Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0152ff51 by security tracker role at 2018-09-13T20:10:23Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,83 @@
+CVE-2018-17023 (Cross-site request forgery (CSRF) vulnerability on ASUS
GT-AC5300 ...)
+ TODO: check
+CVE-2018-17022 (Stack-based buffer overflow on the ASUS GT-AC5300 router
through ...)
+ TODO: check
+CVE-2018-17021 (Cross-site scripting (XSS) vulnerability on ASUS GT-AC5300
devices with ...)
+ TODO: check
+CVE-2018-17020 (ASUS GT-AC5300 devices with firmware through 3.0.0.4.384_32738
allow ...)
+ TODO: check
+CVE-2018-17019 (In Bro through 2.5.5, there is a DoS in IRC protocol names
command ...)
+ TODO: check
+CVE-2018-17018 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and
TL-WR886N ...)
+ TODO: check
+CVE-2018-17017 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and
TL-WR886N ...)
+ TODO: check
+CVE-2018-17016 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and
TL-WR886N ...)
+ TODO: check
+CVE-2018-17015 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and
TL-WR886N ...)
+ TODO: check
+CVE-2018-17014 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and
TL-WR886N ...)
+ TODO: check
+CVE-2018-17013 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and
TL-WR886N ...)
+ TODO: check
+CVE-2018-17012 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and
TL-WR886N ...)
+ TODO: check
+CVE-2018-17011 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and
TL-WR886N ...)
+ TODO: check
+CVE-2018-17010 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and
TL-WR886N ...)
+ TODO: check
+CVE-2018-17009 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and
TL-WR886N ...)
+ TODO: check
+CVE-2018-17008 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and
TL-WR886N ...)
+ TODO: check
+CVE-2018-17007 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and
TL-WR886N ...)
+ TODO: check
+CVE-2018-17006 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and
TL-WR886N ...)
+ TODO: check
+CVE-2018-17005 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and
TL-WR886N ...)
+ TODO: check
+CVE-2018-17004 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and
TL-WR886N ...)
+ TODO: check
+CVE-2018-17003
+ RESERVED
+CVE-2018-17002
+ RESERVED
+CVE-2018-17001
+ RESERVED
+CVE-2018-17000 (A NULL pointer dereference in the function _TIFFmemcmp at
tif_unix.c ...)
+ TODO: check
+CVE-2018-16999 (Netwide Assembler (NASM) 2.14rc15 has an invalid memory write
...)
+ TODO: check
+CVE-2018-16998
+ RESERVED
+CVE-2018-16997
+ RESERVED
+CVE-2018-16996
+ RESERVED
+CVE-2018-16995
+ RESERVED
+CVE-2018-16994
+ RESERVED
+CVE-2018-16993
+ RESERVED
+CVE-2018-16992
+ RESERVED
+CVE-2018-16991
+ RESERVED
+CVE-2018-16990
+ RESERVED
+CVE-2018-16989
+ RESERVED
+CVE-2018-16988
+ RESERVED
+CVE-2018-16987 (Squash TM through 1.18.0 presents the cleartext passwords of
external ...)
+ TODO: check
+CVE-2018-16986
+ RESERVED
+CVE-2018-16985 (In Lizard (formerly LZ5) 2.0, use of an invalid memory address
was ...)
+ TODO: check
+CVE-2018-16984
+ RESERVED
CVE-2018-16983 (NoScript Classic before 5.1.8.7, as used in Tor Browser 7.x
and other ...)
- mozilla-noscript <unfixed> (unimportant)
NOTE: This is not a security issue in NoScript by itself
@@ -408,8 +488,8 @@ CVE-2018-16798
RESERVED
CVE-2018-16797 (A heap-based buffer overflow in PotPlayerMini.exe in PotPlayer
1.7.8556 ...)
NOT-FOR-US: PotPlayer
-CVE-2018-16796
- RESERVED
+CVE-2018-16796 (HiScout GRC Suite before 3.1.5 allows Unrestricted Upload of
Files ...)
+ TODO: check
CVE-2018-16795
RESERVED
CVE-2018-16794
@@ -417,6 +497,7 @@ CVE-2018-16794
CVE-2018-16793
RESERVED
CVE-2018-16802 (An issue was discovered in Artifex Ghostscript before 9.25.
Incorrect ...)
+ {DLA-1504-1}
- ghostscript <unfixed>
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3e5d316b72e3965b7968bb1d96baa137cd063ac6
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=643b24dbd002fb9c131313253c307cf3951b3d47
@@ -521,34 +602,29 @@ CVE-2018-16747
RESERVED
CVE-2018-16746
RESERVED
-CVE-2018-16745 [buffer overflow in faxrec]
- RESERVED
+CVE-2018-16745 (An issue was discovered in mgetty before 1.2.1. In
fax_notify_mail() ...)
- mgetty <unfixed>
[stretch] - mgetty <no-dsa> (Minor issue)
[jessie] - mgetty <no-dsa> (Minor issue)
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/
NOTE: Upstream commit: 750939dfcaea9aa93dcea99526c49da7cafafe7f (1.2.1)
-CVE-2018-16744 [command injection in faxrec.c]
- RESERVED
+CVE-2018-16744 (An issue was discovered in mgetty before 1.2.1. In
fax_notify_mail() ...)
- mgetty <unfixed>
[stretch] - mgetty <no-dsa> (Minor issue)
[jessie] - mgetty <no-dsa> (Minor issue)
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/
NOTE: Upstream commit: 750939dfcaea9aa93dcea99526c49da7cafafe7f (1.2.1)
-CVE-2018-16743 [stack-based buffer overflow with long username in
contrib/next-login/login.c]
- RESERVED
+CVE-2018-16743 (An issue was discovered in mgetty before 1.2.1. In ...)
- mgetty <unfixed> (unimportant)
NOTE: contrib/next-login/ not built in Debian packaging
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/
NOTE: Upstream commit: 5feff135626b8dde886213ce0c99cc4349028a7e (1.2.1)
-CVE-2018-16742 [stack-based buffer overflow with long arguments in
contrib/scrts.c]
- RESERVED
+CVE-2018-16742 (An issue was discovered in mgetty before 1.2.1. In
contrib/scrts.c, a ...)
- mgetty <unfixed> (unimportant)
NOTE: contrib/scrts not built in Debian packaging
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/
NOTE: Upstream removed contrib/scrts in
7d018d471f4c737f77ef281f5859a3b1c9ded42f (1.2.1)
-CVE-2018-16741 [shell injection via faxq-helper]
- RESERVED
+CVE-2018-16741 (An issue was discovered in mgetty before 1.2.1. In
fax/faxq-helper.c, ...)
{DSA-4291-1 DLA-1502-1}
- mgetty <unfixed>
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/
@@ -2518,25 +2594,26 @@ CVE-2018-15919 (Remotely observable behaviour in
auth-gss2.c in OpenSSH through
[jessie] - openssh <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2018/08/27/2
CVE-2018-15911 (In Artifex Ghostscript 9.23 before 2018-08-24, attackers able
to supply ...)
- {DSA-4288-1}
+ {DSA-4288-1 DLA-1504-1}
- ghostscript 9.22~dfsg-3 (bug #907332)
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=8e9ce5016db968b40e4ec255a3005f2786cce45f
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699665
NOTE: https://www.kb.cert.org/vuls/id/332928
CVE-2018-15910 (In Artifex Ghostscript before 9.24, attackers able to supply
crafted ...)
- {DSA-4288-1}
+ {DSA-4288-1 DLA-1504-1}
- ghostscript 9.22~dfsg-3 (bug #907332)
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c3476dde7743761a4e1d39a631716199b696b880
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699656
NOTE: https://www.kb.cert.org/vuls/id/332928
CVE-2018-15909 (In Artifex Ghostscript 9.23 before 2018-08-24, a type
confusion using ...)
+ {DLA-1504-1}
- ghostscript 9.22~dfsg-3 (bug #907332)
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0b6cd1918e1ec4ffd087400a754a845180a4522b
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e01e77a36cbb2e0277bc3a63852244bec41be0f6
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699660
NOTE: https://www.kb.cert.org/vuls/id/332928
CVE-2018-15908 (In Artifex Ghostscript 9.23 before 2018-08-23, attackers are
able to ...)
- {DSA-4288-1}
+ {DSA-4288-1 DLA-1504-1}
- ghostscript 9.22~dfsg-3 (bug #907332)
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0d3901189f245232f0161addf215d7268c4d05a3
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699657
@@ -2623,22 +2700,22 @@ CVE-2018-16543 (In Artifex Ghostscript before 9.24,
gssetresolution and gsgetres
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5b5536fa88a9e885032bc0df3852c3439399a5c0
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699670
CVE-2018-16542 (In Artifex Ghostscript before 9.24, attackers able to supply
crafted ...)
- {DSA-4288-1}
+ {DSA-4288-1 DLA-1504-1}
- ghostscript 9.22~dfsg-3 (bug #907332)
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b575e1ec42cc86f6a58c603f2a88fcc2af699cc8
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699668
CVE-2018-16541 (In Artifex Ghostscript before 9.24, attackers able to supply
crafted ...)
- {DSA-4288-1}
+ {DSA-4288-1 DLA-1504-1}
- ghostscript 9.22~dfsg-3 (bug #907332)
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=241d91112771a6104de10b3948c3f350d6690c1d
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699664
CVE-2018-16540 (In Artifex Ghostscript before 9.24, attackers able to supply
crafted ...)
- {DSA-4288-1}
+ {DSA-4288-1 DLA-1504-1}
- ghostscript 9.22~dfsg-3 (bug #907332)
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c432131c3fdb2143e148e8ba88555f7f7a63b25e
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699661
CVE-2018-16539 (In Artifex Ghostscript before 9.24, attackers able to supply
crafted ...)
- {DSA-4288-1}
+ {DSA-4288-1 DLA-1504-1}
- ghostscript 9.22~dfsg-3 (bug #907332)
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=a054156d425b4dbdaaa9fda4b5f1182b27598c2b
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699658
@@ -2647,12 +2724,12 @@ CVE-2018-16539 (In Artifex Ghostscript before 9.24,
attackers able to supply cra
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=150c8f69646b854a99f35f27edaae012eb2e900f
NOTE: Cf. https://bugs.debian.org/908300
CVE-2018-16513 (In Artifex Ghostscript before 9.24, attackers able to supply
crafted ...)
- {DSA-4288-1}
+ {DSA-4288-1 DLA-1504-1}
- ghostscript 9.22~dfsg-3 (bug #907332)
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b326a71659b7837d3acde954b18bda1a6f5e9498
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699655
CVE-2018-16511 (An issue was discovered in Artifex Ghostscript before 9.24. A
type ...)
- {DSA-4288-1}
+ {DSA-4288-1 DLA-1504-1}
- ghostscript 9.22~dfsg-3 (bug #907332)
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0edd3d6c634a577db261615a9dc2719bca7f6e01
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699659
@@ -2663,6 +2740,7 @@ CVE-2018-16510 (An issue was discovered in Artifex
Ghostscript before 9.24. Inco
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ea735ba37dc0fd5f5622d031830b9a559dec1cc9
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699671
CVE-2018-16509 (An issue was discovered in Artifex Ghostscript before 9.24.
Incorrect ...)
+ {DLA-1504-1}
- ghostscript <unfixed> (bug #907332; bug #907703)
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=78911a01b67d590b4a91afac2e8417360b934156
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5516c614dc33662a2afdc377159f70218e67bde5
@@ -2671,7 +2749,7 @@ CVE-2018-16509 (An issue was discovered in Artifex
Ghostscript before 9.24. Inco
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699654
NOTE: Partially fixed in 9.22~dfsg-3, see #907703
CVE-2018-16585 (An issue was discovered in Artifex Ghostscript before 9.24.
The ...)
- {DSA-4288-1}
+ {DSA-4288-1 DLA-1504-1}
- ghostscript <unfixed> (bug #908305)
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=1497d65039885a52b598b137dd8622bd4672f9be
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=971472c83a345a16dac9f90f91258bb22dd77f22
@@ -4015,8 +4093,8 @@ CVE-2018-15312
RESERVED
CVE-2018-15311
RESERVED
-CVE-2018-15310
- RESERVED
+CVE-2018-15310 (A vulnerability in BIG-IP APM portal access 11.5.1-11.5.7, ...)
+ TODO: check
CVE-2018-XXXX [libykneomgr memory corruption]
- libykneomgr <unfixed> (low; bug #906138)
[stretch] - libykneomgr <no-dsa> (Minor issue)
@@ -13273,6 +13351,7 @@ CVE-2018-11646 (webkitFaviconDatabaseSetIconForPageURL
and ...)
NOTE: Not covered by security support
NOTE: https://webkitgtk.org/security/WSA-2018-0005.html
CVE-2018-11645 (psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the
status ...)
+ {DLA-1504-1}
- ghostscript 9.21~dfsg-1 (low)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697193
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b60d50b7567369ad856cebe1efb6cd7dd2284219
(9.21rc1)
@@ -30732,16 +30811,16 @@ CVE-2015-9247 (An issue was discovered in Skybox
Platform before 7.5.401. Reflec
NOT-FOR-US: Skybox Platform
CVE-2015-9246 (An issue was discovered in Skybox Platform before 7.5.201.
Remote ...)
NOT-FOR-US: Skybox Platform
-CVE-2018-5549
- RESERVED
-CVE-2018-5548
- RESERVED
+CVE-2018-5549 (On BIG-IP APM 11.6.0-11.6.3.1, 12.1.0-12.1.3.3, 13.0.0, and ...)
+ TODO: check
+CVE-2018-5548 (On BIG-IP APM 11.6.0-11.6.3, an insecure AES ECB mode is used
for ...)
+ TODO: check
CVE-2018-5547 (Windows Logon Integration feature of F5 BIG-IP APM client prior
to ...)
NOT-FOR-US: F5 BIG-IP
CVE-2018-5546 (The svpn and policyserver components of the F5 BIG-IP APM
client prior ...)
NOT-FOR-US: F5 BIG-IP
-CVE-2018-5545
- RESERVED
+CVE-2018-5545 (On F5 WebSafe Alert Server 1.0.0-4.2.6, a malicious,
authenticated ...)
+ TODO: check
CVE-2018-5544 (When the F5 BIG-IP APM 13.0.0-13.1.1 or 12.1.0-12.1.3 renders
certain ...)
NOT-FOR-US: F5 BIG-IP
CVE-2018-5543 (The F5 BIG-IP Controller for Kubernetes 1.0.0-1.5.0
(k8s-bigip-crtl) ...)
@@ -40959,8 +41038,8 @@ CVE-2018-1700
RESERVED
CVE-2018-1699 (IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to
SQL ...)
NOT-FOR-US: IBM
-CVE-2018-1698
- RESERVED
+CVE-2018-1698 (IBM Maximo Asset Management 7.6 through 7.6.3 could allow an
...)
+ TODO: check
CVE-2018-1697
RESERVED
CVE-2018-1696
@@ -42369,8 +42448,8 @@ CVE-2018-1332 (Apache Storm version 1.0.6 and earlier,
1.2.1 and earlier, and ve
NOT-FOR-US: Apache Storm
CVE-2018-1331 (In Apache Storm 0.10.0 through 0.10.2, 1.0.0 through 1.0.6,
1.1.0 ...)
NOT-FOR-US: Apache Storm
-CVE-2018-1330
- RESERVED
+CVE-2018-1330 (When parsing a malformed JSON payload, libprocess in Apache
Mesos ...)
+ TODO: check
CVE-2018-1329
REJECTED
CVE-2018-1328
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0152ff51e58ee2deb4dcd6f2955c81fa1ddeba97
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0152ff51e58ee2deb4dcd6f2955c81fa1ddeba97
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
