Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 6071ca1b by security tracker role at 2018-08-20T20:10:18Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,73 @@ +CVE-2018-15595 + RESERVED +CVE-2018-15593 + RESERVED +CVE-2018-15592 + RESERVED +CVE-2018-15591 + RESERVED +CVE-2018-15590 + RESERVED +CVE-2018-15589 + RESERVED +CVE-2018-15588 + RESERVED +CVE-2018-15587 + RESERVED +CVE-2018-15586 + RESERVED +CVE-2018-1000657 (Rust Programming Language Rust standard library version Commit ...) + TODO: check +CVE-2018-1000656 (The Pallets Project flask version Before 0.12.3 contains a CWE-20: ...) + TODO: check +CVE-2018-1000655 (Jsish version 2.4.65 contains a CWE-476: NULL Pointer Dereference ...) + TODO: check +CVE-2018-1000654 (GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 ...) + TODO: check +CVE-2018-1000653 (zzcms version 8.3 and earlier contains a SQL Injection vulnerability ...) + TODO: check +CVE-2018-1000652 (JabRef version <=4.3.1 contains a XML External Entity (XXE) ...) + TODO: check +CVE-2018-1000651 (Stroom version <5.4.5 contains a XML External Entity (XXE) ...) + TODO: check +CVE-2018-1000650 (LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection ...) + TODO: check +CVE-2018-1000649 (LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated ...) + TODO: check +CVE-2018-1000648 (LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated ...) + TODO: check +CVE-2018-1000647 (LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated ...) + TODO: check +CVE-2018-1000646 (LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated ...) + TODO: check +CVE-2018-1000645 (LibreHealthIO lh-ehr version <REL-2.0.0 contains an Authenticated ...) + TODO: check +CVE-2018-1000644 (Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External ...) + TODO: check +CVE-2018-1000643 (OWASP OWASP ANTISAMY version 1.5.7 and earlier contains a Cross Site ...) + TODO: check +CVE-2018-1000642 (FlightAirMap version <=v1.0-beta.21 contains a Cross Site Scripting ...) + TODO: check +CVE-2018-1000641 (YesWiki version <= cercopitheque beta 1 contains a PHP Object ...) + TODO: check +CVE-2018-1000640 (OpenCart-Overclocked version <=1.11.1 contains a Cross Site Scripting ...) + TODO: check +CVE-2018-1000639 (LatexDraw version <=4.0 contains a XML External Entity (XXE) ...) + TODO: check +CVE-2018-1000638 (MiniCMS version 1.1 contains a Cross Site Scripting (XSS) ...) + TODO: check +CVE-2018-1000636 (JerryScript version Tested on commit ...) + TODO: check +CVE-2018-1000635 (The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 ...) + TODO: check +CVE-2018-1000634 (The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 ...) + TODO: check +CVE-2018-1000633 (The Open Microscopy Environment OMERO.web version prior to 5.4.7 ...) + TODO: check +CVE-2018-1000632 (dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection ...) + TODO: check +CVE-2003-1605 + RESERVED CVE-2018-15585 RESERVED CVE-2018-15584 @@ -24,7 +94,7 @@ CVE-2018-15574 (** DISPUTED ** An issue was discovered in the license editor in NOT-FOR-US: Reprise License Manager CVE-2018-15573 (** DISPUTED ** An issue was discovered in Reprise License Manager (RLM) ...) NOT-FOR-US: Reprise License Manager -CVE-2018-15594 [x86/paravirt: Fix spectre-v2 mitigations for paravirt guests] +CVE-2018-15594 (arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles ...) - linux 4.17.15-1 NOTE: https://twitter.com/grsecurity/status/1029324426142199808 NOTE: https://git.kernel.org/linus/5800dc5c19f34e6e03b5adab1282535cb102fafd @@ -1322,7 +1392,7 @@ CVE-2018-14940 (PHPCMS 9 allows remote attackers to cause a denial of service (r NOT-FOR-US: PHPCMS CVE-2018-14939 (The get_app_path function in desktop/unx/source/start.c in LibreOffice ...) - libreoffice <not-affected> (Doesn't affect LibreOffice running on glibc) -CVE-2018-1000637 [Heap-based buffer overflow in zutils zcat] +CVE-2018-1000637 (zutils version prior to version 1.8-pre2 contains a Buffer Overflow ...) - zutils 1.7-3 (bug #902936; bug #904819) [stretch] - zutils <no-dsa> (Minor issue) [jessie] - zutils <no-dsa> (Minor issue) @@ -2972,6 +3042,7 @@ CVE-2018-14349 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before NOTE: https://github.com/neomutt/neomutt/commit/36a29280448097f34ce9c94606195f2ac643fed1 NOTE: https://gitlab.com/muttmua/mutt/commit/9347b5c01dc52682cb6be11539d9b7ebceae4416 CVE-2018-14348 (libcgroup up to and including 0.41 creates /var/log/cgred with mode ...) + {DLA-1472-1} - libcgroup 0.41-8.1 (bug #906308) NOTE: https://sourceforge.net/p/libcg/libcg/ci/0d88b73d189ea3440ccaab00418d6469f76fa590/ CVE-2018-14347 (GNU Libextractor before 1.7 contains an infinite loop vulnerability in ...) @@ -27827,8 +27898,8 @@ CVE-2018-5246 (In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTER NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/e59dc85e6ce58fd7618c3680b2a8def62050582f CVE-2018-5245 RESERVED -CVE-2018-5243 - RESERVED +CVE-2018-5243 (The Symantec Encryption Management Server (SEMS) product, prior to ...) + TODO: check CVE-2018-5242 (Norton App Lock prior to version 1.3.0.329 can be susceptible to a ...) NOT-FOR-US: Norton App Lock CVE-2018-5241 (Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, ...) @@ -31932,7 +32003,7 @@ CVE-2018-3648 CVE-2018-3647 RESERVED CVE-2018-3646 (Systems with microprocessors utilizing speculative execution and ...) - {DSA-4274-1} + {DSA-4279-1 DSA-4274-1} - linux 4.17.15-1 - xen <unfixed> - intel-microcode 3.20180703.1 @@ -32010,7 +32081,7 @@ CVE-2018-3622 CVE-2018-3621 RESERVED CVE-2018-3620 (Systems with microprocessors utilizing speculative execution and ...) - {DSA-4274-1} + {DSA-4279-1 DSA-4274-1} - linux 4.17.15-1 - xen <unfixed> - intel-microcode 3.20180703.1 @@ -218899,8 +218970,7 @@ CVE-2011-2766 (The FCGI (aka Fast CGI) module 0.70 through 0.73 for Perl, as use {DSA-2327-1} - libfcgi-perl 0.73-2 (bug #607479) [lenny] - libfcgi-perl <not-affected> (Introduced in 0.70) -CVE-2011-2765 [pyro: insecure use of temporary pid file] - RESERVED +CVE-2011-2765 (pyro before 3.15 unsafely handles pid files in temporary directory ...) - pyro 1:3.14-1 (low; bug #631912) [lenny] - pyro <no-dsa> (Minor issue) [squeeze] - pyro <no-dsa> (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6071ca1bae515999b8f65fbe5b44aee99458e938 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6071ca1bae515999b8f65fbe5b44aee99458e938 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits