[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Mon, 22 Oct 2018 13:11:22 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
a8ca9604 by security tracker role at 2018-10-22T20:10:25Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2018-18575
+       RESERVED
+CVE-2018-18574
+       RESERVED
+CVE-2018-18573
+       RESERVED
+CVE-2018-18572
+       RESERVED
+CVE-2018-18571
+       RESERVED
+CVE-2018-18570
+       RESERVED
+CVE-2018-18569
+       RESERVED
+CVE-2018-18568
+       RESERVED
+CVE-2018-18567
+       RESERVED
+CVE-2018-18566
+       RESERVED
+CVE-2018-18565
+       RESERVED
+CVE-2018-18564
+       RESERVED
+CVE-2018-18563
+       RESERVED
+CVE-2018-18562
+       RESERVED
+CVE-2018-18561
+       RESERVED
+CVE-2018-18560
+       RESERVED
+CVE-2018-18559 (In the Linux kernel through 4.19, a use-after-free can occur 
due to a ...)
+       TODO: check
+CVE-2018-18558
+       RESERVED
+CVE-2018-18557 (LibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized 
JBIG into a ...)
+       TODO: check
 CVE-2018-XXXX [out of bounds memory read in MED files]
        - libopenmpt 0.3.13-1 (bug #911584)
        NOTE: 
https://lib.openmpt.org/libopenmpt/2018/10/21/security-updates-0.3.13-0.2.10933-beta36-0.2.7561-beta20.5-p11-0.2.7386-beta20.3-p14/
@@ -639,6 +677,7 @@ CVE-2018-18286
 CVE-2018-18285
        RESERVED
 CVE-2018-18284 (Artifex Ghostscript 9.25 and earlier allows attackers to 
bypass a ...)
+       {DLA-1552-1}
        - ghostscript 9.25~dfsg-3 (bug #911175)
        NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699963
        NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1696
@@ -1255,7 +1294,7 @@ CVE-2018-18076
        RESERVED
 CVE-2018-18075 (WikidForum 2.20 has SQL Injection via the rpc.php 
parent_post_id or ...)
        NOT-FOR-US: WikidForum
-CVE-2018-18074 (The Requests package through 2.19.1 before 2018-09-14 for 
Python sends ...)
+CVE-2018-18074 (The Requests package before 2.20.0 for Python sends an HTTP 
...)
        - requests <unfixed> (low; bug #910766)
        [stretch] - requests <no-dsa> (Minor issue)
        [jessie] - requests <postponed> (Minor issue)
@@ -1263,6 +1302,7 @@ CVE-2018-18074 (The Requests package through 2.19.1 
before 2018-09-14 for Python
        NOTE: https://github.com/requests/requests/pull/4718
        NOTE: 
https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff
 CVE-2018-18073 (Artifex Ghostscript allows attackers to bypass a sandbox 
protection ...)
+       {DLA-1552-1}
        - ghostscript 9.25~dfsg-3 (bug #910758)
        NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1690
        NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699927
@@ -1575,6 +1615,7 @@ CVE-2018-17962 (Qemu has a Buffer Overflow in 
pcnet_receive in hw/net/pcnet.c be
        - qemu-kvm <removed>
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03268.html
 CVE-2018-17961 (Artifex Ghostscript 9.25 and earlier allows attackers to 
bypass a ...)
+       {DLA-1552-1}
        - ghostscript 9.25~dfsg-3 (bug #910678)
        NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1682
        NOTE: https://www.openwall.com/lists/oss-security/2018/10/09/4
@@ -7012,10 +7053,10 @@ CVE-2018-15706
        RESERVED
 CVE-2018-15705
        RESERVED
-CVE-2018-15704
-       RESERVED
-CVE-2018-15703
-       RESERVED
+CVE-2018-15704 (Advantech WebAccess 8.3.2 and below is vulnerable to a stack 
buffer ...)
+       TODO: check
+CVE-2018-15703 (Advantech WebAccess 8.3.2 and below is vulnerable to multiple 
...)
+       TODO: check
 CVE-2018-15702 (The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is 
...)
        NOT-FOR-US: TP-Link
 CVE-2018-15701 (The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is 
...)
@@ -15749,8 +15790,8 @@ CVE-2018-12247 (An issue was discovered in mruby 1.4.1. 
There is a NULL pointer
        NOTE: Introduced by: 
https://github.com/mruby/mruby/commit/f408143c289b8017883294f13d36d43b50c8bc5d
        NOTE: Fixed by: 
https://github.com/mruby/mruby/commit/55edae0226409de25e59922807cb09acb45731a2
        NOTE: https://github.com/mruby/mruby/issues/4036
-CVE-2018-12246
-       RESERVED
+CVE-2018-12246 (Symantec Web Isolation (WI) 1.11 prior to 1.11.21 is 
susceptible to a ...)
+       TODO: check
 CVE-2018-12245
        RESERVED
 CVE-2018-12244
@@ -44879,8 +44920,8 @@ CVE-2018-1852
        RESERVED
 CVE-2018-1851
        RESERVED
-CVE-2018-1850
-       RESERVED
+CVE-2018-1850 (IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 and 
9.0.5.0 ...)
+       TODO: check
 CVE-2018-1849
        RESERVED
 CVE-2018-1848



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a8ca9604c5691ae3c488c10999ec76451d2e8cb5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a8ca9604c5691ae3c488c10999ec76451d2e8cb5
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to