Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5e1d5558 by security tracker role at 2018-05-23T08:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,25 @@
+CVE-2018-11395
+ RESERVED
+CVE-2018-11394
+ RESERVED
+CVE-2018-11393
+ RESERVED
+CVE-2018-11392
+ RESERVED
+CVE-2018-11391
+ RESERVED
+CVE-2018-11390
+ RESERVED
+CVE-2018-11389
+ RESERVED
+CVE-2018-11388
+ RESERVED
+CVE-2018-11387
+ RESERVED
+CVE-2018-11386
+ RESERVED
+CVE-2018-11385
+ RESERVED
CVE-2018-11384 (The sh_op() function in radare2 2.5.0 allows remote attackers
to cause ...)
- radare2 <unfixed> (low)
[stretch] - radare2 <no-dsa> (Minor issue)
@@ -79,59 +101,50 @@ CVE-2018-11364 (sav_parse_machine_integer_info_record in
spss/readstat_sav_read.
- r-cran-haven <unfixed> (low; bug #899335)
CVE-2018-11363 (jpeg_size in pdfgen.c in PDFGen before 2018-04-09 has a
heap-based ...)
NOT-FOR-US: PDFGen
-CVE-2018-11362
- RESERVED
+CVE-2018-11362 (In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the
LDSS ...)
- wireshark <unfixed>
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14615
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f177008b04a530640de835ca878892e58b826d58
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-25.html
TODO: check, only 2.6.0 affected?
-CVE-2018-11361
- RESERVED
+CVE-2018-11361 (In Wireshark 2.6.0, the IEEE 802.11 protocol dissector could
crash. ...)
- wireshark <unfixed>
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14686
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1b52f9929238ce3948ec924ae4f9456b5e9df558
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-32.html
TODO: check, only 2.6.0 affected?
-CVE-2018-11360
- RESERVED
+CVE-2018-11360 (In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the
GSM A DTAP ...)
- wireshark <unfixed>
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14688
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a55b36c51f83a7b9680824e8ee3a6ce8429ab24b
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-30.html
-CVE-2018-11359
- RESERVED
+CVE-2018-11359 (In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the
RRC ...)
- wireshark <unfixed>
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14703
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=beaebe91b14564fb9f86f0726bab09927872721b
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-33.html
-CVE-2018-11358
- RESERVED
+CVE-2018-11358 (In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the
Q.931 ...)
- wireshark <unfixed>
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14689
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=ccb1ac3c8cec47fbbbf2e80ced80644005c65252
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-31.html
-CVE-2018-11357
- RESERVED
+CVE-2018-11357 (In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the
LTP ...)
- wireshark <unfixed>
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14678
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=ab8a33ef083b9732c89117747a83a905a676faf6
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-28.html
-CVE-2018-11356
- RESERVED
+CVE-2018-11356 (In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the
DNS ...)
- wireshark <unfixed>
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14681
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4425716ddba99374749bd033d9bc0f4add2fb973
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-29.html
-CVE-2018-11355
- RESERVED
+CVE-2018-11355 (In Wireshark 2.6.0, the RTCP dissector could crash. This was
addressed ...)
- wireshark <unfixed>
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14673
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=99d27a5fd2c540f837154aca3b3647f5ccfa0c33
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-27.html
TODO: check, only 2.6.0 affected?
-CVE-2018-11354
- RESERVED
+CVE-2018-11354 (In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash.
This was ...)
- wireshark <unfixed>
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14647
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cb517a4a434387e74a2f75ebb106ee3c3893251c
@@ -3195,18 +3208,15 @@ CVE-2018-1000169 (An exposure of sensitive information
vulnerability exists in J
- jenkins <removed>
CVE-2018-10096 (joyplus-cms 1.6.0 has XSS via the device_name parameter in a
...)
NOT-FOR-US: joyplus-cms
-CVE-2018-10095 [XSS Injection vulnerability]
- RESERVED
+CVE-2018-10095 (Cross-site scripting (XSS) vulnerability in Dolibarr before
7.0.2 ...)
- dolibarr <removed>
[jessie] - dolibarr <ignored> (Scheduled for removal)
-CVE-2018-10094 [SQL Injection vulnerability]
- RESERVED
+CVE-2018-10094 (SQL injection vulnerability in Dolibarr before 7.0.2 allows
remote ...)
- dolibarr <removed>
[jessie] - dolibarr <ignored> (Scheduled for removal)
CVE-2018-10093
RESERVED
-CVE-2018-10092 [admin panel authenticated Remote Code Execution]
- RESERVED
+CVE-2018-10092 (The admin panel in Dolibarr before 7.0.2 might allow remote
attackers ...)
- dolibarr <removed>
[jessie] - dolibarr <ignored> (Scheduled for removal)
CVE-2018-10091
@@ -5722,8 +5732,8 @@ CVE-2017-18248 (The add_job function in scheduler/ipp.c
in CUPS before 2.2.6, wh
NOTE: https://github.com/apple/cups/issues/5143
CVE-2018-9020 (The Events Manager plugin before 5.8.1.2 for WordPress allows
XSS via ...)
NOT-FOR-US: Wordpress plugin
-CVE-2018-9019
- RESERVED
+CVE-2018-9019 (SQL Injection vulnerability in Dolibarr before version 7.0.2
allows ...)
+ TODO: check
CVE-2018-9018 (In GraphicsMagick 1.3.28, there is a divide-by-zero in the
ReadMNGImage ...)
{DLA-1322-1}
- graphicsmagick 1.3.28-2 (bug #894396)
@@ -38385,43 +38395,43 @@ CVE-2017-14796 (The hevc_write_frame function in
libbpg.c in libbpg 0.9.7 allows
CVE-2017-14795 (The hevc_write_frame function in libbpg.c in libbpg 0.9.7
allows remote ...)
NOT-FOR-US: libbpg
CVE-2017-14794
- RESERVED
+ REJECTED
CVE-2017-14793
- RESERVED
+ REJECTED
CVE-2017-14792
- RESERVED
+ REJECTED
CVE-2017-14791
- RESERVED
+ REJECTED
CVE-2017-14790
- RESERVED
+ REJECTED
CVE-2017-14789
- RESERVED
+ REJECTED
CVE-2017-14788
- RESERVED
+ REJECTED
CVE-2017-14787
- RESERVED
+ REJECTED
CVE-2017-14786
- RESERVED
+ REJECTED
CVE-2017-14785
- RESERVED
+ REJECTED
CVE-2017-14784
- RESERVED
+ REJECTED
CVE-2017-14783
- RESERVED
+ REJECTED
CVE-2017-14782
- RESERVED
+ REJECTED
CVE-2017-14781
- RESERVED
+ REJECTED
CVE-2017-14780
- RESERVED
+ REJECTED
CVE-2017-14779
- RESERVED
+ REJECTED
CVE-2017-14778
- RESERVED
+ REJECTED
CVE-2017-14777
- RESERVED
+ REJECTED
CVE-2017-14776
- RESERVED
+ REJECTED
CVE-2017-14775 (Laravel before 5.5.10 mishandles the remember_me token
verification ...)
NOT-FOR-US: Laravel
CVE-2017-14774
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5e1d5558643554e8fec48e54cdc1ba170be59a73
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5e1d5558643554e8fec48e54cdc1ba170be59a73
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
