Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
de34d354 by Moritz Muehlenhoff at 2018-11-30T16:34:12Z
NFUs
new confuse issue
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -40,7 +40,8 @@ CVE-2018-19762 (There is a heap-based buffer overflow at
fromsixel.c (function:
CVE-2018-19761 (There is an illegal address access at fromsixel.c (function:
...)
TODO: check
CVE-2018-19760 (cfg_init in confuse.c in libConfuse 3.2.2 has a memory leak.
...)
- TODO: check
+ - confuse <unfixed> (low)
+ [stretch] - confuse <no-dsa> (Minor issue)
CVE-2018-19759 (There is a heap-based buffer over-read at stb_image_write.h
(function: ...)
TODO: check
CVE-2018-19758 (There is a heap-based buffer over-read at wav.c in
wav_write_header in ...)
@@ -5762,7 +5763,7 @@ CVE-2018-18621 (CommuniGate Pro 6.2 allows stored XSS via
a message body in Pron
CVE-2018-18620
RESERVED
CVE-2018-18619 (internal/advanced_comment_system/admin.php in Advanced Comment
System ...)
- TODO: check
+ NOT-FOR-US: Advanced Comment System
CVE-2018-18618
RESERVED
CVE-2018-18617
@@ -12405,9 +12406,9 @@ CVE-2018-15982
CVE-2018-15981 (Flash Player versions 31.0.0.148 and earlier have a type
confusion ...)
NOT-FOR-US: Adobe
CVE-2018-15980 (Adobe Photoshop CC versions 19.1.6 and earlier have an
out-of-bounds ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2018-15979 (Adobe Acrobat and Reader versions 2019.008.20080 and earlier,
...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2018-15978 (Flash Player versions 31.0.0.122 and earlier have an
out-of-bounds ...)
NOT-FOR-US: Adobe
CVE-2018-15977
@@ -25308,7 +25309,7 @@ CVE-2018-11004 (An issue was discovered in SDcms v1.5.
Cross-site request forger
CVE-2018-11003 (An issue was discovered in YXcms 1.4.7. Cross-site request
forgery ...)
NOT-FOR-US: YXcms
CVE-2018-11002 (Pulse Secure Desktop Client 5.3 up to and including R6.0 build
1769 on ...)
- TODO: check
+ NOT-FOR-US: Pulse Secure Desktop Client
CVE-2018-11001
RESERVED
CVE-2018-11000
@@ -40007,7 +40008,7 @@ CVE-2018-5921 (A potential security vulnerability has
been identified with certa
CVE-2018-5920
RESERVED
CVE-2018-5919 (In all android releases(Android for MSM, Firefox OS for MSM,
QRD ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2018-5918 (Possible buffer overflow in DRM Trusted application due to lack
of ...)
NOT-FOR-US: Snapdragon
CVE-2018-5917 (Possible buffer overflow in OEM crypto function due to improper
input ...)
@@ -40025,19 +40026,19 @@ CVE-2018-5912 (Potential buffer overflow in Video due
to lack of input validatio
CVE-2018-5911
RESERVED
CVE-2018-5910 (In all android releases(Android for MSM, Firefox OS for MSM,
QRD ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-5909 (In all android releases(Android for MSM, Firefox OS for MSM,
QRD ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-5908 (In all android releases(Android for MSM, Firefox OS for MSM,
QRD ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-5907 (Possible buffer overflow in msm_adsp_stream_callback_put due to
lack ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5906 (In all android releases(Android for MSM, Firefox OS for MSM,
QRD ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-5905 (In all android releases (Android for MSM, Firefox OS for MSM,
QRD ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5904 (In all android releases(Android for MSM, Firefox OS for MSM,
QRD ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-5903
RESERVED
CVE-2018-5902
@@ -40126,7 +40127,7 @@ CVE-2018-5863 (If userspace provides a too-large WPA
RSN IE length in ...)
CVE-2018-5862 (In __wlan_hdd_cfg80211_vendor_scan() in all Android releases
from CAF ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5861 (In all android releases(Android for MSM, Firefox OS for MSM,
QRD ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-5860 (In the MDSS driver in all Android releases(Android for MSM,
Firefox OS ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5859 (Due to a race condition in the MDSS MDP driver in all Android
releases ...)
@@ -40136,7 +40137,7 @@ CVE-2018-5858 (In the audio debugfs in all Android
releases from CAF using the L
CVE-2018-5857 (In the WCD CPE codec, a Use After Free condition can occur in
all ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5856 (In all android releases(Android for MSM, Firefox OS for MSM,
QRD ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-5855 (While padding or shrinking a nested wmi packet in all Android
releases ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5854 (A stack-based buffer overflow can occur in fastboot from all
Android ...)
@@ -75675,7 +75676,7 @@ CVE-2017-11080 (In Android for MSM, Firefox OS for MSM,
QRD Android, with all An
CVE-2017-11079 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-11078 (In all android releases(Android for MSM, Firefox OS for MSM,
QRD ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2017-11077
RESERVED
CVE-2017-11076
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/de34d3548e7d0318f0f18a11005191b26487ae04
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/de34d3548e7d0318f0f18a11005191b26487ae04
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
