[Git][security-tracker-team/security-tracker][master] automatic update

Thu, 03 Jan 2019 00:11:01 -0800 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
fc9a1618 by security tracker role at 2019-01-03T08:10:23Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2019-3580 (OpenRefine through 3.1 allows arbitrary file write because 
Directory ...)
+       TODO: check
 CVE-2019-3579
        RESERVED
 CVE-2019-3578
@@ -435,6 +437,7 @@ CVE-2018-20623 (In GNU Binutils 2.31.1, there is a 
use-after-free in the error f
        [jessie] - binutils <ignored> (Minor issue)
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24049
 CVE-2018-20622 (JasPer 2.0.14 has a memory leak in base/jas_malloc.c in 
libjasper.a ...)
+       {DLA-1628-1}
        - jasper <removed>
        NOTE: https://github.com/mdadams/jasper/issues/193
 CVE-2018-20621
@@ -524,6 +527,7 @@ CVE-2018-20586
 CVE-2018-20585
        RESERVED
 CVE-2018-20584 (JasPer 2.0.14 allows remote attackers to cause a denial of 
service ...)
+       {DLA-1628-1}
        - jasper <removed>
        NOTE: https://github.com/mdadams/jasper/issues/192
 CVE-2018-20583 (Cross-site scripting (XSS) vulnerability in the PHP League 
CommonMark ...)
@@ -553,6 +557,7 @@ CVE-2018-20572 (WUZHI CMS 4.1.0 allows 
coreframe/app/coupon/admin/copyfrom.php S
 CVE-2018-20571 (DamiCMS 6.0.1 allows remote attackers to read arbitrary files 
via a ...)
        NOT-FOR-US: DamiCMS
 CVE-2018-20570 (jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based 
buffer ...)
+       {DLA-1628-1}
        - jasper <removed>
        NOTE: https://github.com/mdadams/jasper/issues/191
 CVE-2018-20569 (user/index.php in Ivan Cordoba Generic Content Management 
System (CMS) ...)
@@ -3925,8 +3930,8 @@ CVE-2018-20133 (ymlref allows code injection. ...)
        NOT-FOR-US: ymlref
 CVE-2018-20132
        RESERVED
-CVE-2018-20131
-       RESERVED
+CVE-2018-20131 (The Code42 app before 6.8.4, as used in Code42 for Enterprise, 
on Linux ...)
+       TODO: check
 CVE-2018-20130
        RESERVED
 CVE-2018-20129 (An issue was discovered in DedeCMS V5.7 SP2. ...)
@@ -9821,15 +9826,19 @@ CVE-2018-19543 (An issue was discovered in JasPer 
2.0.14. There is a heap-based
        NOTE: jasper terminates properly. Still I am going to mark this bug as
        NOTE: postponed until we receive feedback from upstream.
 CVE-2018-19542 (An issue was discovered in JasPer 2.0.14. There is a NULL 
pointer ...)
+       {DLA-1628-1}
        - jasper <removed>
        NOTE: https://github.com/mdadams/jasper/issues/182
 CVE-2018-19541 (An issue was discovered in JasPer 2.0.14. There is a 
heap-based buffer ...)
+       {DLA-1628-1}
        - jasper <removed>
        NOTE: https://github.com/mdadams/jasper/issues/182
 CVE-2018-19540 (An issue was discovered in JasPer 2.0.14. There is a 
heap-based buffer ...)
+       {DLA-1628-1}
        - jasper <removed>
        NOTE: https://github.com/mdadams/jasper/issues/182
 CVE-2018-19539 (An issue was discovered in JasPer 2.0.14. There is an access 
violation ...)
+       {DLA-1628-1}
        - jasper <removed>
        NOTE: https://github.com/mdadams/jasper/issues/182
 CVE-2018-19538
@@ -11146,6 +11155,7 @@ CVE-2018-19144
 CVE-2018-19140
        RESERVED
 CVE-2018-19139 (An issue has been found in JasPer 2.0.14. There is a memory 
leak in ...)
+       {DLA-1628-1}
        - jasper <removed> (low)
        NOTE: https://github.com/mdadams/jasper/issues/188
 CVE-2018-19138 (WSTMart 2.0.7 has CSRF via the index.php/admin/staffs/add.html 
URI. ...)
@@ -11746,8 +11756,8 @@ CVE-2018-18895
        RESERVED
 CVE-2018-18894
        RESERVED
-CVE-2018-18893
-       RESERVED
+CVE-2018-18893 (Jinjava before 2.4.6 does not block the getClass method, 
related to ...)
+       TODO: check
 CVE-2018-18892 (MiniCMS 1.10 allows execution of arbitrary PHP code via the 
install.php ...)
        NOT-FOR-US: MiniCMS
 CVE-2018-18891 (MiniCMS 1.10 allows file deletion via ...)
@@ -11785,6 +11795,7 @@ CVE-2018-18875
 CVE-2018-18874 (nc-cms through 2017-03-10 allows remote attackers to execute 
arbitrary ...)
        NOT-FOR-US: nc-cms
 CVE-2018-18873 (An issue was discovered in JasPer 2.0.14. There is a NULL 
pointer ...)
+       {DLA-1628-1}
        - jasper <removed>
        NOTE: https://github.com/mdadams/jasper/issues/184
 CVE-2018-18872
@@ -13341,8 +13352,8 @@ CVE-2018-18266
        RESERVED
 CVE-2018-18265
        RESERVED
-CVE-2018-18264
-       RESERVED
+CVE-2018-18264 (Kubernetes Dashboard before 1.10.1 allows attackers to bypass 
...)
+       TODO: check
 CVE-2018-18263
        RESERVED
 CVE-2018-18262 (Zoho ManageEngine OpManager 12.3 before build 123214 has XSS. 
...)
@@ -16119,8 +16130,8 @@ CVE-2018-17174 (A stack-based buffer overflow was 
discovered in the xtimor NMEA
        NOT-FOR-US: nmealib
 CVE-2018-17173 (LG SuperSign CMS allows remote attackers to execute arbitrary 
code via ...)
        NOT-FOR-US: LG SuperSign CMS
-CVE-2018-17172
-       RESERVED
+CVE-2018-17172 (The web application on Xerox AltaLink B80xx before 
100.008.028.05200, ...)
+       TODO: check
 CVE-2018-17171
        RESERVED
 CVE-2018-17170



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fc9a161802ab0412e06486f009877bec23774360

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fc9a161802ab0412e06486f009877bec23774360
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to