects Firefox < 63.","releases":{"sid":{"fixed_version":"63.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-12405":{"scope":"remote","description":"Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.","releases":{"sid":{"fixed_version":"64.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-12400":{"scope":"remote","description":"In private browsing mode on Firefox for Android, favicons are cached in the cache/icons folder as they are in non-private mode. This allows information leakage of sites visited during private browsing sessions. *Note: this issue only affects Firefox for Android. Desktop versions of Firefox are unaffected.*. This vulnerability affects Firefox < 63.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-12401":{"scope":"remote","description":"Some special resource URIs will cause a non-exploitable crash if loaded with optional parameters following a '?' in the parsed string. This could lead to denial of service (DOS) attacks. This vulnerability affects Firefox < 63.","releases":{"sid":{"fixed_version":"63.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-2786":{"scope":"remote","description":"HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via (1) invalid HTTP response headers with spaces between the header name and the colon, which might not be ignored in some cases, or (2) HTTP 1.1 headers through an HTTP 1.0 proxy, which are ignored by the proxy but processed by the client.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.4-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2006-2785":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 1.5.0.4 allows user-assisted remote attackers to inject arbitrary web script or HTML by tricking a user into (1) performing a \"View Image\" on a broken image in which the SRC attribute contains a Javascript URL, or (2) selecting \"Show only this frame\" on a frame whose SRC attribute contains a Javascript URL.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.4-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2006-2788":{"scope":"remote","description":"Double free vulnerability in the getRawDER function for nsIX509Cert in Firefox allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via certain Javascript code.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.4","repositories":{"sid":"66.0.5-1"},"urgency":"high","status":"resolved"}}}}
{"CVE-2006-2787":{"scope":"remote","description":"EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.4-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2006-2782":{"scope":"remote","description":"Firefox 1.5.0.2 does not fix all test cases associated with CVE-2006-1729, which allows remote attackers to read arbitrary files by inserting the target filename into a text box, then turning that box into a file upload control.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.4-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2006-2784":{"scope":"remote","description":"The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-assisted attackers to execute privileged code by tricking a user into installing missing plugins and selecting the \"Manual Install\" button, then using nested javascript: URLs.  NOTE: the manual install button is used for downloading software from a remote web site, so this issue would not cross privilege boundaries if the user progresses to the point of installing malicious software from the attacker-controlled site.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.4-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2006-2783":{"debianbug":535793,"scope":"remote","description":"Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode Byte-order-Mark (BOM) from a UTF-8 page before the page is passed to the parser, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a BOM sequence in the middle of a dangerous tag such as SCRIPT.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.4-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2006-2780":{"scope":"remote","description":"Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via \"jsstr tagify,\" which leads to memory corruption.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.4-1","repositories":{"sid":"66.0.5-1"},"urgency":"high","status":"resolved"}}}}
{"CVE-2006-2779":{"scope":"remote","description":"Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested <option> tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) \"Content-implemented tree views,\" (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.4-1","repositories":{"sid":"66.0.5-1"},"urgency":"high","status":"resolved"}}}}
{"CVE-2006-2778":{"scope":"remote","description":"The crypto.signText function in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments, which causes an invalid array index and triggers a buffer overflow.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.4-1","repositories":{"sid":"66.0.5-1"},"urgency":"high","status":"resolved"}}}}
{"CVE-2006-2775":{"scope":"remote","description":"Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attributes with the wrong URL under certain unspecified circumstances, which might allow remote attackers to bypass restrictions by causing a persisted string to be associated with the wrong URL.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.4-1","repositories":{"sid":"66.0.5-1"},"urgency":"high","status":"resolved"}}}}
{"CVE-2006-2777":{"scope":"remote","description":"Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to execute arbitrary code by using the nsISelectionPrivate interface of the Selection object to add a SelectionListener and create notifications that are executed in a privileged context.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.4-1","repositories":{"sid":"66.0.5-1"},"urgency":"high","status":"resolved"}}}}
{"CVE-2006-2776":{"scope":"remote","description":"Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 calls content-defined setters on an object prototype, which allows remote attackers to execute code at a higher privilege than intended.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.4-1","repositories":{"sid":"66.0.5-1"},"urgency":"high","status":"resolved"}}}}
{"CVE-2005-2414":{"debianbug":327549,"scope":"remote","description":"Race condition in the xpcom library, as used by web browsers such as Firefox, Mozilla, Netscape, and Galeon, allows remote attackers to cause a denial of service (application crash) via a large HTML file that loads a DOM call from within nested DIV tags, which causes part of the currently rendering page and referenced objects to be deleted.","releases":{"sid":{"fixed_version":"1.5.dfsg-1","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-12360":{"scope":"remote","description":"A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.","releases":{"sid":{"fixed_version":"61.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-3731":{"debianbug":379050,"scope":"remote","description":"Mozilla Firefox 1.5.0.4 and earlier allows remote user-assisted attackers to cause a denial of service (crash) via a form with a multipart/form-data encoding and a user-uploaded file.  NOTE: a third party has claimed that this issue might be related to the LiveHTTPHeaders extension.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.6-1","repositories":{"sid":"66.0.5-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-12358":{"scope":"remote","description":"Service workers can use redirection to avoid the tainting of cross-origin resources in some instances, allowing a malicious site to read responses which are supposed to be opaque. This vulnerability affects Firefox < 61.","releases":{"sid":{"fixed_version":"61.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-12359":{"scope":"remote","description":"A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.","releases":{"sid":{"fixed_version":"61.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-1790":{"scope":"remote","description":"A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory corruption.","releases":{"sid":{"fixed_version":"1.5","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2005-4720":{"scope":"remote","description":"Mozilla Firefox 1.0.7 and earlier on Linux allows remote attackers to cause a denial of service (client crash) via an IFRAME element with a large value of the WIDTH attribute, which triggers a problem related to representation of floating-point numbers, leading to an infinite loop of widget resizes and a corresponding large number of function calls on the stack.","releases":{"sid":{"fixed_version":"1.5.dfsg-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-1531":{"scope":"remote","description":"Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML.  NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different.","releases":{"sid":{"fixed_version":"1.5.0.2","repositories":{"sid":"66.0.5-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2006-1530":{"scope":"remote","description":"Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML.  NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different.","releases":{"sid":{"fixed_version":"1.5.0.2","repositories":{"sid":"66.0.5-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2018-18498":{"scope":"remote","description":"A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.","releases":{"sid":{"fixed_version":"64.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-18497":{"scope":"remote","description":"Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument. This could allow a malicious WebExtension to open privileged about: or file: locations. This vulnerability affects Firefox < 64.","releases":{"sid":{"fixed_version":"64.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-18496":{"scope":"remote","description":"When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing an executable file from a temporary directory. *Note: This issue only affects Windows operating systems. Other operating systems are not affected.*. This vulnerability affects Firefox < 64.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-18495":{"scope":"remote","description":"WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. This could allow an extension to interfere with the loading and usage of these pages and use capabilities that were intended to be restricted from extensions. This vulnerability affects Firefox < 64.","releases":{"sid":{"fixed_version":"64.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-1529":{"scope":"remote","description":"Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML.  NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different.","releases":{"sid":{"fixed_version":"1.5.0.2-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2018-18494":{"scope":"remote","description":"A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.","releases":{"sid":{"fixed_version":"64.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-18493":{"scope":"remote","description":"A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.","releases":{"sid":{"fixed_version":"64.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-18492":{"scope":"remote","description":"A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.","releases":{"sid":{"fixed_version":"64.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2004-1639":{"scope":"remote","description":"Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows remote attackers to cause a denial of service (application crash or memory consumption) via a large binary file with a .html extension.","releases":{"sid":{"repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-2832":{"scope":"remote","description":"Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets (CSS) pseudo-classes.","releases":{"sid":{"fixed_version":"47.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2833":{"scope":"remote","description":"Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) directives for cross-domain Java applets, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted applet.","releases":{"sid":{"fixed_version":"47.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2834":{"scope":"remote","description":"Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.","releases":{"sid":{"fixed_version":"47.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-2835":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"sid":{"fixed_version":"48.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2830":{"scope":"remote","description":"Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier for remote web servers to track users by observing network traffic from multiple IP addresses.","releases":{"sid":{"fixed_version":"48.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2831":{"scope":"remote","description":"Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks, via a crafted web site.","releases":{"sid":{"fixed_version":"47.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2836":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to Http2Session::Shutdown and SpdySession31::Shutdown, and other vectors.","releases":{"sid":{"fixed_version":"48.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2837":{"scope":"remote","description":"Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media Plugin (GMP) sandbox bypass.","releases":{"sid":{"fixed_version":"48.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2838":{"scope":"remote","description":"Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via directional content in an SVG document.","releases":{"sid":{"fixed_version":"48.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2839":{"scope":"remote","description":"Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux make cairo _cairo_surface_get_extents calls that do not properly interact with libav header allocation in FFmpeg 0.10, which allows remote attackers to cause a denial of service (application crash) via a crafted video.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-2723":{"scope":"remote","description":"Unspecified versions of Mozilla Firefox allow remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags.  NOTE: a followup post indicated that the initial report could not be verified.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-3812":{"scope":"remote","description":"Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to reference remote files and possibly load chrome: URLs by tricking the user into copying or dragging links.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.5-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2006-3810":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the XPCNativeWrapper(window).Function construct.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.5-1","repositories":{"sid":"66.0.5-1"},"urgency":"high","status":"resolved"}}}}
{"CVE-2006-3811":{"scope":"remote","description":"Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Javascript that leads to memory corruption, including (1) nsListControlFrame::FireMenuItemActiveEvent, (2) buffer overflows in the string class in out-of-memory conditions, (3) table row and column groups, (4) \"anonymous box selectors outside of UA stylesheets,\" (5) stale references to \"removed nodes,\" and (6) running the crypto.generateCRMFRequest callback on deleted context.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.5-1","repositories":{"sid":"66.0.5-1"},"urgency":"high","status":"resolved"}}}}
{"CVE-2006-1993":{"debianbug":364810,"scope":"remote","description":"Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain Javascript that is not properly handled by the contentWindow.focus method in an iframe, which causes a reference to a deleted controller context object.  NOTE: this was originally claimed to be a buffer overflow in (1) js320.dll and (2) xpcom_core.dll, but the vendor disputes this claim.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.3-1","repositories":{"sid":"66.0.5-1"},"urgency":"high","status":"resolved"}}}}
{"CVE-2016-1973":{"scope":"remote","description":"Race condition in the GetStaticInstance function in the WebRTC implementation in Mozilla Firefox before 45.0 might allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via unspecified vectors.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2821":{"scope":"remote","description":"Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering deletion of DOM elements that were created in the editor.","releases":{"sid":{"fixed_version":"47.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2822":{"scope":"remote","description":"Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu.","releases":{"sid":{"fixed_version":"47.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2824":{"scope":"remote","description":"The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows, allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact by triggering use of a WebGL shader that writes to an array.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-1977":{"scope":"remote","description":"The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-1974":{"scope":"remote","description":"The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2820":{"scope":"remote","description":"The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Firefox before 46.0 does not properly restrict the origin of events, which makes it easier for remote attackers to modify sharing preferences by leveraging access to the remote-report IFRAME element.","releases":{"sid":{"fixed_version":"46.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2829":{"scope":"remote","description":"Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted web site that rapidly triggers permission requests, as demonstrated by the microphone permission or the geolocation permission.","releases":{"sid":{"fixed_version":"47.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-1979":{"scope":"remote","description":"Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2825":{"scope":"remote","description":"Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL.","releases":{"sid":{"fixed_version":"47.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2826":{"scope":"local","description":"The maintenance service in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows does not prevent MAR extracted-file modification during updater execution, which might allow local users to gain privileges via a Trojan horse file.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-2827":{"scope":"remote","description":"The mozilla::net::IsValidReferrerPolicy function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a Content Security Policy (CSP) referrer directive with zero values.","releases":{"sid":{"fixed_version":"49.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-18499":{"scope":"remote","description":"A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv=\"refresh\" on a page to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.","releases":{"sid":{"fixed_version":"62.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2828":{"scope":"remote","description":"Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool.","releases":{"sid":{"fixed_version":"47.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-3809":{"scope":"remote","description":"Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows scripts with the UniversalBrowserRead privilege to gain UniversalXPConnect privileges and possibly execute code or obtain sensitive data by reading into a privileged context.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.5-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2006-3807":{"scope":"remote","description":"Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object() constructor to return a reference to a privileged object and calling \"named JavaScript functions\" that use the constructor.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.5-1","repositories":{"sid":"66.0.5-1"},"urgency":"high","status":"resolved"}}}}
{"CVE-2006-3808":{"scope":"remote","description":"Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote Proxy AutoConfig (PAC) servers to execute code with elevated privileges via a PAC script that sets the FindProxyForURL function to an eval method on a privileged object.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.5-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2006-3805":{"scope":"remote","description":"The Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.5-1","repositories":{"sid":"66.0.5-1"},"urgency":"high","status":"resolved"}}}}
{"CVE-2006-3806":{"scope":"remote","description":"Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving (1) long strings in the toSource method of the Object, Array, and String objects; and (2) unspecified \"string function arguments.\"","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.5-1","repositories":{"sid":"66.0.5-1"},"urgency":"high","status":"resolved"}}}}
{"CVE-2006-3803":{"scope":"remote","description":"Race condition in the JavaScript garbage collection in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code by causing the garbage collector to delete a temporary variable while it is still being used during the creation of a new Function object.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.5-1","repositories":{"sid":"66.0.5-1"},"urgency":"high","status":"resolved"}}}}
{"CVE-2006-3801":{"scope":"remote","description":"Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 does not properly clear a JavaScript reference to a frame or window, which leaves a pointer to a deleted object that allows remote attackers to execute arbitrary native code.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.5-1","repositories":{"sid":"66.0.5-1"},"urgency":"high","status":"resolved"}}}}
{"CVE-2006-3802":{"scope":"remote","description":"Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to hijack native DOM methods from objects in another domain and conduct cross-site scripting (XSS) attacks using DOM methods of the top-level object.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.5-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2006-1741":{"scope":"remote","description":"Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) \"using a modal alert to suspend an event handler while a new page is being loaded\", (2) using eval(), and using certain variants involving (3) \"new Script;\" and (4) using window.__proto__ to extend eval, aka \"cross-site JavaScript injection\".","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.2-2","repositories":{"sid":"66.0.5-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2006-1740":{"scope":"remote","description":"Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.2-2","repositories":{"sid":"66.0.5-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2019-9789":{"scope":"remote","description":"Mozilla developers and community members reported memory safety bugs present in Firefox 65. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 66.","releases":{"sid":{"fixed_version":"66.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2019-9788":{"scope":"remote","description":"Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.","releases":{"sid":{"fixed_version":"66.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-1742":{"scope":"remote","description":"The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remote attackers to trigger operations on freed memory and cause memory corruption.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.2-2","repositories":{"sid":"66.0.5-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2016-1962":{"scope":"remote","description":"Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-2810":{"scope":"remote","description":"Mozilla Firefox before 46.0 on Android before 5.0 allows attackers to bypass intended Signature access requirements via a crafted application that leverages content-provider permissions, as demonstrated by reading the browser history or a saved password.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-1961":{"scope":"remote","description":"Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka ZDI-CAN-3574.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2811":{"scope":"remote","description":"Use-after-free vulnerability in the ServiceWorkerInfo class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code via vectors related to the BeginReading method.","releases":{"sid":{"fixed_version":"46.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-1960":{"scope":"remote","description":"Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2812":{"scope":"remote","description":"Race condition in the get implementation in the ServiceWorkerManager class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted web site.","releases":{"sid":{"fixed_version":"46.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2813":{"scope":"remote","description":"Mozilla Firefox before 46.0 on Android does not properly restrict JavaScript access to orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment, and possibly discover PIN values, via a crafted web site, a similar issue to CVE-2016-1780.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-1966":{"scope":"remote","description":"The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a crafted NPAPI plugin.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-1965":{"scope":"remote","description":"Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-1964":{"scope":"remote","description":"Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-1963":{"scope":"local","description":"The FileReader class in Mozilla Firefox before 45.0 allows local users to gain privileges or cause a denial of service (memory corruption) by changing a file during a FileReader API read operation.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2818":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"sid":{"fixed_version":"47.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2819":{"scope":"remote","description":"Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fragments within an SVG element.","releases":{"sid":{"fixed_version":"47.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-1969":{"scope":"remote","description":"The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.6.1, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted Graphite smart font.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-1968":{"debianbug":817233,"scope":"remote","description":"Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted data with brotli compression.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-1967":{"scope":"remote","description":"Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls after restoring a browser session. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7207.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2814":{"scope":"remote","description":"Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code via crafted CENC offsets that lead to mismanagement of the sizes table.","releases":{"sid":{"fixed_version":"46.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2815":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"sid":{"fixed_version":"47.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2816":{"scope":"remote","description":"Mozilla Firefox before 46.0 allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via the multipart/x-mixed-replace content type.","releases":{"sid":{"fixed_version":"46.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2817":{"scope":"remote","description":"The WebExtension sandbox feature in browser/components/extensions/ext-tabs.js in Mozilla Firefox before 46.0 does not properly restrict principal inheritance during chrome.tabs.create and chrome.tabs.update API calls, which allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted extension that accesses a (1) javascript: or (2) data: URL.","releases":{"sid":{"fixed_version":"46.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-9794":{"scope":"remote","description":"A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell handler for URLs. This could be used to retrieve and execute files whose location is supplied through these command line arguments if Firefox is configured as the default URI handler for a given URI scheme in third party applications and these applications insufficiently sanitize URL data. *Note: This issue only affects Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-9793":{"scope":"remote","description":"A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which the range analysis will infer a fully controlled, incorrect range in circumstances where users have explicitly disabled Spectre mitigations. *Note: Spectre mitigations are currently enabled for all users by default settings.*. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.","releases":{"sid":{"fixed_version":"66.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-9796":{"scope":"remote","description":"A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller element, the refresh driver incorrectly leaves a dangling pointer to the driver's observer array. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.","releases":{"sid":{"fixed_version":"66.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2019-9795":{"scope":"remote","description":"A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.","releases":{"sid":{"fixed_version":"66.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2019-9790":{"scope":"remote","description":"A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.","releases":{"sid":{"fixed_version":"66.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-1738":{"scope":"remote","description":"Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) by changing the (1) -moz-grid and (2) -moz-grid-group display styles.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.2-2","repositories":{"sid":"66.0.5-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2006-1737":{"scope":"remote","description":"Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary bytecode via JavaScript with a large regular expression.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.2-2","repositories":{"sid":"66.0.5-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2019-9792":{"scope":"remote","description":"The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.","releases":{"sid":{"fixed_version":"66.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2019-9791":{"scope":"remote","description":"The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and writing of objects during an exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.","releases":{"sid":{"fixed_version":"66.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-1739":{"scope":"remote","description":"The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain Cascading Style Sheets (CSS) that causes an out-of-bounds array write and buffer overflow.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.2-2","repositories":{"sid":"66.0.5-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2006-1734":{"scope":"remote","description":"Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using the Object.watch method to access the \"clone parent\" internal function.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.2-2","repositories":{"sid":"66.0.5-1"},"urgency":"high","status":"resolved"}}}}
{"CVE-2006-1733":{"scope":"remote","description":"Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) valueOf.apply methods of an XBL binding, or (3) \"by inserting an XBL method into the DOM's document.body prototype chain.\"","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.2-2","repositories":{"sid":"66.0.5-1"},"urgency":"high","status":"resolved"}}}}
{"CVE-2006-1736":{"scope":"remote","description":"Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the executable, which causes the executable to be saved when the user clicks the \"Save image as...\" option.  NOTE: this attack is made easier due to a GUI truncation issue that prevents the user from seeing the malicious extension when there is extra whitespace in the filename.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.2-2","repositories":{"sid":"66.0.5-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2006-1735":{"scope":"remote","description":"Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using an eval in an XBL method binding (XBL.method.eval) to create Javascript functions that are compiled with extra privileges.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.2-2","repositories":{"sid":"66.0.5-1"},"urgency":"high","status":"resolved"}}}}
{"CVE-2019-9798":{"scope":"remote","description":"On Android systems, Firefox can load a library from APITRACE_LIB, which is writable by all users and applications. This could allow malicious third party applications to execute a man-in-the-middle attack if a malicious code was written to that location and loaded. *Note: This issue only affects Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 66.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-1730":{"scope":"remote","description":"Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via a large number in the CSS letter-spacing property that leads to a heap-based buffer overflow.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.2-1","repositories":{"sid":"66.0.5-1"},"urgency":"high","status":"resolved"}}}}
{"CVE-2019-9797":{"scope":"remote","description":"Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox < 66.","releases":{"sid":{"fixed_version":"66.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-1732":{"scope":"remote","description":"Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to bypass same-origin protections and conduct cross-site scripting (XSS) attacks via unspecified vectors involving the window.controllers array.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.2-2","repositories":{"sid":"66.0.5-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2006-0884":{"scope":"remote","description":"The WYSIWYG rendering engine (\"rich mail\" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.2-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2019-9799":{"scope":"remote","description":"Insufficient bounds checking of data during inter-process communication might allow a compromised content process to be able to read memory from the parent process under certain conditions. This vulnerability affects Firefox < 66.","releases":{"sid":{"fixed_version":"66.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-1731":{"scope":"remote","description":"Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.apply are called without any arguments, which allows remote attackers to conduct cross-site scripting (XSS) attacks.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.2-2","repositories":{"sid":"66.0.5-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2016-1951":{"scope":"remote","description":"Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) before 4.12 allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long string to a PR_*printf function.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-2800":{"scope":"remote","description":"The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2792.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-1950":{"scope":"remote","description":"Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2801":{"scope":"remote","description":"The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2797.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2802":{"scope":"remote","description":"The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-1955":{"scope":"remote","description":"Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-1954":{"scope":"remote","description":"The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local file.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-1953":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other vectors.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-1952":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2807":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"sid":{"fixed_version":"46.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2005-3896":{"debianbug":340282,"scope":"remote","description":"Mozilla allows remote attackers to cause a denial of service (CPU consumption) via a Javascript BODY onload event that calls the window function.","releases":{"sid":{"fixed_version":"1.5.dfsg-1","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-1959":{"scope":"remote","description":"The ServiceWorkerManager class in Mozilla Firefox before 45.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via unspecified use of the Clients API.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2808":{"scope":"remote","description":"The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service (generation-count overflow, out-of-bounds HashMap write access, and application crash) via a crafted web site.","releases":{"sid":{"fixed_version":"46.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-1958":{"scope":"remote","description":"browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript: URL.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2809":{"scope":"remote","description":"The Mozilla Maintenance Service updater in Mozilla Firefox before 46.0 on Windows allows user-assisted remote attackers to delete arbitrary files by leveraging certain local file execution.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-1957":{"scope":"remote","description":"Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-1956":{"scope":"remote","description":"Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a WebGL shader.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-2804":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"sid":{"fixed_version":"46.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-2805":{"scope":"remote","description":"Unspecified vulnerability in the browser engine in Mozilla Firefox ESR 38.x before 38.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-18356":{"debianbug":818180,"scope":"remote","description":"An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","releases":{"sid":{"fixed_version":"65.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2806":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","releases":{"sid":{"fixed_version":"46.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-5117":{"scope":"remote","description":"If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can mislead users to believe they are on a different site than the one loaded. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.","releases":{"sid":{"fixed_version":"58.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-5116":{"scope":"remote","description":"WebExtensions with the \"ActiveTab\" permission are able to access frames hosted within the active tab even if the frames are cross-origin. Malicious extensions can inject frames from arbitrary origins into the loaded page and then interact with them, bypassing same-origin user expectations with this permission. This vulnerability affects Firefox < 58.","releases":{"sid":{"fixed_version":"58.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-5115":{"scope":"remote","description":"If an HTTP authentication prompt is triggered by a background network request from a page or extension, it is displayed over the currently loaded foreground page. Although the prompt contains the real domain making the request, this can result in user confusion about the originating site of the authentication request and may cause users to mistakenly send private credential information to a third party site. This vulnerability affects Firefox < 58.","releases":{"sid":{"fixed_version":"58.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-5114":{"scope":"remote","description":"If an existing cookie is changed to be \"HttpOnly\" while a document is open, the original value remains accessible through script until that document is closed. Network requests correctly use the changed HttpOnly cookie. This vulnerability affects Firefox < 58.","releases":{"sid":{"fixed_version":"58.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-1727":{"scope":"remote","description":"Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to gain chrome privileges via multiple attack vectors related to the use of XBL scripts with \"Print Preview\".","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.2-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2018-5113":{"scope":"remote","description":"The \"browser.identity.launchWebAuthFlow\" function of WebExtensions is only allowed to load content over \"https:\" but this requirement was not properly enforced. This can potentially allow privileged pages to be loaded by the extension. This vulnerability affects Firefox < 58.","releases":{"sid":{"fixed_version":"58.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-5112":{"scope":"remote","description":"Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances. This could allow the development tools panel for the extension to load a URL that it should not be able to access, including potentially privileged pages. This vulnerability affects Firefox < 58.","releases":{"sid":{"fixed_version":"58.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-1726":{"scope":"remote","description":"Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to bypass the js_ValueToFunctionObject check and execute arbitrary code via unknown vectors involving setTimeout and Firefox' ForEach method.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.2-1","repositories":{"sid":"66.0.5-1"},"urgency":"high","status":"resolved"}}}}
{"CVE-2006-1729":{"scope":"remote","description":"Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by (1) inserting the target filename into a text box, then turning that box into a file upload control, or (2) changing the type of the input control that is associated with an event handler.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.2-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2018-5111":{"scope":"remote","description":"When the text of a specially formatted URL is dragged to the addressbar from page content, the displayed URL can be spoofed to show a different site than the one loaded. This allows for phishing attacks where a malicious page can spoof the identify of another site. This vulnerability affects Firefox < 58.","releases":{"sid":{"fixed_version":"58.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-1728":{"scope":"remote","description":"Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to the crypto.generateCRMFRequest method.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.2-1","repositories":{"sid":"66.0.5-1"},"urgency":"high","status":"resolved"}}}}
{"CVE-2018-5110":{"scope":"remote","description":"If cursor visibility is toggled by script using from 'none' to an image and back through script, the cursor will be rendered temporarily invisible within Firefox. Note: This vulnerability only affects OS X. Other operating systems are not affected. This vulnerability affects Firefox < 58.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-1723":{"scope":"remote","description":"Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML.  NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.2","repositories":{"sid":"66.0.5-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2006-1725":{"scope":"remote","description":"Mozilla Firefox 1.5 before 1.5.0.2 and SeaMonkey before 1.0.1 causes certain windows to become translucent due to an interaction between XUL content windows and the history mechanism, which might allow user-assisted remote attackers to trick users into executing arbitrary code.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.2-1","repositories":{"sid":"66.0.5-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2006-1724":{"scope":"remote","description":"Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to DHTML.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.2-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2018-5119":{"scope":"remote","description":"The reader view will display cross-origin content when CORS headers are set to prohibit the loading of cross-origin content by a site. This could allow access to content that should be restricted in reader view. This vulnerability affects Firefox < 58.","releases":{"sid":{"fixed_version":"58.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-1949":{"scope":"remote","description":"Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a crossdomain.xml file.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-5118":{"scope":"remote","description":"The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through \"file:\" URLs from the local file system. This loading is blocked by the sandbox but could expose local data if combined with another attack that escapes sandbox protections. This vulnerability affects Firefox < 58.","releases":{"sid":{"fixed_version":"58.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5292":{"scope":"remote","description":"During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. This vulnerability affects Firefox < 50.","releases":{"sid":{"fixed_version":"50.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-5128":{"scope":"remote","description":"A use-after-free vulnerability can occur when manipulating elements, events, and selection ranges during editor operations. This results in a potentially exploitable crash. This vulnerability affects Firefox < 59.","releases":{"sid":{"fixed_version":"59.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-5291":{"scope":"local","description":"A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.","releases":{"sid":{"fixed_version":"50.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-5127":{"scope":"remote","description":"A buffer overflow can occur when manipulating the SVG \"animatedPathSegList\" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.","releases":{"sid":{"fixed_version":"59.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5294":{"scope":"local","description":"The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-5126":{"scope":"remote","description":"Memory safety bugs were reported in Firefox 58. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 59.","releases":{"sid":{"fixed_version":"59.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-5293":{"scope":"local","description":"When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox ESR < 45.5 and Firefox < 50.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-5125":{"scope":"remote","description":"Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.","releases":{"sid":{"fixed_version":"59.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-5124":{"scope":"remote","description":"Unsanitized output in the browser UI leaves HTML tags in place and can result in arbitrary code execution in Firefox before version 58.0.1.","releases":{"sid":{"fixed_version":"58.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-0748":{"scope":"remote","description":"Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via \"an invalid and non-sensical ordering of table-related tags\" that results in a negative array index.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.2-1","repositories":{"sid":"66.0.5-1"},"urgency":"high","status":"resolved"}}}}
{"CVE-2016-5290":{"scope":"remote","description":"Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.","releases":{"sid":{"fixed_version":"50.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-5122":{"scope":"remote","description":"A potential integer overflow in the \"DoCrypt\" function of WebCrypto was identified. If a means was found of exploiting it, it could result in an out-of-bounds write. This vulnerability affects Firefox < 58.","releases":{"sid":{"fixed_version":"58.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2005-4685":{"scope":"remote","description":"Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site.","releases":{"sid":{"repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2018-5121":{"scope":"remote","description":"Low descenders on some Tibetan characters in several fonts on OS X are clipped when rendered in the addressbar. When used as part of an Internationalized Domain Name (IDN) this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 58.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-0749":{"scope":"remote","description":"nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors involving a \"particular sequence of HTML tags\" that leads to memory corruption.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.2","repositories":{"sid":"66.0.5-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-5299":{"scope":"remote","description":"A previously installed malicious Android application with same signature-level permissions as Firefox can intercept AuthTokens meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-9899":{"scope":"remote","description":"Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.","releases":{"sid":{"fixed_version":"50.1.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-9898":{"scope":"remote","description":"Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.","releases":{"sid":{"fixed_version":"50.1.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-9897":{"scope":"remote","description":"Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.","releases":{"sid":{"fixed_version":"50.1.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5296":{"scope":"remote","description":"A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.","releases":{"sid":{"fixed_version":"50.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9896":{"scope":"remote","description":"Use-after-free while manipulating the \"navigator\" object within WebVR. Note: WebVR is not currently enabled by default. This vulnerability affects Firefox < 50.1.","releases":{"sid":{"fixed_version":"50.1.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5295":{"scope":"local","description":"This vulnerability allows an attacker to use the Mozilla Maintenance Service to escalate privilege by having the Maintenance Service invoke the Mozilla Updater to run malicious local files. This vulnerability requires local system access and is a variant of MFSA2013-44. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox < 50.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-9895":{"scope":"remote","description":"Event handlers on \"marquee\" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.","releases":{"sid":{"fixed_version":"50.1.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5298":{"scope":"remote","description":"A mechanism where disruption of the loading of a new web page can cause the previous page's favicon and SSL indicator to not be reset when the new page is loaded. Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected. This vulnerability affects Firefox < 50.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-9894":{"scope":"remote","description":"A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated during allocation. Later writers will overflow the buffer, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 50.1.","releases":{"sid":{"fixed_version":"50.1.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5297":{"scope":"remote","description":"An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.","releases":{"sid":{"fixed_version":"50.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-9893":{"scope":"remote","description":"Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.","releases":{"sid":{"fixed_version":"50.1.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-5129":{"scope":"remote","description":"A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.","releases":{"sid":{"fixed_version":"59.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5281":{"scope":"remote","description":"Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code and an SVG document.","releases":{"sid":{"fixed_version":"49.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-5280":{"scope":"remote","description":"Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via bidirectional text.","releases":{"sid":{"fixed_version":"49.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-5283":{"scope":"remote","description":"Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resized.","releases":{"sid":{"fixed_version":"49.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5282":{"scope":"remote","description":"Mozilla Firefox before 49.0 does not properly restrict the scheme in favicon requests, which might allow remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by a jar: URL for a favicon resource.","releases":{"sid":{"fixed_version":"49.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-2353":{"debianbug":306893,"scope":"local","description":"run-mozilla.sh in Thunderbird, with debugging enabled, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.2-1","repositories":{"sid":"66.0.5-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-5289":{"scope":"remote","description":"Memory safety bugs were reported in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.","releases":{"sid":{"fixed_version":"50.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-1942":{"scope":"remote","description":"Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an \"alternate web page.\"","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.4-1","repositories":{"sid":"66.0.5-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-5288":{"scope":"remote","description":"Web content could access information in the HTTP cache if e10s is disabled. This can reveal some visited URLs and the contents of those pages. This issue affects Firefox 48 and 49. This vulnerability affects Firefox < 49.0.2.","releases":{"sid":{"fixed_version":"50.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5284":{"scope":"remote","description":"Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org signed by an arbitrary built-in Certification Authority.","releases":{"sid":{"fixed_version":"49.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5287":{"scope":"remote","description":"A potentially exploitable use-after-free crash during actor destruction with service workers. This issue does not affect releases earlier than Firefox 49. This vulnerability affects Firefox < 49.0.2.","releases":{"sid":{"fixed_version":"50.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-0718":{"scope":"remote","description":"Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.","releases":{"sid":{"fixed_version":"48.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-5270":{"scope":"remote","description":"Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to cause a denial of service (boolean out-of-bounds write) or possibly have unspecified other impact via Unicode characters that are mishandled during text conversion.","releases":{"sid":{"fixed_version":"49.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-5106":{"scope":"remote","description":"Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third party website if a user selects error links when these tools are open. This can allow style editor information used within Developer Tools to leak cross-origin. This vulnerability affects Firefox < 58.","releases":{"sid":{"fixed_version":"58.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-5105":{"scope":"local","description":"WebExtensions can bypass user prompts to first save and then open an arbitrarily downloaded file. This can result in an executable file running with local user privileges without explicit user consent. This vulnerability affects Firefox < 58.","releases":{"sid":{"fixed_version":"58.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-5272":{"scope":"remote","description":"The nsImageGeometryMixin class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 does not properly perform a cast of an unspecified variable during handling of INPUT elements, which allows remote attackers to execute arbitrary code via a crafted web site.","releases":{"sid":{"fixed_version":"49.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-5104":{"scope":"remote","description":"A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.","releases":{"sid":{"fixed_version":"58.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-5271":{"scope":"remote","description":"The PropertyProvider::GetSpacingInternal function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via text runs in conjunction with a \"display: contents\" Cascading Style Sheets (CSS) property.","releases":{"sid":{"fixed_version":"49.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-5103":{"scope":"remote","description":"A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.","releases":{"sid":{"fixed_version":"58.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-5102":{"scope":"remote","description":"A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.","releases":{"sid":{"fixed_version":"58.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-5101":{"scope":"remote","description":"A use-after-free vulnerability can occur when manipulating floating \"first-letter\" style elements, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 58.","releases":{"sid":{"fixed_version":"58.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-5100":{"scope":"remote","description":"A use-after-free vulnerability can occur when arguments passed to the \"IsPotentiallyScrollable\" function are freed while still in use by scripts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 58.","releases":{"sid":{"fixed_version":"58.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5278":{"scope":"remote","description":"Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via a crafted image data that is mishandled during the encoding of an image frame to an image.","releases":{"sid":{"fixed_version":"49.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5277":{"scope":"remote","description":"Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging improper interaction between timeline destruction and the Web Animations model implementation.","releases":{"sid":{"fixed_version":"49.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-5279":{"scope":"remote","description":"Mozilla Firefox before 49.0 allows user-assisted remote attackers to obtain sensitive full-pathname information during a local-file drag-and-drop operation via crafted JavaScript code.","releases":{"sid":{"fixed_version":"49.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5274":{"scope":"remote","description":"Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between restyling and the Web Animations model implementation.","releases":{"sid":{"fixed_version":"49.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-5273":{"scope":"remote","description":"The mozilla::a11y::HyperTextAccessible::GetChildOffset function in the accessibility implementation in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code via a crafted web site.","releases":{"sid":{"fixed_version":"49.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-5276":{"scope":"remote","description":"Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an aria-owns attribute.","releases":{"sid":{"fixed_version":"49.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-5275":{"scope":"remote","description":"Buffer overflow in the mozilla::gfx::FilterSupport::ComputeSourceNeededRegions function in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code by leveraging improper interaction between empty filters and CANVAS element rendering.","releases":{"sid":{"fixed_version":"49.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-5109":{"scope":"remote","description":"An audio capture session can started under an incorrect origin from the site making the capture request. Users are still prompted to allow the request but the prompt can display the wrong origin, leading to user confusion about which site is making the request to capture an audio stream. This vulnerability affects Firefox < 58.","releases":{"sid":{"fixed_version":"58.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-5108":{"scope":"remote","description":"A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private browsing tab and for data to be passed between the private browsing tab and a normal tab. This could allow for the leaking of private information specific to the private browsing context. This issue is mitigated by the requirement that the user enter the Blob URL manually in order for the access violation to occur. This vulnerability affects Firefox < 58.","releases":{"sid":{"fixed_version":"58.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-5107":{"scope":"remote","description":"The printing process can bypass local access protections to read files available through symlinks, bypassing local file restrictions. The printing process requires files in a specific format so arbitrary data cannot be read but it is possible that some local file information could be exposed. This vulnerability affects Firefox < 58.","releases":{"sid":{"fixed_version":"58.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9067":{"scope":"remote","description":"Two use-after-free errors during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50.","releases":{"sid":{"fixed_version":"50.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9066":{"scope":"remote","description":"A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.","releases":{"sid":{"fixed_version":"50.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-5159":{"scope":"remote","description":"An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable by web content. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.","releases":{"sid":{"fixed_version":"60.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-9065":{"scope":"remote","description":"The location bar in Firefox for Android can be spoofed by forcing a user into fullscreen mode, blocking its exiting, and creating of a fake location bar without any user notification. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-6126":{"debianbug":818180,"scope":"remote","description":"A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.","releases":{"sid":{"fixed_version":"60.0.2-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-5158":{"debianbug":926482,"scope":"remote","description":"The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.","releases":{"sid":{"fixed_version":"60.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9064":{"scope":"remote","description":"Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a man-in-the-middle attack on the user's connection to the update server and defeat the certificate pinning protection could provide a malicious signed add-on instead of a valid update. This vulnerability affects Firefox ESR < 45.5 and Firefox < 50.","releases":{"sid":{"fixed_version":"50.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-5157":{"scope":"remote","description":"Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.","releases":{"sid":{"fixed_version":"60.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9063":{"scope":"remote","description":"An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50.","releases":{"sid":{"fixed_version":"50.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-5156":{"scope":"remote","description":"A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.","releases":{"sid":{"fixed_version":"61.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-9062":{"scope":"local","description":"Private browsing mode leaves metadata information, such as URLs, for sites visited in \"browser.db\" and \"browser.db-wal\" files within the Firefox profile after the mode is exited. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-5155":{"scope":"remote","description":"A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.","releases":{"sid":{"fixed_version":"60.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-9061":{"scope":"remote","description":"A previously installed malicious Android application which defines a specific signature-level permissions used by Firefox can access API keys meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-5154":{"scope":"remote","description":"A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.","releases":{"sid":{"fixed_version":"60.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-2791":{"scope":"remote","description":"The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-5153":{"scope":"remote","description":"If websocket data is sent with mixed text and binary in a single message, the binary data can be corrupted. This can result in an out-of-bounds read with the read memory sent to the originating server in response. This vulnerability affects Firefox < 60.","releases":{"sid":{"fixed_version":"60.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5427":{"scope":"local","description":"A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local access puts chrome.manifest and other referenced files in this directory, they will be loaded and activated during startup. This could result in malicious software being added without consent or modification of referenced installed files. This vulnerability affects Firefox < 52.","releases":{"sid":{"fixed_version":"52.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2016-2792":{"scope":"remote","description":"The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2800.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-5152":{"scope":"remote","description":"WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the \"webRequest\" API. For example, this allows for the interception of username and an encrypted password during login to Firefox Accounts. This issue does not expose synchronization traffic directly and is limited to the process of user login to the website and the data displayed to the user once logged in. This vulnerability affects Firefox < 60.","releases":{"sid":{"fixed_version":"60.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5428":{"scope":"remote","description":"An integer overflow in \"createImageBitmap()\" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the \"createImageBitmap\" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. This vulnerability affects Firefox ESR < 52.0.1 and Firefox < 52.0.1.","releases":{"sid":{"fixed_version":"52.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-2793":{"scope":"remote","description":"CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5425":{"scope":"remote","description":"The Gecko Media Plugin sandbox allows access to local files that match specific regular expressions. On OS OX, this matching allows access to some data in subdirectories of \"/private/var\" that could expose personal or temporary data. This has been updated to not allow access to \"/private/var\" and its subdirectories. Note: this issue only affects OS X. Other operating systems are not affected. This vulnerability affects Firefox < 52 and Thunderbird < 52.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-5151":{"scope":"remote","description":"Memory safety bugs were reported in Firefox 59. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 60.","releases":{"sid":{"fixed_version":"60.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7845":{"scope":"remote","description":"A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Thunderbird < 52.5.2, Firefox ESR < 52.5.2, and Firefox < 57.0.2.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-2794":{"scope":"remote","description":"The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-5426":{"scope":"remote","description":"On Linux, if the secure computing mode BPF (seccomp-bpf) filter is running when the Gecko Media Plugin sandbox is started, the sandbox fails to be applied and items that would run within the sandbox are run protected only by the running filter which is typically weak compared to the sandbox. Note: this issue only affects Linux. Other operating systems are not affected. This vulnerability affects Firefox < 52 and Thunderbird < 52.","releases":{"sid":{"fixed_version":"52.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-5150":{"scope":"remote","description":"Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.","releases":{"sid":{"fixed_version":"60.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-5429":{"scope":"remote","description":"Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.","releases":{"sid":{"fixed_version":"52.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-9069":{"scope":"remote","description":"A use-after-free in nsINode::ReplaceOrInsertBefore during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50.","releases":{"sid":{"fixed_version":"50.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2790":{"scope":"remote","description":"The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9068":{"scope":"remote","description":"A use-after-free during web animations when working with timelines resulting in a potentially exploitable crash. This vulnerability affects Firefox < 50.","releases":{"sid":{"fixed_version":"50.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7840":{"scope":"remote","description":"JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks. If the resulting exported HTML file is later opened in a browser this JavaScript will be executed. This could be used in social engineering and self-cross-site-scripting (self-XSS) attacks if users were convinced to add malicious tags to bookmarks, export them, and then open the resulting file. This vulnerability affects Firefox < 57.","releases":{"sid":{"fixed_version":"57.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2799":{"scope":"remote","description":"Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-5420":{"scope":"remote","description":"A \"javascript:\" url loaded by a malicious page can obfuscate its location by blanking the URL displayed in the addressbar, allowing for an attacker to spoof an existing page without the malicious page's address being displayed correctly. This vulnerability affects Firefox < 52.","releases":{"sid":{"fixed_version":"52.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-6499":{"scope":"remote","description":"The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that reduce the precision.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high","status":"resolved"}}}}
{"CVE-2017-7844":{"scope":"remote","description":"A combination of an external SVG image referenced on a page and the coloring of anchor links stored within this image can be used to determine which pages a user has in their history. This can allow a malicious website to query user history. Note: This issue only affects Firefox 57. Earlier releases are not affected. This vulnerability affects Firefox < 57.0.1.","releases":{"sid":{"fixed_version":"57.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-6498":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown impact and attack vectors.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high","status":"resolved"}}}}
{"CVE-2016-2795":{"scope":"remote","description":"The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7843":{"scope":"remote","description":"When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not cleared when exiting. This vulnerability affects Firefox ESR < 52.5.2 and Firefox < 57.0.1.","releases":{"sid":{"fixed_version":"57.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-6497":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the layout engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown attack vectors.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2016-2796":{"scope":"remote","description":"Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7842":{"scope":"remote","description":"If a document's Referrer Policy attribute is set to \"no-referrer\" sometimes two network requests are made for \"<link>\" elements instead of one. One of these requests includes the referrer instead of respecting the set policy to not include a referrer on requests. This vulnerability affects Firefox < 57.","releases":{"sid":{"fixed_version":"57.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2797":{"scope":"remote","description":"The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2801.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5421":{"scope":"remote","description":"A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is currently loaded. This vulnerability affects Firefox < 52 and Thunderbird < 52.","releases":{"sid":{"fixed_version":"52.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2798":{"scope":"remote","description":"The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5422":{"scope":"remote","description":"If a malicious site uses the \"view-source:\" protocol in a series within a single hyperlink, it can trigger a non-exploitable browser crash when the hyperlink is selected. This was fixed by no longer making \"view-source:\" linkable. This vulnerability affects Firefox < 52 and Thunderbird < 52.","releases":{"sid":{"fixed_version":"52.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9070":{"scope":"remote","description":"A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections. This vulnerability affects Firefox < 50.","releases":{"sid":{"fixed_version":"50.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-5160":{"scope":"remote","description":"** DISPUTED **  Multiple unspecified vulnerabilities in Mozilla Firefox have unspecified vectors and impact, as claimed during ToorCon 2006.  NOTE: the vendor and original researchers have released a follow-up comment disputing this issue, in which one researcher states that \"I have no undisclosed Firefox vulnerabilities. The person who was speaking with me made this claim, and I honestly have no idea if he has them or not.\"","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-5169":{"scope":"remote","description":"If manipulated hyperlinked text with \"chrome:\" URL contained in it is dragged and dropped on the \"home\" icon, the home page can be reset to include a normally-unlinkable chrome page as one of the home page tabs. This vulnerability affects Firefox < 60.","releases":{"sid":{"fixed_version":"60.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-5168":{"scope":"remote","description":"Sites can bypass security checks on permissions to install lightweight themes by manipulating the \"baseURI\" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.","releases":{"sid":{"fixed_version":"60.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-5167":{"scope":"remote","description":"The web console and JavaScript debugger do not sanitize all output that can be hyperlinked. Both will display \"chrome:\" links as active, clickable hyperlinks in their output. Web sites should not be able to directly link to internal chrome pages. Additionally, the JavaScript debugger will display \"javascript:\" links, which users could be tricked into clicking by malicious sites. This vulnerability affects Firefox < 60.","releases":{"sid":{"fixed_version":"60.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-5166":{"scope":"remote","description":"WebExtensions can use request redirection and a \"filterReponseData\" filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have explicit user permission. This vulnerability affects Firefox < 60.","releases":{"sid":{"fixed_version":"60.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-5165":{"scope":"remote","description":"In 32-bit versions of Firefox, the Adobe Flash plugin setting for \"Enable Adobe Flash protected mode\" is unchecked by default even though the Adobe Flash sandbox is actually enabled. The displayed state is the reverse of the true setting, resulting in user confusion. This could cause users to select this setting intending to activate it and inadvertently turn protections off. This vulnerability affects Firefox < 60.","releases":{"sid":{"fixed_version":"60.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5438":{"scope":"remote","description":"A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.","releases":{"sid":{"fixed_version":"52.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-5164":{"scope":"remote","description":"Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with the \"multipart/x-mixed-replace\" MIME type. This could allow for script to run where CSP should block it, allowing for cross-site scripting (XSS) and other attacks. This vulnerability affects Firefox < 60.","releases":{"sid":{"fixed_version":"60.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5439":{"scope":"remote","description":"A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.","releases":{"sid":{"fixed_version":"52.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-5163":{"scope":"remote","description":"If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache (JSBC) for other JavaScript code. If the parent process then runs this replaced code, the executed script would be run with the parent process' privileges, escaping the sandbox on content processes. This vulnerability affects Firefox < 60.","releases":{"sid":{"fixed_version":"60.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5436":{"scope":"remote","description":"An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.","releases":{"sid":{"fixed_version":"52.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-5160":{"scope":"remote","description":"WebRTC can use a \"WrappedI420Buffer\" pixel buffer but the owning image object can be freed while it is still in use. This can result in the WebRTC encoder using uninitialized memory, leading to a potentially exploitable crash. This vulnerability affects Firefox < 60.","releases":{"sid":{"fixed_version":"60.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5430":{"scope":"remote","description":"Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.","releases":{"sid":{"fixed_version":"52.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-5434":{"scope":"remote","description":"A use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.","releases":{"sid":{"fixed_version":"52.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-5435":{"scope":"remote","description":"A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.","releases":{"sid":{"fixed_version":"52.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-5432":{"scope":"remote","description":"A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.","releases":{"sid":{"fixed_version":"52.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-5433":{"scope":"remote","description":"A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.","releases":{"sid":{"fixed_version":"52.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-5138":{"scope":"remote","description":"A spoofing vulnerability can occur when a malicious site with an extremely long domain name is opened in an Android Custom Tab (a browser panel inside another app) and the default browser is Firefox for Android. This could allow an attacker to spoof which page is actually loaded and in use. Note: this issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 59.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-5137":{"scope":"remote","description":"A legacy extension's non-contentaccessible, defined resources can be loaded by an arbitrary web page through script. This script does this by using a maliciously crafted path string to reference the resources. Note: this vulnerability does not affect WebExtensions. This vulnerability affects Firefox < 59.","releases":{"sid":{"fixed_version":"59.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-5136":{"scope":"remote","description":"A shared worker created from a \"data:\" URL in one tab can be shared by another tab with a different origin, bypassing the same-origin policy. This vulnerability affects Firefox < 59.","releases":{"sid":{"fixed_version":"59.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-5135":{"scope":"remote","description":"WebExtensions can bypass normal restrictions in some circumstances and use \"browser.tabs.executeScript\" to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged \"about:\" pages. This vulnerability affects Firefox < 59.","releases":{"sid":{"fixed_version":"59.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-5134":{"scope":"remote","description":"WebExtensions may use \"view-source:\" URLs to view local \"file:\" URL content, as well as content stored in \"about:cache\", bypassing restrictions that only allow WebExtensions to view specific content. This vulnerability affects Firefox < 59.","releases":{"sid":{"fixed_version":"59.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-2395":{"debianbug":320538,"scope":"remote","description":"Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the strongest authentication scheme available as required by RFC2617, which might cause credentials to be sent in plaintext even if an encrypted channel is available.","releases":{"sid":{"repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2018-5133":{"scope":"remote","description":"If the \"app.support.baseURL\" preference is changed by a malicious local program to contain HTML and script content, this content is not sanitized. It will be executed if a user loads \"chrome://browser/content/preferences/in-content/preferences.xul\" directly in a tab and executes a search. This stored preference is also executed whenever an EME video player plugin displays a CDM-disabled message as a notification message. This vulnerability affects Firefox < 59.","releases":{"sid":{"fixed_version":"59.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-5132":{"scope":"remote","description":"The Find API for WebExtensions can search some privileged pages, such as \"about:debugging\", if these pages are open in a tab. This could allow a malicious WebExtension to search for otherwise protected data if a user has it open. This vulnerability affects Firefox < 59.","releases":{"sid":{"fixed_version":"59.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5449":{"scope":"remote","description":"A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.","releases":{"sid":{"fixed_version":"52.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-5131":{"scope":"remote","description":"Under certain circumstances the \"fetch()\" API can return transient local copies of resources that were sent with a \"no-store\" or \"no-cache\" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessible to users if they share a common profile while browsing. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59.","releases":{"sid":{"fixed_version":"59.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7749":{"scope":"remote","description":"A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.","releases":{"sid":{"fixed_version":"54.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-5130":{"scope":"remote","description":"When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59.","releases":{"sid":{"fixed_version":"59.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5447":{"scope":"remote","description":"An out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.","releases":{"sid":{"fixed_version":"52.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5448":{"scope":"remote","description":"An out-of-bounds write in \"ClearKeyDecryptor\" while decrypting some Clearkey-encrypted media content. The \"ClearKeyDecryptor\" code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data within memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.","releases":{"sid":{"fixed_version":"52.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-5441":{"scope":"remote","description":"A use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.","releases":{"sid":{"fixed_version":"52.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-5442":{"scope":"remote","description":"A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.","releases":{"sid":{"fixed_version":"52.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-5440":{"scope":"remote","description":"A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.","releases":{"sid":{"fixed_version":"52.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-5445":{"scope":"remote","description":"A vulnerability while parsing \"application/http-index-format\" format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.","releases":{"sid":{"fixed_version":"52.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5446":{"scope":"remote","description":"An out-of-bounds read when an HTTP/2 connection to a servers sends \"DATA\" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.","releases":{"sid":{"fixed_version":"52.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-5443":{"scope":"remote","description":"An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.","releases":{"sid":{"fixed_version":"52.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-5444":{"scope":"remote","description":"A buffer overflow vulnerability while parsing \"application/http-index-format\" format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.","releases":{"sid":{"fixed_version":"52.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-18506":{"scope":"remote","description":"When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing. This vulnerability affects Firefox < 65.","releases":{"sid":{"fixed_version":"65.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-18505":{"scope":"remote","description":"An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.","releases":{"sid":{"fixed_version":"65.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-18504":{"scope":"remote","description":"A crash and out-of-bounds read can occur when the buffer of a texture client is freed while it is still in use during graphic operations. This results is a potentially exploitable crash and the possibility of reading from the memory of the freed buffers. This vulnerability affects Firefox < 65.","releases":{"sid":{"fixed_version":"65.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-18503":{"scope":"remote","description":"When JavaScript is used to create and manipulate an audio buffer, a potentially exploitable crash may occur because of a compartment mismatch in some situations. This vulnerability affects Firefox < 65.","releases":{"sid":{"fixed_version":"65.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-18502":{"scope":"remote","description":"Mozilla developers and community members reported memory safety bugs present in Firefox 64. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 65.","releases":{"sid":{"fixed_version":"65.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-18501":{"scope":"remote","description":"Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.","releases":{"sid":{"fixed_version":"65.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-18500":{"scope":"remote","description":"A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.","releases":{"sid":{"fixed_version":"65.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-5148":{"scope":"remote","description":"A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.7.3 and Firefox < 59.0.2.","releases":{"sid":{"fixed_version":"59.0.2-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-5147":{"debianbug":893132,"scope":"remote","description":"The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms. This vulnerability affects Firefox ESR < 52.7.2 and Firefox < 59.0.1.","releases":{"sid":{"fixed_version":"59.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-5146":{"debianbug":893130,"scope":"remote","description":"An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.","releases":{"sid":{"fixed_version":"59.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-5143":{"scope":"remote","description":"URLs using \"javascript:\" have the protocol removed when pasted into the addressbar to protect users from cross-site scripting (XSS) attacks, but if a tab character is embedded in the \"javascript:\" URL the protocol is not removed and the script will execute. This could allow users to be socially engineered to run an XSS attack against themselves. This vulnerability affects Firefox < 59.","releases":{"sid":{"fixed_version":"59.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-5142":{"scope":"remote","description":"If Media Capture and Streams API permission is requested from documents with \"data:\" or \"blob:\" URLs, the permission notifications do not properly display the originating domain. The notification states \"Unknown protocol\" as the requestee, leading to user confusion about which site is asking for this permission. This vulnerability affects Firefox < 59.","releases":{"sid":{"fixed_version":"59.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-5141":{"scope":"remote","description":"A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. This could be used to open new tabs in a denial of service (DOS) attack or to display unwanted content from arbitrary URLs to users. This vulnerability affects Firefox < 59.","releases":{"sid":{"fixed_version":"59.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7759":{"scope":"remote","description":"Android intent URLs given to Firefox for Android can be used to navigate from HTTP or HTTPS URLs to local \"file:\" URLs, allowing for the reading of local data through a violation of same-origin policy. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 54.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-5140":{"scope":"remote","description":"Image for moz-icons can be accessed through the \"moz-icon:\" protocol through script in web content even when otherwise prohibited. This could allow for information leakage of which applications are associated with specific MIME types by a malicious page. This vulnerability affects Firefox < 59.","releases":{"sid":{"fixed_version":"59.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7758":{"scope":"remote","description":"An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.","releases":{"sid":{"fixed_version":"54.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5458":{"scope":"remote","description":"When a \"javascript:\" URL is drag and dropped by a user into the addressbar, the URL will be processed and executed. This allows for users to be socially engineered to execute an XSS attack on themselves. This vulnerability affects Firefox < 53.","releases":{"sid":{"fixed_version":"52.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7757":{"scope":"remote","description":"A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.","releases":{"sid":{"fixed_version":"54.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-5459":{"scope":"remote","description":"A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.","releases":{"sid":{"fixed_version":"52.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7752":{"scope":"remote","description":"A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.","releases":{"sid":{"fixed_version":"54.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5452":{"scope":"remote","description":"Malicious sites can display a spoofed addressbar on a page when the existing location bar on the new page is scrolled out of view if an HTML editable page element is user selected. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 53.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7751":{"scope":"remote","description":"A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.","releases":{"sid":{"fixed_version":"54.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-5453":{"scope":"remote","description":"A mechanism to inject static HTML into the RSS reader preview page due to a failure to escape characters sent as URL parameters for a feed's \"TITLE\" element. This vulnerability allows for spoofing but no scripted content can be run. This vulnerability affects Firefox < 53.","releases":{"sid":{"fixed_version":"52.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7750":{"scope":"remote","description":"A use-after-free vulnerability during video control operations when a \"<track>\" element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.","releases":{"sid":{"fixed_version":"54.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-5450":{"scope":"remote","description":"A mechanism to spoof the Firefox for Android addressbar using a \"javascript:\" URI. On Firefox for Android, the base domain is parsed incorrectly, making the resulting location less visibly a spoofed site and showing an incorrect domain in appended notifications. This vulnerability affects Firefox < 53.","releases":{"sid":{"fixed_version":"52.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5451":{"scope":"remote","description":"A mechanism to spoof the addressbar through the user interaction on the addressbar and the \"onblur\" event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the addressbar. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.","releases":{"sid":{"fixed_version":"52.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5456":{"scope":"remote","description":"A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53.","releases":{"sid":{"fixed_version":"52.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7756":{"scope":"remote","description":"A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.","releases":{"sid":{"fixed_version":"54.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7755":{"scope":"remote","description":"The Firefox installer on Windows can be made to load malicious DLL files stored in the same directory as the installer when it is run. This allows privileged execution if the installer is run with elevated privileges. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-6585":{"scope":"remote","description":"The Extensions manager in Mozilla Firefox 2.0 does not properly populate the list of local extensions, which allows attackers to construct an extension that hides itself by finding its name in the list and then calling RemoveElement, as demonstrated by the FFsniFF extension.  NOTE: it was later reported that 3.0 is also affected.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7754":{"scope":"remote","description":"An out-of-bounds read in WebGL with a maliciously crafted \"ImageInfo\" object during WebGL operations. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.","releases":{"sid":{"fixed_version":"54.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5454":{"scope":"remote","description":"A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.","releases":{"sid":{"fixed_version":"52.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5455":{"scope":"remote","description":"The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulnerability that resulted in remote code execution inside the sandboxed process. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53.","releases":{"sid":{"fixed_version":"52.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7753":{"debianbug":872834,"scope":"remote","description":"An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.","releases":{"sid":{"fixed_version":"55.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-18511":{"debianbug":818180,"scope":"remote","description":"Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox < 65.0.1.","releases":{"sid":{"fixed_version":"65.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-18510":{"scope":"remote","description":"The about:crashcontent and about:crashparent pages can be triggered by web content. These pages are used to crash the loaded page or the browser for test purposes. This issue allows for a non-persistent denial of service (DOS) attack by a malicious site which links to these pages. This vulnerability affects Firefox < 64.","releases":{"sid":{"fixed_version":"64.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7809":{"debianbug":872834,"scope":"remote","description":"A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.","releases":{"sid":{"fixed_version":"55.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7804":{"scope":"remote","description":"The destructor function for the \"WindowsDllDetourPatcher\" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used to bypass existing memory protections in this situation. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7803":{"debianbug":872834,"scope":"remote","description":"When a page's content security policy (CSP) header contains a \"sandbox\" directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.","releases":{"sid":{"fixed_version":"55.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7802":{"debianbug":872834,"scope":"remote","description":"A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.","releases":{"sid":{"fixed_version":"55.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7801":{"debianbug":872834,"scope":"remote","description":"A use-after-free vulnerability can occur while re-computing layout for a \"marquee\" element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.","releases":{"sid":{"fixed_version":"55.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7808":{"scope":"remote","description":"A content security policy (CSP) \"frame-ancestors\" directive containing origins with paths allows for comparisons against those paths instead of the origin. This results in a cross-origin information leak of this path information. This vulnerability affects Firefox < 55.","releases":{"sid":{"fixed_version":"55.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7807":{"debianbug":872834,"scope":"remote","description":"A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.","releases":{"sid":{"fixed_version":"55.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7806":{"scope":"remote","description":"A use-after-free vulnerability can occur when the layer manager is freed too early when rendering specific SVG content, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 55.","releases":{"sid":{"fixed_version":"55.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7805":{"scope":"remote","description":"During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.","releases":{"sid":{"fixed_version":"56.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7800":{"debianbug":872834,"scope":"remote","description":"A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.","releases":{"sid":{"fixed_version":"55.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2004-2657":{"scope":"local","description":"** DISPUTED **  Mozilla Firefox 1.5.0.1, and possibly other versions, preserves some records of user activity even after uninstalling, which allows local users who share a Windows profile to view the records after a new installation of Firefox, as reported for the list of Passwords Never Saved web sites.  NOTE: The vendor has disputed this issue, stating that \"The uninstaller is primarily there to uninstall the application. It is not there to uninstall user data. For the moment I will stick by my module-owner decision.\"","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-5089":{"scope":"remote","description":"Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.","releases":{"sid":{"fixed_version":"58.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7815":{"scope":"remote","description":"On pages containing an iframe, the \"data:\" protocol can be used to create a modal dialog through Javascript that will have an arbitrary domains as the dialog's location, spoofing of the origin of the modal dialog from the user view. Note: This attack only affects installations with e10 multiprocess turned off. Installations with e10s turned on do not support the modal dialog functionality. This vulnerability affects Firefox < 56.","releases":{"sid":{"fixed_version":"56.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7814":{"scope":"remote","description":"File downloads encoded with \"blob:\" and \"data:\" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users into downloading executables that would otherwise be detected as suspicious. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.","releases":{"sid":{"fixed_version":"56.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7813":{"scope":"remote","description":"Inside the JavaScript parser, a cast of an integer to a narrower type can result in data read from outside the buffer being parsed. This usually results in a non-exploitable crash, but can leak a limited amount of information from memory if it matches JavaScript identifier syntax. This vulnerability affects Firefox < 56.","releases":{"sid":{"fixed_version":"56.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7812":{"scope":"remote","description":"If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be allowed to open. This can allow malicious web content to open a locally stored file through \"file:\" URLs. This vulnerability affects Firefox < 56.","releases":{"sid":{"fixed_version":"56.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7819":{"scope":"remote","description":"A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.","releases":{"sid":{"fixed_version":"56.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7818":{"scope":"remote","description":"A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.","releases":{"sid":{"fixed_version":"56.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7817":{"scope":"remote","description":"A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification, allowing a fake address bar to be displayed. This allows an attacker to spoof which page is actually loaded and in use. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 56.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7816":{"scope":"remote","description":"WebExtensions could use popups and panels in the extension UI to load an \"about:\" privileged URL, violating security checks that disallow this behavior. This vulnerability affects Firefox < 56.","releases":{"sid":{"fixed_version":"56.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-5090":{"scope":"remote","description":"Memory safety bugs were reported in Firefox 57. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 58.","releases":{"sid":{"fixed_version":"58.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7811":{"scope":"remote","description":"Memory safety bugs were reported in Firefox 55. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 56.","releases":{"sid":{"fixed_version":"56.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7810":{"scope":"remote","description":"Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.","releases":{"sid":{"fixed_version":"56.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2005-4134":{"scope":"remote","description":"Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup.  NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox.  Also, it has been independently reported that Netscape 8.1 does not have this issue.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.2-2","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-5177":{"scope":"remote","description":"A vulnerability exists in XSLT during number formatting where a negative buffer size may be allocated in some instances, leading to a buffer overflow and crash if it occurs. This vulnerability affects Firefox < 60.","releases":{"sid":{"fixed_version":"60.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-5176":{"scope":"remote","description":"The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including \"javascript:\" links. If a JSON file contains malicious JavaScript script embedded as \"javascript:\" links, users may be tricked into clicking and running this code in the context of the JSON Viewer. This can allow for the theft of cookies and authorization tokens which are accessible to that context. This vulnerability affects Firefox < 60.","releases":{"sid":{"fixed_version":"60.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5405":{"scope":"remote","description":"Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.","releases":{"sid":{"fixed_version":"52.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-5175":{"scope":"remote","description":"A mechanism to bypass Content Security Policy (CSP) protections on sites that have a \"script-src\" policy of \"'strict-dynamic'\". If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the \"require.js\" library that is part of Firefox's Developer Tools, and then use a known technique using that library to bypass the CSP restrictions on executing injected scripts. This vulnerability affects Firefox < 60.","releases":{"sid":{"fixed_version":"60.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7826":{"scope":"remote","description":"Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.","releases":{"sid":{"fixed_version":"57.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-5174":{"scope":"remote","description":"In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the \"SEE_MASK_FLAG_NO_UI\" flag associated with downloaded files and will not show any UI. Files that are unknown and potentially dangerous will be allowed to run because SmartScreen will not prompt the user for a decision, and if the user is offline all files will be allowed to be opened because Windows won't prompt the user to ask what to do. Firefox incorrectly sets this flag when downloading files, leading to less secure behavior from SmartScreen. Note: this issue only affects Windows 10 users running the April 2018 update or later. It does not affect other Windows users or other operating systems. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-5406":{"scope":"remote","description":"A segmentation fault can occur in the Skia graphics library during some canvas operations due to issues with mask/clip intersection and empty masks. This vulnerability affects Firefox < 52 and Thunderbird < 52.","releases":{"sid":{"fixed_version":"52.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7825":{"scope":"remote","description":"Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-5403":{"scope":"remote","description":"When adding a range to an object in the DOM, it is possible to use \"addRange\" to add the range to an incorrect root object. This triggers a use-after-free, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 52 and Thunderbird < 52.","releases":{"sid":{"fixed_version":"52.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7824":{"scope":"remote","description":"A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.","releases":{"sid":{"fixed_version":"56.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-5173":{"scope":"remote","description":"The filename appearing in the \"Downloads\" panel improperly renders some Unicode characters, allowing for the file name to be spoofed. This can be used to obscure the file extension of potentially executable files from user view in the panel. Note: the dialog to open the file will show the full, correct filename and whether it is executable or not. This vulnerability affects Firefox < 60.","releases":{"sid":{"fixed_version":"60.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5404":{"scope":"remote","description":"A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.","releases":{"sid":{"fixed_version":"52.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-5172":{"scope":"remote","description":"The Live Bookmarks page and the PDF viewer can run injected script content if a user pastes script from the clipboard into them while viewing RSS feeds or PDF files. This could allow a malicious site to socially engineer a user to copy and paste malicious script content that could then run with the context of either page but does not allow for privilege escalation. This vulnerability affects Firefox < 60.","releases":{"sid":{"fixed_version":"60.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7823":{"scope":"remote","description":"The content security policy (CSP) \"sandbox\" directive did not create a unique origin for the document, causing it to behave as if the \"allow-same-origin\" keyword were always specified. This could allow a Cross-Site Scripting (XSS) attack to be launched from unsafe content. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.","releases":{"sid":{"fixed_version":"56.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5409":{"scope":"local","description":"The Mozilla Windows updater can be called by a non-privileged user to delete an arbitrary local file by passing a special path to the callback parameter through the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 45.8 and Firefox < 52.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7828":{"scope":"remote","description":"A use-after-free vulnerability can occur when flushing and resizing layout because the \"PressShell\" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.","releases":{"sid":{"fixed_version":"57.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-5407":{"scope":"remote","description":"Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.","releases":{"sid":{"fixed_version":"52.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5408":{"scope":"remote","description":"Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.","releases":{"sid":{"fixed_version":"52.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7827":{"scope":"remote","description":"Memory safety bugs were reported in Firefox 56. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57.","releases":{"sid":{"fixed_version":"57.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-5401":{"scope":"remote","description":"A crash triggerable by web content in which an \"ErrorResult\" references unassigned memory due to a logic error. The resulting crash may be exploitable. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.","releases":{"sid":{"fixed_version":"52.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-4253":{"scope":"remote","description":"Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3.  NOTE: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by ffoxdie.  Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the same underlying vulnerability.  NOTE: it was later reported that Firefox 2.0 RC2 and 1.5.0.7 are also affected.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.7-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2017-7822":{"scope":"remote","description":"The AES-GCM implementation in WebCrypto API accepts 0-length IV when it should require a length of 1 according to the NIST Special Publication 800-38D specification. This might allow for the authentication key to be determined in some instances. This vulnerability affects Firefox < 56.","releases":{"sid":{"fixed_version":"56.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-5464":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) via unspecified vectors.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-5402":{"scope":"remote","description":"A use-after-free can occur when events are fired for a \"FontFace\" object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.","releases":{"sid":{"fixed_version":"52.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7821":{"scope":"remote","description":"A vulnerability where WebExtensions can download and attempt to open a file of some non-executable file types. This can be triggered without specific user interaction for the file download and open actions. This could be used to trigger known vulnerabilities in the programs that handle those document types. This vulnerability affects Firefox < 56.","releases":{"sid":{"fixed_version":"56.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-5463":{"scope":"remote","description":"Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary JavaScript bytecode via unspecified vectors involving modification of a Script object while it is executing.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high","status":"resolved"}}}}
{"CVE-2017-7820":{"scope":"remote","description":"The \"instanceof\" operator can bypass the Xray wrapper mechanism. When called on web content from the browser itself or an extension the web content can provide its own result for that operator, possibly tricking the browser or extension into mishandling the element. This vulnerability affects Firefox < 56.","releases":{"sid":{"fixed_version":"56.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-5462":{"scope":"remote","description":"Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high","status":"resolved"}}}}
{"CVE-2017-5400":{"scope":"remote","description":"JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.","releases":{"sid":{"fixed_version":"52.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-5188":{"scope":"remote","description":"Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.","releases":{"sid":{"fixed_version":"61.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-5187":{"scope":"remote","description":"Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61.","releases":{"sid":{"fixed_version":"61.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-5416":{"scope":"remote","description":"In certain circumstances a networking event listener can be prematurely released. This appears to result in a null dereference in practice. This vulnerability affects Firefox < 52 and Thunderbird < 52.","releases":{"sid":{"fixed_version":"52.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7837":{"scope":"remote","description":"SVG loaded through \"<img>\" tags can use \"<meta>\" tags within the SVG data to set cookies for that page. This vulnerability affects Firefox < 57.","releases":{"sid":{"fixed_version":"57.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-5186":{"scope":"remote","description":"Memory safety bugs present in Firefox 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 61.","releases":{"sid":{"fixed_version":"61.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-5417":{"scope":"remote","description":"When dragging content from the primary browser pane to the addressbar on a malicious site, it is possible to change the addressbar so that the displayed location following navigation does not match the URL of the newly loaded page. This allows for spoofing attacks. This vulnerability affects Firefox < 52.","releases":{"sid":{"fixed_version":"52.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7836":{"scope":"local","description":"The \"pingsender\" executable used by the Firefox Health Report dynamically loads a system copy of libcurl, which an attacker could replace. This allows for privilege escalation as the replaced libcurl code will run with Firefox's privileges. Note: This attack requires an attacker have local system access and only affects OS X and Linux. Windows systems are not affected. This vulnerability affects Firefox < 57.","releases":{"sid":{"fixed_version":"57.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5414":{"scope":"local","description":"The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to information disclosure, such as the operating system or the local account name. This vulnerability affects Firefox < 52 and Thunderbird < 52.","releases":{"sid":{"fixed_version":"52.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7835":{"scope":"remote","description":"Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page. This vulnerability affects Firefox < 57.","releases":{"sid":{"fixed_version":"57.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-5415":{"scope":"remote","description":"An attack can use a blob URL and script to spoof an arbitrary addressbar URL prefaced by \"blob:\" as the protocol, leading to user confusion and further spoofing attacks. This vulnerability affects Firefox < 52.","releases":{"sid":{"fixed_version":"52.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7834":{"scope":"remote","description":"A \"data:\" URL loaded in a new tab did not inherit the Content Security Policy (CSP) of the original page, allowing for bypasses of the policy including the execution of JavaScript. In prior versions when \"data:\" documents also inherited the context of the original page this would allow for potential cross-site scripting (XSS) attacks. This vulnerability affects Firefox < 57.","releases":{"sid":{"fixed_version":"57.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-5182":{"scope":"remote","description":"If a text string that happens to be a filename in the operating system's native format is dragged and dropped onto the addressbar the specified local file will be opened. This is contrary to policy and is what would happen if the string were the equivalent \"file:\" URL. This vulnerability affects Firefox < 60.","releases":{"sid":{"fixed_version":"60.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-5181":{"scope":"remote","description":"If a URL using the \"file:\" protocol is dragged and dropped onto an open tab that is running in a different child process the tab will open a local file corresponding to the dropped URL, contrary to policy. One way to make the target tab open more reliably in a separate process is to open it with the \"noopener\" keyword. This vulnerability affects Firefox < 60.","releases":{"sid":{"fixed_version":"60.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5418":{"scope":"remote","description":"An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting in information leakage through the reading of random memory containing matches to specifically set patterns. This vulnerability affects Firefox < 52 and Thunderbird < 52.","releases":{"sid":{"fixed_version":"52.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7839":{"scope":"remote","description":"Control characters prepended before \"javascript:\" URLs pasted in the addressbar can cause the leading characters to be ignored and the pasted JavaScript to be executed instead of being blocked. This could be used in social engineering and self-cross-site-scripting (self-XSS) attacks where users are convinced to copy and paste text into the addressbar. This vulnerability affects Firefox < 57.","releases":{"sid":{"fixed_version":"57.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-5180":{"scope":"remote","description":"A use-after-free vulnerability can occur during WebGL operations. While this results in a potentially exploitable crash, the vulnerability is limited because the memory is freed and reused in a brief window of time during the freeing of the same callstack. This vulnerability affects Firefox < 60.","releases":{"sid":{"fixed_version":"60.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5419":{"scope":"remote","description":"If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown through the operating system. This is a denial of service (DOS) attack. This vulnerability affects Firefox < 52 and Thunderbird < 52.","releases":{"sid":{"fixed_version":"52.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7838":{"scope":"remote","description":"Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode. This could be used for limited spoofing attacks due to user confusion. This vulnerability affects Firefox < 57.","releases":{"sid":{"fixed_version":"57.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5412":{"scope":"remote","description":"A buffer overflow read during SVG filter color value operations, resulting in data exposure. This vulnerability affects Firefox < 52 and Thunderbird < 52.","releases":{"sid":{"fixed_version":"52.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7833":{"scope":"remote","description":"Some Arabic and Indic vowel marker characters can be combined with Latin characters in a domain name to eclipse the non-Latin character with some font sets on the addressbar. The non-Latin character will not be visible to most viewers. This allows for domain spoofing attacks because these combined domain names do not display as punycode. This vulnerability affects Firefox < 57.","releases":{"sid":{"fixed_version":"57.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5413":{"scope":"remote","description":"A segmentation fault can occur during some bidirectional layout operations. This vulnerability affects Firefox < 52 and Thunderbird < 52.","releases":{"sid":{"fixed_version":"52.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7832":{"scope":"remote","description":"The combined, single character, version of the letter 'i' with any of the potential accents in unicode, such as acute or grave, can be spoofed in the addressbar by the dotless version of 'i' followed by the same accent as a second character with most font sets. This allows for domain spoofing attacks because these combined domain names do not display as punycode. This vulnerability affects Firefox < 57.","releases":{"sid":{"fixed_version":"57.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5410":{"scope":"remote","description":"Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.","releases":{"sid":{"fixed_version":"52.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7831":{"scope":"remote","description":"A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated \"_exposedProps_\" mechanism on proxy objects. These properties should be explicitly unavailable to proxy objects. This vulnerability affects Firefox < 57.","releases":{"sid":{"fixed_version":"57.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5411":{"scope":"remote","description":"A use-after-free can occur during buffer storage operations within the ANGLE graphics library, used for WebGL content. The buffer storage can be freed while still in use in some circumstances, leading to a potentially exploitable crash. Note: This issue is in \"libGLES\", which is only in use on Windows. Other operating systems are not affected. This vulnerability affects Firefox < 52 and Thunderbird < 52.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7830":{"scope":"remote","description":"The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.","releases":{"sid":{"fixed_version":"57.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-17466":{"scope":"remote","description":"Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.","releases":{"sid":{"fixed_version":"64.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-12390":{"scope":"remote","description":"Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.","releases":{"sid":{"fixed_version":"63.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-12391":{"scope":"remote","description":"During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the problem is in the underlying Android service, this issue is addressed by treating all HLS streams as cross-origin and opaque to access. *Note: this issue only affects Firefox for Android. Desktop versions of Firefox are unaffected.*. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-12392":{"scope":"remote","description":"When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.","releases":{"sid":{"fixed_version":"63.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-12393":{"scope":"remote","description":"A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. *Note: 64-bit builds are not vulnerable to this issue.*. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.","releases":{"sid":{"fixed_version":"63.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-16541":{"scope":"remote","description":"Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.","releases":{"sid":{"fixed_version":"62.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-9900":{"scope":"remote","description":"External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of \"data:\" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.","releases":{"sid":{"fixed_version":"50.1.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5386":{"scope":"remote","description":"WebExtension scripts can use the \"data:\" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR < 45.7 and Firefox < 51.","releases":{"sid":{"fixed_version":"51.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-5387":{"scope":"local","description":"The existence of a specifically requested local file can be found due to the double firing of the \"onerror\" when the \"source\" attribute on a \"<track>\" tag refers to a file that does not exist if the source page is loaded locally. This vulnerability affects Firefox < 51.","releases":{"sid":{"fixed_version":"51.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-5384":{"scope":"remote","description":"Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed to be non-malicious, but if a user has enabled Web Proxy Auto Detect (WPAD) this file can be served remotely. This vulnerability affects Firefox < 51.","releases":{"sid":{"fixed_version":"51.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9905":{"scope":"remote","description":"A potentially exploitable crash in \"EnumerateSubDocuments\" while adding or removing sub-documents. This vulnerability affects Firefox ESR < 45.6 and Thunderbird < 45.6.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-5385":{"scope":"remote","description":"Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header, leading to potential information disclosure for sites using this header. This vulnerability affects Firefox < 51.","releases":{"sid":{"fixed_version":"51.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9904":{"scope":"remote","description":"An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.","releases":{"sid":{"fixed_version":"50.1.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9903":{"scope":"remote","description":"Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. If an additional vulnerability allowed this resource to be loaded as a document it could allow injecting content and script into an add-on's context. This vulnerability affects Firefox < 50.1.","releases":{"sid":{"fixed_version":"50.1.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9902":{"scope":"remote","description":"The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. This allows content from other origins to fire events and inject content and commands into the Pocket context. Note: this issue does not affect users with e10s enabled. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1.","releases":{"sid":{"fixed_version":"50.1.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5388":{"scope":"remote","description":"A STUN server in conjunction with a large number of \"webkitRTCPeerConnection\" objects can be used to send large STUN packets in a short period of time due to a lack of rate limiting being applied on e10s systems, allowing for a denial of service attack. This vulnerability affects Firefox < 51.","releases":{"sid":{"fixed_version":"51.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9901":{"scope":"remote","description":"HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the \"about:pocket-saved\" (unprivileged) page, giving it access to Pocket's messaging API through HTML injection. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1.","releases":{"sid":{"fixed_version":"50.1.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-5389":{"scope":"remote","description":"WebExtensions could use the \"mozAddonManager\" API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox < 51.","releases":{"sid":{"fixed_version":"51.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-12387":{"scope":"remote","description":"A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3.","releases":{"sid":{"fixed_version":"62.0.3-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-12388":{"scope":"remote","description":"Mozilla developers and community members reported memory safety bugs present in Firefox 62. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 63.","releases":{"sid":{"fixed_version":"63.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5382":{"scope":"remote","description":"Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content. This vulnerability affects Firefox < 51.","releases":{"sid":{"fixed_version":"51.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-12383":{"scope":"local","description":"If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Firefox < 62, Firefox ESR < 60.2.1, and Thunderbird < 60.2.1.","releases":{"sid":{"fixed_version":"62.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-5383":{"scope":"remote","description":"URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.","releases":{"sid":{"fixed_version":"51.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5380":{"scope":"remote","description":"A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.","releases":{"sid":{"fixed_version":"51.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-12385":{"scope":"local","description":"A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally installed malware. This issue also triggers a non-exploitable startup crash for users switching between the Nightly and Release versions of Firefox if the same profile is used. This vulnerability affects Thunderbird < 60.2.1, Firefox ESR < 60.2.1, and Firefox < 62.0.2.","releases":{"sid":{"fixed_version":"62.0.2-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5381":{"scope":"remote","description":"The \"export\" function in the Certificate Viewer can force local filesystem navigation when the \"common name\" in a certificate contains slashes, allowing certificate content to be saved in unsafe locations with an arbitrary filename. This vulnerability affects Firefox < 51.","releases":{"sid":{"fixed_version":"51.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-12386":{"scope":"remote","description":"A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3.","releases":{"sid":{"fixed_version":"62.0.3-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5397":{"scope":"remote","description":"The cache directory on the local file system is set to be world writable. Firefox defaults to extracting libraries from this cache. This allows for the possibility of an installed malicious application or tools with write access to the file system to replace files used by Firefox with their own versions. This vulnerability affects Firefox < 51.0.3.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-5398":{"scope":"remote","description":"Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.","releases":{"sid":{"fixed_version":"52.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-5395":{"scope":"remote","description":"Malicious sites can display a spoofed location bar on a subsequently loaded page when the existing location bar on the new page is scrolled out of view if navigations between pages can be timed correctly. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-5396":{"scope":"remote","description":"A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.","releases":{"sid":{"fixed_version":"51.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-5399":{"scope":"remote","description":"Memory safety bugs were reported in Firefox 51. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52 and Thunderbird < 52.","releases":{"sid":{"fixed_version":"52.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-4340":{"scope":"remote","description":"Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339.  NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.7-1","repositories":{"sid":"66.0.5-1"},"urgency":"high","status":"resolved"}}}}
{"CVE-2018-12398":{"scope":"remote","description":"By using the reflected URL in some special resource URIs, such as chrome:, it is possible to inject stylesheets and bypass Content Security Policy (CSP). This vulnerability affects Firefox < 63.","releases":{"sid":{"fixed_version":"63.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-12399":{"scope":"remote","description":"When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. This may result in the user approving a protocol handler that they otherwise would not have. This vulnerability affects Firefox < 63.","releases":{"sid":{"fixed_version":"63.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5390":{"scope":"remote","description":"The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.","releases":{"sid":{"fixed_version":"51.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-5393":{"scope":"remote","description":"The \"mozAddonManager\" allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could allow malicious extensions to install additional extensions from the CDN in combination with an XSS attack on Mozilla AMO sites. This vulnerability affects Firefox < 51.","releases":{"sid":{"fixed_version":"51.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-12395":{"scope":"remote","description":"By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.","releases":{"sid":{"fixed_version":"63.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5394":{"scope":"remote","description":"A location bar spoofing attack where the location bar of loaded page will be shown over the content of another tab due to a series of JavaScript events combined with fullscreen mode. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-12396":{"scope":"remote","description":"A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.","releases":{"sid":{"fixed_version":"63.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5391":{"scope":"remote","description":"Special \"about:\" pages used by web content, such as RSS feeds, can load privileged \"about:\" pages in an iframe. If a content-injection bug were found in one of those pages this could allow for potential privilege escalation. This vulnerability affects Firefox < 51.","releases":{"sid":{"fixed_version":"51.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-12397":{"scope":"local","description":"A WebExtension can request access to local files without the warning prompt stating that the extension will \"Access your data for all websites\" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file is opened. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.","releases":{"sid":{"fixed_version":"63.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-5392":{"scope":"remote","description":"Weak proxy objects have weak references on multiple threads when they should only have them on one, resulting in incorrect memory usage and corruption, which leads to potentially exploitable crashes. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-12370":{"scope":"remote","description":"In Reader View SameSite cookie protections are not checked on exiting. This allows for a payload to be triggered when Reader View is exited if loaded by a malicious site while Reader mode is active, bypassing CSRF protections. This vulnerability affects Firefox < 61.","releases":{"sid":{"fixed_version":"61.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-12371":{"releases":{"sid":{"fixed_version":"61.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2018-5099":{"scope":"remote","description":"A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references are used. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.","releases":{"sid":{"fixed_version":"58.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-5098":{"scope":"remote","description":"A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.","releases":{"sid":{"fixed_version":"58.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-5097":{"scope":"remote","description":"A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.","releases":{"sid":{"fixed_version":"58.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-5095":{"debianbug":818180,"scope":"remote","description":"An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.","releases":{"sid":{"fixed_version":"58.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-5094":{"scope":"remote","description":"A heap buffer overflow vulnerability may occur in WebAssembly when \"shrinkElements\" is called followed by garbage collection on memory that is now uninitialized. This results in a potentially exploitable crash. This vulnerability affects Firefox < 58.","releases":{"sid":{"fixed_version":"58.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-5093":{"scope":"remote","description":"A heap buffer overflow vulnerability may occur in WebAssembly during Memory/Table resizing, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 58.","releases":{"sid":{"fixed_version":"58.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-5092":{"scope":"remote","description":"A use-after-free vulnerability can occur when the thread for a Web Worker is freed from memory prematurely instead of from memory in the main thread while cancelling fetch operations. This vulnerability affects Firefox < 58.","releases":{"sid":{"fixed_version":"58.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-5091":{"scope":"remote","description":"A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Firefox < 58.","releases":{"sid":{"fixed_version":"58.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-12369":{"scope":"remote","description":"WebExtensions bundled with embedded experiments were not correctly checked for proper authorization. This allowed a malicious WebExtension to gain full browser permissions. This vulnerability affects Firefox ESR < 60.1 and Firefox < 61.","releases":{"sid":{"fixed_version":"61.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-4571":{"scope":"remote","description":"Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allow remote attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code via unspecified vectors, some of which involve JavaScript, and possibly large images or plugin data.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.7-1","repositories":{"sid":"66.0.5-1"},"urgency":"high","status":"resolved"}}}}
{"CVE-2018-12365":{"scope":"remote","description":"A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.","releases":{"sid":{"fixed_version":"61.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-12366":{"scope":"remote","description":"An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.","releases":{"sid":{"fixed_version":"61.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-12367":{"scope":"remote","description":"In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work PerformanceNavigationTiming was not adjusted but it was found that it could be used as a precision timer. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61.","releases":{"sid":{"fixed_version":"61.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-12368":{"scope":"remote","description":"Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the \"Mark of the Web.\" Without the warning, unsuspecting users unfamiliar with this new file type might run an unwanted executable. This also allows a WebExtension with the limited downloads.open permission to execute arbitrary code without user interaction on Windows 10 systems. *Note: this issue only affects Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-12361":{"scope":"remote","description":"An integer overflow can occur in the SwizzleData code while calculating buffer sizes. The overflowed value is used for subsequent graphics computations when their inputs are not sanitized which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61.","releases":{"sid":{"fixed_version":"61.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-12362":{"scope":"remote","description":"An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.","releases":{"sid":{"fixed_version":"61.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-12363":{"scope":"remote","description":"A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.","releases":{"sid":{"fixed_version":"61.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-12364":{"scope":"remote","description":"NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.","releases":{"sid":{"fixed_version":"61.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-12381":{"scope":"remote","description":"Manually dragging and dropping an Outlook email message into the browser will trigger a page navigation when the message's mail columns are incorrectly interpreted as a URL. *Note: this issue only affects Windows operating systems with Outlook installed. Other operating systems are not affected.*. This vulnerability affects Firefox ESR < 60.2 and Firefox < 62.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-12382":{"scope":"remote","description":"The displayed addressbar URL can be spoofed on Firefox for Android using a javascript: URI in concert with JavaScript to insert text before the loaded domain name, scrolling the loaded domain out of view to the right. This can lead to user confusion. *This vulnerability only affects Firefox for Android < 62.*","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-4569":{"scope":"remote","description":"The popup blocker in Mozilla Firefox before 1.5.0.7 opens the \"blocked popups\" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.7-1","repositories":{"sid":"66.0.5-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2006-6504":{"scope":"remote","description":"Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high","status":"resolved"}}}}
{"CVE-2006-4567":{"scope":"remote","description":"Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for users to accept self-signed certificates for the auto-update mechanism, which might allow remote user-assisted attackers to use DNS spoofing to trick users into visiting a malicious site and accepting a malicious certificate for the Mozilla update site, which can then be used to install arbitrary code on the next update.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.7-1","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-6503":{"scope":"remote","description":"Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to bypass cross-site scripting (XSS) protection by changing the src attribute of an IMG element to a javascript: URI.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high","status":"resolved"}}}}
{"CVE-2006-4568":{"scope":"remote","description":"Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows remote attackers to bypass the security model and inject content into the sub-frame of another site via targetWindow.frames[n].document.open(), which facilitates spoofing and other attacks.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.7-1","repositories":{"sid":"66.0.5-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2006-6502":{"scope":"remote","description":"Use-after-free vulnerability in the LiveConnect bridge code for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) via unknown vectors.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high","status":"resolved"}}}}
{"CVE-2006-4565":{"scope":"remote","description":"Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a JavaScript regular expression with a \"minimal quantifier.\"","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.7-1","repositories":{"sid":"66.0.5-1"},"urgency":"high","status":"resolved"}}}}
{"CVE-2006-3113":{"scope":"remote","description":"Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via simultaneous XPCOM events, which causes a timer object to be deleted in a way that triggers memory corruption.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.5-1","repositories":{"sid":"66.0.5-1"},"urgency":"high","status":"resolved"}}}}
{"CVE-2006-6501":{"scope":"remote","description":"Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to gain privileges and install malicious code via the watch Javascript function.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high","status":"resolved"}}}}
{"CVE-2006-4566":{"scope":"remote","description":"Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) via a malformed JavaScript regular expression that ends with a backslash in an unterminated character set (\"[\\\\\"), which leads to a buffer over-read.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.7-1","repositories":{"sid":"66.0.5-1"},"urgency":"high","status":"resolved"}}}}
{"CVE-2006-6500":{"scope":"remote","description":"Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by setting the CSS cursor to certain images that cause an incorrect size calculation when converting to a Windows bitmap.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-4561":{"scope":"remote","description":"Mozilla Firefox 1.5.0.6 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker's control, which can force the browser to drop DNS pinning and perform a new DNS query for the domain name after the script is already running.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.7-1","repositories":{"sid":"66.0.5-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-12376":{"scope":"remote","description":"Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.","releases":{"sid":{"fixed_version":"62.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-12377":{"scope":"remote","description":"A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.","releases":{"sid":{"fixed_version":"62.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-12378":{"scope":"remote","description":"A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.","releases":{"sid":{"fixed_version":"62.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-12379":{"scope":"local","description":"When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.","releases":{"sid":{"fixed_version":"62.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-12375":{"scope":"remote","description":"Memory safety bugs present in Firefox 61. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62.","releases":{"sid":{"fixed_version":"62.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-0801":{"scope":"remote","description":"The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox 1.5.0.9 creates temporary files with predictable filenames based on creation time, which allows remote attackers to execute arbitrary web script or HTML via a crafted XMLHttpRequest.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-5469":{"scope":"remote","description":"Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.","releases":{"sid":{"fixed_version":"52.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7768":{"scope":"local","description":"The Mozilla Maintenance Service can be invoked by an unprivileged user to read 32 bytes of any arbitrary file on the local system by convincing the service that it is reading a status file provided by the Mozilla Windows Updater. The Mozilla Maintenance Service executes with privileged access, bypassing system protections against unprivileged users. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7763":{"scope":"remote","description":"Default fonts on OS X display some Tibetan characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-5463":{"scope":"remote","description":"Android intents can be used to launch Firefox for Android in reader mode with a user specified URL. This allows an attacker to spoof the contents of the addressbar as displayed to users. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 53.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7762":{"scope":"remote","description":"When entered directly, Reader Mode did not strip the username and password section of URLs displayed in the addressbar. This can be used for spoofing the domain of the current page. This vulnerability affects Firefox < 54.","releases":{"sid":{"fixed_version":"54.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5464":{"scope":"remote","description":"During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.","releases":{"sid":{"fixed_version":"52.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-4310":{"scope":"remote","description":"Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FTP response, when attempting to connect with a username and password via the FTP URI.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7761":{"scope":"local","description":"The Mozilla Maintenance Service \"helper.exe\" application creates a temporary directory writable by non-privileged users. When this is combined with creation of a junction (a form of symbolic link), protected files in the target directory of the junction can be deleted by the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-5461":{"debianbug":862958,"scope":"remote","description":"Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations.","releases":{"sid":{"fixed_version":"52.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7760":{"scope":"local","description":"The Mozilla Windows updater modifies some files to be updated by reading the original file and applying changes to it. The location of the original file can be altered by a malicious user by passing a special path to the callback parameter through the Mozilla Maintenance Service, allowing the manipulation of files in the installation directory and privilege escalation by manipulating the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-1045":{"scope":"remote","description":"The HTML rendering engine in Mozilla Thunderbird 1.5, when \"Block loading of remote images in mail messages\" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP address, when the user reads the email and the external image is accessed.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.2-1","repositories":{"sid":"66.0.5-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2017-5462":{"debianbug":862958,"scope":"remote","description":"A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.","releases":{"sid":{"fixed_version":"52.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5467":{"scope":"remote","description":"A potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.","releases":{"sid":{"fixed_version":"52.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7767":{"scope":"local","description":"The Mozilla Maintenance Service can be invoked by an unprivileged user to overwrite arbitrary files with junk data using the Mozilla Windows Updater, which runs with the Maintenance Service's privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-5468":{"scope":"remote","description":"An issue with incorrect ownership model of \"privateBrowsing\" information exposed through developer tools. This can result in a non-exploitable crash when manually triggered during debugging. This vulnerability affects Firefox < 53.","releases":{"sid":{"fixed_version":"52.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7766":{"scope":"local","description":"An attack using manipulation of \"updater.ini\" contents, used by the Mozilla Windows Updater, and privilege escalation through the Mozilla Maintenance Service to allow for arbitrary file execution and deletion by the Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-5465":{"scope":"remote","description":"An out-of-bounds read while processing SVG content in \"ConvolvePixel\". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.","releases":{"sid":{"fixed_version":"52.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7765":{"scope":"remote","description":"The \"Mark of the Web\" was not correctly saved on Windows when files with very long names were downloaded from the Internet. Without the Mark of the Web data, the security warning that Windows displays before running executables downloaded from the Internet is not shown. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7764":{"scope":"remote","description":"Characters from the \"Canadian Syllabics\" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw \"punycode\" form, allowing for domain name spoofing attacks through character confusion. The current Unicode standard allows characters from \"Aspirational Use Scripts\" such as Canadian Syllabics to be mixed with Latin characters in the \"moderately restrictive\" IDN profile. We have changed Firefox behavior to match the upcoming Unicode version 10.0 which removes this category and treats them as \"Limited Use Scripts.\". This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.","releases":{"sid":{"fixed_version":"54.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5466":{"scope":"remote","description":"If a page is loaded from an original site through a hyperlink and contains a redirect to a \"data:text/html\" URL, triggering a reload will run the reloaded \"data:text/html\" page with its origin set incorrectly. This allows for a cross-site scripting (XSS) attack. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.","releases":{"sid":{"fixed_version":"52.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5460":{"scope":"remote","description":"A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.","releases":{"sid":{"fixed_version":"52.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7779":{"debianbug":872834,"scope":"remote","description":"Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.","releases":{"sid":{"fixed_version":"55.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7774":{"scope":"remote","description":"Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function.","releases":{"sid":{"fixed_version":"54.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-5633":{"scope":"remote","description":"Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers to cause a denial of service (crash) by creating a range object using createRange, calling selectNode on a DocType node (DOCUMENT_TYPE_NODE), then calling createContextualFragment on the range, which triggers a null dereference.  NOTE: the original Bugtraq post mentioned that code execution was possible, but followup analysis has shown that it is only a null dereference.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7773":{"scope":"remote","description":"Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor.","releases":{"sid":{"fixed_version":"54.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7772":{"scope":"remote","description":"Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function.","releases":{"sid":{"fixed_version":"54.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5472":{"scope":"remote","description":"A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.","releases":{"sid":{"fixed_version":"54.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7771":{"scope":"remote","description":"Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function.","releases":{"sid":{"fixed_version":"54.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7778":{"scope":"remote","description":"A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.","releases":{"sid":{"fixed_version":"54.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7777":{"scope":"remote","description":"Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function.","releases":{"sid":{"fixed_version":"54.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7776":{"scope":"remote","description":"Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph.","releases":{"sid":{"fixed_version":"54.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7770":{"scope":"remote","description":"A mechanism where when a new tab is loaded through JavaScript events, if fullscreen mode is then entered, the addressbar will not be rendered. This would allow a malicious site to displayed a spoofed addressbar, showing the location of an arbitrary website instead of the one loaded. Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected. This vulnerability affects Firefox < 54.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-5470":{"scope":"remote","description":"Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.","releases":{"sid":{"fixed_version":"54.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-5471":{"scope":"remote","description":"Memory safety bugs were reported in Firefox 53. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54.","releases":{"sid":{"fixed_version":"54.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-5748":{"scope":"remote","description":"Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger memory corruption.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high","status":"resolved"}}}}
{"CVE-2006-0299":{"debianbug":351442,"scope":"remote","description":"The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal \"AnyName\" object to external interfaces, which allows multiple cooperating domains to exchange information in violation of the same origin restrictions.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-5747":{"scope":"remote","description":"Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary code via the XML.prototype.hasOwnProperty JavaScript function.","releases":{"sid":{"fixed_version":"45.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high","status":"resolved"}}}}
{"CVE-2019-5785":{"debianbug":818180,"releases":{"sid":{"fixed_version":"65.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2006-0295":{"debianbug":351442,"scope":"remote","description":"Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory corruption.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7785":{"debianbug":872834,"scope":"remote","description":"A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.","releases":{"sid":{"fixed_version":"55.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7784":{"debianbug":872834,"scope":"remote","description":"A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.","releases":{"sid":{"fixed_version":"55.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-0296":{"debianbug":351442,"scope":"remote","description":"The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7783":{"scope":"remote","description":"If a long user name is used in a username/password combination in a site URL (such as \" http://UserName:Password@example.com\"), the resulting modal prompt will hang in a non-responsive state or crash, causing a denial of service. This vulnerability affects Firefox < 55.","releases":{"sid":{"fixed_version":"55.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-0297":{"debianbug":351442,"scope":"remote","description":"Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the (1) EscapeAttributeValue in jsxml.c for E4X, (2) nsSVGCairoSurface::Init in SVG, and (3) nsCanvasRenderingContext2D.cpp in Canvas.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-0298":{"debianbug":351442,"scope":"remote","description":"The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly read sensitive data via unknown attack vectors that trigger an out-of-bounds read.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7782":{"scope":"remote","description":"An error in the \"WindowsDllDetourPatcher\" where a RWX (\"Read/Write/Execute\") 4k block is allocated but never protected, violating DEP protections. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7789":{"scope":"remote","description":"If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security (HSTS) will not be enabled for the connection. This vulnerability affects Firefox < 55.","releases":{"sid":{"fixed_version":"55.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2006-0292":{"debianbug":351442,"scope":"remote","description":"The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7788":{"scope":"remote","description":"When an \"iframe\" has a \"sandbox\" attribute and its content is specified using \"srcdoc\", that content does not inherit the containing page's Content Security Policy (CSP) as it should unless the sandbox attribute included \"allow-same-origin\". This vulnerability affects Firefox < 55.","releases":{"sid":{"fixed_version":"55.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-0293":{"debianbug":351442,"scope":"remote","description":"The function allocation code (js_NewFunction in jsfun.c) in Firefox 1.5 allows attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via user-defined methods that trigger garbage collection in a way that operates on freed objects.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7787":{"debianbug":872834,"scope":"remote","description":"Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.","releases":{"sid":{"fixed_version":"55.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7786":{"debianbug":872834,"scope":"remote","description":"A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.","releases":{"sid":{"fixed_version":"55.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-0294":{"debianbug":351442,"scope":"remote","description":"Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 allow remote attackers to execute arbitrary code by changing an element's style from position:relative to position:static, which causes Gecko to operate on freed memory.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.1-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7781":{"scope":"remote","description":"An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result \"POINT_AT_INFINITY\" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret. This vulnerability affects Firefox < 55.","releases":{"sid":{"fixed_version":"55.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7780":{"scope":"remote","description":"Memory safety bugs were reported in Firefox 54. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 55.","releases":{"sid":{"fixed_version":"55.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-9078":{"scope":"remote","description":"Redirection from an HTTP connection to a \"data:\" URL assigns the referring site's origin to the \"data:\" URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them. Note: This issue only affects Firefox 49 and 50. This vulnerability affects Firefox < 50.0.1.","releases":{"sid":{"fixed_version":"50.0.2-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9077":{"scope":"remote","description":"Canvas allows the use of the \"feDisplacementMap\" filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations. This vulnerability affects Firefox < 50.","releases":{"sid":{"fixed_version":"50.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9076":{"scope":"remote","description":"An issue where a \"<select>\" dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be enabled in order to function. This vulnerability affects Firefox < 50.","releases":{"sid":{"fixed_version":"50.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9075":{"scope":"remote","description":"An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox < 50.","releases":{"sid":{"fixed_version":"50.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-9073":{"scope":"remote","description":"WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox. This vulnerability affects Firefox < 50.","releases":{"sid":{"fixed_version":"50.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9072":{"scope":"remote","description":"When a new Firefox profile is created on 64-bit Windows installations, the sandbox for 64-bit NPAPI plugins is not enabled by default. Note: This issue only affects 64-bit Windows. 32-bit Windows and other operating systems are unaffected. This vulnerability affects Firefox < 50.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-9071":{"scope":"remote","description":"Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. This vulnerability affects Firefox < 50.","releases":{"sid":{"fixed_version":"50.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9079":{"scope":"remote","description":"A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.","releases":{"sid":{"fixed_version":"50.0.2-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-3677":{"scope":"remote","description":"Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object (window.navigator) that are accessed when Java starts up, which causes a crash that leads to code execution.","releases":{"sid":{"fixed_version":"1.5.dfsg+1.5.0.5-1","repositories":{"sid":"66.0.5-1"},"urgency":"high","status":"resolved"}}}}
{"CVE-2017-7796":{"scope":"local","description":"On Windows systems, the logger run by the Windows updater deletes the file \"update.log\" before it runs in order to write a new log of that name. The path to this file is supplied at the command line to the updater and could be used in concert with another local exploit to delete a different file named \"update.log\" instead of the one intended. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Firefox < 55.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-5375":{"scope":"remote","description":"JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.","releases":{"sid":{"fixed_version":"51.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-5376":{"scope":"remote","description":"Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.","releases":{"sid":{"fixed_version":"51.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7794":{"scope":"local","description":"On Linux systems, if the content process is compromised, the sandbox broker will allow files to be truncated even though the sandbox explicitly only has read access to the local file system and no write permissions. Note: This attack only affects the Linux operating system. Other operating systems are not affected. This vulnerability affects Firefox < 55.","releases":{"sid":{"fixed_version":"55.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5373":{"scope":"remote","description":"Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.","releases":{"sid":{"fixed_version":"51.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7793":{"scope":"remote","description":"A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.","releases":{"sid":{"fixed_version":"56.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-5374":{"scope":"remote","description":"Memory safety bugs were reported in Firefox 50.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 51.","releases":{"sid":{"fixed_version":"51.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-5379":{"scope":"remote","description":"Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing. This vulnerability affects Firefox < 51.","releases":{"sid":{"fixed_version":"51.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7799":{"scope":"remote","description":"JavaScript in the \"about:webrtc\" page is not sanitized properly being assigned to \"innerHTML\". Data on this page is supplied by WebRTC usage and is not under third-party control, making this difficult to exploit, but the vulnerability could possibly be used for a cross-site scripting (XSS) attack. This vulnerability affects Firefox < 55.","releases":{"sid":{"fixed_version":"55.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7798":{"scope":"remote","description":"The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. This vulnerability affects Firefox ESR < 52.3 and Firefox < 55.","releases":{"sid":{"fixed_version":"55.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5377":{"scope":"remote","description":"A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 51.","releases":{"sid":{"fixed_version":"51.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7797":{"scope":"remote","description":"Response header name interning does not have same-origin protections and these headers are stored in a global registry. This allows stored header names to be available cross-origin. This vulnerability affects Firefox < 55.","releases":{"sid":{"fixed_version":"55.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5378":{"scope":"remote","description":"Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.","releases":{"sid":{"fixed_version":"51.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-9080":{"scope":"remote","description":"Memory safety bugs were reported in Firefox 50.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1.","releases":{"sid":{"fixed_version":"50.1.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7792":{"debianbug":872834,"scope":"remote","description":"A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.","releases":{"sid":{"fixed_version":"55.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-7791":{"debianbug":872834,"scope":"remote","description":"On pages containing an iframe, the \"data:\" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.","releases":{"sid":{"fixed_version":"55.0-1","repositories":{"sid":"66.0.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7790":{"scope":"remote","description":"On Windows systems, if non-null-terminated strings are copied into the crash reporter for some specific registry keys, stack memory data can be copied until a null is found. This can potentially contain private data from the local system. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Firefox < 55.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"66.0.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"TEMP-0601325-4C9A5B":{"debianbug":601325,"releases":{"buster":{"fixed_version":"8.0.0-1.3","repositories":{"buster":"9.0.0-9"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"8.0.0-1.3","repositories":{"stretch":"9.0.0-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"8.0.0-1.2"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"8.0.0-1.3","repositories":{"sid":"9.0.0-9"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2004-0960":{"scope":"remote","description":"FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via malformed USR vendor-specific attributes (VSA) that cause a memcpy operation with a -1 argument.","releases":{"buster":{"fixed_version":"1.0.1","repositories":{"buster":"3.0.17+dfsg-1.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.1","repositories":{"stretch-security":"3.0.12+dfsg-5+deb9u1","stretch":"3.0.12+dfsg-5+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1","repositories":{"jessie":"2.2.5+dfsg-0.2+deb8u1","jessie-security":"2.2.5+dfsg-0.2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.1","repositories":{"sid":"3.0.17+dfsg-1.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-4474":{"debianbug":496389,"scope":"local","description":"freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files in (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, and (5) truncate_radacct.","releases":{"buster":{"fixed_version":"2.0.4+dfsg-6","repositories":{"buster":"3.0.17+dfsg-1.1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.0.4+dfsg-6","repositories":{"stretch-security":"3.0.12+dfsg-5+deb9u1","stretch":"3.0.12+dfsg-5+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.0.4+dfsg-6","repositories":{"jessie":"2.2.5+dfsg-0.2+deb8u1","jessie-security":"2.2.5+dfsg-0.2+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.0.4+dfsg-6","repositories":{"sid":"3.0.17+dfsg-1.1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-2028":{"scope":"remote","description":"Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUE_PAIR data structures.","releases":{"buster":{"fixed_version":"1.1.6-1","repositories":{"buster":"3.0.17+dfsg-1.1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.1.6-1","repositories":{"stretch-security":"3.0.12+dfsg-5+deb9u1","stretch":"3.0.12+dfsg-5+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.1.6-1","repositories":{"jessie":"2.2.5+dfsg-0.2+deb8u1","jessie-security":"2.2.5+dfsg-0.2+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.1.6-1","repositories":{"sid":"3.0.17+dfsg-1.1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2019-11234":{"debianbug":926958,"scope":"remote","description":"FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a \"Dragonblood\" issue, a similar issue to CVE-2019-9497.","releases":{"buster":{"fixed_version":"3.0.17+dfsg-1.1","repositories":{"buster":"3.0.17+dfsg-1.1"},"urgency":"high**","status":"resolved"},"stretch":{"nodsa":"Minor issue; plugin not enabled by default","repositories":{"stretch-security":"3.0.12+dfsg-5+deb9u1","stretch":"3.0.12+dfsg-5+deb9u1"},"urgency":"high**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.2.5+dfsg-0.2+deb8u1","jessie-security":"2.2.5+dfsg-0.2+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"3.0.17+dfsg-1.1","repositories":{"sid":"3.0.17+dfsg-1.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2004-0961":{"scope":"remote","description":"Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (memory exhaustion) via a series of Access-Request packets with (1) Ascend-Send-Secret, (2) Ascend-Recv-Secret, or (3) Tunnel-Password attributes.","releases":{"buster":{"fixed_version":"1.0.1","repositories":{"buster":"3.0.17+dfsg-1.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.1","repositories":{"stretch-security":"3.0.12+dfsg-5+deb9u1","stretch":"3.0.12+dfsg-5+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1","repositories":{"jessie":"2.2.5+dfsg-0.2+deb8u1","jessie-security":"2.2.5+dfsg-0.2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.1","repositories":{"sid":"3.0.17+dfsg-1.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-2015":{"debianbug":742820,"scope":"remote","description":"Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash.","releases":{"buster":{"fixed_version":"2.2.5+dfsg-0.1","repositories":{"buster":"3.0.17+dfsg-1.1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.2.5+dfsg-0.1","repositories":{"stretch-security":"3.0.12+dfsg-5+deb9u1","stretch":"3.0.12+dfsg-5+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.2.5+dfsg-0.1","repositories":{"jessie":"2.2.5+dfsg-0.2+deb8u1","jessie-security":"2.2.5+dfsg-0.2+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.2.5+dfsg-0.1","repositories":{"sid":"3.0.17+dfsg-1.1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2019-11235":{"debianbug":926958,"scope":"remote","description":"FreeRADIUS before 3.0.19 mishandles the \"each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used\" protection mechanism, aka a \"Dragonblood\" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499.","releases":{"buster":{"fixed_version":"3.0.17+dfsg-1.1","repositories":{"buster":"3.0.17+dfsg-1.1"},"urgency":"high**","status":"resolved"},"stretch":{"nodsa":"Minor issue; plugin not enabled by default","repositories":{"stretch-security":"3.0.12+dfsg-5+deb9u1","stretch":"3.0.12+dfsg-5+deb9u1"},"urgency":"high**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.2.5+dfsg-0.2+deb8u1","jessie-security":"2.2.5+dfsg-0.2+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"3.0.17+dfsg-1.1","repositories":{"sid":"3.0.17+dfsg-1.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2007-0080":{"scope":"local","description":"** DISPUTED **  Buffer overflow in the SMB_Connect_Server function in FreeRadius 1.1.3 and earlier allows attackers to execute arbitrary code related to the server desthost field of an SMB_Handle_Type instance.  NOTE: the impact of this issue has been disputed by a reliable third party and the vendor, who states that exploitation is limited \"only to local administrators who have write access to the server configuration files.\"  CVE concurs with the dispute.","releases":{"buster":{"repositories":{"buster":"3.0.17+dfsg-1.1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"3.0.12+dfsg-5+deb9u1","stretch":"3.0.12+dfsg-5+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.2.5+dfsg-0.2+deb8u1","jessie-security":"2.2.5+dfsg-0.2+deb8u1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.0.17+dfsg-1.1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-9148":{"debianbug":863673,"scope":"remote","description":"The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS.","releases":{"buster":{"fixed_version":"3.0.12+dfsg-5","repositories":{"buster":"3.0.17+dfsg-1.1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.0.12+dfsg-5","repositories":{"stretch-security":"3.0.12+dfsg-5+deb9u1","stretch":"3.0.12+dfsg-5+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.2.5+dfsg-0.2+deb8u1","jessie-security":"2.2.5+dfsg-0.2+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"3.0.12+dfsg-5","repositories":{"sid":"3.0.17+dfsg-1.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-10978":{"debianbug":868765,"scope":"remote","description":"An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows \"Read / write overflow in make_secret()\" and a denial of service.","releases":{"buster":{"fixed_version":"3.0.15+dfsg-1","repositories":{"buster":"3.0.17+dfsg-1.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.0.12+dfsg-5+deb9u1","repositories":{"stretch-security":"3.0.12+dfsg-5+deb9u1","stretch":"3.0.12+dfsg-5+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.2.5+dfsg-0.2+deb8u1","repositories":{"jessie":"2.2.5+dfsg-0.2+deb8u1","jessie-security":"2.2.5+dfsg-0.2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.0.15+dfsg-1","repositories":{"sid":"3.0.17+dfsg-1.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8762":{"scope":"remote","description":"The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a zero-length EAP-PWD packet.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.0.17+dfsg-1.1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"3.0.12+dfsg-5+deb9u1","stretch":"3.0.12+dfsg-5+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.2.5+dfsg-0.2+deb8u1","jessie-security":"2.2.5+dfsg-0.2+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.0.17+dfsg-1.1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-4680":{"debianbug":789623,"scope":"remote","description":"FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.","releases":{"buster":{"fixed_version":"2.2.8+dfsg-0.1","repositories":{"buster":"3.0.17+dfsg-1.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.2.8+dfsg-0.1","repositories":{"stretch-security":"3.0.12+dfsg-5+deb9u1","stretch":"3.0.12+dfsg-5+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.2.5+dfsg-0.2+deb8u1","jessie-security":"2.2.5+dfsg-0.2+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"2.2.8+dfsg-0.1","repositories":{"sid":"3.0.17+dfsg-1.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-10979":{"scope":"remote","description":"An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows \"Write overflow in rad_coalesce()\" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.","releases":{"buster":{"fixed_version":"3.0.12+dfsg-3","repositories":{"buster":"3.0.17+dfsg-1.1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.0.12+dfsg-3","repositories":{"stretch-security":"3.0.12+dfsg-5+deb9u1","stretch":"3.0.12+dfsg-5+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.2.5+dfsg-0.2+deb8u1","repositories":{"jessie":"2.2.5+dfsg-0.2+deb8u1","jessie-security":"2.2.5+dfsg-0.2+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"3.0.12+dfsg-3","repositories":{"sid":"3.0.17+dfsg-1.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-8763":{"scope":"remote","description":"The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.0.17+dfsg-1.1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"3.0.12+dfsg-5+deb9u1","stretch":"3.0.12+dfsg-5+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.2.5+dfsg-0.2+deb8u1","jessie-security":"2.2.5+dfsg-0.2+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.0.17+dfsg-1.1"},"urgency":"unimportant","status":"resolved"}}}}
{"TEMP-0000000-01E656":{"releases":{"buster":{"fixed_version":"1.0.2-4","repositories":{"buster":"3.0.17+dfsg-1.1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"1.0.2-4","repositories":{"stretch-security":"3.0.12+dfsg-5+deb9u1","stretch":"3.0.12+dfsg-5+deb9u1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"1.0.2-4","repositories":{"jessie":"2.2.5+dfsg-0.2+deb8u1","jessie-security":"2.2.5+dfsg-0.2+deb8u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"1.0.2-4","repositories":{"sid":"3.0.17+dfsg-1.1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2015-8764":{"scope":"remote","description":"Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.0.17+dfsg-1.1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"3.0.12+dfsg-5+deb9u1","stretch":"3.0.12+dfsg-5+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.2.5+dfsg-0.2+deb8u1","jessie-security":"2.2.5+dfsg-0.2+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.0.17+dfsg-1.1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-2701":{"scope":"remote","description":"The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP responders, which allows remote attackers to bypass authentication by using the EAP-TLS protocol with a revoked X.509 client certificate.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.0.17+dfsg-1.1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"3.0.12+dfsg-5+deb9u1","stretch":"3.0.12+dfsg-5+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.2.5+dfsg-0.2+deb8u1","jessie-security":"2.2.5+dfsg-0.2+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.0.17+dfsg-1.1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2003-0968":{"scope":"remote","description":"Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb experimental module for FreeRADIUS 0.9.3 and earlier allows remote attackers to execute arbitrary code via a long User-Password attribute.","releases":{"buster":{"fixed_version":"1.0.1","repositories":{"buster":"3.0.17+dfsg-1.1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.0.1","repositories":{"stretch-security":"3.0.12+dfsg-5+deb9u1","stretch":"3.0.12+dfsg-5+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1.0.1","repositories":{"jessie":"2.2.5+dfsg-0.2+deb8u1","jessie-security":"2.2.5+dfsg-0.2+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.0.1","repositories":{"sid":"3.0.17+dfsg-1.1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-4966":{"debianbug":694407,"scope":"remote","description":"modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password.","releases":{"buster":{"fixed_version":"2.1.12+dfsg-1.2","repositories":{"buster":"3.0.17+dfsg-1.1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.1.12+dfsg-1.2","repositories":{"stretch-security":"3.0.12+dfsg-5+deb9u1","stretch":"3.0.12+dfsg-5+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.1.12+dfsg-1.2","repositories":{"jessie":"2.2.5+dfsg-0.2+deb8u1","jessie-security":"2.2.5+dfsg-0.2+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.1.12+dfsg-1.2","repositories":{"sid":"3.0.17+dfsg-1.1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2003-0967":{"scope":"remote","description":"rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a short RADIUS string attribute with a tag, which causes memcpy to be called with a -1 length argument, as demonstrated using the Tunnel-Password attribute.","releases":{"buster":{"fixed_version":"0.9.2-4","repositories":{"buster":"3.0.17+dfsg-1.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.9.2-4","repositories":{"stretch-security":"3.0.12+dfsg-5+deb9u1","stretch":"3.0.12+dfsg-5+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.9.2-4","repositories":{"jessie":"2.2.5+dfsg-0.2+deb8u1","jessie-security":"2.2.5+dfsg-0.2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.9.2-4","repositories":{"sid":"3.0.17+dfsg-1.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-3547":{"debianbug":687175,"scope":"remote","description":"Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long \"not after\" timestamp in a client certificate.","releases":{"buster":{"fixed_version":"2.1.12+dfsg-1.1","repositories":{"buster":"3.0.17+dfsg-1.1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"2.1.12+dfsg-1.1","repositories":{"stretch-security":"3.0.12+dfsg-5+deb9u1","stretch":"3.0.12+dfsg-5+deb9u1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"2.1.12+dfsg-1.1","repositories":{"jessie":"2.2.5+dfsg-0.2+deb8u1","jessie-security":"2.2.5+dfsg-0.2+deb8u1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"2.1.12+dfsg-1.1","repositories":{"sid":"3.0.17+dfsg-1.1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2004-0938":{"scope":"remote","description":"FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (server crash) by sending an Ascend-Send-Secret attribute without the required leading packet.","releases":{"buster":{"fixed_version":"1.0.1","repositories":{"buster":"3.0.17+dfsg-1.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.1","repositories":{"stretch-security":"3.0.12+dfsg-5+deb9u1","stretch":"3.0.12+dfsg-5+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.1","repositories":{"jessie":"2.2.5+dfsg-0.2+deb8u1","jessie-security":"2.2.5+dfsg-0.2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.1","repositories":{"sid":"3.0.17+dfsg-1.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-10981":{"scope":"remote","description":"An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows \"DHCP - Memory leak in fr_dhcp_decode()\" and a denial of service.","releases":{"buster":{"fixed_version":"3.0.12+dfsg-3","repositories":{"buster":"3.0.17+dfsg-1.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.0.12+dfsg-3","repositories":{"stretch-security":"3.0.12+dfsg-5+deb9u1","stretch":"3.0.12+dfsg-5+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.2.5+dfsg-0.2+deb8u1","repositories":{"jessie":"2.2.5+dfsg-0.2+deb8u1","jessie-security":"2.2.5+dfsg-0.2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.0.12+dfsg-3","repositories":{"sid":"3.0.17+dfsg-1.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-10980":{"scope":"remote","description":"An FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows \"DHCP - Memory leak in decode_tlv()\" and a denial of service.","releases":{"buster":{"fixed_version":"3.0.12+dfsg-3","repositories":{"buster":"3.0.17+dfsg-1.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.0.12+dfsg-3","repositories":{"stretch-security":"3.0.12+dfsg-5+deb9u1","stretch":"3.0.12+dfsg-5+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.2.5+dfsg-0.2+deb8u1","repositories":{"jessie":"2.2.5+dfsg-0.2+deb8u1","jessie-security":"2.2.5+dfsg-0.2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.0.12+dfsg-3","repositories":{"sid":"3.0.17+dfsg-1.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-3697":{"debianbug":600176,"scope":"remote","description":"The wait_for_child_to_die function in main/event.c in FreeRADIUS 2.1.x before 2.1.10, in certain circumstances involving long-term database outages, does not properly handle long queue times for requests, which allows remote attackers to cause a denial of service (daemon crash) by sending many requests.","releases":{"buster":{"fixed_version":"2.1.10+dfsg-1","repositories":{"buster":"3.0.17+dfsg-1.1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.1.10+dfsg-1","repositories":{"stretch-security":"3.0.12+dfsg-5+deb9u1","stretch":"3.0.12+dfsg-5+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.1.10+dfsg-1","repositories":{"jessie":"2.2.5+dfsg-0.2+deb8u1","jessie-security":"2.2.5+dfsg-0.2+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.1.10+dfsg-1","repositories":{"sid":"3.0.17+dfsg-1.1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-10983":{"debianbug":868765,"scope":"remote","description":"An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows \"DHCP - Read overflow when decoding option 63\" and a denial of service.","releases":{"buster":{"fixed_version":"3.0.15+dfsg-1","repositories":{"buster":"3.0.17+dfsg-1.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.0.12+dfsg-5+deb9u1","repositories":{"stretch-security":"3.0.12+dfsg-5+deb9u1","stretch":"3.0.12+dfsg-5+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.2.5+dfsg-0.2+deb8u1","repositories":{"jessie":"2.2.5+dfsg-0.2+deb8u1","jessie-security":"2.2.5+dfsg-0.2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.0.15+dfsg-1","repositories":{"sid":"3.0.17+dfsg-1.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-3696":{"debianbug":600176,"scope":"remote","description":"The fr_dhcp_decode function in lib/dhcp.c in FreeRADIUS 2.1.9, in certain non-default builds, does not properly handle the DHCP Relay Agent Information option, which allows remote attackers to cause a denial of service (infinite loop and daemon outage) via a packet that has more than one sub-option.  NOTE: some of these details are obtained from third party information.","releases":{"buster":{"fixed_version":"2.1.10+dfsg-1","repositories":{"buster":"3.0.17+dfsg-1.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.1.10+dfsg-1","repositories":{"stretch-security":"3.0.12+dfsg-5+deb9u1","stretch":"3.0.12+dfsg-5+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.1.10+dfsg-1","repositories":{"jessie":"2.2.5+dfsg-0.2+deb8u1","jessie-security":"2.2.5+dfsg-0.2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.1.10+dfsg-1","repositories":{"sid":"3.0.17+dfsg-1.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-1354":{"debianbug":359042,"scope":"remote","description":"Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via \"Insufficient input validation\" in the EAP-MSCHAPv2 state machine module.","releases":{"buster":{"fixed_version":"1.1.0-1.2","repositories":{"buster":"3.0.17+dfsg-1.1"},"urgency":"high","status":"resolved"},"stretch":{"fixed_version":"1.1.0-1.2","repositories":{"stretch-security":"3.0.12+dfsg-5+deb9u1","stretch":"3.0.12+dfsg-5+deb9u1"},"urgency":"high","status":"resolved"},"jessie":{"fixed_version":"1.1.0-1.2","repositories":{"jessie":"2.2.5+dfsg-0.2+deb8u1","jessie-security":"2.2.5+dfsg-0.2+deb8u1"},"urgency":"high","status":"resolved"},"sid":{"fixed_version":"1.1.0-1.2","repositories":{"sid":"3.0.17+dfsg-1.1"},"urgency":"high","status":"resolved"}}}}
{"CVE-2017-10982":{"scope":"remote","description":"An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows \"DHCP - Buffer over-read in fr_dhcp_decode_options()\" and a denial of service.","releases":{"buster":{"fixed_version":"3.0.12+dfsg-3","repositories":{"buster":"3.0.17+dfsg-1.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.0.12+dfsg-3","repositories":{"stretch-security":"3.0.12+dfsg-5+deb9u1","stretch":"3.0.12+dfsg-5+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.2.5+dfsg-0.2+deb8u1","repositories":{"jessie":"2.2.5+dfsg-0.2+deb8u1","jessie-security":"2.2.5+dfsg-0.2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.0.12+dfsg-3","repositories":{"sid":"3.0.17+dfsg-1.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-3111":{"scope":"remote","description":"The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11.  NOTE: this is a regression error related to CVE-2003-0967.","releases":{"buster":{"fixed_version":"2.0.0-1","repositories":{"buster":"3.0.17+dfsg-1.1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.0.0-1","repositories":{"stretch-security":"3.0.12+dfsg-5+deb9u1","stretch":"3.0.12+dfsg-5+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.0.0-1","repositories":{"jessie":"2.2.5+dfsg-0.2+deb8u1","jessie-security":"2.2.5+dfsg-0.2+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.0.0-1","repositories":{"sid":"3.0.17+dfsg-1.1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2005-1454":{"scope":"remote","description":"SQL injection vulnerability in the radius_xlat function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via (1) group_membership_query, (2) simul_count_query, or (3) simul_verify_query configuration entries.","releases":{"buster":{"fixed_version":"1.0.2-4","repositories":{"buster":"3.0.17+dfsg-1.1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0.2-4","repositories":{"stretch-security":"3.0.12+dfsg-5+deb9u1","stretch":"3.0.12+dfsg-5+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.0.2-4","repositories":{"jessie":"2.2.5+dfsg-0.2+deb8u1","jessie-security":"2.2.5+dfsg-0.2+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0.2-4","repositories":{"sid":"3.0.17+dfsg-1.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-0524":{"scope":"remote","description":"The default configuration of the FreeRADIUS server in Apple Mac OS X Server before 10.6.3 permits EAP-TLS authenticated connections on the basis of an arbitrary client certificate, which allows remote attackers to obtain network connectivity via a crafted RADIUS Access Request message.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.0.17+dfsg-1.1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"3.0.12+dfsg-5+deb9u1","stretch":"3.0.12+dfsg-5+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.2.5+dfsg-0.2+deb8u1","jessie-security":"2.2.5+dfsg-0.2+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.0.17+dfsg-1.1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2005-1455":{"scope":"remote","description":"Buffer overflow in the sql_escape_func function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote attackers to cause a denial of service (crash).","releases":{"buster":{"fixed_version":"1.0.2-4","repositories":{"buster":"3.0.17+dfsg-1.1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0.2-4","repositories":{"stretch-security":"3.0.12+dfsg-5+deb9u1","stretch":"3.0.12+dfsg-5+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.0.2-4","repositories":{"jessie":"2.2.5+dfsg-0.2+deb8u1","jessie-security":"2.2.5+dfsg-0.2+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0.2-4","repositories":{"sid":"3.0.17+dfsg-1.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2005-4745":{"scope":"remote","description":"SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.","releases":{"buster":{"fixed_version":"1.0.5-1","repositories":{"buster":"3.0.17+dfsg-1.1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0.5-1","repositories":{"stretch-security":"3.0.12+dfsg-5+deb9u1","stretch":"3.0.12+dfsg-5+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.0.5-1","repositories":{"jessie":"2.2.5+dfsg-0.2+deb8u1","jessie-security":"2.2.5+dfsg-0.2+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0.5-1","repositories":{"sid":"3.0.17+dfsg-1.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2005-4744":{"scope":"remote","description":"Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the external database query to fail.  NOTE: this single issue is part of a larger-scale disclosure, originally by SUSE, which reported multiple issues that were disputed by FreeRADIUS.  Disputed issues included file descriptor leaks, memory disclosure, LDAP injection, and other issues.  Without additional information, the most recent FreeRADIUS report is being regarded as the authoritative source for this CVE identifier.","releases":{"buster":{"fixed_version":"1.0.5-1","repositories":{"buster":"3.0.17+dfsg-1.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.5-1","repositories":{"stretch-security":"3.0.12+dfsg-5+deb9u1","stretch":"3.0.12+dfsg-5+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.5-1","repositories":{"jessie":"2.2.5+dfsg-0.2+deb8u1","jessie-security":"2.2.5+dfsg-0.2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.5-1","repositories":{"sid":"3.0.17+dfsg-1.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-10985":{"debianbug":868765,"scope":"remote","description":"An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows \"Infinite loop and memory exhaustion with 'concat' attributes\" and a denial of service.","releases":{"buster":{"fixed_version":"3.0.15+dfsg-1","repositories":{"buster":"3.0.17+dfsg-1.1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.0.12+dfsg-5+deb9u1","repositories":{"stretch-security":"3.0.12+dfsg-5+deb9u1","stretch":"3.0.12+dfsg-5+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.2.5+dfsg-0.2+deb8u1","jessie-security":"2.2.5+dfsg-0.2+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"3.0.15+dfsg-1","repositories":{"sid":"3.0.17+dfsg-1.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-10984":{"debianbug":868765,"scope":"remote","description":"An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows \"Write overflow in data2vp_wimax()\" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.","releases":{"buster":{"fixed_version":"3.0.15+dfsg-1","repositories":{"buster":"3.0.17+dfsg-1.1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"3.0.12+dfsg-5+deb9u1","repositories":{"stretch-security":"3.0.12+dfsg-5+deb9u1","stretch":"3.0.12+dfsg-5+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.2.5+dfsg-0.2+deb8u1","jessie-security":"2.2.5+dfsg-0.2+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"3.0.15+dfsg-1","repositories":{"sid":"3.0.17+dfsg-1.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2005-4746":{"scope":"remote","description":"Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote attackers to cause denial of service (crash) via (1) the rlm_sqlcounter module or (2) unknown vectors \"while expanding %t\".","releases":{"buster":{"fixed_version":"1.0.5-1","repositories":{"buster":"3.0.17+dfsg-1.1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0.5-1","repositories":{"stretch-security":"3.0.12+dfsg-5+deb9u1","stretch":"3.0.12+dfsg-5+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.0.5-1","repositories":{"jessie":"2.2.5+dfsg-0.2+deb8u1","jessie-security":"2.2.5+dfsg-0.2+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0.5-1","repositories":{"sid":"3.0.17+dfsg-1.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-10987":{"debianbug":868765,"scope":"remote","description":"An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows \"DHCP - Buffer over-read in fr_dhcp_decode_suboptions()\" and a denial of service.","releases":{"buster":{"fixed_version":"3.0.15+dfsg-1","repositories":{"buster":"3.0.17+dfsg-1.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.0.12+dfsg-5+deb9u1","repositories":{"stretch-security":"3.0.12+dfsg-5+deb9u1","stretch":"3.0.12+dfsg-5+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.2.5+dfsg-0.2+deb8u1","jessie-security":"2.2.5+dfsg-0.2+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"3.0.15+dfsg-1","repositories":{"sid":"3.0.17+dfsg-1.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-10986":{"debianbug":868765,"scope":"remote","description":"An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows \"DHCP - Infinite read in dhcp_attr2vp()\" and a denial of service.","releases":{"buster":{"fixed_version":"3.0.15+dfsg-1","repositories":{"buster":"3.0.17+dfsg-1.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.0.12+dfsg-5+deb9u1","repositories":{"stretch-security":"3.0.12+dfsg-5+deb9u1","stretch":"3.0.12+dfsg-5+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.2.5+dfsg-0.2+deb8u1","jessie-security":"2.2.5+dfsg-0.2+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"3.0.15+dfsg-1","repositories":{"sid":"3.0.17+dfsg-1.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-2063":{"scope":"remote","description":"Integer overflow in X.org libXtst 1.2.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XRecordGetContext function.","releases":{"buster":{"fixed_version":"2:1.2.1-1+deb7u1","repositories":{"buster":"2:1.2.3-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2:1.2.1-1+deb7u1","repositories":{"stretch":"2:1.2.3-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2:1.2.1-1+deb7u1","repositories":{"jessie":"2:1.2.2-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:1.2.1-1+deb7u1","repositories":{"sid":"2:1.2.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-7952":{"debianbug":840444,"scope":"remote","description":"X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data.","releases":{"buster":{"fixed_version":"2:1.2.3-1","repositories":{"buster":"2:1.2.3-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2:1.2.3-1","repositories":{"stretch":"2:1.2.3-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2:1.2.2-1+deb8u1","repositories":{"jessie":"2:1.2.2-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2:1.2.3-1","repositories":{"sid":"2:1.2.3-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-7951":{"debianbug":840444,"scope":"remote","description":"Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks.","releases":{"buster":{"fixed_version":"2:1.2.3-1","repositories":{"buster":"2:1.2.3-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2:1.2.3-1","repositories":{"stretch":"2:1.2.3-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2:1.2.2-1+deb8u1","repositories":{"jessie":"2:1.2.2-1+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2:1.2.3-1","repositories":{"sid":"2:1.2.3-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-4085":{"debianbug":496381,"scope":"local","description":"plaiter in Plait before 1.6 allows local users to overwrite arbitrary files via a symlink attack on (1) cut.$$, (2) head.$$, (3) awk.$$, and (4) ps.$$ temporary files in /tmp/.","releases":{"buster":{"fixed_version":"1.5.2-2","repositories":{"buster":"1.6.2-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.5.2-2","repositories":{"stretch":"1.6.2-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.5.2-2","repositories":{"jessie":"1.6.2-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.5.2-2","repositories":{"sid":"1.6.2-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-10091":{"debianbug":849705,"scope":"remote","description":"Multiple stack-based buffer overflows in unrtf 0.21.9 allow remote attackers to cause a denial-of-service by writing a negative integer to the (1) cmd_expand function, (2) cmd_emboss function, or (3) cmd_engrave function.","releases":{"buster":{"fixed_version":"0.21.9-clean-3","repositories":{"buster":"0.21.10-clean-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.21.9-clean-3","repositories":{"stretch":"0.21.9-clean-3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.21.5-3+deb8u1","repositories":{"jessie":"0.21.5-3+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.21.9-clean-3","repositories":{"sid":"0.21.10-clean-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-9275":{"debianbug":772811,"scope":"remote","description":"UnRTF allows remote attackers to cause a denial of service (out-of-bounds memory access and crash) and possibly execute arbitrary code via a crafted RTF file.","releases":{"buster":{"fixed_version":"0.21.5-2","repositories":{"buster":"0.21.10-clean-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.21.5-2","repositories":{"stretch":"0.21.9-clean-3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.21.5-2","repositories":{"jessie":"0.21.5-3+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.21.5-2","repositories":{"sid":"0.21.10-clean-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-9274":{"debianbug":772811,"scope":"remote","description":"UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string \"{\\cb-999999999\".","releases":{"buster":{"fixed_version":"0.21.5-2","repositories":{"buster":"0.21.10-clean-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.21.5-2","repositories":{"stretch":"0.21.9-clean-3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.21.5-2","repositories":{"jessie":"0.21.5-3+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.21.5-2","repositories":{"sid":"0.21.10-clean-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2004-1297":{"debianbug":287038,"scope":"remote","description":"Buffer overflow in the process_font_table function in convert.c for unrtf 0.19.3 allows remote attackers to execute arbitrary code via a crafted RTF file.","releases":{"buster":{"fixed_version":"0.19.3-1.1","repositories":{"buster":"0.21.10-clean-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.19.3-1.1","repositories":{"stretch":"0.21.9-clean-3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.19.3-1.1","repositories":{"jessie":"0.21.5-3+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.19.3-1.1","repositories":{"sid":"0.21.10-clean-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-0104":{"debianbug":764801,"releases":{"buster":{"fixed_version":"4.0.17-1","repositories":{"buster":"4.3.3-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"4.0.17-1","repositories":{"stretch":"4.0.25-1"},"urgency":"low","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.1.5-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"4.0.17-1","repositories":{"sid":"4.3.3-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2003-0382":{"scope":"local","description":"Buffer overflow in Eterm 0.9.2 allows local users to gain privileges via a long ETERMPATH environment variable.","releases":{"buster":{"fixed_version":"0.9.2-1","repositories":{"buster":"0.9.6-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.9.2-1","repositories":{"stretch":"0.9.6-5"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.9.2-1","repositories":{"jessie":"0.9.6-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.9.2-1","repositories":{"sid":"0.9.6-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-1692":{"debianbug":473127,"scope":"local","description":"Eterm 0.9.4 opens a terminal window on :0 if -display is not specified and the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections.  NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine.","releases":{"buster":{"fixed_version":"0.9.4.0debian1-2.1","repositories":{"buster":"0.9.6-5"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0.9.4.0debian1-2.1","repositories":{"stretch":"0.9.6-5"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0.9.4.0debian1-2.1","repositories":{"jessie":"0.9.6-1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0.9.4.0debian1-2.1","repositories":{"sid":"0.9.6-6"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2003-0068":{"scope":"remote","description":"The Eterm terminal emulator 0.9.1 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.","releases":{"buster":{"fixed_version":"0.9.2-6","repositories":{"buster":"0.9.6-5"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.9.2-6","repositories":{"stretch":"0.9.6-5"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.9.2-6","repositories":{"jessie":"0.9.6-1+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.9.2-6","repositories":{"sid":"0.9.6-6"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2003-0021":{"scope":"remote","description":"The \"screen dump\" feature in Eterm 0.9.1 and earlier allows attackers to overwrite arbitrary files via a certain character escape sequence when it is echoed to a user's terminal, e.g. when the user views a file containing the malicious sequence.","releases":{"buster":{"fixed_version":"0.9.2-1","repositories":{"buster":"0.9.6-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.9.2-1","repositories":{"stretch":"0.9.6-5"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.9.2-1","repositories":{"jessie":"0.9.6-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.9.2-1","repositories":{"sid":"0.9.6-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-0077":{"scope":"local","description":"The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file.","releases":{"buster":{"fixed_version":"1.46-6","repositories":{"buster":"1.642-1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.46-6","repositories":{"stretch":"1.636-1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.46-6","repositories":{"jessie":"1.631-3"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.46-6","repositories":{"sid":"1.642-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-1000825":{"debianbug":917023,"scope":"remote","description":"FreeCol version <= nightly-2018-08-22 contains a XML External Entity (XXE) vulnerability in FreeColXMLReader parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Freecol file.","releases":{"buster":{"nodsa":"Minor issue","repositories":{"buster":"0.11.6+dfsg2-2"},"urgency":"low","nodsa_reason":"","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.11.6+dfsg-1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"repositories":{"jessie":"0.10.7+dfsg-3"},"urgency":"end-of-life","status":"open"},"sid":{"repositories":{"sid":"0.11.6+dfsg2-2"},"urgency":"low","status":"open"}}}}
{"CVE-2018-18718":{"debianbug":912290,"scope":"local","description":"An issue was discovered in gThumb through 3.6.2. There is a double-free vulnerability in the add_themes_from_dir method in dlg-contact-sheet.c because of two successive calls of g_free, each of which frees the same buffer.","releases":{"buster":{"fixed_version":"3:3.6.2-2","repositories":{"buster":"3:3.6.2-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"3:3.4.4.1-5"},"urgency":"unimportant","status":"open"},"jessie":{"fixed_version":"3:3.3.1-2.1+deb8u1","repositories":{"jessie":"3:3.3.1-2","jessie-security":"3:3.3.1-2.1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3:3.6.2-2","repositories":{"sid":"3:3.6.2-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-10077":{"debianbug":913093,"scope":"remote","description":"Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attackers to cause a denial of service (application crash) via a call in a situation where :some_key is present in keep_keys but not present in the hash.","releases":{"buster":{"fixed_version":"0.7.0-3","repositories":{"buster":"1.5.3-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.7.0-2+deb9u1","repositories":{"stretch":"0.7.0-2+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.6.9-2+deb8u1","repositories":{"jessie":"0.6.9-2","jessie-security":"0.6.9-2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.7.0-3","repositories":{"sid":"1.5.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-4492":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call.","releases":{"buster":{"fixed_version":"0.6.9-1","repositories":{"buster":"1.5.3-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.6.9-1","repositories":{"stretch":"0.7.0-2+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.6.9-1","repositories":{"jessie":"0.6.9-2","jessie-security":"0.6.9-2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.6.9-1","repositories":{"sid":"1.5.3-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-4128":{"debianbug":555195,"scope":"local","description":"GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted portion of a password with the actual password, which makes it easier for physically proximate attackers to conduct brute force attacks and bypass authentication by submitting a password whose length is 1.","releases":{"buster":{"fixed_version":"1.97+20091115-1","repositories":{"buster":"2.02+dfsg1-18"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.97+20091115-1","repositories":{"stretch":"2.02~beta3-5+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.97+20091115-1","repositories":{"jessie":"2.02~beta2-22+deb8u1","jessie-security":"2.02~beta2-22+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.97+20091115-1","repositories":{"sid":"2.02+dfsg1-18"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-9763":{"debianbug":869423,"scope":"remote","description":"The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote attackers to cause a denial of service (excessive stack use and application crash) via a crafted binary file, related to use of a variable-size stack array.","releases":{"buster":{"fixed_version":"2.02~beta2-8","repositories":{"buster":"2.02+dfsg1-18"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.02~beta2-8","repositories":{"stretch":"2.02~beta3-5+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.02~beta2-8","repositories":{"jessie":"2.02~beta2-22+deb8u1","jessie-security":"2.02~beta2-22+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.02~beta2-8","repositories":{"sid":"2.02+dfsg1-18"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-8370":{"debianbug":807614,"scope":"local","description":"Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an \"Off-by-two\" or \"Out of bounds overwrite\" memory error.","releases":{"buster":{"fixed_version":"2.02~beta2-33","repositories":{"buster":"2.02+dfsg1-18"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.02~beta2-33","repositories":{"stretch":"2.02~beta3-5+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.02~beta2-22+deb8u1","repositories":{"jessie":"2.02~beta2-22+deb8u1","jessie-security":"2.02~beta2-22+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.02~beta2-33","repositories":{"sid":"2.02+dfsg1-18"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-4577":{"debianbug":632598,"scope":"local","description":"A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the password_pbkdf2 directive in the file.","releases":{"buster":{"fixed_version":"2.00-20","repositories":{"buster":"2.02+dfsg1-18"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.00-20","repositories":{"stretch":"2.02~beta3-5+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.00-20","repositories":{"jessie":"2.02~beta2-22+deb8u1","jessie-security":"2.02~beta2-22+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.00-20","repositories":{"sid":"2.02+dfsg1-18"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-5281":{"scope":"local","description":"The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL) 7, when used on UEFI systems, allows local users to bypass intended Secure Boot restrictions and execute non-verified code via a crafted (1) multiboot or (2) multiboot2 module in the configuration file or physically proximate attackers to bypass intended Secure Boot restrictions and execute non-verified code via the (3) boot menu.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.02+dfsg1-18"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"2.02~beta3-5+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.02~beta2-22+deb8u1","jessie-security":"2.02~beta2-22+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.02+dfsg1-18"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-9658":{"debianbug":924598,"scope":"remote","description":"Checkstyle before 8.18 loads external DTDs by default.","releases":{"buster":{"nodsa":"Minor issue","repositories":{"buster":"8.15-1"},"urgency":"low","nodsa_reason":"","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"6.15-1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"5.9-1+deb8u1","repositories":{"jessie":"5.9-1","jessie-security":"5.9-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"repositories":{"sid":"8.15-1"},"urgency":"low","status":"open"}}}}
{"CVE-2017-7524":{"debianbug":866257,"scope":"remote","description":"tpm2-tools versions before 1.1.1 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC.","releases":{"buster":{"fixed_version":"2.1.0-1","repositories":{"buster":"3.1.3-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.1.0-1","repositories":{"sid":"3.1.3-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-4865":{"debianbug":507312,"scope":"local","description":"Untrusted search path vulnerability in valgrind before 3.4.0 allows local users to execute arbitrary programs via a Trojan horse .valgrindrc file in the current working directory, as demonstrated using a malicious --db-command options.  NOTE: the severity of this issue has been disputed, but CVE is including this issue because execution of a program from an untrusted directory is a common scenario.","releases":{"buster":{"fixed_version":"1:3.3.1-3","repositories":{"buster":"1:3.14.0-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1:3.3.1-3","repositories":{"stretch":"1:3.12.0~svn20160714-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1:3.3.1-3","repositories":{"jessie":"1:3.10.0-4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:3.3.1-3","repositories":{"sid":"1:3.14.0-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2004-1437":{"scope":"remote","description":"Multiple buffer overflows in the digest authentication functionality in Pavuk 0.9.28-r2 and earlier allow remote attackers to execute arbitrary code.","releases":{"stretch":{"fixed_version":"0.9pl28-3.1","repositories":{"stretch":"0.9.35-6.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2004-0456":{"debianbug":264684,"scope":"remote","description":"Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly other versions allows remote web sites to execute arbitrary code via a long HTTP Location header.","releases":{"stretch":{"fixed_version":"0.9pl28-3","repositories":{"stretch":"0.9.35-6.1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2005-1035":{"scope":"remote","description":"Multiple buffer overflows in Pavuk before 0.9.32 have unknown attack vectors and impact.","releases":{"stretch":{"fixed_version":"0.9.32-1","repositories":{"stretch":"0.9.35-6.1"},"urgency":"high**","status":"resolved"}}}}
{"TEMP-0264684-94ACC3":{"debianbug":264684,"releases":{"stretch":{"fixed_version":"0.9.33-1","repositories":{"stretch":"0.9.35-6.1"},"urgency":"high","status":"resolved"}}}}
{"CVE-2002-1216":{"scope":"remote","description":"GNU tar 1.13.19 and other versions before 1.13.25 allows remote attackers to overwrite arbitrary files via a symlink attack, as the result of a modification that effectively disabled the security check.","releases":{"buster":{"fixed_version":"1.13.25","repositories":{"buster":"1.30+dfsg-6"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.13.25","repositories":{"stretch":"1.29b-1.1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.13.25","repositories":{"jessie":"1.27.1-2+deb8u1","jessie-security":"1.27.1-2+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.13.25","repositories":{"sid":"1.30+dfsg-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-1918":{"scope":"remote","description":"The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an \"incorrect optimization\" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving \"/../\" sequences with a leading \"/\".","releases":{"buster":{"fixed_version":"1.14-2.2","repositories":{"buster":"1.30+dfsg-6"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.14-2.2","repositories":{"stretch":"1.29b-1.1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.14-2.2","repositories":{"jessie":"1.27.1-2+deb8u1","jessie-security":"1.27.1-2+deb8u2"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.14-2.2","repositories":{"sid":"1.30+dfsg-6"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2005-2541":{"debianbug":328228,"scope":"remote","description":"Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.","releases":{"buster":{"repositories":{"buster":"1.30+dfsg-6"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"1.29b-1.1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1.27.1-2+deb8u1","jessie-security":"1.27.1-2+deb8u2"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"1.30+dfsg-6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2019-9923":{"debianbug":925286,"scope":"remote","description":"pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.","releases":{"buster":{"repositories":{"buster":"1.30+dfsg-6"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"1.29b-1.1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1.27.1-2+deb8u1","jessie-security":"1.27.1-2+deb8u2"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"1.30+dfsg-6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2006-6097":{"debianbug":399845,"scope":"remote","description":"GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216.","releases":{"buster":{"fixed_version":"1.16-2","repositories":{"buster":"1.30+dfsg-6"},"urgency":"high","status":"resolved"},"stretch":{"fixed_version":"1.16-2","repositories":{"stretch":"1.29b-1.1"},"urgency":"high","status":"resolved"},"jessie":{"fixed_version":"1.16-2","repositories":{"jessie":"1.27.1-2+deb8u1","jessie-security":"1.27.1-2+deb8u2"},"urgency":"high","status":"resolved"},"sid":{"fixed_version":"1.16-2","repositories":{"sid":"1.30+dfsg-6"},"urgency":"high","status":"resolved"}}}}
{"CVE-2018-20482":{"debianbug":917377,"scope":"local","description":"GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).","releases":{"buster":{"fixed_version":"1.30+dfsg-3.1","repositories":{"buster":"1.30+dfsg-6"},"urgency":"low**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.29b-1.1"},"urgency":"low**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"1.27.1-2+deb8u2","repositories":{"jessie":"1.27.1-2+deb8u1","jessie-security":"1.27.1-2+deb8u2"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.30+dfsg-3.1","repositories":{"sid":"1.30+dfsg-6"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2007-4131":{"debianbug":439335,"scope":"remote","description":"Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.","releases":{"buster":{"fixed_version":"1.18-2","repositories":{"buster":"1.30+dfsg-6"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.18-2","repositories":{"stretch":"1.29b-1.1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.18-2","repositories":{"jessie":"1.27.1-2+deb8u1","jessie-security":"1.27.1-2+deb8u2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.18-2","repositories":{"sid":"1.30+dfsg-6"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2010-0624":{"scope":"remote","description":"Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character.","releases":{"buster":{"fixed_version":"1.23-1","repositories":{"buster":"1.30+dfsg-6"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.23-1","repositories":{"stretch":"1.29b-1.1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.23-1","repositories":{"jessie":"1.27.1-2+deb8u1","jessie-security":"1.27.1-2+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.23-1","repositories":{"sid":"1.30+dfsg-6"},"urgency":"low","status":"resolved"}}}}
{"TEMP-0290435-0B57B5":{"debianbug":290435,"releases":{"buster":{"repositories":{"buster":"1.30+dfsg-6"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"1.29b-1.1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1.27.1-2+deb8u1","jessie-security":"1.27.1-2+deb8u2"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"1.30+dfsg-6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2006-0300":{"debianbug":354091,"scope":"remote","description":"Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.","releases":{"buster":{"fixed_version":"1.15.1-3","repositories":{"buster":"1.30+dfsg-6"},"urgency":"high","status":"resolved"},"stretch":{"fixed_version":"1.15.1-3","repositories":{"stretch":"1.29b-1.1"},"urgency":"high","status":"resolved"},"jessie":{"fixed_version":"1.15.1-3","repositories":{"jessie":"1.27.1-2+deb8u1","jessie-security":"1.27.1-2+deb8u2"},"urgency":"high","status":"resolved"},"sid":{"fixed_version":"1.15.1-3","repositories":{"sid":"1.30+dfsg-6"},"urgency":"high","status":"resolved"}}}}
{"CVE-2016-6321":{"debianbug":842339,"scope":"remote","description":"Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.","releases":{"buster":{"fixed_version":"1.29b-1.1","repositories":{"buster":"1.30+dfsg-6"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.29b-1.1","repositories":{"stretch":"1.29b-1.1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.27.1-2+deb8u1","repositories":{"jessie":"1.27.1-2+deb8u1","jessie-security":"1.27.1-2+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.29b-1.1","repositories":{"sid":"1.30+dfsg-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-4476":{"debianbug":441444,"scope":"remote","description":"Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a \"crashing stack.\"","releases":{"buster":{"fixed_version":"1.18-1","repositories":{"buster":"1.30+dfsg-6"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.18-1","repositories":{"stretch":"1.29b-1.1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.18-1","repositories":{"jessie":"1.27.1-2+deb8u1","jessie-security":"1.27.1-2+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.18-1","repositories":{"sid":"1.30+dfsg-6"},"urgency":"low","status":"resolved"}}}}
{"CVE-2005-0108":{"scope":"remote","description":"Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.","releases":{"buster":{"fixed_version":"1.5.7-6","repositories":{"buster":"1.5.8-1.3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.5.7-6","repositories":{"stretch":"1.5.8-1.3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.5.7-6","repositories":{"sid":"1.5.8-1.3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-3378":{"debianbug":552743,"scope":"remote","description":"The oggplay_data_handle_theora_frame function in media/liboggplay/src/liboggplay/oggplay_data.c in liboggplay, as used in Mozilla Firefox 3.5.x before 3.5.4, attempts to reuse an earlier frame data structure upon encountering a decoding error for the first frame, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a crafted .ogg video file.","releases":{"buster":{"fixed_version":"0.2.1~git20091120-1","repositories":{"buster":"0.2.1~git20091227-5"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"0.2.1~git20091120-1","repositories":{"stretch":"0.2.1~git20091227-2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"0.2.1~git20091120-1","repositories":{"sid":"0.2.1~git20091227-5"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2009-3388":{"debianbug":575743,"scope":"remote","description":"liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 might allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to \"memory safety issues.\"","releases":{"buster":{"fixed_version":"0.2.1~git20091227-1.1","repositories":{"buster":"0.2.1~git20091227-5"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.2.1~git20091227-1.1","repositories":{"stretch":"0.2.1~git20091227-2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.2.1~git20091227-1.1","repositories":{"sid":"0.2.1~git20091227-5"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-5157":{"debianbug":506348,"scope":"local","description":"tau 2.16.4 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/makefile.tau.*.##### or (2) /tmp/makefile.tau*.##### temporary file, related to the (a) tau_cxx, (b) tau_f90, and (c) tau_cc scripts.","releases":{"stretch":{"fixed_version":"2.16.4-1.3","repositories":{"stretch":"2.17.3.1.dfsg-4.2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.16.4-1.3","repositories":{"jessie":"2.17.3.1.dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-3382":{"debianbug":598303,"scope":"local","description":"tauex in Tuning and Analysis Utilities (TAU) 2.16.4 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.","releases":{"stretch":{"fixed_version":"2.16.4-1.4","repositories":{"stretch":"2.17.3.1.dfsg-4.2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.16.4-1.4","repositories":{"jessie":"2.17.3.1.dfsg-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-0138":{"debianbug":557754,"scope":"remote","description":"aMSN (aka Alvaro's Messenger) allows remote attackers to cause a denial of service (client hang and termination of client's instant-messaging session) by repeatedly sending crafted data to the default file-transfer port (TCP 6891).","releases":{"jessie":{"fixed_version":"0.98.9-1","repositories":{"jessie":"0.98.9-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-2195":{"scope":"remote","description":"aMSN (aka Alvaro's Messenger) 0.96 and earlier allows remote attackers to cause a denial of service (application crash) by sending invalid data to TCP port 31337.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"0.98.9-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-0744":{"debianbug":572818,"scope":"remote","description":"aMSN (aka Alvaro's Messenger) 0.98.3 and earlier, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof an MSN server via an arbitrary certificate.","releases":{"jessie":{"fixed_version":"0.98.3-1","repositories":{"jessie":"0.98.9-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-7255":{"scope":"local","description":"login_screen.tcl in aMSN (aka Alvaro's Messenger) before 0.97.1 saves a password after logout, which allows physically proximate attackers to hijack a session by visiting an unattended workstation.","releases":{"jessie":{"fixed_version":"0.97.1~debian-1","repositories":{"jessie":"0.98.9-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-4411":{"releases":{"buster":{"fixed_version":"0","repositories":{"buster":"4.3.0-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.2.1-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.10.0-1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"4.3.0-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-4412":{"scope":"remote","description":"BSON injection vulnerability in the legal? function in BSON (bson-ruby) gem before 3.0.4 for Ruby allows remote attackers to cause a denial of service (resource consumption) or inject arbitrary data via a crafted string.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"4.3.0-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"4.2.1-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.10.0-1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"4.3.0-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-4410":{"debianbug":787951,"releases":{"buster":{"fixed_version":"1.10.0-2","repositories":{"buster":"4.3.0-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"1.10.0-2","repositories":{"stretch":"4.2.1-1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"1.10.0-1+deb8u1","repositories":{"jessie":"1.10.0-1+deb8u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"1.10.0-2","repositories":{"sid":"4.3.0-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2005-0372":{"scope":"remote","description":"Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command.","releases":{"buster":{"fixed_version":"2.0.18-1","repositories":{"buster":"2.0.19-5"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.0.18-1","repositories":{"stretch":"2.0.19-5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.0.18-1","repositories":{"sid":"2.0.19-5"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-7221":{"debianbug":437710,"scope":"remote","description":"Multiple off-by-one errors in fsplib.c in fsplib before 0.8 allow attackers to cause a denial of service via unspecified vectors involving the (1) name and (2) d_name entry attributes.","releases":{"buster":{"fixed_version":"2.0.18-17","repositories":{"buster":"2.0.19-5"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.0.18-17","repositories":{"stretch":"2.0.19-5"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.0.18-17","repositories":{"sid":"2.0.19-5"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-2729":{"scope":"remote","description":"native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.","releases":{"buster":{"fixed_version":"1.0.7-1","repositories":{"buster":"1.0.15-8"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.7-1","repositories":{"stretch":"1.0.15-7"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.7-1","repositories":{"jessie":"1.0.15-6+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.7-1","repositories":{"sid":"1.0.15-8"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-2777":{"scope":"local","description":"samples/powerbtn/powerbtn.sh in acpid (aka acpid2) 2.0.16 and earlier uses the pidof program incorrectly, which allows local users to gain privileges by running a program with the name kded4 and a DBUS_SESSION_BUS_ADDRESS environment variable containing commands.","releases":{"buster":{"fixed_version":"1:2.0.14-1","repositories":{"buster":"1:2.0.31-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:2.0.14-1","repositories":{"stretch":"1:2.0.28-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:2.0.14-1","repositories":{"jessie":"1:2.0.23-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:2.0.14-1","repositories":{"sid":"1:2.0.31-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-1159":{"scope":"local","description":"acpid.c in acpid before 2.0.9 does not properly handle a situation in which a process has connected to acpid.socket but is not reading any data, which allows local users to cause a denial of service (daemon hang) via a crafted application that performs a connect system call but no read system calls.","releases":{"buster":{"fixed_version":"1:2.0.9-1","repositories":{"buster":"1:2.0.31-1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1:2.0.9-1","repositories":{"stretch":"1:2.0.28-1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1:2.0.9-1","repositories":{"jessie":"1:2.0.23-2"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1:2.0.9-1","repositories":{"sid":"1:2.0.31-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2009-4235":{"debianbug":560771,"scope":"local","description":"acpid 1.0.4 sets an unrestrictive umask, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file or cause a denial of service by overwriting this file, a different vulnerability than CVE-2009-4033.","releases":{"buster":{"fixed_version":"1.0.6","repositories":{"buster":"1:2.0.31-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.0.6","repositories":{"stretch":"1:2.0.28-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.0.6","repositories":{"jessie":"1:2.0.23-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.0.6","repositories":{"sid":"1:2.0.31-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-4578":{"scope":"local","description":"event.c in acpid (aka acpid2) before 2.0.11 does not have an appropriate umask setting during execution of event-handler scripts, which might allow local users to (1) perform write operations within directories created by a script, or (2) read files created by a script, via standard filesystem system calls.","releases":{"buster":{"fixed_version":"1:2.0.11-1","repositories":{"buster":"1:2.0.31-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:2.0.11-1","repositories":{"stretch":"1:2.0.28-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:2.0.11-1","repositories":{"jessie":"1:2.0.23-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:2.0.11-1","repositories":{"sid":"1:2.0.31-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-4033":{"scope":"local","description":"A certain Red Hat patch for acpid 1.0.4 effectively triggers a call to the open function with insufficient arguments, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file, cause a denial of service by overwriting this file, or gain privileges by executing this file.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:2.0.31-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1:2.0.28-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.0.23-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:2.0.31-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-0798":{"scope":"remote","description":"ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop.","releases":{"buster":{"fixed_version":"1.0.10-1","repositories":{"buster":"1:2.0.31-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.0.10-1","repositories":{"stretch":"1:2.0.28-1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.0.10-1","repositories":{"jessie":"1:2.0.23-2"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.0.10-1","repositories":{"sid":"1:2.0.31-1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2012-1177":{"debianbug":664032,"scope":"remote","description":"libgdata before 0.10.2 and 0.11.x before 0.11.1 does not validate SSL certificates, which allows remote attackers to obtain user names and passwords via a man-in-the-middle (MITM) attack with a spoofed certificate.","releases":{"buster":{"fixed_version":"0.10.2-1","repositories":{"buster":"0.17.9-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.10.2-1","repositories":{"stretch":"0.17.6-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.10.2-1","repositories":{"jessie":"0.16.1-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.10.2-1","repositories":{"sid":"0.17.9-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-9604":{"debianbug":864803,"scope":"remote","description":"KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, which allows remote attackers to obtain sensitive information by sniffing the network.","releases":{"stretch":{"fixed_version":"4:16.04.3-4~deb9u1","repositories":{"stretch":"4:16.04.3-4~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4:4.14.1-1+deb8u1","repositories":{"jessie":"4:4.14.1-1+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2002-1393":{"scope":"remote","description":"Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not quote certain parameters that are inserted into a shell command, which could allow remote attackers to execute arbitrary commands via (1) URLs, (2) filenames, or (3) e-mail addresses.","releases":{"stretch":{"fixed_version":"4:3.0.5a","repositories":{"stretch":"4:16.04.3-4~deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4:3.0.5a","repositories":{"jessie":"4:4.14.1-1+deb8u1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2003-0988":{"scope":"remote","description":"Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file.","releases":{"stretch":{"fixed_version":"4:3.1.5-1","repositories":{"stretch":"4:16.04.3-4~deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4:3.1.5-1","repositories":{"jessie":"4:4.14.1-1+deb8u1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-3413":{"scope":"remote","description":"The HTMLQuoteColorer::process function in messageviewer/htmlquotecolorer.cpp in KDE PIM 4.6 through 4.8 does not disable JavaScript, Java, and Plugins, which allows remote attackers to inject arbitrary web script or HTML via a crafted email.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch":"4:16.04.3-4~deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4:4.14.1-1+deb8u1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-10732":{"debianbug":926996,"scope":"remote","description":"In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.","releases":{"stretch":{"nodsa":"Revisit when fixed upstream","repositories":{"stretch":"4:16.04.3-4~deb9u1"},"urgency":"medium**","nodsa_reason":"postponed","status":"open"},"jessie":{"repositories":{"jessie":"4:4.14.1-1+deb8u1"},"urgency":"medium**","status":"open"}}}}
{"CVE-2017-17689":{"debianbug":898633,"scope":"remote","description":"The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.","releases":{"stretch":{"nodsa":"Defaults to secure handling, change to disable it entirely can be fixed via spu","repositories":{"stretch":"4:16.04.3-4~deb9u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Defaults to secure handling, change to disable it entirely can be fixed via spu","repositories":{"jessie":"4:4.14.1-1+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"}}}}
{"CVE-2006-7139":{"scope":"remote","description":"Kmail 1.9.1 on KDE 3.5.2, with \"Prefer HTML to Plain Text\" enabled, allows remote attackers to cause a denial of service (crash) via an HTML e-mail with certain table and frameset tags that trigger a segmentation fault, possibly involving invalid free or delete operations.","releases":{"stretch":{"repositories":{"stretch":"4:16.04.3-4~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"4:4.14.1-1+deb8u1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2007-1265":{"scope":"remote","description":"KMail 1.9.5 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents KMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.","releases":{"stretch":{"repositories":{"stretch":"4:16.04.3-4~deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"4:4.14.1-1+deb8u1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2005-0404":{"debianbug":305601,"scope":"remote","description":"KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email information, such as whether the email has been digitally signed or encrypted, via HTML formatted email.","releases":{"stretch":{"fixed_version":"3.4-1","repositories":{"stretch":"4:16.04.3-4~deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3.4-1","repositories":{"jessie":"4:4.14.1-1+deb8u1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-8878":{"debianbug":791800,"scope":"remote","description":"KDE KMail does not encrypt attachments in emails when \"automatic encryption\" is enabled, which allows remote attackers to obtain sensitive information by sniffing the network.","releases":{"stretch":{"fixed_version":"4:4.14.5-1","repositories":{"stretch":"4:16.04.3-4~deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"4:4.14.1-1+deb8u1"},"urgency":"medium**","nodsa_reason":"","status":"open"}}}}
{"CVE-2016-9180":{"debianbug":842893,"scope":"remote","description":"perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity expansion in XML::Twig does not work. External entities are always expanded, regardless of the option's setting.","releases":{"buster":{"fixed_version":"1:3.50-1.1","repositories":{"buster":"1:3.50-1.1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue; can be fixed via point release","repositories":{"stretch":"1:3.50-1"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue; can be fixed via point release","repositories":{"jessie":"1:3.48-1"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1:3.50-1.1","repositories":{"sid":"1:3.50-1.1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-5846":{"scope":"remote","description":"The gst_asf_demux_process_ext_stream_props function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors related to the number of languages in a video file.","releases":{"buster":{"fixed_version":"1.10.3-1","repositories":{"buster":"1.14.4-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.10.3-1","repositories":{"stretch":"1.10.4-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.4.4-2+deb8u1","repositories":{"jessie":"1.4.4-2+deb8u1","jessie-security":"1.4.4-2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.10.3-1","repositories":{"sid":"1.14.4-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-5847":{"scope":"remote","description":"The gst_asf_demux_process_ext_content_desc function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving extended content descriptors.","releases":{"buster":{"fixed_version":"1.10.4-1","repositories":{"buster":"1.14.4-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.10.4-1","repositories":{"stretch":"1.10.4-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.4.4-2+deb8u1","repositories":{"jessie":"1.4.4-2+deb8u1","jessie-security":"1.4.4-2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.10.4-1","repositories":{"sid":"1.14.4-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2003-0381":{"debianbug":271146,"scope":"local","description":"Multiple vulnerabilities in noweb 2.9 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files via multiple vectors including the noroff script.","releases":{"buster":{"fixed_version":"2.10c-3.1","repositories":{"buster":"2.11b-11"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"2.10c-3.1","repositories":{"stretch":"2.11b-11"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"2.10c-3.1","repositories":{"jessie":"2.11b-9"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"2.10c-3.1","repositories":{"sid":"2.11b-11"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2005-3342":{"scope":"local","description":"noweb 2.10c and earlier allows local users to overwrite arbitrary files via symlink attacks on temporary files in (1) lib/toascii.nw and (2) shell/roff.mm.","releases":{"buster":{"fixed_version":"2.10c-3.2","repositories":{"buster":"2.11b-11"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.10c-3.2","repositories":{"stretch":"2.11b-11"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.10c-3.2","repositories":{"jessie":"2.11b-9"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.10c-3.2","repositories":{"sid":"2.11b-11"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-1502":{"scope":"remote","description":"Double free vulnerability in the PyPAM_conv in PAMmodule.c in PyPam 0.5.0 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a NULL byte in a password string.","releases":{"buster":{"fixed_version":"0.4.2-13","repositories":{"buster":"0.4.2-13.2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.4.2-13","repositories":{"stretch":"0.4.2-13.2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.4.2-13","repositories":{"jessie":"0.4.2-13.1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.4.2-13","repositories":{"sid":"0.4.2-13.2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2019-10672":{"debianbug":926125,"scope":"remote","description":"treeRead in hdf/btree.c in libmysofa before 0.7 does not properly validate multiplications and additions.","releases":{"buster":{"fixed_version":"0.6~dfsg0-3","repositories":{"buster":"0.6~dfsg0-3"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.6~dfsg0-3","repositories":{"sid":"0.6~dfsg0-3"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2003-1053":{"debianbug":213957,"scope":"local","description":"Multiple buffer overflows in XShisen allow attackers to execute arbitrary code via a long (1) -KCONV command line option or (2) XSHISENLIB environment variable.","releases":{"buster":{"fixed_version":"1.51-1-1","repositories":{"buster":"1:1.51-6"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.51-1-1","repositories":{"stretch":"1:1.51-5"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.51-1-1","repositories":{"jessie":"1:1.51-4.1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.51-1-1","repositories":{"sid":"1:1.51-6"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0291613-A6DD69":{"debianbug":291613,"releases":{"buster":{"fixed_version":"1.51-1-2","repositories":{"buster":"1:1.51-6"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"1.51-1-2","repositories":{"stretch":"1:1.51-5"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"1.51-1-2","repositories":{"jessie":"1:1.51-4.1+deb8u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"1.51-1-2","repositories":{"sid":"1:1.51-6"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2005-0117":{"debianbug":289784,"scope":"local","description":"Buffer overflow in XShisen before 1.36 allows local users to execute arbitrary code via a long GECOS field.","releases":{"buster":{"fixed_version":"1.51-1-1.1","repositories":{"buster":"1:1.51-6"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.51-1-1.1","repositories":{"stretch":"1:1.51-5"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.51-1-1.1","repositories":{"jessie":"1:1.51-4.1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.51-1-1.1","repositories":{"sid":"1:1.51-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-4607":{"scope":"local","description":"PuTTY 0.59 through 0.61 does not clear sensitive process memory when managing user replies that occur during keyboard-interactive authentication, which might allow local users to read login passwords by obtaining access to the process' memory.","releases":{"buster":{"fixed_version":"0.62-1","repositories":{"buster":"0.70-6"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0.62-1","repositories":{"stretch-security":"0.67-3+deb9u1","stretch":"0.67-3+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0.62-1","repositories":{"jessie":"0.63-10+deb8u1","jessie-security":"0.63-10+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0.62-1","repositories":{"sid":"0.70-6"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-9895":{"scope":"remote","description":"In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding.","releases":{"buster":{"fixed_version":"0.70-6","repositories":{"buster":"0.70-6"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.67-3+deb9u1","repositories":{"stretch-security":"0.67-3+deb9u1","stretch":"0.67-3+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"nodsa":"Too intrusive to backport, patch uses callback handling that is not yet available in Jessie","repositories":{"jessie":"0.63-10+deb8u1","jessie-security":"0.63-10+deb8u2"},"urgency":"high**","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"0.70-6","repositories":{"sid":"0.70-6"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2019-9894":{"scope":"remote","description":"A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification.","releases":{"buster":{"fixed_version":"0.70-6","repositories":{"buster":"0.70-6"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.67-3+deb9u1","repositories":{"stretch-security":"0.67-3+deb9u1","stretch":"0.67-3+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.63-10+deb8u2","repositories":{"jessie":"0.63-10+deb8u1","jessie-security":"0.63-10+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.70-6","repositories":{"sid":"0.70-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-7162":{"debianbug":400804,"scope":"local","description":"PuTTY 0.59 and earlier uses weak file permissions for (1) ppk files containing private keys generated by puttygen and (2) session logs created by putty, which allows local users to gain sensitive information by reading these files.","releases":{"buster":{"fixed_version":"0.59-1","repositories":{"buster":"0.70-6"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0.59-1","repositories":{"stretch-security":"0.67-3+deb9u1","stretch":"0.67-3+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0.59-1","repositories":{"jessie":"0.63-10+deb8u1","jessie-security":"0.63-10+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0.59-1","repositories":{"sid":"0.70-6"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2004-1008":{"scope":"remote","description":"Integer signedness error in the ssh2_rdpkt function in PuTTY before 0.56 allows remote attackers to execute arbitrary code via a SSH2_MSG_DEBUG packet with a modified stringlen parameter, which leads to a buffer overflow.","releases":{"buster":{"fixed_version":"0.56-1","repositories":{"buster":"0.70-6"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.56-1","repositories":{"stretch-security":"0.67-3+deb9u1","stretch":"0.67-3+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.56-1","repositories":{"jessie":"0.63-10+deb8u1","jessie-security":"0.63-10+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.56-1","repositories":{"sid":"0.70-6"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-5309":{"scope":"remote","description":"Integer overflow in the terminal emulator in PuTTY before 0.66 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an ECH (erase characters) escape sequence with a large parameter value, which triggers a buffer underflow.","releases":{"buster":{"fixed_version":"0.66-1","repositories":{"buster":"0.70-6"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.66-1","repositories":{"stretch-security":"0.67-3+deb9u1","stretch":"0.67-3+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.63-10+deb8u1","repositories":{"jessie":"0.63-10+deb8u1","jessie-security":"0.63-10+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.66-1","repositories":{"sid":"0.70-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2003-0069":{"scope":"remote","description":"The PuTTY terminal emulator 0.53 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.","releases":{"buster":{"fixed_version":"0.54-1","repositories":{"buster":"0.70-6"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.54-1","repositories":{"stretch-security":"0.67-3+deb9u1","stretch":"0.67-3+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.54-1","repositories":{"jessie":"0.63-10+deb8u1","jessie-security":"0.63-10+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.54-1","repositories":{"sid":"0.70-6"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-2563":{"debianbug":816921,"scope":"remote","description":"Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows remote servers to cause a denial of service (stack memory corruption) or execute arbitrary code via a crafted SCP-SINK file-size response to an SCP download request.","releases":{"buster":{"fixed_version":"0.67-1","repositories":{"buster":"0.70-6"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.67-1","repositories":{"stretch-security":"0.67-3+deb9u1","stretch":"0.67-3+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.63-10+deb8u1","jessie-security":"0.63-10+deb8u2"},"urgency":"high**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.67-1","repositories":{"sid":"0.70-6"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2003-0048":{"scope":"local","description":"PuTTY 0.53b and earlier does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.","releases":{"buster":{"fixed_version":"0.53-b-2003-01-04-1","repositories":{"buster":"0.70-6"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.53-b-2003-01-04-1","repositories":{"stretch-security":"0.67-3+deb9u1","stretch":"0.67-3+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.53-b-2003-01-04-1","repositories":{"jessie":"0.63-10+deb8u1","jessie-security":"0.63-10+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.53-b-2003-01-04-1","repositories":{"sid":"0.70-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-9897":{"scope":"remote","description":"Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71.","releases":{"buster":{"fixed_version":"0.70-6","repositories":{"buster":"0.70-6"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.67-3+deb9u1","repositories":{"stretch-security":"0.67-3+deb9u1","stretch":"0.67-3+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.63-10+deb8u2","repositories":{"jessie":"0.63-10+deb8u1","jessie-security":"0.63-10+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.70-6","repositories":{"sid":"0.70-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-9896":{"scope":"local","description":"In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.70-6"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"0.67-3+deb9u1","stretch":"0.67-3+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.63-10+deb8u1","jessie-security":"0.63-10+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.70-6"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-6167":{"scope":"local","description":"Multiple untrusted search path vulnerabilities in Putty beta 0.67 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) UxTheme.dll or (2) ntmarta.dll file in the current working directory.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.70-6"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"0.67-3+deb9u1","stretch":"0.67-3+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.63-10+deb8u1","jessie-security":"0.63-10+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.70-6"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-9898":{"scope":"remote","description":"Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71.","releases":{"buster":{"fixed_version":"0.70-6","repositories":{"buster":"0.70-6"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.67-3+deb9u1","repositories":{"stretch-security":"0.67-3+deb9u1","stretch":"0.67-3+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.63-10+deb8u2","repositories":{"jessie":"0.63-10+deb8u1","jessie-security":"0.63-10+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.70-6","repositories":{"sid":"0.70-6"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-4206":{"debianbug":719070,"scope":"remote","description":"Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) and possibly trigger memory corruption or code execution via a crafted DSA signature, which is not properly handled when performing certain bit-shifting operations during modular multiplication.","releases":{"buster":{"fixed_version":"0.63-1","repositories":{"buster":"0.70-6"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.63-1","repositories":{"stretch-security":"0.67-3+deb9u1","stretch":"0.67-3+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.63-1","repositories":{"jessie":"0.63-10+deb8u1","jessie-security":"0.63-10+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.63-1","repositories":{"sid":"0.70-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6542":{"debianbug":857642,"scope":"remote","description":"The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overflow.","releases":{"buster":{"fixed_version":"0.67-3","repositories":{"buster":"0.70-6"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.67-3","repositories":{"stretch-security":"0.67-3+deb9u1","stretch":"0.67-3+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.63-10+deb8u1","jessie-security":"0.63-10+deb8u2"},"urgency":"high**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.67-3","repositories":{"sid":"0.70-6"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-4207":{"debianbug":719070,"scope":"remote","description":"Buffer overflow in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) via an invalid DSA signature that is not properly handled during computation of a modular inverse and triggers the overflow during a division by zero by the bignum functionality, a different vulnerability than CVE-2013-4206.","releases":{"buster":{"fixed_version":"0.63-1","repositories":{"buster":"0.70-6"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.63-1","repositories":{"stretch-security":"0.67-3+deb9u1","stretch":"0.67-3+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.63-1","repositories":{"jessie":"0.63-10+deb8u1","jessie-security":"0.63-10+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.63-1","repositories":{"sid":"0.70-6"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0000000-F707E4":{"releases":{"buster":{"fixed_version":"0.63-10","repositories":{"buster":"0.70-6"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"0.63-10","repositories":{"stretch-security":"0.67-3+deb9u1","stretch":"0.67-3+deb9u1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"0.63-10","repositories":{"jessie":"0.63-10+deb8u1","jessie-security":"0.63-10+deb8u2"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"0.63-10","repositories":{"sid":"0.70-6"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2013-4852":{"debianbug":718779,"scope":"remote","description":"Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"0.63-1","repositories":{"buster":"0.70-6"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.63-1","repositories":{"stretch-security":"0.67-3+deb9u1","stretch":"0.67-3+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.63-1","repositories":{"jessie":"0.63-10+deb8u1","jessie-security":"0.63-10+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.63-1","repositories":{"sid":"0.70-6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2004-1440":{"scope":"remote","description":"Multiple heap-based buffer overflows in the modpow function in PuTTY before 0.55 allow (1) remote attackers to execute arbitrary code via an SSH2 packet with a base argument that is larger than the mod argument, which causes the modpow function to write memory before the beginning of its buffer, and (2) remote malicious servers to cause a denial of service (client crash) and possibly execute arbitrary code via a large bignum during authentication.","releases":{"buster":{"fixed_version":"0.56-1","repositories":{"buster":"0.70-6"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.56-1","repositories":{"stretch-security":"0.67-3+deb9u1","stretch":"0.67-3+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.56-1","repositories":{"jessie":"0.63-10+deb8u1","jessie-security":"0.63-10+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.56-1","repositories":{"sid":"0.70-6"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2005-0467":{"scope":"remote","description":"Multiple integer overflows in the (1) sftp_pkt_getstring and (2) fxp_readdir_recv functions in the PSFTP and PSCP clients for PuTTY 0.56, and possibly earlier versions, allow remote malicious web sites to execute arbitrary code via SFTP responses that corrupt the heap after insufficient memory has been allocated.","releases":{"buster":{"fixed_version":"0.57-1","repositories":{"buster":"0.70-6"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.57-1","repositories":{"stretch-security":"0.67-3+deb9u1","stretch":"0.67-3+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.57-1","repositories":{"jessie":"0.63-10+deb8u1","jessie-security":"0.63-10+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.57-1","repositories":{"sid":"0.70-6"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-2157":{"debianbug":779488,"scope":"local","description":"The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory.","releases":{"buster":{"fixed_version":"0.63-10","repositories":{"buster":"0.70-6"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"0.63-10","repositories":{"stretch-security":"0.67-3+deb9u1","stretch":"0.67-3+deb9u1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"0.63-10","repositories":{"jessie":"0.63-10+deb8u1","jessie-security":"0.63-10+deb8u2"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"0.63-10","repositories":{"sid":"0.70-6"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2013-4208":{"debianbug":719070,"scope":"local","description":"The rsa_verify function in PuTTY before 0.63 (1) does not clear sensitive process memory after use and (2) does not free certain structures containing sensitive process memory, which might allow local users to discover private RSA and DSA keys.","releases":{"buster":{"fixed_version":"0.63-1","repositories":{"buster":"0.70-6"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"0.63-1","repositories":{"stretch-security":"0.67-3+deb9u1","stretch":"0.67-3+deb9u1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"0.63-1","repositories":{"jessie":"0.63-10+deb8u1","jessie-security":"0.63-10+deb8u2"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"0.63-1","repositories":{"sid":"0.70-6"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2011-0995":{"scope":"local","description":"The sqlite3-ruby gem in the rubygem-sqlite3 package before 1.2.4-0.5.1 in SUSE Linux Enterprise (SLE) 11 SP1 uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.3.13-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"1.3.11-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.3.9-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.3.13-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-0854":{"scope":"local","description":"Untrusted search path vulnerability in dash 0.5.4, when used as a login shell, allows local users to execute arbitrary code via a Trojan horse .profile file in the current working directory.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.5.10.2-5"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"0.5.8-2.4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.5.7-4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.5.10.2-5"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-12538":{"scope":"remote","description":"In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"9.4.15-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"9.2.21-1+deb9u1","stretch":"9.2.21-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"9.4.15-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-9735":{"debianbug":864898,"scope":"remote","description":"Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.","releases":{"buster":{"fixed_version":"9.2.22-1","repositories":{"buster":"9.4.15-1"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Harmless information leak","repositories":{"stretch-security":"9.2.21-1+deb9u1","stretch":"9.2.21-1+deb9u1"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"9.2.22-1","repositories":{"sid":"9.4.15-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7657":{"debianbug":902953,"scope":"remote","description":"In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.","releases":{"buster":{"fixed_version":"9.2.25-1","repositories":{"buster":"9.4.15-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"9.2.21-1+deb9u1","repositories":{"stretch-security":"9.2.21-1+deb9u1","stretch":"9.2.21-1+deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"9.2.25-1","repositories":{"sid":"9.4.15-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-12545":{"scope":"remote","description":"In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"9.4.15-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"9.2.21-1+deb9u1","stretch":"9.2.21-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"9.4.15-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7656":{"debianbug":902953,"scope":"remote","description":"In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response.","releases":{"buster":{"fixed_version":"9.2.25-1","repositories":{"buster":"9.4.15-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"9.2.21-1+deb9u1","repositories":{"stretch-security":"9.2.21-1+deb9u1","stretch":"9.2.21-1+deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"9.2.25-1","repositories":{"sid":"9.4.15-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2019-10241":{"debianbug":928444,"scope":"remote","description":"In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.","releases":{"buster":{"repositories":{"buster":"9.4.15-1"},"urgency":"medium**","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch-security":"9.2.21-1+deb9u1","stretch":"9.2.21-1+deb9u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"9.4.15-1"},"urgency":"medium**","status":"open"}}}}
{"CVE-2018-12536":{"debianbug":902774,"scope":"remote","description":"In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a java.nio.file.InvalidPathException which includes the full path to the base resource directory that the DefaultServlet and/or webapp is using. If this InvalidPathException is then handled by the default Error Handler, the InvalidPathException message is included in the error response, revealing the full server path to the requesting system.","releases":{"buster":{"fixed_version":"9.2.25-1","repositories":{"buster":"9.4.15-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Harmless information leak","repositories":{"stretch-security":"9.2.21-1+deb9u1","stretch":"9.2.21-1+deb9u1"},"urgency":"low","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"9.2.25-1","repositories":{"sid":"9.4.15-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-4800":{"scope":"remote","description":"The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"9.4.15-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"9.2.21-1+deb9u1","stretch":"9.2.21-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"9.4.15-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-10246":{"scope":"remote","description":"In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. This information reveal is restricted to only the content in the configured base resource directories.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"9.4.15-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"9.2.21-1+deb9u1","stretch":"9.2.21-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"9.4.15-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7658":{"debianbug":902953,"scope":"remote","description":"In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.","releases":{"buster":{"fixed_version":"9.2.25-1","repositories":{"buster":"9.4.15-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"9.2.21-1+deb9u1","repositories":{"stretch-security":"9.2.21-1+deb9u1","stretch":"9.2.21-1+deb9u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"9.2.25-1","repositories":{"sid":"9.4.15-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2019-10247":{"debianbug":928444,"scope":"remote","description":"In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context.","releases":{"buster":{"repositories":{"buster":"9.4.15-1"},"urgency":"medium**","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch-security":"9.2.21-1+deb9u1","stretch":"9.2.21-1+deb9u1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"9.4.15-1"},"urgency":"medium**","status":"open"}}}}
{"CVE-2013-6499":{"debianbug":777230,"releases":{"buster":{"repositories":{"buster":"1.24-1.2"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"1.24-1.2"},"urgency":"unimportant","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.24-1"},"urgency":"unimportant","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"1.24-1.2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2011-4314":{"scope":"remote","description":"message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.","releases":{"buster":{"fixed_version":"0.9.6.662-1","repositories":{"buster":"1.0.0-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.9.6.662-1","repositories":{"stretch":"0.9.6.662-3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.9.6.662-1","repositories":{"jessie":"0.9.6.662-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.9.6.662-1","repositories":{"sid":"1.0.0-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-12538":{"scope":"remote","description":"In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"8.1.16-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-9735":{"debianbug":864898,"scope":"remote","description":"Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.","releases":{"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"8.1.16-4"},"urgency":"medium**","nodsa_reason":"","status":"open"}}}}
{"CVE-2017-7657":{"debianbug":902953,"scope":"remote","description":"In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.","releases":{"jessie":{"nodsa":"very hard to exploit, complex patch","repositories":{"jessie":"8.1.16-4"},"urgency":"high**","nodsa_reason":"ignored","status":"open"}}}}
{"CVE-2017-7656":{"debianbug":902953,"scope":"remote","description":"In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response.","releases":{"jessie":{"nodsa":"very hard to exploit, complex patch","repositories":{"jessie":"8.1.16-4"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"}}}}
{"CVE-2019-10241":{"debianbug":928444,"scope":"remote","description":"In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.","releases":{"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"8.1.16-4"},"urgency":"medium**","nodsa_reason":"","status":"open"}}}}
{"CVE-2018-12536":{"debianbug":902774,"scope":"remote","description":"In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a java.nio.file.InvalidPathException which includes the full path to the base resource directory that the DefaultServlet and/or webapp is using. If this InvalidPathException is then handled by the default Error Handler, the InvalidPathException message is included in the error response, revealing the full server path to the requesting system.","releases":{"jessie":{"nodsa":"Harmless information leak","repositories":{"jessie":"8.1.16-4"},"urgency":"medium**","nodsa_reason":"ignored","status":"open"}}}}
{"CVE-2016-4800":{"scope":"remote","description":"The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"8.1.16-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-10246":{"scope":"remote","description":"In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. This information reveal is restricted to only the content in the configured base resource directories.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"8.1.16-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-2080":{"scope":"remote","description":"The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"8.1.16-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-7658":{"debianbug":902953,"scope":"remote","description":"In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.","releases":{"jessie":{"nodsa":"very hard to exploit, complex patch","repositories":{"jessie":"8.1.16-4"},"urgency":"high**","nodsa_reason":"ignored","status":"open"}}}}
{"CVE-2019-10247":{"debianbug":928444,"scope":"remote","description":"In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context.","releases":{"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"8.1.16-4"},"urgency":"medium**","nodsa_reason":"","status":"open"}}}}
{"CVE-2017-5665":{"scope":"remote","description":"The splt_cue_export_to_file function in cue.c in libmp3splt 0.9.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.","releases":{"buster":{"repositories":{"buster":"2.6.2+20170630-3"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.4.2-2"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2.6.2+20170630-3"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-5666":{"debianbug":854278,"scope":"remote","description":"The free_options function in options_manager.c in mp3splt 2.6.2 allows remote attackers to cause a denial of service (invalid free and crash) via a crafted file.","releases":{"buster":{"repositories":{"buster":"2.6.2+20170630-3"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.4.2-2"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2.6.2+20170630-3"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-5851":{"scope":"remote","description":"The free_options function in options_manager.c in mp3splt 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.  NOTE: this typically has no risk; this crash of this command-line program has no further consequences for availability.","releases":{"buster":{"repositories":{"buster":"2.6.2+20170630-3"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.4.2-2"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"2.6.2+20170630-3"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2017-15185":{"scope":"remote","description":"plugins/ogg.c in Libmp3splt 0.9.2 calls the libvorbis vorbis_block_clear function with uninitialized data upon detection of invalid input, which allows remote attackers to cause a denial of service (application crash) via a crafted file.","releases":{"buster":{"fixed_version":"2.6.2+20170630-2","repositories":{"buster":"2.6.2+20170630-3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"2.4.2-2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.6.2+20170630-2","repositories":{"sid":"2.6.2+20170630-3"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0774898-681A65":{"debianbug":774898,"releases":{"buster":{"fixed_version":"1.7.0-5.3","repositories":{"buster":"1.7.0-5.4"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"1.7.0-5.3","repositories":{"stretch":"1.7.0-5.3"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"1.7.0-5.3","repositories":{"jessie":"1.7.0-5.3"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"1.7.0-5.3","repositories":{"sid":"1.7.0-5.4"},"urgency":"not yet assigned","status":"resolved"}}}}
{"TEMP-0337492-CFA0CD":{"debianbug":337492,"releases":{"buster":{"fixed_version":"1.3.1-3","repositories":{"buster":"1.3.26-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.3.1-3","repositories":{"stretch":"1.3.7-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1.3.1-3","repositories":{"jessie":"1.3.7-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.3.1-3","repositories":{"sid":"1.3.26-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-15288":{"scope":"local","description":"The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges.","releases":{"buster":{"fixed_version":"2.11.12-1","repositories":{"buster":"2.11.12-4"},"urgency":"unimportant","status":"resolved"},"stretch":{"repositories":{"stretch":"2.11.8-1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.9.2+dfsg-2"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"2.11.12-1","repositories":{"sid":"2.11.12-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-2688":{"debianbug":633637,"scope":"remote","description":"SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.","releases":{"buster":{"fixed_version":"3.2.4-2.1","repositories":{"buster":"3.3.2-0.1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"3.2.4-2.1","repositories":{"stretch":"3.3.2-0.1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"3.2.4-2.1","repositories":{"jessie":"3.3.2-0.1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"3.2.4-2.1","repositories":{"sid":"3.3.2-0.1"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2014-10064":{"scope":"remote","description":"The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example, in a web application, other requests would not be processed while this blocking is occurring.","releases":{"buster":{"fixed_version":"2.2.4-1","repositories":{"buster":"6.5.2-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.2.4-1","repositories":{"stretch":"2.2.4-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.2.4-1","repositories":{"jessie":"2.2.4-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.2.4-1","repositories":{"sid":"6.5.2-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-7191":{"scope":"remote","description":"The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service (memory consumption) by using a large index value to create a sparse array.","releases":{"buster":{"fixed_version":"2.2.4-1","repositories":{"buster":"6.5.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"2.2.4-1","repositories":{"stretch":"2.2.4-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.2.4-1","repositories":{"jessie":"2.2.4-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"2.2.4-1","repositories":{"sid":"6.5.2-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-0539":{"scope":"remote","description":"The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks.","releases":{"buster":{"fixed_version":"1:5.8p1-2","repositories":{"buster":"1:7.9p1-10"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:5.8p1-2","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:5.8p1-2","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:5.8p1-2","repositories":{"sid":"1:7.9p1-10"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-2653":{"debianbug":742513,"scope":"remote","description":"The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate.","releases":{"buster":{"fixed_version":"1:6.6p1-1","repositories":{"buster":"1:7.9p1-10"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:6.6p1-1","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:6.6p1-1","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:6.6p1-1","repositories":{"sid":"1:7.9p1-10"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-2532":{"scope":"remote","description":"sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.","releases":{"buster":{"fixed_version":"1:6.6p1-1","repositories":{"buster":"1:7.9p1-10"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:6.6p1-1","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:6.6p1-1","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:6.6p1-1","repositories":{"sid":"1:7.9p1-10"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2000-0992":{"debianbug":270770,"scope":"remote","description":"Directory traversal vulnerability in scp in sshd 1.2.xx allows a remote malicious scp server to overwrite arbitrary files via a .. (dot dot) attack.","releases":{"buster":{"fixed_version":"1:3.9p1-1","repositories":{"buster":"1:7.9p1-10"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:3.9p1-1","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:3.9p1-1","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:3.9p1-1","repositories":{"sid":"1:7.9p1-10"},"urgency":"low","status":"resolved"}}}}
{"CVE-2003-0695":{"scope":"remote","description":"Multiple \"buffer management errors\" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CVE-2003-0693.","releases":{"buster":{"fixed_version":"1:3.7.1","repositories":{"buster":"1:7.9p1-10"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:3.7.1","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:3.7.1","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:3.7.1","repositories":{"sid":"1:7.9p1-10"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2003-0693":{"scope":"remote","description":"A \"buffer management error\" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695.","releases":{"buster":{"fixed_version":"1:3.6.1p2-6.0","repositories":{"buster":"1:7.9p1-10"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:3.6.1p2-6.0","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:3.6.1p2-6.0","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:3.6.1p2-6.0","repositories":{"sid":"1:7.9p1-10"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2001-1459":{"scope":"remote","description":"OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d.","releases":{"buster":{"fixed_version":"1:3.0.1p1-1","repositories":{"buster":"1:7.9p1-10"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:3.0.1p1-1","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:3.0.1p1-1","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:3.0.1p1-1","repositories":{"sid":"1:7.9p1-10"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-5107":{"debianbug":700102,"scope":"remote","description":"The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections.","releases":{"buster":{"fixed_version":"1:6.0p1-4","repositories":{"buster":"1:7.9p1-10"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:6.0p1-4","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:6.0p1-4","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:6.0p1-4","repositories":{"sid":"1:7.9p1-10"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-0778":{"scope":"remote","description":"The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.","releases":{"buster":{"fixed_version":"1:7.1p2-1","repositories":{"buster":"1:7.9p1-10"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:7.1p2-1","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:6.7p1-5+deb8u1","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:7.1p2-1","repositories":{"sid":"1:7.9p1-10"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-8858":{"debianbug":841884,"scope":"remote","description":"** DISPUTED ** The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests.  NOTE: a third party reports that \"OpenSSH upstream does not consider this as a security issue.\"","releases":{"buster":{"fixed_version":"1:7.3p1-2","repositories":{"buster":"1:7.9p1-10"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:7.3p1-2","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"high**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"high**","nodsa_reason":"ignored","status":"open"},"sid":{"fixed_version":"1:7.3p1-2","repositories":{"sid":"1:7.9p1-10"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-0777":{"debianbug":810984,"scope":"remote","description":"The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.","releases":{"buster":{"fixed_version":"1:7.1p2-1","repositories":{"buster":"1:7.9p1-10"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:7.1p2-1","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:6.7p1-5+deb8u1","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:7.1p2-1","repositories":{"sid":"1:7.9p1-10"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-8475":{"scope":"remote","description":"FreeBSD 9.1, 9.2, and 10.0, when compiling OpenSSH with Kerberos support, uses incorrect library ordering when linking sshd, which causes symbols to be resolved incorrectly and allows remote attackers to cause a denial of service (sshd deadlock and prevention of new connections) by ending multiple connections before authentication is completed.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:7.9p1-10"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:7.9p1-10"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-6515":{"debianbug":833823,"scope":"remote","description":"The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.","releases":{"buster":{"fixed_version":"1:7.3p1-1","repositories":{"buster":"1:7.9p1-10"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:7.3p1-1","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:6.7p1-5+deb8u6","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:7.3p1-1","repositories":{"sid":"1:7.9p1-10"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2004-2760":{"scope":"remote","description":"sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for remote attackers to guess the password by observing the connection state, a different vulnerability than CVE-2003-0190.  NOTE: it could be argued that in most environments, this does not cross privilege boundaries without requiring leverage of a separate vulnerability.","releases":{"buster":{"fixed_version":"1:3.6p1-1","repositories":{"buster":"1:7.9p1-10"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1:3.6p1-1","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1:3.6p1-1","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:3.6p1-1","repositories":{"sid":"1:7.9p1-10"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-1908":{"scope":"remote","description":"The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.","releases":{"buster":{"fixed_version":"1:7.2p1-1","repositories":{"buster":"1:7.9p1-10"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:7.2p1-1","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:6.7p1-5+deb8u6","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:7.2p1-1","repositories":{"sid":"1:7.9p1-10"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-1907":{"scope":"remote","description":"The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.","releases":{"buster":{"fixed_version":"1:7.1p2-1","repositories":{"buster":"1:7.9p1-10"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:7.1p2-1","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:7.1p2-1","repositories":{"sid":"1:7.9p1-10"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-10708":{"scope":"remote","description":"sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.","releases":{"buster":{"fixed_version":"1:7.4p1-1","repositories":{"buster":"1:7.9p1-10"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:7.4p1-1","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:6.7p1-5+deb8u6","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:7.4p1-1","repositories":{"sid":"1:7.9p1-10"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-8325":{"scope":"local","description":"The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable.","releases":{"buster":{"fixed_version":"1:7.2p2-3","repositories":{"buster":"1:7.9p1-10"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:7.2p2-3","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:6.7p1-5+deb8u2","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:7.2p2-3","repositories":{"sid":"1:7.9p1-10"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-5600":{"debianbug":793616,"scope":"remote","description":"The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.","releases":{"buster":{"fixed_version":"1:6.9p1-1","repositories":{"buster":"1:7.9p1-10"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:6.9p1-1","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:6.7p1-5+deb8u6","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:6.9p1-1","repositories":{"sid":"1:7.9p1-10"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-20685":{"debianbug":919101,"scope":"remote","description":"In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.","releases":{"buster":{"fixed_version":"1:7.9p1-5","repositories":{"buster":"1:7.9p1-10"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1:7.4p1-10+deb9u5","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1:6.7p1-5+deb8u8","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1:7.9p1-5","repositories":{"sid":"1:7.9p1-10"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2018-15473":{"debianbug":906236,"scope":"remote","description":"OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.","releases":{"buster":{"fixed_version":"1:7.7p1-4","repositories":{"buster":"1:7.9p1-10"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:7.4p1-10+deb9u4","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:6.7p1-5+deb8u5","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:7.7p1-4","repositories":{"sid":"1:7.9p1-10"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2003-1119":{"scope":"remote","description":"SSH Secure Shell before 3.2.9 allows remote attackers to cause a denial of service via malformed BER/DER packets.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:7.9p1-10"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:7.9p1-10"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2003-0786":{"scope":"remote","description":"The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges.","releases":{"buster":{"fixed_version":"1:3.7.1p2","repositories":{"buster":"1:7.9p1-10"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:3.7.1p2","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:3.7.1p2","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:3.7.1p2","repositories":{"sid":"1:7.9p1-10"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2003-0787":{"scope":"remote","description":"The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges.","releases":{"buster":{"fixed_version":"1:3.7.1p2","repositories":{"buster":"1:7.9p1-10"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:3.7.1p2","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:3.7.1p2","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:3.7.1p2","repositories":{"sid":"1:7.9p1-10"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-3234":{"scope":"remote","description":"sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.","releases":{"buster":{"repositories":{"buster":"1:7.9p1-10"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"1:7.9p1-10"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2008-0166":{"scope":"remote","description":"OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.","releases":{"buster":{"fixed_version":"4.7p1-9","repositories":{"buster":"1:7.9p1-10"},"urgency":"high","status":"resolved"},"stretch":{"fixed_version":"4.7p1-9","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"high","status":"resolved"},"jessie":{"fixed_version":"4.7p1-9","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"high","status":"resolved"},"sid":{"fixed_version":"4.7p1-9","repositories":{"sid":"1:7.9p1-10"},"urgency":"high","status":"resolved"}}}}
{"CVE-2003-0386":{"scope":"remote","description":"OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass \"from=\" and \"user@host\" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address.","releases":{"buster":{"fixed_version":"1:3.8p1-1","repositories":{"buster":"1:7.9p1-10"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:3.8p1-1","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:3.8p1-1","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:3.8p1-1","repositories":{"sid":"1:7.9p1-10"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-0225":{"debianbug":349645,"scope":"local","description":"scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.","releases":{"buster":{"fixed_version":"1:4.3p2-1","repositories":{"buster":"1:7.9p1-10"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:4.3p2-1","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:4.3p2-1","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:4.3p2-1","repositories":{"sid":"1:7.9p1-10"},"urgency":"low","status":"resolved"}}}}
{"CVE-2002-0765":{"scope":"remote","description":"sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user's password.","releases":{"buster":{"fixed_version":"1:3.3p1-0.0woody1","repositories":{"buster":"1:7.9p1-10"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:3.3p1-0.0woody1","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:3.3p1-0.0woody1","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:3.3p1-0.0woody1","repositories":{"sid":"1:7.9p1-10"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-5794":{"scope":"remote","description":"Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist.","releases":{"buster":{"fixed_version":"1:4.3p2-6","repositories":{"buster":"1:7.9p1-10"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1:4.3p2-6","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1:4.3p2-6","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:4.3p2-6","repositories":{"sid":"1:7.9p1-10"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-1657":{"debianbug":475156,"scope":"remote","description":"OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.","releases":{"buster":{"fixed_version":"1:4.7p1-8","repositories":{"buster":"1:7.9p1-10"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:4.7p1-8","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:4.7p1-8","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:4.7p1-8","repositories":{"sid":"1:7.9p1-10"},"urgency":"low","status":"resolved"}}}}
{"CVE-2019-6109":{"debianbug":793412,"scope":"remote","description":"An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.","releases":{"buster":{"fixed_version":"1:7.9p1-6","repositories":{"buster":"1:7.9p1-10"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:7.4p1-10+deb9u5","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:6.7p1-5+deb8u8","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:7.9p1-6","repositories":{"sid":"1:7.9p1-10"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-3115":{"scope":"remote","description":"Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.","releases":{"buster":{"fixed_version":"1:7.2p2-1","repositories":{"buster":"1:7.9p1-10"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:7.2p2-1","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:6.7p1-5+deb8u6","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:7.2p2-1","repositories":{"sid":"1:7.9p1-10"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-9278":{"scope":"remote","description":"The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:7.9p1-10"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:7.9p1-10"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2005-2666":{"scope":"local","description":"SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key.","releases":{"buster":{"fixed_version":"1:4.0p1-1","repositories":{"buster":"1:7.9p1-10"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1:4.0p1-1","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1:4.0p1-1","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:4.0p1-1","repositories":{"sid":"1:7.9p1-10"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2002-0640":{"scope":"remote","description":"Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of responses during challenge response authentication when OpenBSD is using PAM modules with interactive keyboard authentication (PAMAuthenticationViaKbdInt).","releases":{"buster":{"fixed_version":"1:3.4","repositories":{"buster":"1:7.9p1-10"},"urgency":"high","status":"resolved"},"stretch":{"fixed_version":"1:3.4","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"high","status":"resolved"},"jessie":{"fixed_version":"1:3.4","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"high","status":"resolved"},"sid":{"fixed_version":"1:3.4","repositories":{"sid":"1:7.9p1-10"},"urgency":"high","status":"resolved"}}}}
{"CVE-2007-4752":{"debianbug":444738,"scope":"remote","description":"ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.","releases":{"buster":{"fixed_version":"1:4.7p1-1","repositories":{"buster":"1:7.9p1-10"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:4.7p1-1","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:4.7p1-1","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:4.7p1-1","repositories":{"sid":"1:7.9p1-10"},"urgency":"low","status":"resolved"}}}}
{"CVE-2007-3102":{"scope":"remote","description":"Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username.  NOTE: some of these details are obtained from third party information.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:7.9p1-10"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:7.9p1-10"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2004-1653":{"scope":"remote","description":"The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:7.9p1-10"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:7.9p1-10"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-6110":{"scope":"remote","description":"In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.","releases":{"buster":{"repositories":{"buster":"1:7.9p1-10"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"1:7.9p1-10"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2019-6111":{"debianbug":923486,"scope":"remote","description":"An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).","releases":{"buster":{"fixed_version":"1:7.9p1-9","repositories":{"buster":"1:7.9p1-10"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:7.4p1-10+deb9u6","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:6.7p1-5+deb8u8","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:7.9p1-9","repositories":{"sid":"1:7.9p1-10"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2002-1360":{"scope":"remote","description":"Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated by the SSHredder SSH protocol test suite.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:7.9p1-10"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:7.9p1-10"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-10009":{"debianbug":848714,"scope":"remote","description":"Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.","releases":{"buster":{"fixed_version":"1:7.4p1-1","repositories":{"buster":"1:7.9p1-10"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:7.4p1-1","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:6.7p1-5+deb8u6","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:7.4p1-1","repositories":{"sid":"1:7.9p1-10"},"urgency":"low","status":"resolved"}}}}
{"CVE-2004-2069":{"scope":"remote","description":"sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, when using privilege separation, does not properly signal the non-privileged process when a session has been terminated after exceeding the LoginGraceTime setting, which leaves the connection open and allows remote attackers to cause a denial of service (connection consumption).","releases":{"buster":{"fixed_version":"1:3.8p1","repositories":{"buster":"1:7.9p1-10"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:3.8p1","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:3.8p1","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:3.8p1","repositories":{"sid":"1:7.9p1-10"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-2768":{"debianbug":436571,"scope":"remote","description":"OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.","releases":{"buster":{"repositories":{"buster":"1:7.9p1-10"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"1:7.9p1-10"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2008-5161":{"debianbug":506115,"scope":"remote","description":"Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.","releases":{"buster":{"fixed_version":"1:5.1p1-5","repositories":{"buster":"1:7.9p1-10"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:5.1p1-5","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:5.1p1-5","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:5.1p1-5","repositories":{"sid":"1:7.9p1-10"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-15919":{"debianbug":907503,"scope":"remote","description":"Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or \"oracle\") as a vulnerability.'","releases":{"buster":{"nodsa":"Minor issue","repositories":{"buster":"1:7.9p1-10"},"urgency":"low","nodsa_reason":"","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"1:7.9p1-10"},"urgency":"low","status":"open"}}}}
{"CVE-2008-1483":{"debianbug":463011,"scope":"local","description":"OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.","releases":{"buster":{"fixed_version":"1:4.7p1-5","repositories":{"buster":"1:7.9p1-10"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.7p1-5","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:4.7p1-5","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:4.7p1-5","repositories":{"sid":"1:7.9p1-10"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-6210":{"debianbug":831902,"scope":"remote","description":"sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.","releases":{"buster":{"fixed_version":"1:7.2p2-6","repositories":{"buster":"1:7.9p1-10"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:7.2p2-6","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:6.7p1-5+deb8u3","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:7.2p2-6","repositories":{"sid":"1:7.9p1-10"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2003-1562":{"scope":"remote","description":"sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password step of a multi-step authentication is successful, a different vulnerability than CVE-2003-0190.","releases":{"buster":{"fixed_version":"1:3.8.1p1-8.sarge.4","repositories":{"buster":"1:7.9p1-10"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:3.8.1p1-8.sarge.4","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:3.8.1p1-8.sarge.4","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:3.8.1p1-8.sarge.4","repositories":{"sid":"1:7.9p1-10"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-4478":{"scope":"remote","description":"OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:7.9p1-10"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:7.9p1-10"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-5000":{"scope":"remote","description":"The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field.  NOTE: there may be limited scenarios in which this issue is relevant.","releases":{"buster":{"fixed_version":"1:5.9p1-1","repositories":{"buster":"1:7.9p1-10"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1:5.9p1-1","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1:5.9p1-1","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1:5.9p1-1","repositories":{"sid":"1:7.9p1-10"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2003-0190":{"debianbug":196413,"scope":"remote","description":"OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.","releases":{"buster":{"fixed_version":"1:3.8.1p1-8.sarge.4","repositories":{"buster":"1:7.9p1-10"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:3.8.1p1-8.sarge.4","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:3.8.1p1-8.sarge.4","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:3.8.1p1-8.sarge.4","repositories":{"sid":"1:7.9p1-10"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2002-0639":{"scope":"remote","description":"Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication.","releases":{"buster":{"fixed_version":"1:3.4","repositories":{"buster":"1:7.9p1-10"},"urgency":"high","status":"resolved"},"stretch":{"fixed_version":"1:3.4","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"high","status":"resolved"},"jessie":{"fixed_version":"1:3.4","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"high","status":"resolved"},"sid":{"fixed_version":"1:3.4","repositories":{"sid":"1:7.9p1-10"},"urgency":"high","status":"resolved"}}}}
{"CVE-2017-15906":{"scope":"remote","description":"The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.","releases":{"buster":{"fixed_version":"1:7.6p1-1","repositories":{"buster":"1:7.9p1-10"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:7.4p1-10+deb9u3","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:6.7p1-5+deb8u6","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:7.6p1-1","repositories":{"sid":"1:7.9p1-10"},"urgency":"low","status":"resolved"}}}}
{"CVE-2005-2798":{"debianbug":326065,"scope":"remote","description":"sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts.","releases":{"buster":{"fixed_version":"1:4.2p1-1","repositories":{"buster":"1:7.9p1-10"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1:4.2p1-1","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1:4.2p1-1","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:4.2p1-1","repositories":{"sid":"1:7.9p1-10"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-5352":{"debianbug":790798,"scope":"remote","description":"The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.","releases":{"buster":{"fixed_version":"1:6.9p1-1","repositories":{"buster":"1:7.9p1-10"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:6.9p1-1","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:6.7p1-5+deb8u6","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:6.9p1-1","repositories":{"sid":"1:7.9p1-10"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2005-2797":{"debianbug":326065,"scope":"remote","description":"OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding (\"-D\" option) when a listen address is not provided, which may cause OpenSSH to enable the GatewayPorts functionality.","releases":{"buster":{"fixed_version":"1:4.2p1-1","repositories":{"buster":"1:7.9p1-10"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1:4.2p1-1","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1:4.2p1-1","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:4.2p1-1","repositories":{"sid":"1:7.9p1-10"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-6564":{"debianbug":795711,"scope":"local","description":"Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.","releases":{"buster":{"fixed_version":"1:6.9p1-1","repositories":{"buster":"1:7.9p1-10"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:6.9p1-1","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:6.7p1-5+deb8u6","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:6.9p1-1","repositories":{"sid":"1:7.9p1-10"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-6563":{"debianbug":795711,"scope":"local","description":"The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.","releases":{"buster":{"fixed_version":"1:6.9p1-1","repositories":{"buster":"1:7.9p1-10"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1:6.9p1-1","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1:6.7p1-5+deb8u6","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1:6.9p1-1","repositories":{"sid":"1:7.9p1-10"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2007-2243":{"debianbug":436571,"scope":"remote","description":"OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.","releases":{"buster":{"repositories":{"buster":"1:7.9p1-10"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"1:7.9p1-10"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2015-6565":{"scope":"local","description":"sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices, which allows local users to cause a denial of service (terminal disruption) or possibly have unspecified other impact by writing to a device, as demonstrated by writing an escape sequence.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:7.9p1-10"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:7.9p1-10"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2001-1585":{"scope":"remote","description":"SSH protocol 2 (aka SSH-2) public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure that the client has the proper private key, which allows remote attackers to bypass authentication as other users by supplying a public key from that user's authorized_keys file.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:7.9p1-10"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:7.9p1-10"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2011-4327":{"scope":"local","description":"ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information via the ptrace system call.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:7.9p1-10"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:7.9p1-10"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-4925":{"scope":"remote","description":"packet.c in ssh in OpenSSH allows remote attackers to cause a denial of service (crash) by sending an invalid protocol sequence with USERAUTH_SUCCESS before NEWKEYS, which causes newkeys[mode] to be NULL.","releases":{"buster":{"fixed_version":"1:5.1p1-5","repositories":{"buster":"1:7.9p1-10"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1:5.1p1-5","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1:5.1p1-5","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:5.1p1-5","repositories":{"sid":"1:7.9p1-10"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-3259":{"scope":"local","description":"OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:7.9p1-10"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:7.9p1-10"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-2904":{"scope":"local","description":"A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:7.9p1-10"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:7.9p1-10"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-4924":{"debianbug":389995,"scope":"remote","description":"sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.","releases":{"buster":{"fixed_version":"1:4.3p2-4","repositories":{"buster":"1:7.9p1-10"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:4.3p2-4","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:4.3p2-4","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:4.3p2-4","repositories":{"sid":"1:7.9p1-10"},"urgency":"low","status":"resolved"}}}}
{"CVE-2001-1507":{"scope":"remote","description":"OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged.","releases":{"buster":{"fixed_version":"1:3.0.1","repositories":{"buster":"1:7.9p1-10"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:3.0.1","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:3.0.1","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:3.0.1","repositories":{"sid":"1:7.9p1-10"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-0883":{"scope":"remote","description":"OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting.","releases":{"buster":{"fixed_version":"1:3.8.1p1-4","repositories":{"buster":"1:7.9p1-10"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:3.8.1p1-4","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:3.8.1p1-4","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:3.8.1p1-4","repositories":{"sid":"1:7.9p1-10"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-10012":{"debianbug":848717,"scope":"local","description":"The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures.","releases":{"buster":{"fixed_version":"1:7.4p1-1","repositories":{"buster":"1:7.9p1-10"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:7.4p1-1","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:6.7p1-5+deb8u6","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:7.4p1-1","repositories":{"sid":"1:7.9p1-10"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-10011":{"debianbug":848716,"scope":"local","description":"authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process.","releases":{"buster":{"fixed_version":"1:7.4p1-1","repositories":{"buster":"1:7.9p1-10"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:7.4p1-1","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:6.7p1-5+deb8u6","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1:7.4p1-1","repositories":{"sid":"1:7.9p1-10"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-2285":{"scope":"remote","description":"The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not recognize authorized_keys lines that contain options, which makes it easier for remote attackers to exploit CVE-2008-0166 by guessing a key that was not identified by this tool.","releases":{"buster":{"fixed_version":"1:4.7p1-10","repositories":{"buster":"1:7.9p1-10"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:4.7p1-10","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:4.7p1-10","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:4.7p1-10","repositories":{"sid":"1:7.9p1-10"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-10010":{"debianbug":848715,"scope":"local","description":"sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c.","releases":{"buster":{"fixed_version":"1:7.4p1-1","repositories":{"buster":"1:7.9p1-10"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1:7.4p1-1","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"1:7.4p1-1","repositories":{"sid":"1:7.9p1-10"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2003-0682":{"scope":"remote","description":"\"Memory bugs\" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695.","releases":{"buster":{"fixed_version":"1:3.6.1p2-9","repositories":{"buster":"1:7.9p1-10"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:3.6.1p2-9","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:3.6.1p2-9","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:3.6.1p2-9","repositories":{"sid":"1:7.9p1-10"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-4548":{"debianbug":729029,"scope":"remote","description":"The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address.","releases":{"buster":{"fixed_version":"1:6.4p1-1","repositories":{"buster":"1:7.9p1-10"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:6.4p1-1","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:6.4p1-1","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:6.4p1-1","repositories":{"sid":"1:7.9p1-10"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-0814":{"debianbug":657445,"scope":"remote","description":"The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite.  NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory.","releases":{"buster":{"fixed_version":"1:5.6p1-1","repositories":{"buster":"1:7.9p1-10"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:5.6p1-1","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:5.6p1-1","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:5.6p1-1","repositories":{"sid":"1:7.9p1-10"},"urgency":"low","status":"resolved"}}}}
{"CVE-2002-1359":{"scope":"remote","description":"Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH protocol test suite.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:7.9p1-10"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:7.9p1-10"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-1692":{"scope":"remote","description":"The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via vectors that trigger an error condition.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:7.9p1-10"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:7.9p1-10"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2002-1715":{"scope":"local","description":"SSH 1 through 3, and possibly other versions, allows local users to bypass restricted shells such as rbash or rksh by uploading a script to a world-writeable directory, then executing that script to gain normal shell access.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:7.9p1-10"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:7.9p1-10"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-5052":{"scope":"remote","description":"Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI \"authentication abort.\"","releases":{"buster":{"fixed_version":"1:4.6p1-1","repositories":{"buster":"1:7.9p1-10"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:4.6p1-1","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:4.6p1-1","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:4.6p1-1","repositories":{"sid":"1:7.9p1-10"},"urgency":"low","status":"resolved"}}}}
{"CVE-2006-5051":{"scope":"remote","description":"Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.","releases":{"buster":{"fixed_version":"1:4.6p1-1","repositories":{"buster":"1:7.9p1-10"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:4.6p1-1","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:4.6p1-1","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:4.6p1-1","repositories":{"sid":"1:7.9p1-10"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-4109":{"scope":"remote","description":"A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051.","releases":{"buster":{"fixed_version":"1:4.6p1-1","repositories":{"buster":"1:7.9p1-10"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:4.6p1-1","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:4.6p1-1","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:4.6p1-1","repositories":{"sid":"1:7.9p1-10"},"urgency":"low","status":"resolved"}}}}
{"CVE-2002-1357":{"scope":"remote","description":"Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:7.9p1-10"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:7.9p1-10"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2004-0175":{"debianbug":270770,"scope":"remote","description":"Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files.  NOTE: this may be a rediscovery of CVE-2000-0992.","releases":{"buster":{"fixed_version":"1:3.9p1-1","repositories":{"buster":"1:7.9p1-10"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:3.9p1-1","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:3.9p1-1","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:3.9p1-1","repositories":{"sid":"1:7.9p1-10"},"urgency":"low","status":"resolved"}}}}
{"CVE-2002-1358":{"scope":"remote","description":"Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:7.9p1-10"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1:7.4p1-10+deb9u6","stretch":"1:7.4p1-10+deb9u6"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:6.7p1-5+deb8u4","jessie-security":"1:6.7p1-5+deb8u8"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:7.9p1-10"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2002-2207":{"scope":"remote","description":"Buffer overflow in ssldump 0.9b2 and earlier, when running in decryption mode, allows remote attackers to execute arbitrary code via a long RSA PreMasterSecret.","releases":{"buster":{"fixed_version":"0.9b3","repositories":{"buster":"0.9b3+git20180706.eb8fdd4-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.9b3","repositories":{"stretch":"0.9b3-6"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.9b3","repositories":{"jessie":"0.9b3-4.1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.9b3","repositories":{"sid":"0.9b3+git20180706.eb8fdd4-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2002-2227":{"scope":"remote","description":"Buffer underflow in ssldump 0.9b2 and earlier allows remote attackers to cause a denial of service (memory corruption) via a crafted SSLv2 challenge value.","releases":{"buster":{"fixed_version":"0.9b3-1","repositories":{"buster":"0.9b3+git20180706.eb8fdd4-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.9b3-1","repositories":{"stretch":"0.9b3-6"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.9b3-1","repositories":{"jessie":"0.9b3-4.1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.9b3-1","repositories":{"sid":"0.9b3+git20180706.eb8fdd4-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-2207":{"debianbug":627377,"releases":{"jessie":{"repositories":{"jessie":"1.1.1-5"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2008-5186":{"debianbug":504445,"scope":"remote","description":"** DISPUTED **  The set_language_path function in geshi.php in Generic Syntax Highlighter (GeSHi) before 1.0.8.1 might allow remote attackers to conduct file inclusion attacks via crafted inputs that influence the default language path ($path variable).  NOTE: this issue has been disputed by a vendor, stating that only a static value is used, so this is not a vulnerability in GeSHi. Separate CVE identifiers would be created for web applications that integrate GeSHi in a way that allows control of the default language path.","releases":{"jessie":{"fixed_version":"1.0-1.1","repositories":{"jessie":"1.2-3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-4952":{"debianbug":496428,"scope":"local","description":"emacs-jabber in emacs-jabber 0.7.91 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.log temporary file.","releases":{"buster":{"fixed_version":"0.7.91-2","repositories":{"buster":"0.8.92+git98dc8e-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.7.91-2","repositories":{"stretch":"0.8.92+git98dc8e-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.7.91-2","repositories":{"jessie":"0.8.0-3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.7.91-2","repositories":{"sid":"0.8.92+git98dc8e-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-2090":{"scope":"remote","description":"Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"0.8.2-1","repositories":{"buster":"0.9.1-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.8.2-1","repositories":{"stretch":"0.8.3-1"},"urgency":"high**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.7.0-2"},"urgency":"high**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.8.2-1","repositories":{"sid":"0.9.1-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-5443":{"debianbug":395102,"scope":"remote","description":"Unspecified vulnerability in XIAO Gang WWW Interactive Mathematics Server (WIMS) before 3.60 allows remote attackers to modify unspecified data via unspecified vectors involving \"variable rights.\"","releases":{"buster":{"fixed_version":"3.60-1","repositories":{"buster":"1:4.15d~dfsg1-3"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.60-1","repositories":{"stretch":"1:4.13c~dfsg1-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.60-1","repositories":{"jessie":"1:4.08~dfsg1-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.60-1","repositories":{"sid":"1:4.15d~dfsg1-3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-4986":{"debianbug":496387,"scope":"local","description":"wims 3.62 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/env#####, (b) /tmp/sed#####, and (c) /tmp/referer-home.log temporary files, related to the (1) coqweb and (2) account.sh scripts.","releases":{"buster":{"fixed_version":"3.62-13.1","repositories":{"buster":"1:4.15d~dfsg1-3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.62-13.1","repositories":{"stretch":"1:4.13c~dfsg1-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3.62-13.1","repositories":{"jessie":"1:4.08~dfsg1-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"3.62-13.1","repositories":{"sid":"1:4.15d~dfsg1-3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-3355":{"debianbug":616673,"scope":"local","description":"(1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users to execute arbitrary code via a symlink attack on a temporary HTML template file in the /tmp/context directory.","releases":{"buster":{"fixed_version":"2.97-2.1","repositories":{"buster":"3.4.3-2"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.97-2.1","repositories":{"stretch":"3.4.1-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.97-2.1","repositories":{"jessie":"3.1-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.97-2.1","repositories":{"sid":"3.4.3-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-7185":{"scope":"remote","description":"GNOME Rhythmbox 0.11.5 allows remote attackers to cause a denial of service (segmentation fault and crash) via a playlist (.pls) file with a long Title field, possibly related to the g_hash_table_lookup function in b-playlist-manager.c.","releases":{"buster":{"repositories":{"buster":"3.4.3-2"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"3.4.1-2"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.1-1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.4.3-2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-6298":{"scope":"remote","description":"The _Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in jwcrypto before 0.3.2 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA).","releases":{"buster":{"fixed_version":"0.3.2-1","repositories":{"buster":"0.4.2-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.3.2-1","repositories":{"stretch":"0.3.2-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.3.2-1","repositories":{"sid":"0.6.0-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-2396":{"scope":"remote","description":"VideoLAN VLC media player 2.0.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted MP4 file.","releases":{"buster":{"fixed_version":"1.7.2-1","repositories":{"buster":"1.11.1+dfsg.1-0.3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.7.2-1","repositories":{"stretch":"1.11.1+dfsg.1-0.1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1.7.2-1","repositories":{"jessie":"1.9.1-2.1","jessie-security":"1.9.1-2.1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.7.2-1","repositories":{"sid":"1.11.1+dfsg.1-0.3"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-11439":{"debianbug":903847,"scope":"remote","description":"The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file.","releases":{"buster":{"fixed_version":"1.11.1+dfsg.1-0.3","repositories":{"buster":"1.11.1+dfsg.1-0.3"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.11.1+dfsg.1-0.1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"1.9.1-2.1+deb8u1","repositories":{"jessie":"1.9.1-2.1","jessie-security":"1.9.1-2.1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.11.1+dfsg.1-0.3","repositories":{"sid":"1.11.1+dfsg.1-0.3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-1584":{"debianbug":662705,"scope":"remote","description":"Integer overflow in the mid function in toolkit/tbytevector.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted file header field in a media file, which triggers a large memory allocation.","releases":{"buster":{"fixed_version":"1.7.1-1","repositories":{"buster":"1.11.1+dfsg.1-0.3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.7.1-1","repositories":{"stretch":"1.11.1+dfsg.1-0.1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.7.1-1","repositories":{"jessie":"1.9.1-2.1","jessie-security":"1.9.1-2.1+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.7.1-1","repositories":{"sid":"1.11.1+dfsg.1-0.3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-1107":{"debianbug":662705,"scope":"remote","description":"The analyzeCurrent function in ape/apeproperties.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted sampleRate in an ape file, which triggers a divide-by-zero error.","releases":{"buster":{"fixed_version":"1.7.1-1","repositories":{"buster":"1.11.1+dfsg.1-0.3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.7.1-1","repositories":{"stretch":"1.11.1+dfsg.1-0.1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.7.1-1","repositories":{"jessie":"1.9.1-2.1","jessie-security":"1.9.1-2.1+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.7.1-1","repositories":{"sid":"1.11.1+dfsg.1-0.3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2012-1108":{"debianbug":662705,"scope":"remote","description":"The parse function in ogg/xiphcomment.cpp in TagLib 1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted vendorLength field in an ogg file.","releases":{"buster":{"fixed_version":"1.7.1-1","repositories":{"buster":"1.11.1+dfsg.1-0.3"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.7.1-1","repositories":{"stretch":"1.11.1+dfsg.1-0.1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.7.1-1","repositories":{"jessie":"1.9.1-2.1","jessie-security":"1.9.1-2.1+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.7.1-1","repositories":{"sid":"1.11.1+dfsg.1-0.3"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-12678":{"debianbug":871511,"scope":"remote","description":"In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file.","releases":{"buster":{"fixed_version":"1.11.1+dfsg.1-0.2","repositories":{"buster":"1.11.1+dfsg.1-0.3"},"urgency":"medium**","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.11.1+dfsg.1-0.1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.9.1-2.1","jessie-security":"1.9.1-2.1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.11.1+dfsg.1-0.2","repositories":{"sid":"1.11.1+dfsg.1-0.3"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-19486":{"scope":"remote","description":"Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017.","releases":{"buster":{"fixed_version":"1:2.19.2-1","repositories":{"buster":"1:2.20.1-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1:2.11.0-3+deb9u4","stretch":"1:2.11.0-3+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.1.4-2.1+deb8u6","jessie-security":"1:2.1.4-2.1+deb8u7"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1:2.19.2-1","repositories":{"sid":"1:2.20.1-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-3906":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) f and (2) fp parameters.","releases":{"buster":{"fixed_version":"1:1.7.2.3-2.2","repositories":{"buster":"1:2.20.1-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:1.7.2.3-2.2","repositories":{"stretch-security":"1:2.11.0-3+deb9u4","stretch":"1:2.11.0-3+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:1.7.2.3-2.2","repositories":{"jessie":"1:2.1.4-2.1+deb8u6","jessie-security":"1:2.1.4-2.1+deb8u7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:1.7.2.3-2.2","repositories":{"sid":"1:2.20.1-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-15298":{"scope":"remote","description":"Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to build the data structure in memory before writing to disk.","releases":{"buster":{"repositories":{"buster":"1:2.20.1-2"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"1:2.11.0-3+deb9u4","stretch":"1:2.11.0-3+deb9u4"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1:2.1.4-2.1+deb8u6","jessie-security":"1:2.1.4-2.1+deb8u7"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"1:2.20.1-2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2014-9938":{"scope":"remote","description":"contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution.","releases":{"buster":{"fixed_version":"1:2.0.0~rc2-1","repositories":{"buster":"1:2.20.1-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:2.0.0~rc2-1","repositories":{"stretch-security":"1:2.11.0-3+deb9u4","stretch":"1:2.11.0-3+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:2.0.0~rc2-1","repositories":{"jessie":"1:2.1.4-2.1+deb8u6","jessie-security":"1:2.1.4-2.1+deb8u7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:2.0.0~rc2-1","repositories":{"sid":"1:2.20.1-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2315":{"debianbug":818318,"scope":"remote","description":"revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"1:2.7.0-1","repositories":{"buster":"1:2.20.1-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:2.7.0-1","repositories":{"stretch-security":"1:2.11.0-3+deb9u4","stretch":"1:2.11.0-3+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:2.1.4-2.1+deb8u2","repositories":{"jessie":"1:2.1.4-2.1+deb8u6","jessie-security":"1:2.1.4-2.1+deb8u7"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:2.7.0-1","repositories":{"sid":"1:2.20.1-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-1000021":{"debianbug":889680,"scope":"remote","description":"GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).","releases":{"buster":{"repositories":{"buster":"1:2.20.1-2"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch-security":"1:2.11.0-3+deb9u4","stretch":"1:2.11.0-3+deb9u4"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1:2.1.4-2.1+deb8u6","jessie-security":"1:2.1.4-2.1+deb8u7"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"1:2.20.1-2"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-2324":{"debianbug":818318,"scope":"remote","description":"Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"1:2.8.0~rc3-1","repositories":{"buster":"1:2.20.1-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:2.8.0~rc3-1","repositories":{"stretch-security":"1:2.11.0-3+deb9u4","stretch":"1:2.11.0-3+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:2.1.4-2.1+deb8u2","repositories":{"jessie":"1:2.1.4-2.1+deb8u6","jessie-security":"1:2.1.4-2.1+deb8u7"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:2.8.0~rc3-1","repositories":{"sid":"1:2.20.1-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-1000117":{"scope":"remote","description":"A malicious third-party can give a crafted \"ssh://...\" URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running \"git clone --recurse-submodules\" to trigger the vulnerability.","releases":{"buster":{"fixed_version":"1:2.14.1-1","repositories":{"buster":"1:2.20.1-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:2.11.0-3+deb9u1","repositories":{"stretch-security":"1:2.11.0-3+deb9u4","stretch":"1:2.11.0-3+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:2.1.4-2.1+deb8u4","repositories":{"jessie":"1:2.1.4-2.1+deb8u6","jessie-security":"1:2.1.4-2.1+deb8u7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:2.14.1-1","repositories":{"sid":"1:2.20.1-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-0308":{"scope":"remote","description":"The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1:2.20.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1:2.11.0-3+deb9u4","stretch":"1:2.11.0-3+deb9u4"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1:2.1.4-2.1+deb8u6","jessie-security":"1:2.1.4-2.1+deb8u7"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1:2.20.1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-11233":{"scope":"remote","description":"In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.","releases":{"buster":{"fixed_version":"1:2.17.1-1","repositories":{"buster":"1:2.20.1-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1:2.11.0-3+deb9u3","repositories":{"stretch-security":"1:2.11.0-3+deb9u4","stretch":"1:2.11.0-3+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:2.1.4-2.1+deb8u6","repositories":{"jessie":"1:2.1.4-2.1+deb8u6","jessie-security":"1:2.1.4-2.1+deb8u7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:2.17.1-1","repositories":{"sid":"1:2.20.1-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-11235":{"scope":"remote","description":"In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs \"git clone --recurse-submodules\" because submodule \"names\" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with \"../\" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.","releases":{"buster":{"fixed_version":"1:2.17.1-1","repositories":{"buster":"1:2.20.1-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:2.11.0-3+deb9u3","repositories":{"stretch-security":"1:2.11.0-3+deb9u4","stretch":"1:2.11.0-3+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:2.1.4-2.1+deb8u6","repositories":{"jessie":"1:2.1.4-2.1+deb8u6","jessie-security":"1:2.1.4-2.1+deb8u7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:2.17.1-1","repositories":{"sid":"1:2.20.1-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-8386":{"scope":"remote","description":"git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.","releases":{"buster":{"fixed_version":"1:2.11.0-3","repositories":{"buster":"1:2.20.1-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1:2.11.0-3","repositories":{"stretch-security":"1:2.11.0-3+deb9u4","stretch":"1:2.11.0-3+deb9u4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1:2.1.4-2.1+deb8u3","repositories":{"jessie":"1:2.1.4-2.1+deb8u6","jessie-security":"1:2.1.4-2.1+deb8u7"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1:2.11.0-3","repositories":{"sid":"1:2.20.1-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-17456":{"scope":"remote","description":"Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive \"git clone\" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.","releases":{"buster":{"fixed_version":"1:2.19.1-1","repositories":{"buster":"1:2.20.1-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:2.11.0-3+deb9u4","repositories":{"stretch-security":"1:2.11.0-3+deb9u4","stretch":"1:2.11.0-3+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:2.1.4-2.1+deb8u7","repositories":{"jessie":"1:2.1.4-2.1+deb8u6","jessie-security":"1:2.1.4-2.1+deb8u7"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:2.19.1-1","repositories":{"sid":"1:2.20.1-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-7545":{"scope":"remote","description":"The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules file or (b) unknown other sources in a submodule.","releases":{"buster":{"fixed_version":"1:2.6.1-1","repositories":{"buster":"1:2.20.1-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:2.6.1-1","repositories":{"stretch-security":"1:2.11.0-3+deb9u4","stretch":"1:2.11.0-3+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:2.1.4-2.1+deb8u1","repositories":{"jessie":"1:2.1.4-2.1+deb8u6","jessie-security":"1:2.1.4-2.1+deb8u7"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:2.6.1-1","repositories":{"sid":"1:2.20.1-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-9390":{"debianbug":773640,"releases":{"buster":{"fixed_version":"1:2.1.4-1","repositories":{"buster":"1:2.20.1-2"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"1:2.1.4-1","repositories":{"stretch-security":"1:2.11.0-3+deb9u4","stretch":"1:2.11.0-3+deb9u4"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"1:2.1.4-1","repositories":{"jessie":"1:2.1.4-2.1+deb8u6","jessie-security":"1:2.1.4-2.1+deb8u7"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"1:2.1.4-1","repositories":{"sid":"1:2.20.1-2"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2017-14867":{"debianbug":876854,"scope":"remote","description":"Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.","releases":{"buster":{"fixed_version":"1:2.14.2-1","repositories":{"buster":"1:2.20.1-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1:2.11.0-3+deb9u2","repositories":{"stretch-security":"1:2.11.0-3+deb9u4","stretch":"1:2.11.0-3+deb9u4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1:2.1.4-2.1+deb8u5","repositories":{"jessie":"1:2.1.4-2.1+deb8u6","jessie-security":"1:2.1.4-2.1+deb8u7"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1:2.14.2-1","repositories":{"sid":"1:2.20.1-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2008-5101":{"debianbug":505399,"scope":"remote","description":"Buffer overflow in the BMP reader in OptiPNG 0.6 and 0.6.1 allows user-assisted attackers to execute arbitrary code via a crafted BMP image, related to an \"array overflow.\"","releases":{"buster":{"fixed_version":"0.6.1.1-1","repositories":{"buster":"0.7.7-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.6.1.1-1","repositories":{"stretch-security":"0.7.6-1+deb9u1","stretch":"0.7.6-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.6.1.1-1","repositories":{"jessie":"0.7.5-1+deb8u2","jessie-security":"0.7.5-1+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.6.1.1-1","repositories":{"sid":"0.7.7-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-7802":{"debianbug":801700,"scope":"remote","description":"gifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote attackers to cause a denial of service (uninitialized memory read) via a crafted GIF file.","releases":{"buster":{"fixed_version":"0.7.6-1","repositories":{"buster":"0.7.7-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0.7.6-1","repositories":{"stretch-security":"0.7.6-1+deb9u1","stretch":"0.7.6-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"0.7.5-1+deb8u2","jessie-security":"0.7.5-1+deb8u2"},"urgency":"unimportant","status":"open"},"sid":{"fixed_version":"0.7.6-1","repositories":{"sid":"0.7.7-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-2191":{"debianbug":820068,"scope":"remote","description":"The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a crafted BMP image.","releases":{"buster":{"fixed_version":"0.7.6-1","repositories":{"buster":"0.7.7-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.7.6-1","repositories":{"stretch-security":"0.7.6-1+deb9u1","stretch":"0.7.6-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.7.5-1+deb8u1","repositories":{"jessie":"0.7.5-1+deb8u2","jessie-security":"0.7.5-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.7.6-1","repositories":{"sid":"0.7.7-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-7801":{"scope":"remote","description":"Use-after-free vulnerability in OptiPNG 0.6.4 allows remote attackers to execute arbitrary code via a crafted PNG file.","releases":{"buster":{"fixed_version":"0.7.5-1","repositories":{"buster":"0.7.7-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.7.5-1","repositories":{"stretch-security":"0.7.6-1+deb9u1","stretch":"0.7.6-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.7.5-1","repositories":{"jessie":"0.7.5-1+deb8u2","jessie-security":"0.7.5-1+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.7.5-1","repositories":{"sid":"0.7.7-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-4432":{"scope":"remote","description":"Use-after-free vulnerability in opngreduc.c in OptiPNG Hg and 0.7.x before 0.7.3 might allow remote attackers to execute arbitrary code via unspecified vectors related to \"palette reduction.\"","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.7.7-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"0.7.6-1+deb9u1","stretch":"0.7.6-1+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.7.5-1+deb8u2","jessie-security":"0.7.5-1+deb8u2"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.7.7-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-16938":{"debianbug":878839,"scope":"remote","description":"A global buffer overflow in OptiPNG 0.7.6 allows remote attackers to cause a denial-of-service attack or other unspecified impact with a maliciously crafted GIF format file, related to an uncontrolled loop in the LZWReadByte function of the gifread.c file.","releases":{"buster":{"fixed_version":"0.7.6-1.1","repositories":{"buster":"0.7.7-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.7.6-1+deb9u1","repositories":{"stretch-security":"0.7.6-1+deb9u1","stretch":"0.7.6-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.7.5-1+deb8u2","repositories":{"jessie":"0.7.5-1+deb8u2","jessie-security":"0.7.5-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.7.6-1.1","repositories":{"sid":"0.7.7-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-3981":{"scope":"remote","description":"Heap-based buffer overflow in the bmp_read_rows function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file.","releases":{"buster":{"fixed_version":"0.7.6-1","repositories":{"buster":"0.7.7-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.7.6-1","repositories":{"stretch-security":"0.7.6-1+deb9u1","stretch":"0.7.6-1+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.7.5-1+deb8u1","repositories":{"jessie":"0.7.5-1+deb8u2","jessie-security":"0.7.5-1+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.7.6-1","repositories":{"sid":"0.7.7-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-3982":{"scope":"remote","description":"Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"0.7.6-1","repositories":{"buster":"0.7.7-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.7.6-1","repositories":{"stretch-security":"0.7.6-1+deb9u1","stretch":"0.7.6-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.7.5-1+deb8u1","repositories":{"jessie":"0.7.5-1+deb8u2","jessie-security":"0.7.5-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.7.6-1","repositories":{"sid":"0.7.7-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-0749":{"scope":"remote","description":"Use-after-free vulnerability in the GIFReadNextExtension function in lib/pngxtern/gif/gifread.c in OptiPNG 0.6.2 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted GIF image that causes the realloc function to return a new pointer, which triggers memory corruption when the old pointer is accessed.","releases":{"buster":{"fixed_version":"0.6.2.1-1","repositories":{"buster":"0.7.7-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.6.2.1-1","repositories":{"stretch-security":"0.7.6-1+deb9u1","stretch":"0.7.6-1+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.6.2.1-1","repositories":{"jessie":"0.7.5-1+deb8u2","jessie-security":"0.7.5-1+deb8u2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.6.2.1-1","repositories":{"sid":"0.7.7-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-1000229":{"debianbug":882032,"scope":"remote","description":"Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service.","releases":{"buster":{"fixed_version":"0.7.6-1.1","repositories":{"buster":"0.7.7-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.7.6-1+deb9u1","repositories":{"stretch-security":"0.7.6-1+deb9u1","stretch":"0.7.6-1+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.7.5-1+deb8u2","repositories":{"jessie":"0.7.5-1+deb8u2","jessie-security":"0.7.5-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.7.6-1.1","repositories":{"sid":"0.7.7-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-7798":{"debianbug":842432,"scope":"remote","description":"The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.","releases":{"stretch":{"fixed_version":"3.0.1-2","repositories":{"stretch":"3.0.1-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.0.1-2","repositories":{"sid":"3.1.0-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-0635":{"debianbug":352202,"scope":"local","description":"Tiny C Compiler (TCC) 0.9.23 (aka TinyCC) evaluates the \"i>sizeof(int)\" expression to false when i equals -1, which might introduce integer overflow vulnerabilities into applications that could be exploited by context-dependent attackers.","releases":{"buster":{"fixed_version":"0.9.24~cvs20070502-1","repositories":{"buster":"0.9.27-8"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"0.9.24~cvs20070502-1","repositories":{"stretch":"0.9.27~git20161217.cd9514ab-3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"0.9.24~cvs20070502-1","repositories":{"jessie":"0.9.27~git20140923.9d7fb33-3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"0.9.24~cvs20070502-1","repositories":{"sid":"0.9.27-8"},"urgency":"low","status":"resolved"}}}}
{"CVE-2019-9754":{"debianbug":925127,"scope":"remote","description":"An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 1 byte out of bounds write in the end_macro function in tccpp.c.","releases":{"buster":{"nodsa":"Minor issue","repositories":{"buster":"0.9.27-8"},"urgency":"low","nodsa_reason":"","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"0.9.27~git20161217.cd9514ab-3"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.9.27~git20140923.9d7fb33-3"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"0.9.27-8"},"urgency":"low","status":"open"}}}}
{"CVE-2018-20374":{"scope":"remote","description":"An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 8 byte out of bounds write in the use_section1 function in tccasm.c.","releases":{"buster":{"repositories":{"buster":"0.9.27-8"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"0.9.27~git20161217.cd9514ab-3"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"0.9.27~git20140923.9d7fb33-3"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"0.9.27-8"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2018-20376":{"scope":"remote","description":"An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 8 byte out of bounds write in the asm_parse_directive function in tccasm.c.","releases":{"buster":{"repositories":{"buster":"0.9.27-8"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"0.9.27~git20161217.cd9514ab-3"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"0.9.27~git20140923.9d7fb33-3"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"0.9.27-8"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2018-20375":{"scope":"remote","description":"An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 8 byte out of bounds write in the sym_pop function in tccgen.c.","releases":{"buster":{"repositories":{"buster":"0.9.27-8"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"0.9.27~git20161217.cd9514ab-3"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"0.9.27~git20140923.9d7fb33-3"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"0.9.27-8"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2019-6293":{"debianbug":919428,"scope":"remote","description":"An issue was discovered in the function mark_beginning_as_normal in nfa.c in flex 2.6.4. There is a stack exhaustion problem caused by the mark_beginning_as_normal function making recursive calls to itself in certain scenarios involving lots of '*' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service.","releases":{"buster":{"nodsa":"Minor issue","repositories":{"buster":"2.6.4-6.2"},"urgency":"low","nodsa_reason":"","status":"open"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"2.6.1-1.3"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"2.5.39-8+deb8u2","jessie-security":"2.5.39-8+deb8u2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"repositories":{"sid":"2.6.4-6.2"},"urgency":"low","status":"open"}}}}
{"CVE-2010-0634":{"scope":"remote","description":"Unspecified vulnerability in Fast Lexical Analyzer Generator (flex) before 2.5.35 has unknown impact and attack vectors.","releases":{"buster":{"fixed_version":"2.5.35-1","repositories":{"buster":"2.6.4-6.2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.5.35-1","repositories":{"stretch":"2.6.1-1.3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.5.35-1","repositories":{"jessie":"2.5.39-8+deb8u2","jessie-security":"2.5.39-8+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.5.35-1","repositories":{"sid":"2.6.4-6.2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2006-0459":{"scope":"remote","description":"flex.skl in Will Estes and John Millaway Fast Lexical Analyzer Generator (flex) before 2.5.33 does not allocate enough memory for grammars containing (1) REJECT statements or (2) trailing context rules, which causes flex to generate code that contains a buffer overflow that might allow context-dependent attackers to execute arbitrary code.","releases":{"buster":{"fixed_version":"2.5.33-1","repositories":{"buster":"2.6.4-6.2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.5.33-1","repositories":{"stretch":"2.6.1-1.3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.5.33-1","repositories":{"jessie":"2.5.39-8+deb8u2","jessie-security":"2.5.39-8+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.5.33-1","repositories":{"sid":"2.6.4-6.2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-6354":{"debianbug":832768,"scope":"remote","description":"Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read.","releases":{"buster":{"fixed_version":"2.6.1-1","repositories":{"buster":"2.6.4-6.2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"2.6.1-1","repositories":{"stretch":"2.6.1-1.3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"2.5.39-8+deb8u2","repositories":{"jessie":"2.5.39-8+deb8u2","jessie-security":"2.5.39-8+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"2.6.1-1","repositories":{"sid":"2.6.4-6.2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-2023":{"scope":"remote","description":"Cross-site scripting (XSS) vulnerability in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to incomplete blacklists, a different vulnerability than CVE-2013-1942 and CVE-2013-2022.","releases":{"stretch":{"fixed_version":"2.1.0-2","repositories":{"stretch":"2.7.1+dfsg-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.1.0-2","repositories":{"jessie":"2.7.1+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-2022":{"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.23 allow remote attackers to inject arbitrary web script or HTML via the (1) jQuery or (2) id parameters, a different vulnerability than CVE-2013-1942 and CVE-2013-2023, as demonstrated by using the alert function in the jQuery parameter.  NOTE: these are the same parameters as CVE-2013-1942, but the fix for CVE-2013-1942 uses a blacklist for the jQuery parameter.","releases":{"stretch":{"fixed_version":"2.1.0-2","repositories":{"stretch":"2.7.1+dfsg-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.1.0-2","repositories":{"jessie":"2.7.1+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-1942":{"scope":"remote","description":"Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.20, as used in ownCloud Server before 5.0.4 and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) jQuery or (2) id parameters, as demonstrated using document.write in the jQuery parameter, a different vulnerability than CVE-2013-2022 and CVE-2013-2023.","releases":{"stretch":{"fixed_version":"2.1.0-2","repositories":{"stretch":"2.7.1+dfsg-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"2.1.0-2","repositories":{"jessie":"2.7.1+dfsg-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5838":{"scope":"remote","description":"The gst_date_time_new_from_iso8601_string function in gst/gstdatetime.c in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a malformed datetime string.","releases":{"jessie":{"fixed_version":"0","repositories":{"jessie":"0.10.36-1.5"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2007-5769":{"scope":"remote","description":"Double free vulnerability in the getreply function in ftp.c in netkit ftp (netkit-ftp) 0.17 20040614 and later allows remote FTP servers to cause a denial of service (application crash) and possibly have unspecified other impact via some types of FTP protocol behavior. NOTE: the netkit-ftpd issue is covered by CVE-2007-6263.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"0.17-34.1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"0.17-34"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"0.17-31"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"0.17-34.1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-8833":{"scope":"remote","description":"Use-after-free vulnerability in the create_smp_dialog function in gtk-dialog.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 4.0.2 for Pidgin allows remote attackers to execute arbitrary code via vectors related to the \"Authenticate buddy\" menu item.","releases":{"buster":{"fixed_version":"4.0.2-1","repositories":{"buster":"4.0.2-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.0.2-1","repositories":{"stretch":"4.0.2-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"4.0.1-1+deb8u1","repositories":{"jessie":"4.0.1-1+deb8u1","jessie-security":"4.0.1-1+deb8u1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"4.0.2-1","repositories":{"sid":"4.0.2-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2012-2369":{"debianbug":673154,"scope":"remote","description":"Format string vulnerability in the log_message_cb function in otr-plugin.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 3.2.1 for Pidgin might allow remote attackers to execute arbitrary code via format string specifiers in data that generates a log message.","releases":{"buster":{"fixed_version":"3.2.1-1","repositories":{"buster":"4.0.2-2"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"3.2.1-1","repositories":{"stretch":"4.0.2-1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"3.2.1-1","repositories":{"jessie":"4.0.1-1+deb8u1","jessie-security":"4.0.1-1+deb8u1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"3.2.1-1","repositories":{"sid":"4.0.2-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2019-9741":{"debianbug":924630,"scope":"remote","description":"An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \\r\\n followed by an HTTP header or a Redis command.","releases":{"buster":{"fixed_version":"1.11.6-1","repositories":{"buster":"1.11.6-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.11.6-1","repositories":{"sid":"1.11.6-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-16875":{"scope":"remote","description":"The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.","releases":{"buster":{"fixed_version":"1.11.3-1","repositories":{"buster":"1.11.6-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.11.3-1","repositories":{"sid":"1.11.6-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-16873":{"scope":"remote","description":"In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it's possible to arrange things so that a Git repository is cloned to a folder named \".git\" by using a vanity import path that ends with \"/.git\". If the Git repository root contains a \"HEAD\" file, a \"config\" file, an \"objects\" directory, a \"refs\" directory, with some work to ensure the proper ordering of operations, \"go get -u\" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the \"config\" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running \"go get -u\".","releases":{"buster":{"fixed_version":"1.11.3-1","repositories":{"buster":"1.11.6-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.11.3-1","repositories":{"sid":"1.11.6-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-6486":{"debianbug":920548,"scope":"remote","description":"Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.","releases":{"buster":{"fixed_version":"1.11.5-1","repositories":{"buster":"1.11.6-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.11.5-1","repositories":{"sid":"1.11.6-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-16874":{"scope":"remote","description":"In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution.","releases":{"buster":{"fixed_version":"1.11.3-1","repositories":{"buster":"1.11.6-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.11.3-1","repositories":{"sid":"1.11.6-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-11888":{"scope":"remote","description":"Go through 1.12.5 on Windows mishandles process creation with a nil environment in conjunction with a non-nil token, which allows attackers to obtain sensitive information or gain privileges.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.11.6-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.11.6-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-9634":{"scope":"remote","description":"Go through 1.12 on Windows misuses certain LoadLibrary functionality, leading to DLL injection.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.11.6-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.11.6-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-9741":{"debianbug":924630,"scope":"remote","description":"An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \\r\\n followed by an HTTP header or a Redis command.","releases":{"sid":{"fixed_version":"1.12-1","repositories":{"sid":"1.12.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-6486":{"debianbug":920548,"scope":"remote","description":"Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.","releases":{"sid":{"fixed_version":"1.12~beta2-2","repositories":{"sid":"1.12.5-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-11888":{"scope":"remote","description":"Go through 1.12.5 on Windows mishandles process creation with a nil environment in conjunction with a non-nil token, which allows attackers to obtain sensitive information or gain privileges.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"1.12.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2019-9634":{"scope":"remote","description":"Go through 1.12 on Windows misuses certain LoadLibrary functionality, leading to DLL injection.","releases":{"sid":{"fixed_version":"0","repositories":{"sid":"1.12.5-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-2350":{"debianbug":587039,"scope":"remote","description":"Heap-based buffer overflow in the PNG decoder in Ziproxy 3.1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNG file.","releases":{"buster":{"fixed_version":"3.1.1-1","repositories":{"buster":"3.3.1-2.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.1.1-1","repositories":{"stretch":"3.3.1-2.1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.1.1-1","repositories":{"jessie":"3.2.0-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.1.1-1","repositories":{"sid":"3.3.1-2.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-0804":{"debianbug":521051,"scope":"remote","description":"Ziproxy 2.6.0, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.","releases":{"buster":{"fixed_version":"2.7.2-1","repositories":{"buster":"3.3.1-2.1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.7.2-1","repositories":{"stretch":"3.3.1-2.1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.7.2-1","repositories":{"jessie":"3.2.0-2"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.7.2-1","repositories":{"sid":"3.3.1-2.1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2010-1513":{"debianbug":584933,"scope":"remote","description":"Multiple integer overflows in src/image.c in Ziproxy before 3.0.1 allow remote attackers to execute arbitrary code via (1) a large JPG image, related to the jpg2bitmap function or (2) a large PNG image, related to the png2bitmap function, leading to heap-based buffer overflows.","releases":{"buster":{"fixed_version":"3.1.0-1","repositories":{"buster":"3.3.1-2.1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.1.0-1","repositories":{"stretch":"3.3.1-2.1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.1.0-1","repositories":{"jessie":"3.2.0-2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.1.0-1","repositories":{"sid":"3.3.1-2.1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-4376":{"scope":"remote","description":"The setgid wrapper libx2go-server-db-sqlite3-wrapper.c in X2Go Server before 4.0.0.2 allows remote attackers to execute arbitrary code via unspecified vectors, related to the path to libx2go-server-db-sqlite3-wrapper.pl.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"4.1.0.3-4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"4.1.0.3-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-7383":{"scope":"remote","description":"x2gocleansessions in X2Go Server before 4.0.0.8 and 4.0.1.x before 4.0.1.10 allows remote authenticated users to gain privileges via unspecified vectors, possibly related to backticks.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"4.1.0.3-4"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"4.1.0.3-4"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-4997":{"scope":"local","description":"gnome-power-manager 2.27.92 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532.  NOTE: this issue exists because of a regression that followed a gnome-power-manager fix a few years earlier.","releases":{"buster":{"fixed_version":"2.28.0-1","repositories":{"buster":"3.30.0-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.28.0-1","repositories":{"stretch":"3.22.2-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.28.0-1","repositories":{"jessie":"3.14.1-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.28.0-1","repositories":{"sid":"3.30.0-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2006-7240":{"scope":"local","description":"gnome-power-manager 2.14.0 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532.","releases":{"buster":{"fixed_version":"2.28.0-1","repositories":{"buster":"3.30.0-2"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"2.28.0-1","repositories":{"stretch":"3.22.2-2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"2.28.0-1","repositories":{"jessie":"3.14.1-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"2.28.0-1","repositories":{"sid":"3.30.0-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-18021":{"scope":"remote","description":"It was discovered that QtPass before 1.2.1, when using the built-in password generator, generates possibly predictable and enumerable passwords. This only applies to the QtPass GUI.","releases":{"buster":{"fixed_version":"1.2.1-1","repositories":{"buster":"1.2.3-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.1.6-1+deb9u1","repositories":{"stretch":"1.1.6-1+deb9u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.2.1-1","repositories":{"sid":"1.2.3-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-5869":{"debianbug":356988,"scope":"remote","description":"pstotext before 1.9 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a file name.","releases":{"stretch":{"fixed_version":"1.9-4","repositories":{"stretch":"1.9-6"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.9-4","repositories":{"jessie":"1.9-6"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.9-4","repositories":{"sid":"1.9-6"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2005-2536":{"debianbug":319758,"scope":"remote","description":"pstotext before 1.8g does not properly use the \"-dSAFER\" option when calling Ghostscript to extract plain text from PostScript and PDF files, which allows remote attackers to execute arbitrary commands via a malicious PostScript file.","releases":{"stretch":{"fixed_version":"1.9-2","repositories":{"stretch":"1.9-6"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.9-2","repositories":{"jessie":"1.9-6"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.9-2","repositories":{"sid":"1.9-6"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2005-2039":{"scope":"remote","description":"Unknown vulnerability in \"various plugins\" for NanoBlogger 3.2.1 and earlier allows remote attackers to execute arbitrary commands.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"3.4.2-3"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"3.4.2-3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.4.2-3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"3.4.2-3"},"urgency":"unimportant","status":"resolved"}}}}
{"TEMP-0393846-B78E90":{"debianbug":393846,"releases":{"buster":{"fixed_version":"3.2.3-2","repositories":{"buster":"4.1.1-1.1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.2.3-2","repositories":{"stretch":"4.0-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3.2.3-2","repositories":{"jessie":"3.2.12+git20140228-4"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"3.2.3-2","repositories":{"sid":"4.2.2-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-2654":{"debianbug":484572,"scope":"remote","description":"Off-by-one error in the read_client function in webhttpd.c in Motion 3.2.10 and earlier might allow remote attackers to execute arbitrary code via a long request to a Motion HTTP Control interface, which triggers a stack-based buffer overflow with some combinations of processor architecture and compiler.","releases":{"buster":{"fixed_version":"3.2.9-3","repositories":{"buster":"4.1.1-1.1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"3.2.9-3","repositories":{"stretch":"4.0-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3.2.9-3","repositories":{"jessie":"3.2.12+git20140228-4"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"3.2.9-3","repositories":{"sid":"4.2.2-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2003-0359":{"scope":"local","description":"nethack 3.4.0 and earlier installs certain setgid binaries with insecure permissions, which allows local users to gain privileges by replacing the original binaries with malicious code.","releases":{"buster":{"fixed_version":"3.4.1-1","repositories":{"buster":"3.6.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.4.1-1","repositories":{"stretch":"3.6.0-4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.4.1-1","repositories":{"jessie":"3.4.3-15"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.4.1-1","repositories":{"sid":"3.6.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2003-0358":{"scope":"local","description":"Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1.9.3 and earlier, which is based on nethack, allows local users to gain privileges via a long -s command line option.","releases":{"buster":{"fixed_version":"3.4.1-1","repositories":{"buster":"3.6.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"3.4.1-1","repositories":{"stretch":"3.6.0-4"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.4.1-1","repositories":{"jessie":"3.4.3-15"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"3.4.1-1","repositories":{"sid":"3.6.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2004-2159":{"scope":"remote","description":"Multiple buffer overflows in XMLStarlet Command Line XML Toolkit 0.9.3 have unknown impact and attack vectors via (1) xml_elem.c and (2) xml_select.c.","releases":{"buster":{"fixed_version":"1.0.0-1","repositories":{"buster":"1.6.1-2"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0.0-1","repositories":{"stretch":"1.6.1-2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.0.0-1","repositories":{"jessie":"1.6.1-1"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0.0-1","repositories":{"sid":"1.6.1-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2004-2160":{"scope":"remote","description":"Format string vulnerability in xml_elem.c for XMLStarlet Command Line XML Toolkit 0.9.3 may allow attackers to cause a denial of service or execute arbitrary code.","releases":{"buster":{"fixed_version":"1.0.0-1","repositories":{"buster":"1.6.1-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.0-1","repositories":{"stretch":"1.6.1-2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.0-1","repositories":{"jessie":"1.6.1-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.0-1","repositories":{"sid":"1.6.1-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-17535":{"scope":"remote","description":"lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.","releases":{"buster":{"repositories":{"buster":"3.0.2-0.1"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"2.4.1-2"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"2.4.1-2"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"3.0.2-0.1"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2014-7202":{"scope":"remote","description":"stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request.","releases":{"buster":{"fixed_version":"4.0.5+dfsg-1","repositories":{"buster":"4.3.1-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.0.5+dfsg-1","repositories":{"stretch-security":"4.2.1-4+deb9u1","stretch":"4.2.1-4+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.0.5+dfsg-1","repositories":{"jessie":"4.0.5+dfsg-2+deb8u1","jessie-security":"4.0.5+dfsg-2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.0.5+dfsg-1","repositories":{"sid":"4.3.1-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-9721":{"debianbug":784366,"scope":"remote","description":"libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2 or earlier header.","releases":{"buster":{"fixed_version":"4.0.5+dfsg-3","repositories":{"buster":"4.3.1-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.0.5+dfsg-3","repositories":{"stretch-security":"4.2.1-4+deb9u1","stretch":"4.2.1-4+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.0.5+dfsg-2+deb8u1","repositories":{"jessie":"4.0.5+dfsg-2+deb8u1","jessie-security":"4.0.5+dfsg-2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.0.5+dfsg-3","repositories":{"sid":"4.3.1-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-7203":{"scope":"remote","description":"libzmq (aka ZeroMQ/C++) 4.0.x before 4.0.5 does not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks via unspecified vectors.","releases":{"buster":{"fixed_version":"4.0.5+dfsg-1","repositories":{"buster":"4.3.1-4"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.0.5+dfsg-1","repositories":{"stretch-security":"4.2.1-4+deb9u1","stretch":"4.2.1-4+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.0.5+dfsg-1","repositories":{"jessie":"4.0.5+dfsg-2+deb8u1","jessie-security":"4.0.5+dfsg-2+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.0.5+dfsg-1","repositories":{"sid":"4.3.1-4"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-6250":{"debianbug":919098,"scope":"remote","description":"A pointer overflow, with code execution, was discovered in ZeroMQ libzmq (aka 0MQ) 4.2.x and 4.3.x before 4.3.1. A v2_decoder.cpp zmq::v2_decoder_t::size_ready integer overflow allows an authenticated attacker to overwrite an arbitrary amount of bytes beyond the bounds of a buffer, which can be leveraged to run arbitrary code on the target system. The memory layout allows the attacker to inject OS commands into a data structure located immediately after the problematic buffer (i.e., it is not necessary to use a typical buffer-overflow exploitation technique that changes the flow of control).","releases":{"buster":{"fixed_version":"4.3.1-1","repositories":{"buster":"4.3.1-4"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"4.2.1-4+deb9u1","repositories":{"stretch-security":"4.2.1-4+deb9u1","stretch":"4.2.1-4+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"4.0.5+dfsg-2+deb8u1","jessie-security":"4.0.5+dfsg-2+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"4.3.1-1","repositories":{"sid":"4.3.1-4"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-3409":{"debianbug":783451,"scope":"local","description":"Untrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain privileges via a Trojan horse module under the current working directory, as demonstrated by a Trojan horse Text::Diff module.","releases":{"buster":{"fixed_version":"0.78-1","repositories":{"buster":"0.83-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.78-1","repositories":{"stretch":"0.81-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.73-1+deb8u1","repositories":{"jessie":"0.73-1+deb8u2","jessie-security":"0.73-1+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.78-1","repositories":{"sid":"0.83-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-3408":{"debianbug":783451,"scope":"remote","description":"Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest.","releases":{"buster":{"fixed_version":"0.78-1","repositories":{"buster":"0.83-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"0.78-1","repositories":{"stretch":"0.81-1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0.73-1+deb8u1","repositories":{"jessie":"0.73-1+deb8u2","jessie-security":"0.73-1+deb8u2"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"0.78-1","repositories":{"sid":"0.83-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-2145":{"debianbug":711239,"scope":"local","description":"The cpansign verify functionality in the Module::Signature module before 0.72 for Perl allows attackers to bypass the signature check and execute arbitrary code via a SIGNATURE file with a \"special unknown cipher\" that references an untrusted module in Digest/.","releases":{"buster":{"fixed_version":"0.73-1","repositories":{"buster":"0.83-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.73-1","repositories":{"stretch":"0.81-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.73-1","repositories":{"jessie":"0.73-1+deb8u2","jessie-security":"0.73-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.73-1","repositories":{"sid":"0.83-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-3407":{"debianbug":783451,"scope":"remote","description":"Module::Signature before 0.74 allows remote attackers to bypass signature verification for files via a signature file that does not list the files.","releases":{"buster":{"fixed_version":"0.78-1","repositories":{"buster":"0.83-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.78-1","repositories":{"stretch":"0.81-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0.73-1+deb8u1","repositories":{"jessie":"0.73-1+deb8u2","jessie-security":"0.73-1+deb8u2"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"0.78-1","repositories":{"sid":"0.83-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-3406":{"debianbug":783451,"releases":{"buster":{"fixed_version":"0.78-1","repositories":{"buster":"0.83-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"0.78-1","repositories":{"stretch":"0.81-1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"0.73-1+deb8u1","repositories":{"jessie":"0.73-1+deb8u2","jessie-security":"0.73-1+deb8u2"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"0.78-1","repositories":{"sid":"0.83-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2016-2390":{"scope":"remote","description":"The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message.","releases":{"stretch":{"fixed_version":"3.5.14-1","repositories":{"stretch-security":"3.5.23-5+deb9u1","stretch":"3.5.23-5+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"3.4.8-6+deb8u5","jessie-security":"3.4.8-6+deb8u6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2016-4051":{"scope":"remote","description":"Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data.","releases":{"stretch":{"fixed_version":"3.5.17-1","repositories":{"stretch-security":"3.5.23-5+deb9u1","stretch":"3.5.23-5+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.4.8-6+deb8u3","repositories":{"jessie":"3.4.8-6+deb8u5","jessie-security":"3.4.8-6+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-3205":{"debianbug":639755,"scope":"remote","description":"Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response.  NOTE: This issue exists because of a CVE-2005-0094 regression.","releases":{"stretch":{"fixed_version":"3.1.15-1","repositories":{"stretch-security":"3.5.23-5+deb9u1","stretch":"3.5.23-5+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3.1.15-1","repositories":{"jessie":"3.4.8-6+deb8u5","jessie-security":"3.4.8-6+deb8u6"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-4052":{"scope":"remote","description":"Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses.","releases":{"stretch":{"fixed_version":"3.5.17-1","repositories":{"stretch-security":"3.5.23-5+deb9u1","stretch":"3.5.23-5+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.4.8-6+deb8u3","repositories":{"jessie":"3.4.8-6+deb8u5","jessie-security":"3.4.8-6+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-4053":{"scope":"remote","description":"Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization.","releases":{"stretch":{"fixed_version":"3.5.17-1","repositories":{"stretch-security":"3.5.23-5+deb9u1","stretch":"3.5.23-5+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.4.8-6+deb8u3","repositories":{"jessie":"3.4.8-6+deb8u5","jessie-security":"3.4.8-6+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-4054":{"scope":"remote","description":"Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses.","releases":{"stretch":{"fixed_version":"3.5.17-1","repositories":{"stretch-security":"3.5.23-5+deb9u1","stretch":"3.5.23-5+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.4.8-6+deb8u3","repositories":{"jessie":"3.4.8-6+deb8u5","jessie-security":"3.4.8-6+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-1000024":{"debianbug":888719,"scope":"remote","description":"The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.. This vulnerability appears to have been fixed in 4.0.23 and later.","releases":{"stretch":{"fixed_version":"3.5.23-5+deb9u1","repositories":{"stretch-security":"3.5.23-5+deb9u1","stretch":"3.5.23-5+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.4.8-6+deb8u5","repositories":{"jessie":"3.4.8-6+deb8u5","jessie-security":"3.4.8-6+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-4096":{"scope":"remote","description":"The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record.","releases":{"stretch":{"fixed_version":"3.1.16-1","repositories":{"stretch-security":"3.5.23-5+deb9u1","stretch":"3.5.23-5+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.1.16-1","repositories":{"jessie":"3.4.8-6+deb8u5","jessie-security":"3.4.8-6+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-7141":{"debianbug":760999,"scope":"remote","description":"The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet.","releases":{"stretch":{"fixed_version":"3.4.8-1","repositories":{"stretch-security":"3.5.23-5+deb9u1","stretch":"3.5.23-5+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.4.8-1","repositories":{"jessie":"3.4.8-6+deb8u5","jessie-security":"3.4.8-6+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-7142":{"debianbug":760999,"scope":"remote","description":"The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.","releases":{"stretch":{"fixed_version":"3.4.8-1","repositories":{"stretch-security":"3.5.23-5+deb9u1","stretch":"3.5.23-5+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.4.8-1","repositories":{"jessie":"3.4.8-6+deb8u5","jessie-security":"3.4.8-6+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-4115":{"debianbug":716743,"scope":"remote","description":"Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server termination) via a long name in a DNS lookup request.","releases":{"stretch":{"fixed_version":"3.3.8-1","repositories":{"stretch-security":"3.5.23-5+deb9u1","stretch":"3.5.23-5+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"3.3.8-1","repositories":{"jessie":"3.4.8-6+deb8u5","jessie-security":"3.4.8-6+deb8u6"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-0881":{"scope":"remote","description":"CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response.","releases":{"stretch":{"fixed_version":"3.1.1-1","repositories":{"stretch-security":"3.5.23-5+deb9u1","stretch":"3.5.23-5+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.1.1-1","repositories":{"jessie":"3.4.8-6+deb8u5","jessie-security":"3.4.8-6+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-2951":{"debianbug":599709,"scope":"remote","description":"dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enabled, accesses an invalid socket during an IPv4 TCP DNS query, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors that trigger an IPv4 DNS response with the TC bit set.","releases":{"stretch":{"fixed_version":"3.1.6-1.2","repositories":{"stretch-security":"3.5.23-5+deb9u1","stretch":"3.5.23-5+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.1.6-1.2","repositories":{"jessie":"3.4.8-6+deb8u5","jessie-security":"3.4.8-6+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-1000027":{"debianbug":888720,"scope":"remote","description":"The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later.","releases":{"stretch":{"fixed_version":"3.5.23-5+deb9u1","repositories":{"stretch-security":"3.5.23-5+deb9u1","stretch":"3.5.23-5+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.4.8-6+deb8u5","repositories":{"jessie":"3.4.8-6+deb8u5","jessie-security":"3.4.8-6+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-5643":{"debianbug":696187,"scope":"remote","description":"Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials.","releases":{"stretch":{"fixed_version":"3.1.20-2.1","repositories":{"stretch-security":"3.5.23-5+deb9u1","stretch":"3.5.23-5+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.1.20-2.1","repositories":{"jessie":"3.4.8-6+deb8u5","jessie-security":"3.4.8-6+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-0639":{"debianbug":572553,"scope":"remote","description":"The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port.","releases":{"stretch":{"fixed_version":"3.1.0.17-1","repositories":{"stretch-security":"3.5.23-5+deb9u1","stretch":"3.5.23-5+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.1.0.17-1","repositories":{"jessie":"3.4.8-6+deb8u5","jessie-security":"3.4.8-6+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-3072":{"debianbug":596086,"scope":"remote","description":"The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.","releases":{"stretch":{"fixed_version":"3.1.6-1.1","repositories":{"stretch-security":"3.5.23-5+deb9u1","stretch":"3.5.23-5+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3.1.6-1.1","repositories":{"jessie":"3.4.8-6+deb8u5","jessie-security":"3.4.8-6+deb8u6"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-4123":{"debianbug":716743,"scope":"remote","description":"client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header.","releases":{"stretch":{"fixed_version":"3.3.8-1","repositories":{"stretch-security":"3.5.23-5+deb9u1","stretch":"3.5.23-5+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.3.8-1","repositories":{"jessie":"3.4.8-6+deb8u5","jessie-security":"3.4.8-6+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-5400":{"debianbug":793128,"scope":"remote","description":"Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.","releases":{"stretch":{"fixed_version":"3.5.6-1","repositories":{"stretch-security":"3.5.23-5+deb9u1","stretch":"3.5.23-5+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.4.8-6+deb8u1","repositories":{"jessie":"3.4.8-6+deb8u5","jessie-security":"3.4.8-6+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0000000-589A35":{"releases":{"stretch":{"fixed_version":"0","repositories":{"stretch-security":"3.5.23-5+deb9u1","stretch":"3.5.23-5+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.4.8-6+deb8u5","jessie-security":"3.4.8-6+deb8u6"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-1172":{"scope":"remote","description":"This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck(). A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the system. Was ZDI-CAN-6088.","releases":{"stretch":{"repositories":{"stretch-security":"3.5.23-5+deb9u1","stretch":"3.5.23-5+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.4.8-6+deb8u5","jessie-security":"3.4.8-6+deb8u6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2010-0308":{"debianbug":575747,"scope":"remote","description":"lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header.","releases":{"stretch":{"fixed_version":"3.1.0.16-1","repositories":{"stretch-security":"3.5.23-5+deb9u1","stretch":"3.5.23-5+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.1.0.16-1","repositories":{"jessie":"3.4.8-6+deb8u5","jessie-security":"3.4.8-6+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-3609":{"debianbug":759509,"scope":"remote","description":"HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted \"Range headers with unidentifiable byte-range values.\"","releases":{"stretch":{"fixed_version":"3.3.8-1.2","repositories":{"stretch-security":"3.5.23-5+deb9u1","stretch":"3.5.23-5+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.3.8-1.2","repositories":{"jessie":"3.4.8-6+deb8u5","jessie-security":"3.4.8-6+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2571":{"debianbug":816011,"scope":"remote","description":"http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.","releases":{"stretch":{"fixed_version":"3.5.15-1","repositories":{"stretch-security":"3.5.23-5+deb9u1","stretch":"3.5.23-5+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.4.8-6+deb8u2","repositories":{"jessie":"3.4.8-6+deb8u5","jessie-security":"3.4.8-6+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2572":{"scope":"remote","description":"http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch-security":"3.5.23-5+deb9u1","stretch":"3.5.23-5+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.4.8-6+deb8u5","jessie-security":"3.4.8-6+deb8u6"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-9749":{"debianbug":776464,"scope":"remote","description":"Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka \"Nonce replay vulnerability.\"","releases":{"stretch":{"fixed_version":"3.4.8-6","repositories":{"stretch-security":"3.5.23-5+deb9u1","stretch":"3.5.23-5+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.4.8-6","repositories":{"jessie":"3.4.8-6+deb8u5","jessie-security":"3.4.8-6+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-4554":{"debianbug":823968,"scope":"remote","description":"mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a \"header smuggling\" issue.","releases":{"stretch":{"fixed_version":"3.5.19-1","repositories":{"stretch-security":"3.5.23-5+deb9u1","stretch":"3.5.23-5+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.4.8-6+deb8u3","repositories":{"jessie":"3.4.8-6+deb8u5","jessie-security":"3.4.8-6+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-10003":{"debianbug":848491,"scope":"remote","description":"Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients.","releases":{"stretch":{"fixed_version":"3.5.23-1","repositories":{"stretch-security":"3.5.23-5+deb9u1","stretch":"3.5.23-5+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.4.8-6+deb8u5","jessie-security":"3.4.8-6+deb8u6"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-4553":{"debianbug":823968,"scope":"remote","description":"client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.","releases":{"stretch":{"fixed_version":"3.5.19-1","repositories":{"stretch-security":"3.5.23-5+deb9u1","stretch":"3.5.23-5+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.4.8-6+deb8u3","repositories":{"jessie":"3.4.8-6+deb8u5","jessie-security":"3.4.8-6+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-0478":{"debianbug":514142,"scope":"remote","description":"Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c.","releases":{"stretch":{"fixed_version":"3.0.STABLE8-3","repositories":{"stretch-security":"3.5.23-5+deb9u1","stretch":"3.5.23-5+deb9u1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"3.0.STABLE8-3","repositories":{"jessie":"3.4.8-6+deb8u5","jessie-security":"3.4.8-6+deb8u6"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2016-10002":{"debianbug":848493,"scope":"remote","description":"Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.","releases":{"stretch":{"fixed_version":"3.5.23-1","repositories":{"stretch-security":"3.5.23-5+deb9u1","stretch":"3.5.23-5+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.4.8-6+deb8u4","repositories":{"jessie":"3.4.8-6+deb8u5","jessie-security":"3.4.8-6+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-2855":{"debianbug":534982,"scope":"remote","description":"The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function.","releases":{"stretch":{"fixed_version":"3.0.STABLE19-1","repositories":{"stretch-security":"3.5.23-5+deb9u1","stretch":"3.5.23-5+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.0.STABLE19-1","repositories":{"jessie":"3.4.8-6+deb8u5","jessie-security":"3.4.8-6+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2570":{"debianbug":816011,"scope":"remote","description":"The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.","releases":{"stretch":{"fixed_version":"3.5.15-1","repositories":{"stretch-security":"3.5.23-5+deb9u1","stretch":"3.5.23-5+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue, needs substantial backporting; too intrusive to backport","repositories":{"jessie":"3.4.8-6+deb8u5","jessie-security":"3.4.8-6+deb8u6"},"urgency":"medium**","nodsa_reason":"","status":"open"}}}}
{"CVE-2016-5408":{"scope":"remote","description":"Stack-based buffer overflow in the munge_other_line function in cachemgr.cgi in the squid package before 3.1.23-16.el6_8.6 in Red Hat Enterprise Linux 6 allows remote attackers to execute arbitrary code via unspecified vectors.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-4051.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch-security":"3.5.23-5+deb9u1","stretch":"3.5.23-5+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.4.8-6+deb8u5","jessie-security":"3.4.8-6+deb8u6"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-4556":{"debianbug":823968,"scope":"remote","description":"Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response.","releases":{"stretch":{"fixed_version":"3.5.19-1","repositories":{"stretch-security":"3.5.23-5+deb9u1","stretch":"3.5.23-5+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.4.8-6+deb8u3","repositories":{"jessie":"3.4.8-6+deb8u5","jessie-security":"3.4.8-6+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-4555":{"debianbug":823968,"scope":"remote","description":"client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses.","releases":{"stretch":{"fixed_version":"3.5.19-1","repositories":{"stretch-security":"3.5.23-5+deb9u1","stretch":"3.5.23-5+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.4.8-6+deb8u3","repositories":{"jessie":"3.4.8-6+deb8u5","jessie-security":"3.4.8-6+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-6270":{"debianbug":761002,"scope":"remote","description":"Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow.","releases":{"stretch":{"fixed_version":"3.4.8-1","repositories":{"stretch-security":"3.5.23-5+deb9u1","stretch":"3.5.23-5+deb9u1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"3.4.8-1","repositories":{"jessie":"3.4.8-6+deb8u5","jessie-security":"3.4.8-6+deb8u6"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-3947":{"debianbug":819783,"scope":"remote","description":"Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet.","releases":{"stretch":{"fixed_version":"3.5.16-1","repositories":{"stretch-security":"3.5.23-5+deb9u1","stretch":"3.5.23-5+deb9u1"},"urgency":"high**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"3.4.8-6+deb8u5","jessie-security":"3.4.8-6+deb8u6"},"urgency":"high**","nodsa_reason":"","status":"open"}}}}
{"CVE-2016-3948":{"debianbug":819784,"scope":"remote","description":"Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers.","releases":{"stretch":{"fixed_version":"3.5.16-1","repositories":{"stretch-security":"3.5.23-5+deb9u1","stretch":"3.5.23-5+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.4.8-6+deb8u3","repositories":{"jessie":"3.4.8-6+deb8u5","jessie-security":"3.4.8-6+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-3455":{"scope":"remote","description":"Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.","releases":{"stretch":{"fixed_version":"3.5.6-1","repositories":{"stretch-security":"3.5.23-5+deb9u1","stretch":"3.5.23-5+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"repositories":{"jessie":"3.4.8-6+deb8u5","jessie-security":"3.4.8-6+deb8u6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2014-0128":{"debianbug":741312,"scope":"remote","description":"Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management.","releases":{"stretch":{"fixed_version":"3.4.8-1","repositories":{"stretch-security":"3.5.23-5+deb9u1","stretch":"3.5.23-5+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"3.4.8-1","repositories":{"jessie":"3.4.8-6+deb8u5","jessie-security":"3.4.8-6+deb8u6"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-19132":{"debianbug":912294,"scope":"remote","description":"Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet.","releases":{"stretch":{"nodsa":"Can be fixed along in a future DSA","repositories":{"stretch-security":"3.5.23-5+deb9u1","stretch":"3.5.23-5+deb9u1"},"urgency":"low","nodsa_reason":"postponed","status":"open"},"jessie":{"fixed_version":"3.4.8-6+deb8u6","repositories":{"jessie":"3.4.8-6+deb8u5","jessie-security":"3.4.8-6+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-19131":{"debianbug":912293,"scope":"remote","description":"Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors.","releases":{"stretch":{"repositories":{"stretch-security":"3.5.23-5+deb9u1","stretch":"3.5.23-5+deb9u1"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"3.4.8-6+deb8u5","jessie-security":"3.4.8-6+deb8u6"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2009-0801":{"debianbug":521052,"scope":"remote","description":"Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.","releases":{"stretch":{"fixed_version":"3.3.3-1","repositories":{"stretch-security":"3.5.23-5+deb9u1","stretch":"3.5.23-5+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"3.3.3-1","repositories":{"jessie":"3.4.8-6+deb8u5","jessie-security":"3.4.8-6+deb8u6"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2013-0189":{"debianbug":696187,"scope":"remote","description":"cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request.  NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or incorrect comparison.","releases":{"stretch":{"fixed_version":"3.1.20-2.1","repositories":{"stretch-security":"3.5.23-5+deb9u1","stretch":"3.5.23-5+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"3.1.20-2.1","repositories":{"jessie":"3.4.8-6+deb8u5","jessie-security":"3.4.8-6+deb8u6"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-2569":{"debianbug":816011,"scope":"remote","description":"Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.","releases":{"stretch":{"fixed_version":"3.5.15-1","repositories":{"stretch-security":"3.5.23-5+deb9u1","stretch":"3.5.23-5+deb9u1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue; needs substantial backporting; too intrusive to backport","repositories":{"jessie":"3.4.8-6+deb8u5","jessie-security":"3.4.8-6+deb8u6"},"urgency":"medium**","nodsa_reason":"","status":"open"}}}}
{"CVE-2009-2621":{"debianbug":538989,"scope":"remote","description":"Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce \"buffer limits and related bound checks,\" which allows remote attackers to cause a denial of service via (1) an incomplete request or (2) a request with a large header size, related to (a) HttpMsg.cc and (b) client_side.cc.","releases":{"stretch":{"fixed_version":"3.0.STABLE18-1","repositories":{"stretch-security":"3.5.23-5+deb9u1","stretch":"3.5.23-5+deb9u1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"3.0.STABLE18-1","repositories":{"jessie":"3.4.8-6+deb8u5","jessie-security":"3.4.8-6+deb8u6"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2009-2622":{"debianbug":538989,"scope":"remote","description":"Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) \"missing or mismatched protocol identifier,\" (2) missing or negative status value,\" (3) \"missing version,\" or (4) \"missing or invalid status number,\" related to (a) HttpMsg.cc and (b) HttpReply.cc.","releases":{"stretch":{"fixed_version":"3.0.STABLE18-1","repositories":{"stretch-security":"3.5.23-5+deb9u1","stretch":"3.5.23-5+deb9u1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"3.0.STABLE18-1","repositories":{"jessie":"3.4.8-6+deb8u5","jessie-security":"3.4.8-6+deb8u6"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2013-1839":{"scope":"remote","description":"The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x before 3.2.9 and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a \",\" character in an Accept-Language header.","releases":{"stretch":{"fixed_version":"0","repositories":{"stretch-security":"3.5.23-5+deb9u1","stretch":"3.5.23-5+deb9u1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"3.4.8-6+deb8u5","jessie-security":"3.4.8-6+deb8u6"},"urgency":"unimportant","status":"resolved"}}}}
{"TEMP-0359745-ECBE05":{"debianbug":359745,"releases":{"buster":{"fixed_version":"2.01.10-29","repositories":{"buster":"2.23.08-3.1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"2.01.10-29","repositories":{"stretch":"2.23.08-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"2.01.10-29","repositories":{"jessie":"2.23.08-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"2.01.10-29","repositories":{"sid":"2.23.08-3.1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-16516":{"debianbug":880691,"scope":"remote","description":"In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This results in the whole ruby process terminating and potentially a denial of service.","releases":{"buster":{"fixed_version":"1.2.0-3.1","repositories":{"buster":"1.3.1-1"},"urgency":"low","status":"resolved"},"stretch":{"nodsa":"Minor issue","repositories":{"stretch":"1.2.0-3"},"urgency":"low","nodsa_reason":"","status":"open"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"1.2.0-2"},"urgency":"low","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"1.2.0-3.1","repositories":{"sid":"1.3.1-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-10075":{"debianbug":849632,"scope":"local","description":"The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local users to execute arbitrary code via a crafted repo with a malicious git log in the current working directory.","releases":{"buster":{"fixed_version":"4.11.2-1","repositories":{"buster":"4.28.1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.11.2-1","repositories":{"stretch":"4.11.2-1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.11.2-1","repositories":{"sid":"4.28.1-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-2704":{"debianbug":781179,"scope":"remote","description":"realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf via a newline character in an LDAP response.","releases":{"buster":{"fixed_version":"0.16.0-1","repositories":{"buster":"0.16.3-2"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0.16.0-1","repositories":{"stretch":"0.16.3-1"},"urgency":"medium**","status":"resolved"},"jessie":{"nodsa":"Minor issue","repositories":{"jessie":"0.15.1-1"},"urgency":"medium**","nodsa_reason":"","status":"open"},"sid":{"fixed_version":"0.16.0-1","repositories":{"sid":"0.16.3-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-2770":{"debianbug":683288,"scope":"remote","description":"The Authen::ExternalAuth extension before 0.11 for Best Practical Solutions RT allows remote attackers to obtain a logged-in session via unspecified vectors related to the \"URL of a RSS feed of the user.\"","releases":{"jessie":{"fixed_version":"0.10-2","repositories":{"jessie":"0.25-1+deb8u1","jessie-security":"0.25-1+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-5361":{"scope":"remote","description":"Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 does not use a constant-time comparison algorithm for secrets, which makes it easier for remote attackers to obtain sensitive user password information via a timing side-channel attack.","releases":{"jessie":{"fixed_version":"0.25-1+deb8u1","repositories":{"jessie":"0.25-1+deb8u1","jessie-security":"0.25-1+deb8u1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2008-3895":{"scope":"local","description":"LILO 22.6.1 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.","releases":{"buster":{"repositories":{"buster":"1:24.2-4"},"urgency":"unimportant","status":"open"},"stretch":{"repositories":{"stretch":"1:24.2-2"},"urgency":"unimportant","status":"open"},"jessie":{"repositories":{"jessie":"1:24.1-1"},"urgency":"unimportant","status":"open"},"sid":{"repositories":{"sid":"1:24.2-4"},"urgency":"unimportant","status":"open"}}}}
{"CVE-2011-1934":{"debianbug":615103,"releases":{"buster":{"fixed_version":"23.1-2","repositories":{"buster":"1:24.2-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"23.1-2","repositories":{"stretch":"1:24.2-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"23.1-2","repositories":{"jessie":"1:24.1-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"23.1-2","repositories":{"sid":"1:24.2-4"},"urgency":"low","status":"resolved"}}}}
{"TEMP-0173238-677015":{"debianbug":173238,"releases":{"buster":{"fixed_version":"1:22.4-1","repositories":{"buster":"1:24.2-4"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1:22.4-1","repositories":{"stretch":"1:24.2-2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1:22.4-1","repositories":{"jessie":"1:24.1-1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1:22.4-1","repositories":{"sid":"1:24.2-4"},"urgency":"low","status":"resolved"}}}}
{"CVE-2004-2655":{"scope":"remote","description":"rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, when running on Fedora and possibly other platforms, does not release the keyboard focus when xscreensaver starts, which causes the password to be entered into the active window when the user unlocks the screen.","releases":{"buster":{"fixed_version":"4.18-1","repositories":{"buster":"5.42+dfsg1-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"4.18-1","repositories":{"stretch":"5.36-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"4.18-1","repositories":{"jessie":"5.30-1+deb8u2","jessie-security":"5.30-1+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"4.18-1","repositories":{"sid":"5.42+dfsg1-1"},"urgency":"low","status":"resolved"}}}}
{"TEMP-0334193-23D83A":{"debianbug":334193,"releases":{"buster":{"fixed_version":"4.23-2","repositories":{"buster":"5.42+dfsg1-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"4.23-2","repositories":{"stretch":"5.36-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"4.23-2","repositories":{"jessie":"5.30-1+deb8u2","jessie-security":"5.30-1+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"4.23-2","repositories":{"sid":"5.42+dfsg1-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2003-0885":{"scope":"remote","description":"Xscreensaver 4.14 contains certain debugging code that should have been omitted, which causes Xscreensaver to create temporary files insecurely in the (1) apple2, (2) xanalogtv, and (3) pong screensavers, and allows local users to overwrite arbitrary files via a symlink attack.","releases":{"buster":{"fixed_version":"4.15","repositories":{"buster":"5.42+dfsg1-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"4.15","repositories":{"stretch":"5.36-1"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"4.15","repositories":{"jessie":"5.30-1+deb8u2","jessie-security":"5.30-1+deb8u1"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"4.15","repositories":{"sid":"5.42+dfsg1-1"},"urgency":"medium**","status":"resolved"}}}}
{"TEMP-0539699-BC7A2B":{"debianbug":539699,"releases":{"buster":{"fixed_version":"5.05-3+nmu1","repositories":{"buster":"5.42+dfsg1-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"5.05-3+nmu1","repositories":{"stretch":"5.36-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"5.05-3+nmu1","repositories":{"jessie":"5.30-1+deb8u2","jessie-security":"5.30-1+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"5.05-3+nmu1","repositories":{"sid":"5.42+dfsg1-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-2187":{"debianbug":627382,"releases":{"buster":{"fixed_version":"5.14-1","repositories":{"buster":"5.42+dfsg1-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"5.14-1","repositories":{"stretch":"5.36-1"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"5.14-1","repositories":{"jessie":"5.30-1+deb8u2","jessie-security":"5.30-1+deb8u1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"5.14-1","repositories":{"sid":"5.42+dfsg1-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2007-1859":{"debianbug":433964,"scope":"local","description":"XScreenSaver 4.10, when using a remote directory service for credentials, does not properly handle the results from the getpwuid function in drivers/lock.c when there is no network connectivity, which causes XScreenSaver to crash and unlock the screen and allows local users to bypass authentication.","releases":{"buster":{"fixed_version":"5.03-1","repositories":{"buster":"5.42+dfsg1-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"5.03-1","repositories":{"stretch":"5.36-1"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"5.03-1","repositories":{"jessie":"5.30-1+deb8u2","jessie-security":"5.30-1+deb8u1"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"5.03-1","repositories":{"sid":"5.42+dfsg1-1"},"urgency":"low","status":"resolved"}}}}
{"TEMP-0482385-09F6D5":{"debianbug":482385,"releases":{"buster":{"fixed_version":"5.05-3","repositories":{"buster":"5.42+dfsg1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"5.05-3","repositories":{"stretch":"5.36-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"5.05-3","repositories":{"jessie":"5.30-1+deb8u2","jessie-security":"5.30-1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"5.05-3","repositories":{"sid":"5.42+dfsg1-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2003-1295":{"scope":"local","description":"Unspecified vulnerability in xscreensaver 4.12, and possibly other versions, allows attackers to cause xscreensaver to crash via unspecified vectors \"while verifying the user-password.\"","releases":{"buster":{"fixed_version":"4.21-1","repositories":{"buster":"5.42+dfsg1-1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.21-1","repositories":{"stretch":"5.36-1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.21-1","repositories":{"jessie":"5.30-1+deb8u2","jessie-security":"5.30-1+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.21-1","repositories":{"sid":"5.42+dfsg1-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2010-3586":{"scope":"local","description":"Unspecified vulnerability in Oracle Solaris 9 allows local users to affect confidentiality and integrity via unknown vectors related to XScreenSaver.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.42+dfsg1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"5.36-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"5.30-1+deb8u2","jessie-security":"5.30-1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.42+dfsg1-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2003-1294":{"scope":"local","description":"Xscreensaver before 4.15 creates temporary files insecurely in (1) driver/passwd-kerberos.c, (2) driver/xscreensaver-getimage-video, (3) driver/xscreensaver.kss.in, and the (4) vidwhacker and (5) webcollage screensavers, which allows local users to overwrite arbitrary files via a symlink attack.","releases":{"buster":{"fixed_version":"4.15-1","repositories":{"buster":"5.42+dfsg1-1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"4.15-1","repositories":{"stretch":"5.36-1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"4.15-1","repositories":{"jessie":"5.30-1+deb8u2","jessie-security":"5.30-1+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"4.15-1","repositories":{"sid":"5.42+dfsg1-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2007-3283":{"scope":"local","description":"GNOME XScreenSaver in Sun Solaris 8 and 9 before 20070417, when root is logged into the console, does not automatically lock the screen after a session has been inactive, which might allow physically proximate attackers to access the console.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.42+dfsg1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"5.36-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"5.30-1+deb8u2","jessie-security":"5.30-1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.42+dfsg1-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-3100":{"scope":"local","description":"xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 9 and 10, OpenSolaris snv_109 through snv_122, and X11 6.4.1 on Solaris 8 does not properly handle Accessibility support, which allows local users to cause a denial of service (system hang) by locking the screen and then attempting to launch an Accessibility pop-up window, related to a regression in certain Solaris and OpenSolaris patches.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.42+dfsg1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"5.36-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"5.30-1+deb8u2","jessie-security":"5.30-1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.42+dfsg1-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-3101":{"scope":"local","description":"xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 10, and OpenSolaris snv_109 through snv_122, does not properly handle Trusted Extensions, which allows local users to cause a denial of service (CPU consumption and console hang) by locking the screen, related to a regression in certain Solaris and OpenSolaris patches.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.42+dfsg1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"5.36-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"5.30-1+deb8u2","jessie-security":"5.30-1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.42+dfsg1-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-8025":{"debianbug":802914,"scope":"local","description":"driver/subprocs.c in XScreenSaver before 5.34 does not properly perform an internal consistency check, which allows physically proximate attackers to bypass the lock screen by hot swapping monitors.","releases":{"buster":{"fixed_version":"5.34-1","repositories":{"buster":"5.42+dfsg1-1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"5.34-1","repositories":{"stretch":"5.36-1"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"5.30-1+deb8u1","repositories":{"jessie":"5.30-1+deb8u2","jessie-security":"5.30-1+deb8u1"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"5.34-1","repositories":{"sid":"5.42+dfsg1-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2007-5585":{"debianbug":448157,"scope":"remote","description":"xscreensaver 5.03 and earlier, when running without xscreensaver-gl-extras (GL extras) installed, crashes when /usr/bin/xscreensaver-gl-helper does not exist and a user attempts to unlock the screen, which allows attackers with physical access to gain access to the locked session.","releases":{"buster":{"fixed_version":"5.03-3.1","repositories":{"buster":"5.42+dfsg1-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"5.03-3.1","repositories":{"stretch":"5.36-1"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"5.03-3.1","repositories":{"jessie":"5.30-1+deb8u2","jessie-security":"5.30-1+deb8u1"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"5.03-3.1","repositories":{"sid":"5.42+dfsg1-1"},"urgency":"medium","status":"resolved"}}}}
{"TEMP-0000000-4E21BA":{"releases":{"buster":{"fixed_version":"0","repositories":{"buster":"5.42+dfsg1-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch":"5.36-1"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"5.30-1+deb8u2","jessie-security":"5.30-1+deb8u1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"5.42+dfsg1-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2005-0638":{"debianbug":298926,"scope":"remote","description":"xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command.","releases":{"buster":{"fixed_version":"1.17.0-18","repositories":{"buster":"1.17.0+20061110-5"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.17.0-18","repositories":{"stretch":"1.17.0+20061110-4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.17.0-18","repositories":{"jessie":"1.17.0+20061110-4"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.17.0-18","repositories":{"sid":"1.17.0+20061110-5"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2005-0639":{"scope":"remote","description":"Multiple vulnerabilities in xli before 1.17 may allow remote attackers to execute arbitrary code via \"buffer management errors\" from certain image properties, some of which may be related to integer overflows in PPM files.","releases":{"buster":{"fixed_version":"1.17.0-17","repositories":{"buster":"1.17.0+20061110-5"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.17.0-17","repositories":{"stretch":"1.17.0+20061110-4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.17.0-17","repositories":{"jessie":"1.17.0+20061110-4"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.17.0-17","repositories":{"sid":"1.17.0+20061110-5"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2005-3178":{"debianbug":332524,"scope":"remote","description":"Buffer overflow in xloadimage 4.1 and earlier, and xli, might allow user-assisted attackers to execute arbitrary code via a long title name in a NIFF file, which triggers the overflow during (1) zoom, (2) reduce, or (3) rotate operations.","releases":{"buster":{"fixed_version":"1.17.0-20","repositories":{"buster":"1.17.0+20061110-5"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"1.17.0-20","repositories":{"stretch":"1.17.0+20061110-4"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"1.17.0-20","repositories":{"jessie":"1.17.0+20061110-4"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"1.17.0-20","repositories":{"sid":"1.17.0+20061110-5"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2001-0775":{"scope":"remote","description":"Buffer overflow in xloadimage 4.1 (aka xli 1.16 and 1.17) in Linux allows remote attackers to execute arbitrary code via a FACES format image containing a long (1) Firstname or (2) Lastname field.","releases":{"buster":{"fixed_version":"1.17.0-17","repositories":{"buster":"1.17.0+20061110-5"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.17.0-17","repositories":{"stretch":"1.17.0+20061110-4"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.17.0-17","repositories":{"jessie":"1.17.0+20061110-4"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.17.0-17","repositories":{"sid":"1.17.0+20061110-5"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2011-1921":{"scope":"remote","description":"The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.","releases":{"buster":{"fixed_version":"1.6.17dfsg-1","repositories":{"buster":"1.10.4-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.6.17dfsg-1","repositories":{"stretch-security":"1.9.5-1+deb9u1","stretch":"1.9.5-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.6.17dfsg-1","repositories":{"jessie":"1.8.10-6+deb8u6","jessie-security":"1.8.10-6+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.6.17dfsg-1","repositories":{"sid":"1.10.4-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-2448":{"debianbug":428194,"scope":"remote","description":"Subversion 1.4.3 and earlier does not properly implement the \"partial access\" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information (revision properties) via svn (1) propget, (2) proplist, or (3) propedit.","releases":{"buster":{"fixed_version":"1.4.4dfsg1-1","repositories":{"buster":"1.10.4-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.4.4dfsg1-1","repositories":{"stretch-security":"1.9.5-1+deb9u1","stretch":"1.9.5-1+deb9u3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.4.4dfsg1-1","repositories":{"jessie":"1.8.10-6+deb8u6","jessie-security":"1.8.10-6+deb8u5"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.4.4dfsg1-1","repositories":{"sid":"1.10.4-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2015-5259":{"scope":"remote","description":"Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary code via an svn:// protocol string, which triggers a heap-based buffer overflow and an out-of-bounds read.","releases":{"buster":{"fixed_version":"1.9.3-1","repositories":{"buster":"1.10.4-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.9.3-1","repositories":{"stretch-security":"1.9.5-1+deb9u1","stretch":"1.9.5-1+deb9u3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.8.10-6+deb8u6","jessie-security":"1.8.10-6+deb8u5"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.9.3-1","repositories":{"sid":"1.10.4-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2014-3528":{"scope":"remote","description":"Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm.","releases":{"buster":{"fixed_version":"1.8.10-1","repositories":{"buster":"1.10.4-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.8.10-1","repositories":{"stretch-security":"1.9.5-1+deb9u1","stretch":"1.9.5-1+deb9u3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.8.10-1","repositories":{"jessie":"1.8.10-6+deb8u6","jessie-security":"1.8.10-6+deb8u5"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.8.10-1","repositories":{"sid":"1.10.4-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-0715":{"scope":"remote","description":"The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.","releases":{"buster":{"fixed_version":"1.6.16dfsg-1","repositories":{"buster":"1.10.4-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.6.16dfsg-1","repositories":{"stretch-security":"1.9.5-1+deb9u1","stretch":"1.9.5-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.6.16dfsg-1","repositories":{"jessie":"1.8.10-6+deb8u6","jessie-security":"1.8.10-6+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.6.16dfsg-1","repositories":{"sid":"1.10.4-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-0032":{"debianbug":737815,"scope":"remote","description":"The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the \"svn ls http://svn.example.com\" command.","releases":{"buster":{"fixed_version":"1.8.8-1","repositories":{"buster":"1.10.4-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.8.8-1","repositories":{"stretch-security":"1.9.5-1+deb9u1","stretch":"1.9.5-1+deb9u3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.8.8-1","repositories":{"jessie":"1.8.10-6+deb8u6","jessie-security":"1.8.10-6+deb8u5"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.8.8-1","repositories":{"sid":"1.10.4-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2016-8734":{"scope":"remote","description":"Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory.","releases":{"buster":{"fixed_version":"1.9.5-1","repositories":{"buster":"1.10.4-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.9.5-1","repositories":{"stretch-security":"1.9.5-1+deb9u1","stretch":"1.9.5-1+deb9u3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.8.10-6+deb8u5","repositories":{"jessie":"1.8.10-6+deb8u6","jessie-security":"1.8.10-6+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.9.5-1","repositories":{"sid":"1.10.4-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2014-3522":{"scope":"remote","description":"The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.","releases":{"buster":{"fixed_version":"1.8.10-1","repositories":{"buster":"1.10.4-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.8.10-1","repositories":{"stretch-security":"1.9.5-1+deb9u1","stretch":"1.9.5-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.8.10-1","repositories":{"jessie":"1.8.10-6+deb8u6","jessie-security":"1.8.10-6+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.8.10-1","repositories":{"sid":"1.10.4-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2004-1438":{"scope":"local","description":"The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.","releases":{"buster":{"fixed_version":"1.0.6-1","repositories":{"buster":"1.10.4-1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.0.6-1","repositories":{"stretch-security":"1.9.5-1+deb9u1","stretch":"1.9.5-1+deb9u3"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.0.6-1","repositories":{"jessie":"1.8.10-6+deb8u6","jessie-security":"1.8.10-6+deb8u5"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.0.6-1","repositories":{"sid":"1.10.4-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2013-4131":{"debianbug":717794,"scope":"remote","description":"The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.","releases":{"buster":{"fixed_version":"1.7.13-1","repositories":{"buster":"1.10.4-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.7.13-1","repositories":{"stretch-security":"1.9.5-1+deb9u1","stretch":"1.9.5-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.7.13-1","repositories":{"jessie":"1.8.10-6+deb8u6","jessie-security":"1.8.10-6+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.7.13-1","repositories":{"sid":"1.10.4-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2006-1564":{"debianbug":359234,"scope":"local","description":"Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.","releases":{"buster":{"fixed_version":"1.3.0-5","repositories":{"buster":"1.10.4-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.3.0-5","repositories":{"stretch-security":"1.9.5-1+deb9u1","stretch":"1.9.5-1+deb9u3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.3.0-5","repositories":{"jessie":"1.8.10-6+deb8u6","jessie-security":"1.8.10-6+deb8u5"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.3.0-5","repositories":{"sid":"1.10.4-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2011-1783":{"scope":"remote","description":"The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.","releases":{"buster":{"fixed_version":"1.6.17dfsg-1","repositories":{"buster":"1.10.4-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.6.17dfsg-1","repositories":{"stretch-security":"1.9.5-1+deb9u1","stretch":"1.9.5-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.6.17dfsg-1","repositories":{"jessie":"1.8.10-6+deb8u6","jessie-security":"1.8.10-6+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.6.17dfsg-1","repositories":{"sid":"1.10.4-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2004-0749":{"scope":"remote","description":"The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via (1) svn log -v, (2) svn propget, or (3) svn blame, and other commands that follow renames.","releases":{"buster":{"fixed_version":"1.0.9-2","repositories":{"buster":"1.10.4-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.0.9-2","repositories":{"stretch-security":"1.9.5-1+deb9u1","stretch":"1.9.5-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.0.9-2","repositories":{"jessie":"1.8.10-6+deb8u6","jessie-security":"1.8.10-6+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.0.9-2","repositories":{"sid":"1.10.4-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-4558":{"scope":"remote","description":"The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote attackers to cause a denial of service (assertion failure and Apache process abort) via a non-canonical URL in a request, as demonstrated using a trailing /.","releases":{"buster":{"fixed_version":"1.7.14-1","repositories":{"buster":"1.10.4-1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.7.14-1","repositories":{"stretch-security":"1.9.5-1+deb9u1","stretch":"1.9.5-1+deb9u3"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.7.14-1","repositories":{"jessie":"1.8.10-6+deb8u6","jessie-security":"1.8.10-6+deb8u5"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.7.14-1","repositories":{"sid":"1.10.4-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2013-1884":{"debianbug":704940,"scope":"remote","description":"The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.","releases":{"buster":{"fixed_version":"1.7.9-1","repositories":{"buster":"1.10.4-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.7.9-1","repositories":{"stretch-security":"1.9.5-1+deb9u1","stretch":"1.9.5-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.7.9-1","repositories":{"jessie":"1.8.10-6+deb8u6","jessie-security":"1.8.10-6+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.7.9-1","repositories":{"sid":"1.10.4-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2014-3580":{"debianbug":773263,"scope":"remote","description":"The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist.","releases":{"buster":{"fixed_version":"1.8.10-5","repositories":{"buster":"1.10.4-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.8.10-5","repositories":{"stretch-security":"1.9.5-1+deb9u1","stretch":"1.9.5-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.8.10-5","repositories":{"jessie":"1.8.10-6+deb8u6","jessie-security":"1.8.10-6+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.8.10-5","repositories":{"sid":"1.10.4-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-9800":{"scope":"remote","description":"A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.","releases":{"buster":{"fixed_version":"1.9.7-1","repositories":{"buster":"1.10.4-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.9.5-1+deb9u1","repositories":{"stretch-security":"1.9.5-1+deb9u1","stretch":"1.9.5-1+deb9u3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.8.10-6+deb8u5","repositories":{"jessie":"1.8.10-6+deb8u6","jessie-security":"1.8.10-6+deb8u5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.9.7-1","repositories":{"sid":"1.10.4-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-2411":{"scope":"remote","description":"Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412.","releases":{"buster":{"fixed_version":"1.6.4dfsg-1","repositories":{"buster":"1.10.4-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.6.4dfsg-1","repositories":{"stretch-security":"1.9.5-1+deb9u1","stretch":"1.9.5-1+deb9u3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.6.4dfsg-1","repositories":{"jessie":"1.8.10-6+deb8u6","jessie-security":"1.8.10-6+deb8u5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.6.4dfsg-1","repositories":{"sid":"1.10.4-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-4277":{"debianbug":721542,"scope":"local","description":"Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option.","releases":{"buster":{"fixed_version":"1.7.13-1","repositories":{"buster":"1.10.4-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.7.13-1","repositories":{"stretch-security":"1.9.5-1+deb9u1","stretch":"1.9.5-1+deb9u3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.7.13-1","repositories":{"jessie":"1.8.10-6+deb8u6","jessie-security":"1.8.10-6+deb8u5"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.7.13-1","repositories":{"sid":"1.10.4-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-2112":{"debianbug":711033,"scope":"remote","description":"The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection.","releases":{"buster":{"fixed_version":"1.7.9-1+nmu2","repositories":{"buster":"1.10.4-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.7.9-1+nmu2","repositories":{"stretch-security":"1.9.5-1+deb9u1","stretch":"1.9.5-1+deb9u3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.7.9-1+nmu2","repositories":{"jessie":"1.8.10-6+deb8u6","jessie-security":"1.8.10-6+deb8u5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.7.9-1+nmu2","repositories":{"sid":"1.10.4-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-0248":{"scope":"remote","description":"The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers.","releases":{"buster":{"fixed_version":"1.8.10-6","repositories":{"buster":"1.10.4-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.8.10-6","repositories":{"stretch-security":"1.9.5-1+deb9u1","stretch":"1.9.5-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.8.10-6","repositories":{"jessie":"1.8.10-6+deb8u6","jessie-security":"1.8.10-6+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.8.10-6","repositories":{"sid":"1.10.4-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-1968":{"debianbug":711033,"scope":"remote","description":"Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name.","releases":{"buster":{"fixed_version":"1.7.9-1+nmu2","repositories":{"buster":"1.10.4-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.7.9-1+nmu2","repositories":{"stretch-security":"1.9.5-1+deb9u1","stretch":"1.9.5-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.7.9-1+nmu2","repositories":{"jessie":"1.8.10-6+deb8u6","jessie-security":"1.8.10-6+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.7.9-1+nmu2","repositories":{"sid":"1.10.4-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-1847":{"debianbug":704940,"scope":"remote","description":"The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.","releases":{"buster":{"fixed_version":"1.7.9-1","repositories":{"buster":"1.10.4-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.7.9-1","repositories":{"stretch-security":"1.9.5-1+deb9u1","stretch":"1.9.5-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.7.9-1","repositories":{"jessie":"1.8.10-6+deb8u6","jessie-security":"1.8.10-6+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.7.9-1","repositories":{"sid":"1.10.4-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-0202":{"scope":"remote","description":"The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal of FSFS repository nodes.","releases":{"buster":{"fixed_version":"1.8.10-6","repositories":{"buster":"1.10.4-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.8.10-6","repositories":{"stretch-security":"1.9.5-1+deb9u1","stretch":"1.9.5-1+deb9u3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.8.10-6","repositories":{"jessie":"1.8.10-6+deb8u6","jessie-security":"1.8.10-6+deb8u5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.8.10-6","repositories":{"sid":"1.10.4-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-1849":{"debianbug":704940,"scope":"remote","description":"The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.","releases":{"buster":{"fixed_version":"1.7.9-1","repositories":{"buster":"1.10.4-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.7.9-1","repositories":{"stretch-security":"1.9.5-1+deb9u1","stretch":"1.9.5-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.7.9-1","repositories":{"jessie":"1.8.10-6+deb8u6","jessie-security":"1.8.10-6+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.7.9-1","repositories":{"sid":"1.10.4-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-4539":{"debianbug":608989,"scope":"remote","description":"The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.","releases":{"buster":{"fixed_version":"1.6.12dfsg-4","repositories":{"buster":"1.10.4-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.6.12dfsg-4","repositories":{"stretch-security":"1.9.5-1+deb9u1","stretch":"1.9.5-1+deb9u3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.6.12dfsg-4","repositories":{"jessie":"1.8.10-6+deb8u6","jessie-security":"1.8.10-6+deb8u5"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.6.12dfsg-4","repositories":{"sid":"1.10.4-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-1846":{"debianbug":704940,"scope":"remote","description":"The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.","releases":{"buster":{"fixed_version":"1.7.9-1","repositories":{"buster":"1.10.4-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.7.9-1","repositories":{"stretch-security":"1.9.5-1+deb9u1","stretch":"1.9.5-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.7.9-1","repositories":{"jessie":"1.8.10-6+deb8u6","jessie-security":"1.8.10-6+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.7.9-1","repositories":{"sid":"1.10.4-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-1845":{"debianbug":704940,"scope":"remote","description":"The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.","releases":{"buster":{"fixed_version":"1.7.9-1","repositories":{"buster":"1.10.4-1"},"urgency":"low**","status":"resolved"},"stretch":{"fixed_version":"1.7.9-1","repositories":{"stretch-security":"1.9.5-1+deb9u1","stretch":"1.9.5-1+deb9u3"},"urgency":"low**","status":"resolved"},"jessie":{"fixed_version":"1.7.9-1","repositories":{"jessie":"1.8.10-6+deb8u6","jessie-security":"1.8.10-6+deb8u5"},"urgency":"low**","status":"resolved"},"sid":{"fixed_version":"1.7.9-1","repositories":{"sid":"1.10.4-1"},"urgency":"low**","status":"resolved"}}}}
{"CVE-2015-0251":{"scope":"remote","description":"The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences.","releases":{"buster":{"fixed_version":"1.8.10-6","repositories":{"buster":"1.10.4-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.8.10-6","repositories":{"stretch-security":"1.9.5-1+deb9u1","stretch":"1.9.5-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.8.10-6","repositories":{"jessie":"1.8.10-6+deb8u6","jessie-security":"1.8.10-6+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.8.10-6","repositories":{"sid":"1.10.4-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-3187":{"scope":"remote","description":"The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.","releases":{"buster":{"fixed_version":"1.9.0-1","repositories":{"buster":"1.10.4-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.9.0-1","repositories":{"stretch-security":"1.9.5-1+deb9u1","stretch":"1.9.5-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.8.10-6+deb8u1","repositories":{"jessie":"1.8.10-6+deb8u6","jessie-security":"1.8.10-6+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.9.0-1","repositories":{"sid":"1.10.4-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2004-0397":{"debianbug":249791,"scope":"remote","description":"Stack-based buffer overflow during the apr_time_t data conversion in Subversion 1.0.2 and earlier allows remote attackers to execute arbitrary code via a (1) DAV2 REPORT query or (2) get-dated-rev svn-protocol command.","releases":{"buster":{"fixed_version":"1.0.3-1","repositories":{"buster":"1.10.4-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0.3-1","repositories":{"stretch-security":"1.9.5-1+deb9u1","stretch":"1.9.5-1+deb9u3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.0.3-1","repositories":{"jessie":"1.8.10-6+deb8u6","jessie-security":"1.8.10-6+deb8u5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0.3-1","repositories":{"sid":"1.10.4-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2015-3184":{"scope":"remote","description":"mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name.","releases":{"buster":{"fixed_version":"1.9.0-1","repositories":{"buster":"1.10.4-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.9.0-1","repositories":{"stretch-security":"1.9.5-1+deb9u1","stretch":"1.9.5-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.8.10-6+deb8u1","repositories":{"jessie":"1.8.10-6+deb8u6","jessie-security":"1.8.10-6+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.9.0-1","repositories":{"sid":"1.10.4-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2004-0413":{"scope":"remote","description":"libsvn_ra_svn in Subversion 1.0.4 trusts the length field of (1) svn://, (2) svn+ssh://, and (3) other svn protocol URL strings, which allows remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via an integer overflow that leads to a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"1.0.5-1","repositories":{"buster":"1.10.4-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.0.5-1","repositories":{"stretch-security":"1.9.5-1+deb9u1","stretch":"1.9.5-1+deb9u3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.0.5-1","repositories":{"jessie":"1.8.10-6+deb8u6","jessie-security":"1.8.10-6+deb8u5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.0.5-1","repositories":{"sid":"1.10.4-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2013-4262":{"scope":"local","description":"svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file.  NOTE: this issue was SPLIT due to different affected versions (ADT3). The irkerbridge.py issue is covered by CVE-2013-7393.","releases":{"buster":{"fixed_version":"1.8.5-1","repositories":{"buster":"1.10.4-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.8.5-1","repositories":{"stretch-security":"1.9.5-1+deb9u1","stretch":"1.9.5-1+deb9u3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1.8.5-1","repositories":{"jessie":"1.8.10-6+deb8u6","jessie-security":"1.8.10-6+deb8u5"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.8.5-1","repositories":{"sid":"1.10.4-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-2167":{"scope":"remote","description":"The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string.","releases":{"buster":{"fixed_version":"1.9.4-1","repositories":{"buster":"1.10.4-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.9.4-1","repositories":{"stretch-security":"1.9.5-1+deb9u1","stretch":"1.9.5-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.8.10-6+deb8u4","repositories":{"jessie":"1.8.10-6+deb8u6","jessie-security":"1.8.10-6+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.9.4-1","repositories":{"sid":"1.10.4-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-1752":{"scope":"remote","description":"The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.","releases":{"buster":{"fixed_version":"1.6.17dfsg-1","repositories":{"buster":"1.10.4-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.6.17dfsg-1","repositories":{"stretch-security":"1.9.5-1+deb9u1","stretch":"1.9.5-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.6.17dfsg-1","repositories":{"jessie":"1.8.10-6+deb8u6","jessie-security":"1.8.10-6+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.6.17dfsg-1","repositories":{"sid":"1.10.4-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-7393":{"scope":"local","description":"The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used.  NOTE: this issue was SPLIT from CVE-2013-4262 based on different affected versions (ADT3).","releases":{"buster":{"fixed_version":"1.8.5-1","repositories":{"buster":"1.10.4-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.8.5-1","repositories":{"stretch-security":"1.9.5-1+deb9u1","stretch":"1.9.5-1+deb9u3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1.8.5-1","repositories":{"jessie":"1.8.10-6+deb8u6","jessie-security":"1.8.10-6+deb8u5"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.8.5-1","repositories":{"sid":"1.10.4-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2014-8108":{"debianbug":773315,"scope":"remote","description":"The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist.","releases":{"buster":{"fixed_version":"1.8.10-5","repositories":{"buster":"1.10.4-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.8.10-5","repositories":{"stretch-security":"1.9.5-1+deb9u1","stretch":"1.9.5-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.8.10-5","repositories":{"jessie":"1.8.10-6+deb8u6","jessie-security":"1.8.10-6+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.8.10-5","repositories":{"sid":"1.10.4-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-4644":{"debianbug":608989,"scope":"remote","description":"Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.","releases":{"buster":{"fixed_version":"1.6.12dfsg-3","repositories":{"buster":"1.10.4-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.6.12dfsg-3","repositories":{"stretch-security":"1.9.5-1+deb9u1","stretch":"1.9.5-1+deb9u3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.6.12dfsg-3","repositories":{"jessie":"1.8.10-6+deb8u6","jessie-security":"1.8.10-6+deb8u5"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.6.12dfsg-3","repositories":{"sid":"1.10.4-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2018-11803":{"scope":"remote","description":"Subversion's mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation.","releases":{"buster":{"fixed_version":"1.10.4-1","repositories":{"buster":"1.10.4-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1.9.5-1+deb9u1","stretch":"1.9.5-1+deb9u3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.8.10-6+deb8u6","jessie-security":"1.8.10-6+deb8u5"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.10.4-1","repositories":{"sid":"1.10.4-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-4246":{"scope":"remote","description":"libsvn_fs_fs/fs_fs.c in Apache Subversion 1.8.x before 1.8.2 might allow remote authenticated users with commit access to corrupt FSFS repositories and cause a denial of service or obtain sensitive information by editing packed revision properties.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"1.10.4-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"1.9.5-1+deb9u1","stretch":"1.9.5-1+deb9u3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"1.8.10-6+deb8u6","jessie-security":"1.8.10-6+deb8u5"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"1.10.4-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-2168":{"scope":"remote","description":"The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check.","releases":{"buster":{"fixed_version":"1.9.4-1","repositories":{"buster":"1.10.4-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"1.9.4-1","repositories":{"stretch-security":"1.9.5-1+deb9u1","stretch":"1.9.5-1+deb9u3"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"1.8.10-6+deb8u4","repositories":{"jessie":"1.8.10-6+deb8u6","jessie-security":"1.8.10-6+deb8u5"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"1.9.4-1","repositories":{"sid":"1.10.4-1"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2013-2088":{"scope":"remote","description":"contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename.","releases":{"buster":{"fixed_version":"1.7.5-1","repositories":{"buster":"1.10.4-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.7.5-1","repositories":{"stretch-security":"1.9.5-1+deb9u1","stretch":"1.9.5-1+deb9u3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1.7.5-1","repositories":{"jessie":"1.8.10-6+deb8u6","jessie-security":"1.8.10-6+deb8u5"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.7.5-1","repositories":{"sid":"1.10.4-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2015-5343":{"scope":"remote","description":"Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code via a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow.","releases":{"buster":{"fixed_version":"1.9.3-1","repositories":{"buster":"1.10.4-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"1.9.3-1","repositories":{"stretch-security":"1.9.5-1+deb9u1","stretch":"1.9.5-1+deb9u3"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"1.8.10-6+deb8u2","repositories":{"jessie":"1.8.10-6+deb8u6","jessie-security":"1.8.10-6+deb8u5"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"1.9.3-1","repositories":{"sid":"1.10.4-1"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2010-3315":{"scope":"remote","description":"authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.","releases":{"buster":{"fixed_version":"1.6.12dfsg-2","repositories":{"buster":"1.10.4-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"1.6.12dfsg-2","repositories":{"stretch-security":"1.9.5-1+deb9u1","stretch":"1.9.5-1+deb9u3"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"1.6.12dfsg-2","repositories":{"jessie":"1.8.10-6+deb8u6","jessie-security":"1.8.10-6+deb8u5"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"1.6.12dfsg-2","repositories":{"sid":"1.10.4-1"},"urgency":"low","status":"resolved"}}}}
{"CVE-2013-4505":{"debianbug":730541,"scope":"remote","description":"The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL in a REPORT request.","releases":{"buster":{"fixed_version":"1.7.14-1","repositories":{"buster":"1.10.4-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"1.7.14-1","repositories":{"stretch-security":"1.9.5-1+deb9u1","stretch":"1.9.5-1+deb9u3"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"1.7.14-1","repositories":{"jessie":"1.8.10-6+deb8u6","jessie-security":"1.8.10-6+deb8u5"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"1.7.14-1","repositories":{"sid":"1.10.4-1"},"urgency":"unimportant","status":"resolved"}}}}
{"TEMP-0805657-81BB13":{"debianbug":805657,"releases":{"buster":{"fixed_version":"1.1.5-1","repositories":{"buster":"1.3.2-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"1.1.5-1","repositories":{"stretch":"1.2.0-1"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"1.1.5-1","repositories":{"sid":"1.3.2-1"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2017-17831":{"scope":"remote","description":"GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a \"url =\" line in a .lfsconfig file within a repository.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"2.7.1-1"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"2.7.1-1"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-3520":{"debianbug":501021,"scope":"remote","description":"Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation.","releases":{"buster":{"fixed_version":"8.64~dfsg-2","repositories":{"buster":"9.27~dfsg-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"8.64~dfsg-2","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"8.64~dfsg-2","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"low","status":"resolved"},"sid":{"fixed_version":"8.64~dfsg-2","repositories":{"sid":"9.27~dfsg-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2008-3522":{"debianbug":501021,"scope":"remote","description":"Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf.","releases":{"buster":{"fixed_version":"8.64~dfsg-2","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"8.64~dfsg-2","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"8.64~dfsg-2","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"8.64~dfsg-2","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2008-6679":{"debianbug":524803,"scope":"remote","description":"Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and possibly other versions, allows remote attackers to cause a denial of service (ps2pdf crash) and possibly execute arbitrary code via a crafted Postscript file.","releases":{"buster":{"fixed_version":"8.64~dfsg-1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"8.64~dfsg-1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"8.64~dfsg-1","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"8.64~dfsg-1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2017-7207":{"debianbug":858350,"scope":"remote","description":"The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document.","releases":{"buster":{"fixed_version":"9.20~dfsg-3","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"9.20~dfsg-3","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"9.06~dfsg-2+deb8u5","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"9.20~dfsg-3","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-10220":{"debianbug":859694,"scope":"remote","description":"The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file that is mishandled in the PDF Transparency module.","releases":{"buster":{"fixed_version":"9.20~dfsg-3.1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"9.20~dfsg-3.1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"9.06~dfsg-2+deb8u5","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"9.20~dfsg-3.1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-4897":{"scope":"remote","description":"Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document containing a long name.","releases":{"buster":{"fixed_version":"8.70~dfsg-1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"8.70~dfsg-1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"8.70~dfsg-1","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"8.70~dfsg-1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2009-3720":{"debianbug":551936,"scope":"remote","description":"The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.","releases":{"buster":{"fixed_version":"8.71~dfsg-2","repositories":{"buster":"9.27~dfsg-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"8.71~dfsg-2","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"8.71~dfsg-2","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"8.71~dfsg-2","repositories":{"sid":"9.27~dfsg-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-16509":{"debianbug":907332,"scope":"remote","description":"An issue was discovered in Artifex Ghostscript before 9.24. Incorrect \"restoration of privilege\" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the \"pipe\" instruction.","releases":{"buster":{"fixed_version":"9.25~dfsg-1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"9.20~dfsg-3.2+deb9u5","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"9.06~dfsg-2+deb8u8","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"9.25~dfsg-1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-9740":{"debianbug":869879,"scope":"remote","description":"The xps_decode_font_char_imp function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.","releases":{"buster":{"fixed_version":"9.22~dfsg-1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"9.22~dfsg-1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"9.22~dfsg-1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-9620":{"debianbug":869879,"scope":"remote","description":"The xps_select_font_encoding function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document, related to the xps_encode_font_char_imp function.","releases":{"buster":{"fixed_version":"9.22~dfsg-1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"9.22~dfsg-1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"9.22~dfsg-1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2008-0411":{"debianbug":468190,"scope":"remote","description":"Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator.","releases":{"buster":{"fixed_version":"8.61.dfsg.1-1.1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"8.61.dfsg.1-1.1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"8.61.dfsg.1-1.1","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"8.61.dfsg.1-1.1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2010-4054":{"scope":"remote","description":"The gs_type2_interpret function in Ghostscript allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) via crafted font data in a compressed data stream, aka bug 691043.","releases":{"buster":{"fixed_version":"8.71~dfsg-1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"8.71~dfsg-1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"8.71~dfsg-1","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"8.71~dfsg-1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-1869":{"scope":"remote","description":"Stack-based buffer overflow in the parser function in GhostScript 8.70 and 8.64 allows context-dependent attackers to execute arbitrary code via a crafted PostScript file.","releases":{"buster":{"fixed_version":"8.71~dfsg-4","repositories":{"buster":"9.27~dfsg-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"8.71~dfsg-4","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"8.71~dfsg-4","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"8.71~dfsg-4","repositories":{"sid":"9.27~dfsg-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2017-8291":{"debianbug":861295,"scope":"remote","description":"Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a \"/OutputFile (%pipe%\" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.","releases":{"buster":{"fixed_version":"9.20~dfsg-3.1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"9.20~dfsg-3.1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"9.06~dfsg-2+deb8u5","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"9.20~dfsg-3.1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-3560":{"debianbug":560901,"scope":"remote","description":"The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.","releases":{"buster":{"fixed_version":"8.71~dfsg-2","repositories":{"buster":"9.27~dfsg-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"8.71~dfsg-2","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"8.71~dfsg-2","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"8.71~dfsg-2","repositories":{"sid":"9.27~dfsg-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-16543":{"debianbug":908303,"scope":"remote","description":"In Artifex Ghostscript before 9.24, gssetresolution and gsgetresolution allow attackers to have an unspecified impact.","releases":{"buster":{"fixed_version":"9.25~dfsg-1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"9.20~dfsg-3.2+deb9u4","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"9.06~dfsg-2+deb8u9","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"9.25~dfsg-1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-6196":{"scope":"remote","description":"Multiple use-after-free vulnerabilities in the gx_image_enum_begin function in base/gxipixel.c in Ghostscript before ecceafe3abba2714ef9b432035fe0739d9b1a283 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"9.27~dfsg-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"9.27~dfsg-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-16863":{"scope":"remote","description":"It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as shipped with Red Hat Enterprise Linux 7.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"9.27~dfsg-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"9.27~dfsg-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-16541":{"debianbug":907332,"scope":"remote","description":"In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter.","releases":{"buster":{"fixed_version":"9.22~dfsg-3","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"9.20~dfsg-3.2+deb9u4","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"9.06~dfsg-2+deb8u8","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"9.22~dfsg-3","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-16585":{"debianbug":908305,"scope":"remote","description":"An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase). This leads to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact.","releases":{"buster":{"fixed_version":"9.25~dfsg-1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"9.20~dfsg-3.2+deb9u4","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"9.06~dfsg-2+deb8u8","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"9.25~dfsg-1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-16542":{"debianbug":907332,"scope":"remote","description":"In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter.","releases":{"buster":{"fixed_version":"9.22~dfsg-3","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"9.20~dfsg-3.2+deb9u4","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"9.06~dfsg-2+deb8u8","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"9.22~dfsg-3","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-19477":{"scope":"remote","description":"psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.","releases":{"buster":{"fixed_version":"9.26~dfsg-1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"9.26~dfsg-0+deb9u1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"9.06~dfsg-2+deb8u12","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"9.26~dfsg-1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-19476":{"scope":"remote","description":"psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.","releases":{"buster":{"fixed_version":"9.26~dfsg-1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"9.26~dfsg-0+deb9u1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"9.06~dfsg-2+deb8u12","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"9.26~dfsg-1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-19475":{"scope":"remote","description":"psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.","releases":{"buster":{"fixed_version":"9.26~dfsg-1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"9.26~dfsg-0+deb9u1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"9.06~dfsg-2+deb8u12","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"9.26~dfsg-1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-10317":{"debianbug":860869,"scope":"remote","description":"The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document.","releases":{"buster":{"fixed_version":"9.22~dfsg-2.1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"9.20~dfsg-3.2+deb9u2","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"9.06~dfsg-2+deb8u7","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"9.22~dfsg-2.1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-4875":{"scope":"remote","description":"** DISPUTED **  Heap-based buffer overflow in gdevwpr2.c in Ghostscript 9.04, when processing the OutputFile device parameter, allows user-assisted remote attackers to execute arbitrary code via a long file name in a PostScript document.  NOTE: as of 20120314, the developer was not able to reproduce the issue and disputed it.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"9.27~dfsg-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"9.27~dfsg-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-8602":{"debianbug":840451,"scope":"remote","description":"The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack.","releases":{"buster":{"fixed_version":"9.19~dfsg-3.1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"9.19~dfsg-3.1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"9.06~dfsg-2+deb8u3","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"9.19~dfsg-3.1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-15909":{"debianbug":907332,"scope":"remote","description":"In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code.","releases":{"buster":{"fixed_version":"9.22~dfsg-3","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"9.20~dfsg-3.2+deb9u4","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"9.06~dfsg-2+deb8u8","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"9.22~dfsg-3","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-8908":{"scope":"remote","description":"The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PostScript document.","releases":{"buster":{"fixed_version":"9.22~dfsg-1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"9.22~dfsg-1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"9.22~dfsg-1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-15908":{"debianbug":907332,"scope":"remote","description":"In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files.","releases":{"buster":{"fixed_version":"9.22~dfsg-3","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"9.20~dfsg-3.2+deb9u4","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"9.06~dfsg-2+deb8u8","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"9.22~dfsg-3","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-0583":{"debianbug":522416,"scope":"remote","description":"Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain \"native color space,\" related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.","releases":{"buster":{"fixed_version":"8.64~dfsg-1.1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"8.64~dfsg-1.1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"8.64~dfsg-1.1","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"8.64~dfsg-1.1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2019-3835":{"debianbug":925256,"scope":"remote","description":"It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.","releases":{"buster":{"fixed_version":"9.27~dfsg-1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"9.26a~dfsg-0+deb9u2","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"9.26a~dfsg-0+deb8u2","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"9.27~dfsg-1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-9835":{"debianbug":869907,"scope":"remote","description":"The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. This is related to a lack of an integer overflow check in base/gsalloc.c.","releases":{"buster":{"fixed_version":"9.22~dfsg-1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"9.20~dfsg-3.2+deb9u1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"9.06~dfsg-2+deb8u6","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"9.22~dfsg-1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-3839":{"scope":"local","description":"It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before 9.28 are vulnerable.","releases":{"buster":{"fixed_version":"9.27~dfsg-1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"not yet assigned","status":"resolved"},"stretch":{"fixed_version":"9.26a~dfsg-0+deb9u3","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"not yet assigned","status":"resolved"},"jessie":{"fixed_version":"9.26a~dfsg-0+deb8u3","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"not yet assigned","status":"resolved"},"sid":{"fixed_version":"9.27~dfsg-1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"not yet assigned","status":"resolved"}}}}
{"CVE-2017-5951":{"debianbug":859696,"scope":"remote","description":"The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.","releases":{"buster":{"fixed_version":"9.20~dfsg-3.1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"9.20~dfsg-3.1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"9.06~dfsg-2+deb8u5","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"9.20~dfsg-3.1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-3838":{"debianbug":925257,"scope":"remote","description":"It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.","releases":{"buster":{"fixed_version":"9.27~dfsg-1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"9.26a~dfsg-0+deb9u2","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"9.26a~dfsg-0+deb8u2","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"9.27~dfsg-1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-0584":{"debianbug":522416,"scope":"remote","description":"icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.","releases":{"buster":{"fixed_version":"8.64~dfsg-1.1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"8.64~dfsg-1.1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"8.64~dfsg-1.1","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"8.64~dfsg-1.1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2013-5653":{"debianbug":839118,"scope":"remote","description":"The getenv and filenameforall functions in Ghostscript 9.10 ignore the \"-dSAFER\" argument, which allows remote attackers to read data via a crafted postscript file.","releases":{"buster":{"fixed_version":"9.19~dfsg-3.1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"9.19~dfsg-3.1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"low","status":"resolved"},"jessie":{"fixed_version":"9.06~dfsg-2+deb8u3","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"9.19~dfsg-3.1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-11714":{"debianbug":869977,"scope":"remote","description":"psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_reloc_struct_ptr function in psi/igc.c.","releases":{"buster":{"fixed_version":"9.22~dfsg-1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"9.20~dfsg-3.2+deb9u1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"9.06~dfsg-2+deb8u6","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"9.22~dfsg-1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2015-3228":{"debianbug":793489,"scope":"remote","description":"Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write.","releases":{"buster":{"fixed_version":"9.15~dfsg-1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"9.15~dfsg-1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"9.06~dfsg-2+deb8u1","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"9.15~dfsg-1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-16513":{"debianbug":907332,"scope":"remote","description":"In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other impact.","releases":{"buster":{"fixed_version":"9.22~dfsg-3","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"9.20~dfsg-3.2+deb9u4","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"9.06~dfsg-2+deb8u8","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"9.22~dfsg-3","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-16510":{"debianbug":908304,"scope":"remote","description":"An issue was discovered in Artifex Ghostscript before 9.24. Incorrect exec stack handling in the \"CS\" and \"SC\" PDF primitives could be used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other impact.","releases":{"buster":{"fixed_version":"9.25~dfsg-1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"9.25~dfsg-1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-16511":{"debianbug":907332,"scope":"remote","description":"An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in \"ztype\" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact.","releases":{"buster":{"fixed_version":"9.22~dfsg-3","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"9.20~dfsg-3.2+deb9u4","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"9.06~dfsg-2+deb8u8","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"9.22~dfsg-3","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-17961":{"debianbug":910678,"scope":"remote","description":"Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183.","releases":{"buster":{"fixed_version":"9.25~dfsg-3","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"9.25~dfsg-0+deb9u1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"9.06~dfsg-2+deb8u11","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"9.25~dfsg-3","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2007-2721":{"debianbug":413033,"scope":"remote","description":"The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert.","releases":{"buster":{"fixed_version":"8.61.dfsg.1~svn8187-1.1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"8.61.dfsg.1~svn8187-1.1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"8.61.dfsg.1~svn8187-1.1","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"8.61.dfsg.1~svn8187-1.1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2007-6725":{"debianbug":524803,"scope":"remote","description":"The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file that triggers a buffer underflow in the cf_decode_2d function.","releases":{"buster":{"fixed_version":"8.63.dfsg.1-1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"8.63.dfsg.1-1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"8.63.dfsg.1-1","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"8.63.dfsg.1-1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2011-4516":{"debianbug":652649,"scope":"remote","description":"Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker segment in a JPEG2000 file.","releases":{"buster":{"fixed_version":"8.64~dfsg-2","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"8.64~dfsg-2","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"8.64~dfsg-2","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"8.64~dfsg-2","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-17183":{"scope":"remote","description":"Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code.","releases":{"buster":{"fixed_version":"9.25~dfsg-1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"9.20~dfsg-3.2+deb9u5","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"9.06~dfsg-2+deb8u9","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"9.25~dfsg-1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2011-4517":{"debianbug":652649,"scope":"remote","description":"The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file.","releases":{"buster":{"fixed_version":"8.64~dfsg-2","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"8.64~dfsg-2","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"8.64~dfsg-2","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"8.64~dfsg-2","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-18073":{"debianbug":910758,"scope":"remote","description":"Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object.","releases":{"buster":{"fixed_version":"9.25~dfsg-3","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"9.25~dfsg-0+deb9u1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"9.06~dfsg-2+deb8u11","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"9.25~dfsg-3","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2019-6116":{"scope":"remote","description":"In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.","releases":{"buster":{"fixed_version":"9.26a~dfsg-1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"9.26a~dfsg-0+deb9u1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"9.26a~dfsg-0+deb8u1","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"9.26a~dfsg-1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2012-4405":{"debianbug":687274,"scope":"remote","description":"Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow.  NOTE: this issue is also described as an array index error.","releases":{"buster":{"fixed_version":"9.05~dfsg-6.1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"9.05~dfsg-6.1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"9.05~dfsg-6.1","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"9.05~dfsg-6.1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-9726":{"debianbug":869915,"scope":"remote","description":"The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.","releases":{"buster":{"fixed_version":"9.22~dfsg-1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"9.20~dfsg-3.2+deb9u1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"9.06~dfsg-2+deb8u6","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"9.22~dfsg-1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-9727":{"debianbug":869913,"scope":"remote","description":"The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.","releases":{"buster":{"fixed_version":"9.22~dfsg-1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"9.20~dfsg-3.2+deb9u1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"9.06~dfsg-2+deb8u6","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"9.22~dfsg-1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-7948":{"scope":"remote","description":"Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via a crafted PostScript document.","releases":{"buster":{"fixed_version":"9.22~dfsg-1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"9.22~dfsg-1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"9.22~dfsg-1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2009-0792":{"debianbug":523472,"scope":"remote","description":"Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain \"native color space,\" related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.  NOTE: this issue exists because of an incomplete fix for CVE-2009-0583.","releases":{"buster":{"fixed_version":"8.64~dfsg-1.1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"8.64~dfsg-1.1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"8.64~dfsg-1.1","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"8.64~dfsg-1.1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2009-0196":{"debianbug":524803,"scope":"remote","description":"Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value.","releases":{"buster":{"fixed_version":"8.64~dfsg-1.1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"8.64~dfsg-1.1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"8.64~dfsg-1.1","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"8.64~dfsg-1.1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2009-3743":{"scope":"remote","description":"Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter in Ghostscript before 8.71 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed TrueType font in a document that trigger an integer overflow and a heap-based buffer overflow.","releases":{"buster":{"fixed_version":"8.71~dfsg-1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"8.71~dfsg-1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"8.71~dfsg-1","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"8.71~dfsg-1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-15911":{"debianbug":907332,"scope":"remote","description":"In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code.","releases":{"buster":{"fixed_version":"9.22~dfsg-3","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"9.20~dfsg-3.2+deb9u4","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"9.06~dfsg-2+deb8u8","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"9.22~dfsg-3","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-2055":{"debianbug":584653,"scope":"local","description":"Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program, as demonstrated using gs_init.ps, a different vulnerability than CVE-2010-4820.","releases":{"buster":{"fixed_version":"8.71~dfsg2-6.1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"8.71~dfsg2-6.1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"8.71~dfsg2-6.1","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"8.71~dfsg2-6.1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-16802":{"scope":"remote","description":"An issue was discovered in Artifex Ghostscript before 9.25. Incorrect \"restoration of privilege\" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the \"pipe\" instruction. This is due to an incomplete fix for CVE-2018-16509.","releases":{"buster":{"fixed_version":"9.25~dfsg-1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"9.20~dfsg-3.2+deb9u5","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"9.06~dfsg-2+deb8u8","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"9.25~dfsg-1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-15910":{"debianbug":907332,"scope":"remote","description":"In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code.","releases":{"buster":{"fixed_version":"9.22~dfsg-3","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"9.20~dfsg-3.2+deb9u4","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"9.06~dfsg-2+deb8u8","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"9.22~dfsg-3","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2009-4270":{"debianbug":562643,"scope":"remote","description":"Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file, as originally reported for debug logging code in gdevcups.c in the CUPS output driver.","releases":{"buster":{"fixed_version":"8.70~dfsg-2.1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"8.70~dfsg-2.1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"8.70~dfsg-2.1","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"8.70~dfsg-2.1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium","status":"resolved"}}}}
{"CVE-2018-19478":{"scope":"remote","description":"In Artifex Ghostscript before 9.26, a carefully crafted PDF file can trigger an extremely long running computation when parsing the file.","releases":{"buster":{"fixed_version":"9.26~dfsg-1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"9.26~dfsg-0+deb9u1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"9.06~dfsg-2+deb8u13","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"9.26~dfsg-1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-16540":{"debianbug":907332,"scope":"remote","description":"In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact.","releases":{"buster":{"fixed_version":"9.22~dfsg-3","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"9.20~dfsg-3.2+deb9u4","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"9.06~dfsg-2+deb8u8","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"9.22~dfsg-3","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-19134":{"scope":"remote","description":"In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue because of failure to check whether the Implementation of a pattern dictionary was a structure type.","releases":{"buster":{"fixed_version":"9.26~dfsg-1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"9.26~dfsg-0+deb9u1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"9.06~dfsg-2+deb8u13","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"9.26~dfsg-1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-10219":{"debianbug":859666,"scope":"remote","description":"The intersect function in base/gxfill.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file.","releases":{"buster":{"fixed_version":"9.20~dfsg-3.1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"9.20~dfsg-3.1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"9.06~dfsg-2+deb8u5","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"9.20~dfsg-3.1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-10218":{"scope":"remote","description":"The pdf14_pop_transparency_group function in base/gdevp14.c in the PDF Transparency module in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.","releases":{"buster":{"fixed_version":"0","repositories":{"buster":"9.27~dfsg-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"0","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"0","repositories":{"sid":"9.27~dfsg-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2016-10217":{"debianbug":859662,"scope":"remote","description":"The pdf14_open function in base/gdevp14.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file that is mishandled in the color management module.","releases":{"buster":{"fixed_version":"9.20~dfsg-3.1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"9.20~dfsg-3.1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"9.20~dfsg-3.1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-18284":{"debianbug":911175,"scope":"remote","description":"Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.","releases":{"buster":{"fixed_version":"9.25~dfsg-3","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"9.25~dfsg-0+deb9u1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"9.06~dfsg-2+deb8u11","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"9.25~dfsg-3","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2010-1628":{"debianbug":584516,"scope":"remote","description":"Ghostscript 8.64, 8.70, and possibly other versions allows context-dependent attackers to execute arbitrary code via a PostScript file containing unlimited recursive procedure invocations, which trigger memory corruption in the stack of the interpreter.","releases":{"buster":{"fixed_version":"8.71~dfsg2-4","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium","status":"resolved"},"stretch":{"fixed_version":"8.71~dfsg2-4","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium","status":"resolved"},"jessie":{"fixed_version":"8.71~dfsg2-4","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium","status":"resolved"},"sid":{"fixed_version":"8.71~dfsg2-4","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium","status":"resolved"}}}}
{"TEMP-0291452-29156B":{"debianbug":291452,"releases":{"buster":{"fixed_version":"8.61.dfsg.1~svn8187-1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"8.61.dfsg.1~svn8187-1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"8.61.dfsg.1~svn8187-1","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"8.61.dfsg.1~svn8187-1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-9739":{"debianbug":869910,"scope":"remote","description":"The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.","releases":{"buster":{"fixed_version":"9.22~dfsg-1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"9.20~dfsg-3.2+deb9u1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"9.06~dfsg-2+deb8u6","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"9.22~dfsg-1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-9618":{"debianbug":869879,"scope":"remote","description":"The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted document.","releases":{"buster":{"fixed_version":"9.22~dfsg-1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"9.22~dfsg-1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"9.22~dfsg-1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2017-9619":{"debianbug":869879,"scope":"remote","description":"The xps_true_callback_glyph_name function in xps/xpsttf.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (Segmentation Violation and application crash) via a crafted file.","releases":{"buster":{"fixed_version":"9.22~dfsg-1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"9.22~dfsg-1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"9.22~dfsg-1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2010-4820":{"scope":"local","description":"Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability than CVE-2010-2055.","releases":{"buster":{"fixed_version":"8.71~dfsg2-6.1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"8.71~dfsg2-6.1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"8.71~dfsg2-6.1","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"8.71~dfsg2-6.1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2017-9612":{"debianbug":869916,"scope":"remote","description":"The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via a crafted document.","releases":{"buster":{"fixed_version":"9.22~dfsg-1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"9.20~dfsg-3.2+deb9u1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"9.06~dfsg-2+deb8u6","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"9.22~dfsg-1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-7978":{"debianbug":839845,"scope":"remote","description":"Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice.","releases":{"buster":{"fixed_version":"9.19~dfsg-3.1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"9.19~dfsg-3.1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"9.06~dfsg-2+deb8u3","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"9.19~dfsg-3.1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-7979":{"debianbug":839846,"scope":"remote","description":"Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser.","releases":{"buster":{"fixed_version":"9.19~dfsg-3.1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"9.19~dfsg-3.1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"9.06~dfsg-2+deb8u3","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"9.19~dfsg-3.1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2016-7976":{"debianbug":839260,"scope":"remote","description":"The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code via crafted userparams.","releases":{"buster":{"fixed_version":"9.19~dfsg-3.1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"high","status":"resolved"},"stretch":{"fixed_version":"9.19~dfsg-3.1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"high","status":"resolved"},"jessie":{"fixed_version":"9.06~dfsg-2+deb8u3","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"9.19~dfsg-3.1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"high","status":"resolved"}}}}
{"CVE-2018-11645":{"scope":"remote","description":"psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to determine the existence and size of arbitrary files, a similar issue to CVE-2016-7977.","releases":{"buster":{"fixed_version":"9.21~dfsg-1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"low","status":"resolved"},"stretch":{"fixed_version":"9.25~dfsg-0+deb9u1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"9.06~dfsg-2+deb8u8","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"9.21~dfsg-1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"low","status":"resolved"}}}}
{"CVE-2017-9610":{"debianbug":869879,"scope":"remote","description":"The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.","releases":{"buster":{"fixed_version":"9.22~dfsg-1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"unimportant","status":"resolved"},"stretch":{"fixed_version":"9.22~dfsg-1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"unimportant","status":"resolved"},"jessie":{"fixed_version":"0","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"unimportant","status":"resolved"},"sid":{"fixed_version":"9.22~dfsg-1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"unimportant","status":"resolved"}}}}
{"CVE-2018-16539":{"debianbug":907332,"scope":"remote","description":"In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable.","releases":{"buster":{"fixed_version":"9.22~dfsg-3","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"9.20~dfsg-3.2+deb9u4","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"9.06~dfsg-2+deb8u8","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"9.22~dfsg-3","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2016-7977":{"debianbug":839841,"scope":"remote","description":"Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document.","releases":{"buster":{"fixed_version":"9.19~dfsg-3.1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"high","status":"resolved"},"stretch":{"fixed_version":"9.19~dfsg-3.1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"high","status":"resolved"},"jessie":{"fixed_version":"9.06~dfsg-2+deb8u3","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"9.19~dfsg-3.1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"high","status":"resolved"}}}}
{"CVE-2017-9611":{"debianbug":869917,"scope":"remote","description":"The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.","releases":{"buster":{"fixed_version":"9.22~dfsg-1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"9.20~dfsg-3.2+deb9u1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"9.06~dfsg-2+deb8u6","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"9.22~dfsg-1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium**","status":"resolved"}}}}
{"CVE-2018-19409":{"scope":"remote","description":"An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used.","releases":{"buster":{"fixed_version":"9.26~dfsg-1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"high**","status":"resolved"},"stretch":{"fixed_version":"9.26~dfsg-0+deb9u1","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"high**","status":"resolved"},"jessie":{"fixed_version":"9.06~dfsg-2+deb8u12","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"high**","status":"resolved"},"sid":{"fixed_version":"9.26~dfsg-1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"high**","status":"resolved"}}}}
{"CVE-2018-10194":{"debianbug":896069,"scope":"remote","description":"The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.","releases":{"buster":{"fixed_version":"9.22~dfsg-2.1","repositories":{"buster":"9.27~dfsg-1"},"urgency":"medium**","status":"resolved"},"stretch":{"fixed_version":"9.20~dfsg-3.2+deb9u2","repositories":{"stretch-security":"9.26a~dfsg-0+deb9u3","stretch":"9.26a~dfsg-0+deb9u2"},"urgency":"medium**","status":"resolved"},"jessie":{"fixed_version":"9.06~dfsg-2+deb8u7","repositories":{"jessie":"9.06~dfsg-2+deb8u7","jessie-security":"9.26a~dfsg-0+deb8u3"},"urgency":"medium**","status":"resolved"},"sid":{"fixed_version":"9.22~dfsg-2.1","repositories":{"sid":"9.27~dfsg-2"},"urgency":"medium**","status":"resolved"}}}}