[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Mon, 05 Nov 2018 00:11:05 -0800

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
a8ea0d18 by security tracker role at 2018-11-05T08:10:20Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,34 @@
-CVE-2018-18928 [integer-overflow in 
icu_63::number::impl::DecimalQuantity::toScientificString()]
+CVE-2018-18943
+       RESERVED
+CVE-2018-18942
+       RESERVED
+CVE-2018-18941
+       RESERVED
+CVE-2018-18940
+       RESERVED
+CVE-2018-18939
+       RESERVED
+CVE-2018-18938
+       RESERVED
+CVE-2018-18937
+       RESERVED
+CVE-2018-18936
+       RESERVED
+CVE-2018-18935
+       RESERVED
+CVE-2018-18934
+       RESERVED
+CVE-2018-18933
+       RESERVED
+CVE-2018-18932
+       RESERVED
+CVE-2018-18931
+       RESERVED
+CVE-2018-18930
+       RESERVED
+CVE-2018-18929
+       RESERVED
+CVE-2018-18928 (International Components for Unicode (ICU) for C/C++ 63.1 has 
an ...)
        - icu <unfixed>
        NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=900059
        NOTE: Fixed by: 
https://github.com/unicode-org/icu/commit/53d8c8f3d181d87a6aa925b449b51c4a2c922a51
@@ -231,6 +261,7 @@ CVE-2018-18821
        RESERVED
 CVE-2018-18820 [buffer overflow in url-auth]
        RESERVED
+       {DSA-4333-1}
        - icecast2 2.4.4-1 (bug #912611)
        NOTE: https://www.openwall.com/lists/oss-security/2018/11/01/3
        NOTE: https://gitlab.xiph.org/xiph/icecast-server/issues/2342
@@ -32306,6 +32337,7 @@ CVE-2018-6587 (CA API Developer Portal 3.5 up to and 
including 3.5 CR6 has a ...
 CVE-2018-6586 (CA API Developer Portal 3.5 up to and including 3.5 CR6 has a 
stored ...)
        NOT-FOR-US: CA API Developer Portal
 CVE-2018-1000040 (In MuPDF 1.12.0 and earlier, multiple use of uninitialized 
value bugs ...)
+       {DSA-4334-1}
        - mupdf 1.13.0+ds1-1
        [jessie] - mupdf <not-affected> (vulnerable code not present)
        [wheezy] - mupdf <not-affected> (vulnerable code not present)
@@ -32334,6 +32366,7 @@ CVE-2018-1000038 (In MuPDF 1.12.0 and earlier, a stack 
buffer overflow in functi
        NOTE: 
http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=71ceebcf56e682504da22c4035b39a2d451e8ffd;hp=7f82c01523505052615492f8e220f4348ba46995
        NOTE: 
http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=f597300439e62f5e921f0d7b1e880b5c1a1f1607;hp=093fc3b098dc5fadef5d8ad4b225db9fb124758b
 CVE-2018-1000037 (In MuPDF 1.12.0 and earlier, multiple reachable assertions 
in the PDF ...)
+       {DSA-4334-1}
        - mupdf 1.13.0+ds1-1
        [jessie] - mupdf <not-affected> (vulnerable code not present)
        [wheezy] - mupdf <not-affected> (vulnerable code not present)
@@ -33562,6 +33595,7 @@ CVE-2018-6194 (A cross-site scripting (XSS) 
vulnerability in ...)
 CVE-2018-6193 (A Cross-Site Scripting (XSS) vulnerability was found in 
Routers2 2.24, ...)
        NOT-FOR-US: Routers2
 CVE-2018-6192 (In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in ...)
+       {DSA-4334-1}
        - mupdf 1.13.0+ds1-1 (bug #888487)
        [jessie] - mupdf <no-dsa> (Minor issue)
        [wheezy] - mupdf <no-dsa> (Minor issue)
@@ -33607,6 +33641,7 @@ CVE-2018-6188 
(django.contrib.auth.forms.AuthenticationForm in Django 2.0 before
        [wheezy] - python-django <not-affected> (Issue introduced in 1.11.8 and 
2.0)
        NOTE: 
https://www.djangoproject.com/weblog/2018/feb/01/security-releases/
 CVE-2018-6187 (In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow 
...)
+       {DSA-4334-1}
        - mupdf 1.13.0+ds1-1 (bug #888464)
        [jessie] - mupdf <no-dsa> (Minor issue)
        [wheezy] - mupdf <ignored> (Most likely not affected, minor issue)
@@ -35562,6 +35597,7 @@ CVE-2018-5688 (ILIAS before 5.2.4 has XSS via the cmd 
parameter to the displayHe
 CVE-2018-5687 (NewsBee allows XSS via the Company Name field in the Settings 
under ...)
        NOT-FOR-US: NewsBee CMS
 CVE-2018-5686 (In MuPDF 1.12.0, there is an infinite loop vulnerability and 
...)
+       {DSA-4334-1}
        - mupdf 1.13.0+ds1-1 (bug #887130)
        [jessie] - mupdf <no-dsa> (Minor issue)
        [wheezy] - mupdf <no-dsa> (Minor issue)
@@ -41339,6 +41375,7 @@ CVE-2017-17868 (In Liferay Portal 6.1.0, the tags 
section has XSS via a Public R
 CVE-2017-17867 (Inteno iopsys 2.0-3.14 and 4.0 devices allow remote 
authenticated users ...)
        NOT-FOR-US: Inteno iopsys
 CVE-2017-17866 (pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles 
certain ...)
+       {DSA-4334-1}
        - mupdf 1.12.0+ds1-1 (bug #885120)
        [jessie] - mupdf <no-dsa> (Minor issue)
        [wheezy] - mupdf <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a8ea0d1888ff58b3629465aaf3b06e9204fa0f88

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a8ea0d1888ff58b3629465aaf3b06e9204fa0f88
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to