Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
60eca076 by security tracker role at 2018-11-23T08:10:21Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,20 +1,62 @@
+CVE-2018-19478
+ RESERVED
+CVE-2018-19474
+ RESERVED
+CVE-2018-19473
+ RESERVED
+CVE-2018-19472
+ RESERVED
+CVE-2018-19471
+ RESERVED
+CVE-2018-19470
+ RESERVED
+CVE-2018-19469 (ArticleCMS through 2017-02-19 has XSS via the ...)
+ TODO: check
+CVE-2018-19468 (HuCart 5.7.4 has SQL injection in get_ip() in ...)
+ TODO: check
+CVE-2018-19467
+ RESERVED
+CVE-2018-19466
+ RESERVED
+CVE-2018-19465
+ RESERVED
+CVE-2018-19464 (Discuz! X3.4 allows XSS via admin.php because ...)
+ TODO: check
+CVE-2018-19463 (zb_system/function/lib/upload.php in Z-BlogPHP through 1.5.1
allows ...)
+ TODO: check
+CVE-2018-19462
+ RESERVED
+CVE-2018-19461
+ RESERVED
+CVE-2018-19460
+ RESERVED
+CVE-2018-19459 (Adult Filter 1.0 has a Buffer Overflow via a crafted Black
Domain List ...)
+ TODO: check
+CVE-2018-19458 (In PHP Proxy 3.0.3, any user can read files from the server
without ...)
+ TODO: check
+CVE-2018-19457 (Logicspice FAQ Script 2.9.7 allows uploading arbitrary files,
which ...)
+ TODO: check
+CVE-2018-19456
+ RESERVED
+CVE-2018-19455
+ RESERVED
CVE-2018-19486 [run-command: do not fall back to cwd when command is not in
$PATH]
- git 1:2.19.2-1
[stretch] - git <not-affected> (Vulnerable code introduced later)
[jessie] - git <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by:
https://git.kernel.org/pub/scm/git/git.git/commit/?id=321fd82389742398d2924640ce3a61791fd27d60
NOTE: Introduced by:
https://git.kernel.org/pub/scm/git/git.git/commit/?id=e3a434468fecca7c14a6bef32050dfa60534fde6
-CVE-2018-19477
+CVE-2018-19477 (psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote
...)
- ghostscript 9.26~dfsg-1
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ef252e7dc214bcbd9a2539216aab9202848602bb
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;h=606a22e77e7f081781e99e44644cd0119f559e03
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700168
-CVE-2018-19476
+CVE-2018-19476 (psi/zicc.c in Artifex Ghostscript before 9.26 allows remote
attackers ...)
- ghostscript 9.26~dfsg-1
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=67d760ab775dae4efe803b5944b0439aa3c0b04a
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;h=434753adbe8be5534bfb9b7d91746023e8073d16
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700169
-CVE-2018-19475
+CVE-2018-19475 (psi/zdevice2.c in Artifex Ghostscript before 9.26 allows
remote ...)
- ghostscript 9.26~dfsg-1
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3005fcb9bb160af199e761e03bc70a9f249a987e
NOTE:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=aeea342904978c9fe17d85f4906a0f6fcce2d315
@@ -1144,6 +1186,7 @@ CVE-2018-XXXX [XSA-282: guest use of HLE constructs may
lock up host]
[jessie] - xen 4.4.4lts4-0+deb8u1
NOTE: https://xenbits.xen.org/xsa/advisory-282.txt
CVE-2018-19115 (keepalived before 2.0.7 has a heap-based buffer overflow when
parsing ...)
+ {DLA-1589-1}
- keepalived <unfixed> (bug #914393)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1015141
NOTE: https://github.com/acassen/keepalived/pull/961
@@ -1822,7 +1865,7 @@ CVE-2018-18822 (Grapixel New Media v2.0 allows SQL
Injection via the pages.aspx
CVE-2018-18821
RESERVED
CVE-2018-18820 (A buffer overflow was discovered in the URL-authentication
backend of ...)
- {DSA-4333-1}
+ {DSA-4333-1 DLA-1588-1}
- icecast2 2.4.4-1 (bug #912611)
NOTE: https://www.openwall.com/lists/oss-security/2018/11/01/3
NOTE: https://gitlab.xiph.org/xiph/icecast-server/issues/2342
@@ -44450,7 +44493,7 @@ CVE-2018-3216
CVE-2018-3215 (Vulnerability in the Oracle Endeca Information Discovery
Integrator ...)
NOT-FOR-US: Oracle
CVE-2018-3214 (Vulnerability in the Java SE, Java SE Embedded, JRockit
component of ...)
- {DSA-4326-1}
+ {DSA-4326-1 DLA-1590-1}
- openjdk-7 <removed>
- openjdk-8 8u181-b13-2
CVE-2018-3213 (Vulnerability in the Oracle WebLogic Server component of Oracle
Fusion ...)
@@ -44539,7 +44582,7 @@ CVE-2018-3182 (Vulnerability in the MySQL Server
component of Oracle MySQL ...)
CVE-2018-3181 (Vulnerability in the Oracle Hospitality Cruise Shipboard
Property ...)
NOT-FOR-US: Oracle
CVE-2018-3180 (Vulnerability in the Java SE, Java SE Embedded, JRockit
component of ...)
- {DSA-4326-1}
+ {DSA-4326-1 DLA-1590-1}
- openjdk-7 <removed>
- openjdk-8 8u181-b13-2
- openjdk-10 10.0.2+13-2
@@ -44577,7 +44620,7 @@ CVE-2018-3170 (Vulnerability in the MySQL Server
component of Oracle MySQL ...)
- mysql-5.5 <not-affected> (Only affects MySQL 8)
NOTE:
https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3169 (Vulnerability in the Java SE, Java SE Embedded component of
Oracle ...)
- {DSA-4326-1}
+ {DSA-4326-1 DLA-1590-1}
- openjdk-7 <removed>
- openjdk-8 8u181-b13-2
- openjdk-10 10.0.2+13-2
@@ -44634,7 +44677,7 @@ CVE-2018-3150 (Vulnerability in the Java SE component
of Oracle Java SE ...)
- openjdk-10 10.0.2+13-2
- openjdk-11 11.0.1+13-1
CVE-2018-3149 (Vulnerability in the Java SE, Java SE Embedded, JRockit
component of ...)
- {DSA-4326-1}
+ {DSA-4326-1 DLA-1590-1}
- openjdk-7 <removed>
- openjdk-8 8u181-b13-2
- openjdk-10 10.0.2+13-2
@@ -44668,7 +44711,7 @@ CVE-2018-3141 (Vulnerability in the Hyperion Essbase
Administration Services ...
CVE-2018-3140 (Vulnerability in the Hyperion Essbase Administration Services
...)
NOT-FOR-US: Oracle
CVE-2018-3139 (Vulnerability in the Java SE, Java SE Embedded component of
Oracle ...)
- {DSA-4326-1}
+ {DSA-4326-1 DLA-1590-1}
- openjdk-7 <removed>
- openjdk-8 8u181-b13-2
- openjdk-10 10.0.2+13-2
@@ -44680,7 +44723,7 @@ CVE-2018-3137 (Vulnerability in the MySQL Server
component of Oracle MySQL ...)
- mysql-5.5 <not-affected> (Only affects MySQL 8)
NOTE:
https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3136 (Vulnerability in the Java SE, Java SE Embedded component of
Oracle ...)
- {DSA-4326-1}
+ {DSA-4326-1 DLA-1590-1}
- openjdk-7 <removed>
- openjdk-8 8u181-b13-2
- openjdk-10 10.0.2+13-2
@@ -45092,7 +45135,7 @@ CVE-2018-2954 (Vulnerability in the Oracle Order
Management component of Oracle
CVE-2018-2953 (Vulnerability in the Oracle One-to-One Fulfillment component of
Oracle ...)
NOT-FOR-US: Oracle
CVE-2018-2952 (Vulnerability in the Java SE, Java SE Embedded, JRockit
component of ...)
- {DSA-4268-1}
+ {DSA-4268-1 DLA-1590-1}
- openjdk-7 <removed>
- openjdk-8 8u181-b13-1
- openjdk-10 10.0.2+13-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/60eca076ca8d0e48ffe46a767930e3228cf26f34
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/60eca076ca8d0e48ffe46a767930e3228cf26f34
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
