Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: f2f28585 by security tracker role at 2018-11-12T20:10:20Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,12 +1,50 @@ -CVE-2018-19207 +CVE-2018-19219 (In LibSaas 3.5-stable, there is an illegal address access at ...) + TODO: check +CVE-2018-19218 (In LibSaas 3.5-stable, there is an illegal address access at ...) + TODO: check +CVE-2018-19217 (In ncurses 6.1, there is a NULL pointer dereference at the function ...) + TODO: check +CVE-2018-19216 (Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken ...) + TODO: check +CVE-2018-19215 (Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in ...) + TODO: check +CVE-2018-19214 (Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in ...) + TODO: check +CVE-2018-19213 (Netwide Assembler (NASM) through 2.14rc16 has memory leaks that may ...) + TODO: check +CVE-2018-19212 (In libwebm through 2018-10-03, there is an abort caused by ...) + TODO: check +CVE-2018-19211 (In ncurses 6.1, there is a NULL pointer dereference at function ...) + TODO: check +CVE-2018-19210 (In LibTIFF 4.0.9, there is a NULL pointer dereference in the ...) + TODO: check +CVE-2018-19209 (Netwide Assembler (NASM) 2.14rc15 has a NULL pointer dereference in the ...) + TODO: check +CVE-2018-19208 (In libwpd 0.10.2, there is a NULL pointer dereference in the function ...) + TODO: check +CVE-2018-19204 (PRTG Network Monitor before 18.3.44.2054 allows a remote authenticated ...) + TODO: check +CVE-2018-19203 (PRTG Network Monitor before 18.2.41.1652 allows remote unauthenticated ...) + TODO: check +CVE-2018-19202 + RESERVED +CVE-2018-19201 + RESERVED +CVE-2018-19200 (An issue was discovered in uriparser before 0.9.0. UriCommon.c allows ...) + TODO: check +CVE-2018-19199 (An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an ...) + TODO: check +CVE-2018-19198 (An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an ...) + TODO: check +CVE-2018-19207 (The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before ...) NOT-FOR-US: WordPress plugin wp-gdpr-compliance -CVE-2018-19206 [XSS via crafted use of <svg><style>] +CVE-2018-19206 (steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use ...) - roundcube 1.3.8+dfsg.1-1 NOTE: https://roundcube.net/news/2018/10/26/update-1.3.8-released NOTE: https://github.com/roundcube/roundcubemail/issues/6410 NOTE: https://github.com/roundcube/roundcubemail/commit/102fbf1169116fef32a940b9fb1738bc45276059 (released-1.3) NOTE: https://github.com/roundcube/roundcubemail/commit/adcac3b9de2728c34c4d2b107e54823b6a7f6a5b (master) -CVE-2018-19205 [mishandles GnuPG MDC integrity-protection warnings] +CVE-2018-19205 (Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection ...) - roundcube 1.3.8+dfsg.1-1 NOTE: https://roundcube.net/news/2018/07/27/update-1.3.7-released NOTE: https://github.com/roundcube/roundcubemail/issues/6289 @@ -5732,6 +5770,7 @@ CVE-2018-16839 (Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer o CVE-2018-16838 RESERVED CVE-2018-16837 (Ansible "User" module leaks any data which is passed on as a parameter ...) + {DLA-1576-1} - ansible 2.7.1+dfsg-1 (bug #912297) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1640642 NOTE: https://github.com/ansible/ansible/pull/47436 @@ -9602,7 +9641,7 @@ CVE-2018-XXXX [libykneomgr memory corruption] [jessie] - libykneomgr <no-dsa> (Minor issue) NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-004-libykneomgr/ CVE-2018-15470 (An issue was discovered in Xen through 4.11.x. The logic in oxenstored ...) - {DSA-4274-1} + {DSA-4274-1 DLA-1577-1} - xen 4.11.1~pre.20180911.5acdd26fdc+dfsg-2 (unimportant) NOTE: https://xenbits.xen.org/xsa/advisory-272.html CVE-2018-15471 (An issue was discovered in xenvif_set_hash_mapping in ...) @@ -9617,7 +9656,7 @@ CVE-2018-15468 (An issue was discovered in Xen through 4.11.x. The DEBUGCTL MSR [jessie] - xen <not-affected> (Only affects 4.6 and later) NOTE: https://xenbits.xen.org/xsa/advisory-269.html CVE-2018-15469 (An issue was discovered in Xen through 4.11.x. ARM never properly ...) - {DSA-4274-1} + {DSA-4274-1 DLA-1577-1} - xen 4.11.1~pre.20180911.5acdd26fdc+dfsg-2 NOTE: https://xenbits.xen.org/xsa/advisory-268.html CVE-2018-15309 @@ -15514,7 +15553,7 @@ CVE-2018-12895 (WordPress through 4.9.6 allows Author users to execute arbitrary CVE-2018-12894 RESERVED CVE-2018-12893 (An issue was discovered in Xen through 4.10.x. One of the fixes in ...) - {DSA-4236-1} + {DSA-4236-1 DLA-1577-1} - xen 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9 NOTE: https://xenbits.xen.org/xsa/advisory-265.html CVE-2018-12892 (An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass ...) @@ -15523,7 +15562,7 @@ CVE-2018-12892 (An issue was discovered in Xen 4.7 through 4.10.x. libxl fails t [jessie] - xen <not-affected> (Issue introduced in 4.7) NOTE: https://xenbits.xen.org/xsa/advisory-266.html CVE-2018-12891 (An issue was discovered in Xen through 4.10.x. Certain PV MMU ...) - {DSA-4236-1} + {DSA-4236-1 DLA-1577-1} - xen 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9 NOTE: https://xenbits.xen.org/xsa/advisory-264.html CVE-2018-12890 @@ -17028,7 +17067,7 @@ CVE-2018-12394 RESERVED CVE-2018-12393 RESERVED - {DSA-4337-1 DSA-4324-1 DLA-1571-1} + {DSA-4337-1 DSA-4324-1 DLA-1575-1 DLA-1571-1} - firefox-esr 60.3.0esr-1 - firefox 63.0-1 - thunderbird 1:60.3.0-1 @@ -17037,7 +17076,7 @@ CVE-2018-12393 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/#CVE-2018-12393 CVE-2018-12392 RESERVED - {DSA-4337-1 DSA-4324-1 DLA-1571-1} + {DSA-4337-1 DSA-4324-1 DLA-1575-1 DLA-1571-1} - firefox-esr 60.3.0esr-1 - firefox 63.0-1 - thunderbird 1:60.3.0-1 @@ -17054,7 +17093,7 @@ CVE-2018-12391 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/#CVE-2018-12391 CVE-2018-12390 RESERVED - {DSA-4337-1 DSA-4324-1 DLA-1571-1} + {DSA-4337-1 DSA-4324-1 DLA-1575-1 DLA-1571-1} - firefox-esr 60.3.0esr-1 - firefox 63.0-1 - thunderbird 1:60.3.0-1 @@ -17063,7 +17102,7 @@ CVE-2018-12390 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/#CVE-2018-12390 CVE-2018-12389 RESERVED - {DSA-4337-1 DSA-4324-1 DLA-1571-1} + {DSA-4337-1 DSA-4324-1 DLA-1575-1 DLA-1571-1} - firefox-esr 60.3.0esr-1 - thunderbird 1:60.3.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12389 @@ -17083,7 +17122,7 @@ CVE-2018-12386 (A vulnerability in register allocation in JavaScript can lead to - firefox-esr 60.2.2esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/#CVE-2018-12386 CVE-2018-12385 (A potentially exploitable crash in TransportSecurityInfo used for SSL ...) - {DSA-4327-1 DSA-4304-1} + {DSA-4327-1 DSA-4304-1 DLA-1575-1} - firefox 62.0.2-1 - firefox-esr 60.2.1esr-1 - thunderbird 1:60.2.1-1 @@ -17100,7 +17139,7 @@ CVE-2018-12384 [ServerHello.random is all zero when handling a v2-compatible Cli NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1483128 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1622089 CVE-2018-12383 (If a user saved passwords before Firefox 58 and then later set a ...) - {DSA-4327-1 DSA-4304-1} + {DSA-4327-1 DSA-4304-1 DLA-1575-1} - firefox 62.0-1 - firefox-esr 60.2.1esr-1 - thunderbird 1:60.2.1-1 @@ -17118,7 +17157,7 @@ CVE-2018-12381 (Manually dragging and dropping an Outlook email message into the CVE-2018-12380 RESERVED CVE-2018-12379 (When the Mozilla Updater opens a MAR format file which contains a very ...) - {DSA-4327-1} + {DSA-4327-1 DLA-1575-1} - firefox 62.0-1 (unimportant) - firefox-esr 60.2.0esr-1 (unimportant) [stretch] - firefox-esr 60.2.0esr-1~deb9u2 @@ -17127,7 +17166,7 @@ CVE-2018-12379 (When the Mozilla Updater opens a MAR format file which contains NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12379 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12379 CVE-2018-12378 (A use-after-free vulnerability can occur when an IndexedDB index is ...) - {DSA-4327-1 DSA-4287-1} + {DSA-4327-1 DSA-4287-1 DLA-1575-1} - firefox 62.0-1 - firefox-esr 60.2.0esr-1 - thunderbird 1:60.2.1-1 @@ -17135,7 +17174,7 @@ CVE-2018-12378 (A use-after-free vulnerability can occur when an IndexedDB index NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12378 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12378 CVE-2018-12377 (A use-after-free vulnerability can occur when refresh driver timers ...) - {DSA-4327-1 DSA-4287-1} + {DSA-4327-1 DSA-4287-1 DLA-1575-1} - firefox 62.0-1 - firefox-esr 60.2.0esr-1 - thunderbird 1:60.2.1-1 @@ -17143,7 +17182,7 @@ CVE-2018-12377 (A use-after-free vulnerability can occur when refresh driver tim NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12377 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12377 CVE-2018-12376 (Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of ...) - {DSA-4327-1 DSA-4287-1} + {DSA-4327-1 DSA-4287-1 DLA-1575-1} - firefox 62.0-1 - firefox-esr 60.2.0esr-1 - thunderbird 1:60.2.1-1 @@ -17167,7 +17206,7 @@ CVE-2018-12372 (Decrypted S/MIME parts, when included in HTML crafted for an att NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12372 CVE-2018-12371 RESERVED - {DSA-4295-1} + {DSA-4295-1 DLA-1575-1} - firefox 61.0-1 - thunderbird 1:60.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12371 @@ -17186,7 +17225,7 @@ CVE-2018-12368 (Windows 10 does not warn users before opening executable files w NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/#CVE-2018-12368 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12368 CVE-2018-12367 (In the previous mitigations for Spectre, the resolution or precision ...) - {DSA-4295-1} + {DSA-4295-1 DLA-1575-1} - firefox 61.0-1 - thunderbird 1:60.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12367 @@ -17232,7 +17271,7 @@ CVE-2018-12362 (An integer overflow can occur during graphics operations done by NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/#CVE-2018-12362 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12362 CVE-2018-12361 (An integer overflow can occur in the SwizzleData code while ...) - {DSA-4295-1} + {DSA-4295-1 DLA-1575-1} - firefox 61.0-1 - thunderbird 1:60.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12361 @@ -26364,7 +26403,7 @@ CVE-2018-8899 (IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2. CVE-2018-8898 (A flaw in the authentication mechanism in the Login Panel of router ...) NOT-FOR-US: D-Link CVE-2018-8897 (A statement in the System Programming Guide of the Intel 64 and IA-32 ...) - {DSA-4201-1 DSA-4196-1 DLA-1392-1 DLA-1383-1} + {DSA-4201-1 DSA-4196-1 DLA-1577-1 DLA-1392-1 DLA-1383-1} - linux 4.15.17-1 NOTE: Fixed by: https://git.kernel.org/linus/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9 (4.16-rc7) - xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6 @@ -30010,11 +30049,11 @@ CVE-2018-7542 (An issue was discovered in Xen 4.8.x through 4.10.x allowing x86 [wheezy] - xen <not-affected> (Vulnerable code introduced later) NOTE: https://xenbits.xen.org/xsa/advisory-256.html CVE-2018-7541 (An issue was discovered in Xen through 4.10.x allowing guest OS users ...) - {DSA-4131-1 DLA-1300-1} + {DSA-4131-1 DLA-1577-1 DLA-1300-1} - xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5 NOTE: https://xenbits.xen.org/xsa/advisory-255.html CVE-2018-7540 (An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS ...) - {DSA-4131-1 DLA-1300-1} + {DSA-4131-1 DLA-1577-1 DLA-1300-1} - xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5 NOTE: https://xenbits.xen.org/xsa/advisory-252.html CVE-2018-7644 (The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp ...) @@ -37561,7 +37600,7 @@ CVE-2018-5188 (Memory safety bugs present in Firefox 60, Firefox ESR 60, and Fir NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/#CVE-2018-5188 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-5188 CVE-2018-5187 (Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of ...) - {DSA-4295-1} + {DSA-4295-1 DLA-1575-1} - firefox 61.0-1 - thunderbird 1:60.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-5187 @@ -37689,7 +37728,7 @@ CVE-2018-5157 (Same-origin protections for the PDF viewer can be bypassed, allow NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5157 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5157 CVE-2018-5156 (A vulnerability can occur when capturing a media stream when the media ...) - {DSA-4295-1 DSA-4235-1 DLA-1406-1} + {DSA-4295-1 DSA-4235-1 DLA-1575-1 DLA-1406-1} - firefox-esr 52.9.0esr-1 - firefox 61.0-1 - thunderbird 1:60.0-1 @@ -46631,8 +46670,8 @@ CVE-2018-1886 RESERVED CVE-2018-1885 RESERVED -CVE-2018-1884 - RESERVED +CVE-2018-1884 (IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0, and ...) + TODO: check CVE-2018-1883 RESERVED CVE-2018-1882 @@ -46803,8 +46842,8 @@ CVE-2018-1800 (IBM Sterling B2B Integrator Standard Edition 5.2.6.0 and 6.2.6.1 NOT-FOR-US: IBM CVE-2018-1799 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...) NOT-FOR-US: IBM -CVE-2018-1798 - RESERVED +CVE-2018-1798 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...) + TODO: check CVE-2018-1797 RESERVED CVE-2018-1796 @@ -46827,8 +46866,8 @@ CVE-2018-1788 (IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly ... NOT-FOR-US: IBM CVE-2018-1787 RESERVED -CVE-2018-1786 - RESERVED +CVE-2018-1786 (IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly ...) + TODO: check CVE-2018-1785 (IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses ...) NOT-FOR-US: IBM CVE-2018-1784 @@ -54374,7 +54413,7 @@ CVE-2017-16543 (Zoho ManageEngine Applications Manager 13 before build 13500 all CVE-2017-16542 (Zoho ManageEngine Applications Manager 13 before build 13500 allows ...) NOT-FOR-US: Zoho CVE-2017-16541 (Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to ...) - {DSA-4327-1} + {DSA-4327-1 DLA-1575-1} - firefox 62.0-1 (unimportant) - firefox-esr 60.2.0esr-1 (unimportant) [stretch] - firefox-esr 60.2.0esr-1~deb9u2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f2f2858584e212476d93b5ec5fa3123642328b24 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f2f2858584e212476d93b5ec5fa3123642328b24 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits