[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Mon, 20 Aug 2018 13:10:36 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
6071ca1b by security tracker role at 2018-08-20T20:10:18Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,73 @@
+CVE-2018-15595
+       RESERVED
+CVE-2018-15593
+       RESERVED
+CVE-2018-15592
+       RESERVED
+CVE-2018-15591
+       RESERVED
+CVE-2018-15590
+       RESERVED
+CVE-2018-15589
+       RESERVED
+CVE-2018-15588
+       RESERVED
+CVE-2018-15587
+       RESERVED
+CVE-2018-15586
+       RESERVED
+CVE-2018-1000657 (Rust Programming Language Rust standard library version 
Commit ...)
+       TODO: check
+CVE-2018-1000656 (The Pallets Project flask version Before 0.12.3 contains a 
CWE-20: ...)
+       TODO: check
+CVE-2018-1000655 (Jsish version 2.4.65 contains a CWE-476: NULL Pointer 
Dereference ...)
+       TODO: check
+CVE-2018-1000654 (GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, 
libtasn1-4.12 ...)
+       TODO: check
+CVE-2018-1000653 (zzcms version 8.3 and earlier contains a SQL Injection 
vulnerability ...)
+       TODO: check
+CVE-2018-1000652 (JabRef version &lt;=4.3.1 contains a XML External Entity 
(XXE) ...)
+       TODO: check
+CVE-2018-1000651 (Stroom version &lt;5.4.5 contains a XML External Entity 
(XXE) ...)
+       TODO: check
+CVE-2018-1000650 (LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL 
Injection ...)
+       TODO: check
+CVE-2018-1000649 (LibreHealthIO lh-ehr version REL-2.0.0 contains a 
Authenticated ...)
+       TODO: check
+CVE-2018-1000648 (LibreHealthIO lh-ehr version REL-2.0.0 contains a 
Authenticated ...)
+       TODO: check
+CVE-2018-1000647 (LibreHealthIO lh-ehr version REL-2.0.0 contains a 
Authenticated ...)
+       TODO: check
+CVE-2018-1000646 (LibreHealthIO LH-EHR version REL-2.0.0 contains an 
Authenticated ...)
+       TODO: check
+CVE-2018-1000645 (LibreHealthIO lh-ehr version &lt;REL-2.0.0 contains an 
Authenticated ...)
+       TODO: check
+CVE-2018-1000644 (Eclipse RDF4j version &lt; 2.4.0 Milestone 2 contains a XML 
External ...)
+       TODO: check
+CVE-2018-1000643 (OWASP OWASP ANTISAMY version 1.5.7 and earlier contains a 
Cross Site ...)
+       TODO: check
+CVE-2018-1000642 (FlightAirMap version &lt;=v1.0-beta.21 contains a Cross Site 
Scripting ...)
+       TODO: check
+CVE-2018-1000641 (YesWiki version &lt;= cercopitheque beta 1 contains a PHP 
Object ...)
+       TODO: check
+CVE-2018-1000640 (OpenCart-Overclocked version &lt;=1.11.1 contains a Cross 
Site Scripting ...)
+       TODO: check
+CVE-2018-1000639 (LatexDraw version &lt;=4.0 contains a XML External Entity 
(XXE) ...)
+       TODO: check
+CVE-2018-1000638 (MiniCMS version 1.1 contains a Cross Site Scripting (XSS) 
...)
+       TODO: check
+CVE-2018-1000636 (JerryScript version Tested on commit ...)
+       TODO: check
+CVE-2018-1000635 (The Open Microscopy Environment OMERO.server version 5.4.0 
to 5.4.6 ...)
+       TODO: check
+CVE-2018-1000634 (The Open Microscopy Environment OMERO.server version 5.4.0 
to 5.4.6 ...)
+       TODO: check
+CVE-2018-1000633 (The Open Microscopy Environment OMERO.web version prior to 
5.4.7 ...)
+       TODO: check
+CVE-2018-1000632 (dom4j version prior to version 2.1.1 contains a CWE-91: XML 
Injection ...)
+       TODO: check
+CVE-2003-1605
+       RESERVED
 CVE-2018-15585
        RESERVED
 CVE-2018-15584
@@ -24,7 +94,7 @@ CVE-2018-15574 (** DISPUTED ** An issue was discovered in the 
license editor in 
        NOT-FOR-US: Reprise License Manager
 CVE-2018-15573 (** DISPUTED ** An issue was discovered in Reprise License 
Manager (RLM) ...)
        NOT-FOR-US: Reprise License Manager
-CVE-2018-15594 [x86/paravirt: Fix spectre-v2 mitigations for paravirt guests]
+CVE-2018-15594 (arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 
mishandles ...)
        - linux 4.17.15-1
        NOTE: https://twitter.com/grsecurity/status/1029324426142199808
        NOTE: 
https://git.kernel.org/linus/5800dc5c19f34e6e03b5adab1282535cb102fafd
@@ -1322,7 +1392,7 @@ CVE-2018-14940 (PHPCMS 9 allows remote attackers to cause 
a denial of service (r
        NOT-FOR-US: PHPCMS
 CVE-2018-14939 (The get_app_path function in desktop/unx/source/start.c in 
LibreOffice ...)
        - libreoffice <not-affected> (Doesn't affect LibreOffice running on 
glibc)
-CVE-2018-1000637 [Heap-based buffer overflow in zutils zcat]
+CVE-2018-1000637 (zutils version prior to version 1.8-pre2 contains a Buffer 
Overflow ...)
        - zutils 1.7-3 (bug #902936; bug #904819)
        [stretch] - zutils <no-dsa> (Minor issue)
        [jessie] - zutils <no-dsa> (Minor issue)
@@ -2972,6 +3042,7 @@ CVE-2018-14349 (An issue was discovered in Mutt before 
1.10.1 and NeoMutt before
        NOTE: 
https://github.com/neomutt/neomutt/commit/36a29280448097f34ce9c94606195f2ac643fed1
        NOTE: 
https://gitlab.com/muttmua/mutt/commit/9347b5c01dc52682cb6be11539d9b7ebceae4416
 CVE-2018-14348 (libcgroup up to and including 0.41 creates /var/log/cgred with 
mode ...)
+       {DLA-1472-1}
        - libcgroup 0.41-8.1 (bug #906308)
        NOTE: 
https://sourceforge.net/p/libcg/libcg/ci/0d88b73d189ea3440ccaab00418d6469f76fa590/
 CVE-2018-14347 (GNU Libextractor before 1.7 contains an infinite loop 
vulnerability in ...)
@@ -27827,8 +27898,8 @@ CVE-2018-5246 (In ImageMagick 7.0.7-17 Q16, there are 
memory leaks in ReadPATTER
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/e59dc85e6ce58fd7618c3680b2a8def62050582f
 CVE-2018-5245
        RESERVED
-CVE-2018-5243
-       RESERVED
+CVE-2018-5243 (The Symantec Encryption Management Server (SEMS) product, prior 
to ...)
+       TODO: check
 CVE-2018-5242 (Norton App Lock prior to version 1.3.0.329 can be susceptible 
to a ...)
        NOT-FOR-US: Norton App Lock
 CVE-2018-5241 (Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 
6.5, ...)
@@ -31932,7 +32003,7 @@ CVE-2018-3648
 CVE-2018-3647
        RESERVED
 CVE-2018-3646 (Systems with microprocessors utilizing speculative execution 
and ...)
-       {DSA-4274-1}
+       {DSA-4279-1 DSA-4274-1}
        - linux 4.17.15-1
        - xen <unfixed>
        - intel-microcode 3.20180703.1
@@ -32010,7 +32081,7 @@ CVE-2018-3622
 CVE-2018-3621
        RESERVED
 CVE-2018-3620 (Systems with microprocessors utilizing speculative execution 
and ...)
-       {DSA-4274-1}
+       {DSA-4279-1 DSA-4274-1}
        - linux 4.17.15-1
        - xen <unfixed>
        - intel-microcode 3.20180703.1
@@ -218899,8 +218970,7 @@ CVE-2011-2766 (The FCGI (aka Fast CGI) module 0.70 
through 0.73 for Perl, as use
        {DSA-2327-1}
        - libfcgi-perl 0.73-2 (bug #607479)
        [lenny] - libfcgi-perl <not-affected> (Introduced in 0.70)
-CVE-2011-2765 [pyro: insecure use of temporary pid file]
-       RESERVED
+CVE-2011-2765 (pyro before 3.15 unsafely handles pid files in temporary 
directory ...)
        - pyro 1:3.14-1 (low; bug #631912)
        [lenny] - pyro <no-dsa> (Minor issue)
        [squeeze] - pyro <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6071ca1bae515999b8f65fbe5b44aee99458e938

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6071ca1bae515999b8f65fbe5b44aee99458e938
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to