Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f2f28585 by security tracker role at 2018-11-12T20:10:20Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,12 +1,50 @@
-CVE-2018-19207
+CVE-2018-19219 (In LibSaas 3.5-stable, there is an illegal address access at
...)
+ TODO: check
+CVE-2018-19218 (In LibSaas 3.5-stable, there is an illegal address access at
...)
+ TODO: check
+CVE-2018-19217 (In ncurses 6.1, there is a NULL pointer dereference at the
function ...)
+ TODO: check
+CVE-2018-19216 (Netwide Assembler (NASM) before 2.13.02 has a use-after-free
in detoken ...)
+ TODO: check
+CVE-2018-19215 (Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer
over-read in ...)
+ TODO: check
+CVE-2018-19214 (Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer
over-read in ...)
+ TODO: check
+CVE-2018-19213 (Netwide Assembler (NASM) through 2.14rc16 has memory leaks
that may ...)
+ TODO: check
+CVE-2018-19212 (In libwebm through 2018-10-03, there is an abort caused by ...)
+ TODO: check
+CVE-2018-19211 (In ncurses 6.1, there is a NULL pointer dereference at
function ...)
+ TODO: check
+CVE-2018-19210 (In LibTIFF 4.0.9, there is a NULL pointer dereference in the
...)
+ TODO: check
+CVE-2018-19209 (Netwide Assembler (NASM) 2.14rc15 has a NULL pointer
dereference in the ...)
+ TODO: check
+CVE-2018-19208 (In libwpd 0.10.2, there is a NULL pointer dereference in the
function ...)
+ TODO: check
+CVE-2018-19204 (PRTG Network Monitor before 18.3.44.2054 allows a remote
authenticated ...)
+ TODO: check
+CVE-2018-19203 (PRTG Network Monitor before 18.2.41.1652 allows remote
unauthenticated ...)
+ TODO: check
+CVE-2018-19202
+ RESERVED
+CVE-2018-19201
+ RESERVED
+CVE-2018-19200 (An issue was discovered in uriparser before 0.9.0. UriCommon.c
allows ...)
+ TODO: check
+CVE-2018-19199 (An issue was discovered in uriparser before 0.9.0. UriQuery.c
allows an ...)
+ TODO: check
+CVE-2018-19198 (An issue was discovered in uriparser before 0.9.0. UriQuery.c
allows an ...)
+ TODO: check
+CVE-2018-19207 (The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin
before ...)
NOT-FOR-US: WordPress plugin wp-gdpr-compliance
-CVE-2018-19206 [XSS via crafted use of <svg><style>]
+CVE-2018-19206 (steps/mail/func.inc in Roundcube before 1.3.8 has XSS via
crafted use ...)
- roundcube 1.3.8+dfsg.1-1
NOTE: https://roundcube.net/news/2018/10/26/update-1.3.8-released
NOTE: https://github.com/roundcube/roundcubemail/issues/6410
NOTE:
https://github.com/roundcube/roundcubemail/commit/102fbf1169116fef32a940b9fb1738bc45276059
(released-1.3)
NOTE:
https://github.com/roundcube/roundcubemail/commit/adcac3b9de2728c34c4d2b107e54823b6a7f6a5b
(master)
-CVE-2018-19205 [mishandles GnuPG MDC integrity-protection warnings]
+CVE-2018-19205 (Roundcube before 1.3.7 mishandles GnuPG MDC
integrity-protection ...)
- roundcube 1.3.8+dfsg.1-1
NOTE: https://roundcube.net/news/2018/07/27/update-1.3.7-released
NOTE: https://github.com/roundcube/roundcubemail/issues/6289
@@ -5732,6 +5770,7 @@ CVE-2018-16839 (Curl versions 7.33.0 through 7.61.1 are
vulnerable to a buffer o
CVE-2018-16838
RESERVED
CVE-2018-16837 (Ansible "User" module leaks any data which is passed
on as a parameter ...)
+ {DLA-1576-1}
- ansible 2.7.1+dfsg-1 (bug #912297)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1640642
NOTE: https://github.com/ansible/ansible/pull/47436
@@ -9602,7 +9641,7 @@ CVE-2018-XXXX [libykneomgr memory corruption]
[jessie] - libykneomgr <no-dsa> (Minor issue)
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-004-libykneomgr/
CVE-2018-15470 (An issue was discovered in Xen through 4.11.x. The logic in
oxenstored ...)
- {DSA-4274-1}
+ {DSA-4274-1 DLA-1577-1}
- xen 4.11.1~pre.20180911.5acdd26fdc+dfsg-2 (unimportant)
NOTE: https://xenbits.xen.org/xsa/advisory-272.html
CVE-2018-15471 (An issue was discovered in xenvif_set_hash_mapping in ...)
@@ -9617,7 +9656,7 @@ CVE-2018-15468 (An issue was discovered in Xen through
4.11.x. The DEBUGCTL MSR
[jessie] - xen <not-affected> (Only affects 4.6 and later)
NOTE: https://xenbits.xen.org/xsa/advisory-269.html
CVE-2018-15469 (An issue was discovered in Xen through 4.11.x. ARM never
properly ...)
- {DSA-4274-1}
+ {DSA-4274-1 DLA-1577-1}
- xen 4.11.1~pre.20180911.5acdd26fdc+dfsg-2
NOTE: https://xenbits.xen.org/xsa/advisory-268.html
CVE-2018-15309
@@ -15514,7 +15553,7 @@ CVE-2018-12895 (WordPress through 4.9.6 allows Author
users to execute arbitrary
CVE-2018-12894
RESERVED
CVE-2018-12893 (An issue was discovered in Xen through 4.10.x. One of the
fixes in ...)
- {DSA-4236-1}
+ {DSA-4236-1 DLA-1577-1}
- xen 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9
NOTE: https://xenbits.xen.org/xsa/advisory-265.html
CVE-2018-12892 (An issue was discovered in Xen 4.7 through 4.10.x. libxl fails
to pass ...)
@@ -15523,7 +15562,7 @@ CVE-2018-12892 (An issue was discovered in Xen 4.7
through 4.10.x. libxl fails t
[jessie] - xen <not-affected> (Issue introduced in 4.7)
NOTE: https://xenbits.xen.org/xsa/advisory-266.html
CVE-2018-12891 (An issue was discovered in Xen through 4.10.x. Certain PV MMU
...)
- {DSA-4236-1}
+ {DSA-4236-1 DLA-1577-1}
- xen 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9
NOTE: https://xenbits.xen.org/xsa/advisory-264.html
CVE-2018-12890
@@ -17028,7 +17067,7 @@ CVE-2018-12394
RESERVED
CVE-2018-12393
RESERVED
- {DSA-4337-1 DSA-4324-1 DLA-1571-1}
+ {DSA-4337-1 DSA-4324-1 DLA-1575-1 DLA-1571-1}
- firefox-esr 60.3.0esr-1
- firefox 63.0-1
- thunderbird 1:60.3.0-1
@@ -17037,7 +17076,7 @@ CVE-2018-12393
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/#CVE-2018-12393
CVE-2018-12392
RESERVED
- {DSA-4337-1 DSA-4324-1 DLA-1571-1}
+ {DSA-4337-1 DSA-4324-1 DLA-1575-1 DLA-1571-1}
- firefox-esr 60.3.0esr-1
- firefox 63.0-1
- thunderbird 1:60.3.0-1
@@ -17054,7 +17093,7 @@ CVE-2018-12391
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/#CVE-2018-12391
CVE-2018-12390
RESERVED
- {DSA-4337-1 DSA-4324-1 DLA-1571-1}
+ {DSA-4337-1 DSA-4324-1 DLA-1575-1 DLA-1571-1}
- firefox-esr 60.3.0esr-1
- firefox 63.0-1
- thunderbird 1:60.3.0-1
@@ -17063,7 +17102,7 @@ CVE-2018-12390
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/#CVE-2018-12390
CVE-2018-12389
RESERVED
- {DSA-4337-1 DSA-4324-1 DLA-1571-1}
+ {DSA-4337-1 DSA-4324-1 DLA-1575-1 DLA-1571-1}
- firefox-esr 60.3.0esr-1
- thunderbird 1:60.3.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12389
@@ -17083,7 +17122,7 @@ CVE-2018-12386 (A vulnerability in register allocation
in JavaScript can lead to
- firefox-esr 60.2.2esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/#CVE-2018-12386
CVE-2018-12385 (A potentially exploitable crash in TransportSecurityInfo used
for SSL ...)
- {DSA-4327-1 DSA-4304-1}
+ {DSA-4327-1 DSA-4304-1 DLA-1575-1}
- firefox 62.0.2-1
- firefox-esr 60.2.1esr-1
- thunderbird 1:60.2.1-1
@@ -17100,7 +17139,7 @@ CVE-2018-12384 [ServerHello.random is all zero when
handling a v2-compatible Cli
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1483128
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1622089
CVE-2018-12383 (If a user saved passwords before Firefox 58 and then later set
a ...)
- {DSA-4327-1 DSA-4304-1}
+ {DSA-4327-1 DSA-4304-1 DLA-1575-1}
- firefox 62.0-1
- firefox-esr 60.2.1esr-1
- thunderbird 1:60.2.1-1
@@ -17118,7 +17157,7 @@ CVE-2018-12381 (Manually dragging and dropping an
Outlook email message into the
CVE-2018-12380
RESERVED
CVE-2018-12379 (When the Mozilla Updater opens a MAR format file which
contains a very ...)
- {DSA-4327-1}
+ {DSA-4327-1 DLA-1575-1}
- firefox 62.0-1 (unimportant)
- firefox-esr 60.2.0esr-1 (unimportant)
[stretch] - firefox-esr 60.2.0esr-1~deb9u2
@@ -17127,7 +17166,7 @@ CVE-2018-12379 (When the Mozilla Updater opens a MAR
format file which contains
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12379
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12379
CVE-2018-12378 (A use-after-free vulnerability can occur when an IndexedDB
index is ...)
- {DSA-4327-1 DSA-4287-1}
+ {DSA-4327-1 DSA-4287-1 DLA-1575-1}
- firefox 62.0-1
- firefox-esr 60.2.0esr-1
- thunderbird 1:60.2.1-1
@@ -17135,7 +17174,7 @@ CVE-2018-12378 (A use-after-free vulnerability can
occur when an IndexedDB index
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12378
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12378
CVE-2018-12377 (A use-after-free vulnerability can occur when refresh driver
timers ...)
- {DSA-4327-1 DSA-4287-1}
+ {DSA-4327-1 DSA-4287-1 DLA-1575-1}
- firefox 62.0-1
- firefox-esr 60.2.0esr-1
- thunderbird 1:60.2.1-1
@@ -17143,7 +17182,7 @@ CVE-2018-12377 (A use-after-free vulnerability can
occur when refresh driver tim
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12377
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12377
CVE-2018-12376 (Memory safety bugs present in Firefox 61 and Firefox ESR 60.1.
Some of ...)
- {DSA-4327-1 DSA-4287-1}
+ {DSA-4327-1 DSA-4287-1 DLA-1575-1}
- firefox 62.0-1
- firefox-esr 60.2.0esr-1
- thunderbird 1:60.2.1-1
@@ -17167,7 +17206,7 @@ CVE-2018-12372 (Decrypted S/MIME parts, when included
in HTML crafted for an att
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12372
CVE-2018-12371
RESERVED
- {DSA-4295-1}
+ {DSA-4295-1 DLA-1575-1}
- firefox 61.0-1
- thunderbird 1:60.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12371
@@ -17186,7 +17225,7 @@ CVE-2018-12368 (Windows 10 does not warn users before
opening executable files w
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/#CVE-2018-12368
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12368
CVE-2018-12367 (In the previous mitigations for Spectre, the resolution or
precision ...)
- {DSA-4295-1}
+ {DSA-4295-1 DLA-1575-1}
- firefox 61.0-1
- thunderbird 1:60.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12367
@@ -17232,7 +17271,7 @@ CVE-2018-12362 (An integer overflow can occur during
graphics operations done by
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/#CVE-2018-12362
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12362
CVE-2018-12361 (An integer overflow can occur in the SwizzleData code while
...)
- {DSA-4295-1}
+ {DSA-4295-1 DLA-1575-1}
- firefox 61.0-1
- thunderbird 1:60.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12361
@@ -26364,7 +26403,7 @@ CVE-2018-8899 (IdentityServer IdentityServer4 1.x
before 1.5.3 and 2.x before 2.
CVE-2018-8898 (A flaw in the authentication mechanism in the Login Panel of
router ...)
NOT-FOR-US: D-Link
CVE-2018-8897 (A statement in the System Programming Guide of the Intel 64 and
IA-32 ...)
- {DSA-4201-1 DSA-4196-1 DLA-1392-1 DLA-1383-1}
+ {DSA-4201-1 DSA-4196-1 DLA-1577-1 DLA-1392-1 DLA-1383-1}
- linux 4.15.17-1
NOTE: Fixed by:
https://git.kernel.org/linus/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9 (4.16-rc7)
- xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6
@@ -30010,11 +30049,11 @@ CVE-2018-7542 (An issue was discovered in Xen 4.8.x
through 4.10.x allowing x86
[wheezy] - xen <not-affected> (Vulnerable code introduced later)
NOTE: https://xenbits.xen.org/xsa/advisory-256.html
CVE-2018-7541 (An issue was discovered in Xen through 4.10.x allowing guest OS
users ...)
- {DSA-4131-1 DLA-1300-1}
+ {DSA-4131-1 DLA-1577-1 DLA-1300-1}
- xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5
NOTE: https://xenbits.xen.org/xsa/advisory-255.html
CVE-2018-7540 (An issue was discovered in Xen through 4.10.x allowing x86 PV
guest OS ...)
- {DSA-4131-1 DLA-1300-1}
+ {DSA-4131-1 DLA-1577-1 DLA-1300-1}
- xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5
NOTE: https://xenbits.xen.org/xsa/advisory-252.html
CVE-2018-7644 (The XmlSecLibs library as used in the saml2 library in
SimpleSAMLphp ...)
@@ -37561,7 +37600,7 @@ CVE-2018-5188 (Memory safety bugs present in Firefox
60, Firefox ESR 60, and Fir
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/#CVE-2018-5188
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-5188
CVE-2018-5187 (Memory safety bugs present in Firefox 60 and Firefox ESR 60.
Some of ...)
- {DSA-4295-1}
+ {DSA-4295-1 DLA-1575-1}
- firefox 61.0-1
- thunderbird 1:60.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-5187
@@ -37689,7 +37728,7 @@ CVE-2018-5157 (Same-origin protections for the PDF
viewer can be bypassed, allow
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5157
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5157
CVE-2018-5156 (A vulnerability can occur when capturing a media stream when
the media ...)
- {DSA-4295-1 DSA-4235-1 DLA-1406-1}
+ {DSA-4295-1 DSA-4235-1 DLA-1575-1 DLA-1406-1}
- firefox-esr 52.9.0esr-1
- firefox 61.0-1
- thunderbird 1:60.0-1
@@ -46631,8 +46670,8 @@ CVE-2018-1886
RESERVED
CVE-2018-1885
RESERVED
-CVE-2018-1884
- RESERVED
+CVE-2018-1884 (IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0,
and ...)
+ TODO: check
CVE-2018-1883
RESERVED
CVE-2018-1882
@@ -46803,8 +46842,8 @@ CVE-2018-1800 (IBM Sterling B2B Integrator Standard
Edition 5.2.6.0 and 6.2.6.1
NOT-FOR-US: IBM
CVE-2018-1799 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect
Server) 9.7, ...)
NOT-FOR-US: IBM
-CVE-2018-1798
- RESERVED
+CVE-2018-1798 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is
vulnerable ...)
+ TODO: check
CVE-2018-1797
RESERVED
CVE-2018-1796
@@ -46827,8 +46866,8 @@ CVE-2018-1788 (IBM Spectrum Protect Server 7.1 and 8.1
could disclose highly ...
NOT-FOR-US: IBM
CVE-2018-1787
RESERVED
-CVE-2018-1786
- RESERVED
+CVE-2018-1786 (IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes
incorrectly ...)
+ TODO: check
CVE-2018-1785 (IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1)
uses ...)
NOT-FOR-US: IBM
CVE-2018-1784
@@ -54374,7 +54413,7 @@ CVE-2017-16543 (Zoho ManageEngine Applications Manager
13 before build 13500 all
CVE-2017-16542 (Zoho ManageEngine Applications Manager 13 before build 13500
allows ...)
NOT-FOR-US: Zoho
CVE-2017-16541 (Tor Browser before 7.0.9 on macOS and Linux allows remote
attackers to ...)
- {DSA-4327-1}
+ {DSA-4327-1 DLA-1575-1}
- firefox 62.0-1 (unimportant)
- firefox-esr 60.2.0esr-1 (unimportant)
[stretch] - firefox-esr 60.2.0esr-1~deb9u2
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f2f2858584e212476d93b5ec5fa3123642328b24
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f2f2858584e212476d93b5ec5fa3123642328b24
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
