Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2d894a65 by security tracker role at 2018-11-10T20:10:20Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2018-19150 (Memory corruption in PDMODELProvidePDModelHFT in pdmodel.dll
in ...)
+ TODO: check
+CVE-2018-19149 (Poppler before 0.70.0 has a NULL pointer dereference in ...)
+ TODO: check
+CVE-2018-19148 (Caddy through 0.11.0 sends incorrect certificates for certain
invalid ...)
+ TODO: check
CVE-2018-19147
RESERVED
CVE-2018-19146
@@ -2037,7 +2043,7 @@ CVE-2018-18286
CVE-2018-18285
RESERVED
CVE-2018-18284 (Artifex Ghostscript 9.25 and earlier allows attackers to
bypass a ...)
- {DLA-1552-1}
+ {DSA-4336-1 DLA-1552-1}
- ghostscript 9.25~dfsg-3 (bug #911175)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699963
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1696
@@ -2663,7 +2669,7 @@ CVE-2018-18074 (The Requests package before 2.20.0 for
Python sends an HTTP ...)
NOTE: https://github.com/requests/requests/pull/4718
NOTE:
https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff
CVE-2018-18073 (Artifex Ghostscript allows attackers to bypass a sandbox
protection ...)
- {DLA-1552-1}
+ {DSA-4336-1 DLA-1552-1}
- ghostscript 9.25~dfsg-3 (bug #910758)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1690
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699927
@@ -2982,7 +2988,7 @@ CVE-2018-17962 (Qemu has a Buffer Overflow in
pcnet_receive in hw/net/pcnet.c be
NOTE: https://www.openwall.com/lists/oss-security/2018/10/08/1
NOTE:
https://git.qemu.org/?p=qemu.git;a=commit;h=b1d80d12c5f7ff081bb80ab4f4241d4248691192
CVE-2018-17961 (Artifex Ghostscript 9.25 and earlier allows attackers to
bypass a ...)
- {DLA-1552-1}
+ {DSA-4336-1 DLA-1552-1}
- ghostscript 9.25~dfsg-3 (bug #910678)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1682
NOTE: https://www.openwall.com/lists/oss-security/2018/10/09/4
@@ -18957,7 +18963,7 @@ CVE-2018-11646 (webkitFaviconDatabaseSetIconForPageURL
and ...)
NOTE: Not covered by security support
NOTE: https://webkitgtk.org/security/WSA-2018-0005.html
CVE-2018-11645 (psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the
status ...)
- {DLA-1504-1}
+ {DSA-4336-1 DLA-1504-1}
- ghostscript 9.21~dfsg-1 (low)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697193
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b60d50b7567369ad856cebe1efb6cd7dd2284219
(9.21rc1)
@@ -51928,7 +51934,7 @@ CVE-2018-0362 (A vulnerability in BIOS authentication
management of Cisco 5000 S
CVE-2018-0361 (ClamAV before 0.100.1 lacks a PDF object length check,
resulting in an ...)
{DLA-1461-1}
- clamav 0.100.1+dfsg-1
- [stretch] - clamav 0.100.1+dfsg-0+deb9u1
+ [stretch] - clamav 0.100.1+dfsg-0+deb9u1
NOTE:
https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html
CVE-2018-0360 (ClamAV before 0.100.1 has an HWP integer overflow with a
resultant ...)
{DLA-1461-1}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2d894a655bd3b43e50e429099c0deaa4ca57f66b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2d894a655bd3b43e50e429099c0deaa4ca57f66b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
