[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon Aug 20 21:10:25 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6071ca1b by security tracker role at 2018-08-20T20:10:18Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,73 @@
+CVE-2018-15595
+	RESERVED
+CVE-2018-15593
+	RESERVED
+CVE-2018-15592
+	RESERVED
+CVE-2018-15591
+	RESERVED
+CVE-2018-15590
+	RESERVED
+CVE-2018-15589
+	RESERVED
+CVE-2018-15588
+	RESERVED
+CVE-2018-15587
+	RESERVED
+CVE-2018-15586
+	RESERVED
+CVE-2018-1000657 (Rust Programming Language Rust standard library version Commit ...)
+	TODO: check
+CVE-2018-1000656 (The Pallets Project flask version Before 0.12.3 contains a CWE-20: ...)
+	TODO: check
+CVE-2018-1000655 (Jsish version 2.4.65 contains a CWE-476: NULL Pointer Dereference ...)
+	TODO: check
+CVE-2018-1000654 (GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 ...)
+	TODO: check
+CVE-2018-1000653 (zzcms version 8.3 and earlier contains a SQL Injection vulnerability ...)
+	TODO: check
+CVE-2018-1000652 (JabRef version <=4.3.1 contains a XML External Entity (XXE) ...)
+	TODO: check
+CVE-2018-1000651 (Stroom version <5.4.5 contains a XML External Entity (XXE) ...)
+	TODO: check
+CVE-2018-1000650 (LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection ...)
+	TODO: check
+CVE-2018-1000649 (LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated ...)
+	TODO: check
+CVE-2018-1000648 (LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated ...)
+	TODO: check
+CVE-2018-1000647 (LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated ...)
+	TODO: check
+CVE-2018-1000646 (LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated ...)
+	TODO: check
+CVE-2018-1000645 (LibreHealthIO lh-ehr version <REL-2.0.0 contains an Authenticated ...)
+	TODO: check
+CVE-2018-1000644 (Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External ...)
+	TODO: check
+CVE-2018-1000643 (OWASP OWASP ANTISAMY version 1.5.7 and earlier contains a Cross Site ...)
+	TODO: check
+CVE-2018-1000642 (FlightAirMap version <=v1.0-beta.21 contains a Cross Site Scripting ...)
+	TODO: check
+CVE-2018-1000641 (YesWiki version <= cercopitheque beta 1 contains a PHP Object ...)
+	TODO: check
+CVE-2018-1000640 (OpenCart-Overclocked version <=1.11.1 contains a Cross Site Scripting ...)
+	TODO: check
+CVE-2018-1000639 (LatexDraw version <=4.0 contains a XML External Entity (XXE) ...)
+	TODO: check
+CVE-2018-1000638 (MiniCMS version 1.1 contains a Cross Site Scripting (XSS) ...)
+	TODO: check
+CVE-2018-1000636 (JerryScript version Tested on commit ...)
+	TODO: check
+CVE-2018-1000635 (The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 ...)
+	TODO: check
+CVE-2018-1000634 (The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 ...)
+	TODO: check
+CVE-2018-1000633 (The Open Microscopy Environment OMERO.web version prior to 5.4.7 ...)
+	TODO: check
+CVE-2018-1000632 (dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection ...)
+	TODO: check
+CVE-2003-1605
+	RESERVED
 CVE-2018-15585
 	RESERVED
 CVE-2018-15584
@@ -24,7 +94,7 @@ CVE-2018-15574 (** DISPUTED ** An issue was discovered in the license editor in 
 	NOT-FOR-US: Reprise License Manager
 CVE-2018-15573 (** DISPUTED ** An issue was discovered in Reprise License Manager (RLM) ...)
 	NOT-FOR-US: Reprise License Manager
-CVE-2018-15594 [x86/paravirt: Fix spectre-v2 mitigations for paravirt guests]
+CVE-2018-15594 (arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles ...)
 	- linux 4.17.15-1
 	NOTE: https://twitter.com/grsecurity/status/1029324426142199808
 	NOTE: https://git.kernel.org/linus/5800dc5c19f34e6e03b5adab1282535cb102fafd
@@ -1322,7 +1392,7 @@ CVE-2018-14940 (PHPCMS 9 allows remote attackers to cause a denial of service (r
 	NOT-FOR-US: PHPCMS
 CVE-2018-14939 (The get_app_path function in desktop/unx/source/start.c in LibreOffice ...)
 	- libreoffice <not-affected> (Doesn't affect LibreOffice running on glibc)
-CVE-2018-1000637 [Heap-based buffer overflow in zutils zcat]
+CVE-2018-1000637 (zutils version prior to version 1.8-pre2 contains a Buffer Overflow ...)
 	- zutils 1.7-3 (bug #902936; bug #904819)
 	[stretch] - zutils <no-dsa> (Minor issue)
 	[jessie] - zutils <no-dsa> (Minor issue)
@@ -2972,6 +3042,7 @@ CVE-2018-14349 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before
 	NOTE: https://github.com/neomutt/neomutt/commit/36a29280448097f34ce9c94606195f2ac643fed1
 	NOTE: https://gitlab.com/muttmua/mutt/commit/9347b5c01dc52682cb6be11539d9b7ebceae4416
 CVE-2018-14348 (libcgroup up to and including 0.41 creates /var/log/cgred with mode ...)
+	{DLA-1472-1}
 	- libcgroup 0.41-8.1 (bug #906308)
 	NOTE: https://sourceforge.net/p/libcg/libcg/ci/0d88b73d189ea3440ccaab00418d6469f76fa590/
 CVE-2018-14347 (GNU Libextractor before 1.7 contains an infinite loop vulnerability in ...)
@@ -27827,8 +27898,8 @@ CVE-2018-5246 (In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTER
 	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/e59dc85e6ce58fd7618c3680b2a8def62050582f
 CVE-2018-5245
 	RESERVED
-CVE-2018-5243
-	RESERVED
+CVE-2018-5243 (The Symantec Encryption Management Server (SEMS) product, prior to ...)
+	TODO: check
 CVE-2018-5242 (Norton App Lock prior to version 1.3.0.329 can be susceptible to a ...)
 	NOT-FOR-US: Norton App Lock
 CVE-2018-5241 (Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, ...)
@@ -31932,7 +32003,7 @@ CVE-2018-3648
 CVE-2018-3647
 	RESERVED
 CVE-2018-3646 (Systems with microprocessors utilizing speculative execution and ...)
-	{DSA-4274-1}
+	{DSA-4279-1 DSA-4274-1}
 	- linux 4.17.15-1
 	- xen <unfixed>
 	- intel-microcode 3.20180703.1
@@ -32010,7 +32081,7 @@ CVE-2018-3622
 CVE-2018-3621
 	RESERVED
 CVE-2018-3620 (Systems with microprocessors utilizing speculative execution and ...)
-	{DSA-4274-1}
+	{DSA-4279-1 DSA-4274-1}
 	- linux 4.17.15-1
 	- xen <unfixed>
 	- intel-microcode 3.20180703.1
@@ -218899,8 +218970,7 @@ CVE-2011-2766 (The FCGI (aka Fast CGI) module 0.70 through 0.73 for Perl, as use
 	{DSA-2327-1}
 	- libfcgi-perl 0.73-2 (bug #607479)
 	[lenny] - libfcgi-perl <not-affected> (Introduced in 0.70)
-CVE-2011-2765 [pyro: insecure use of temporary pid file]
-	RESERVED
+CVE-2011-2765 (pyro before 3.15 unsafely handles pid files in temporary directory ...)
 	- pyro 1:3.14-1 (low; bug #631912)
 	[lenny] - pyro <no-dsa> (Minor issue)
 	[squeeze] - pyro <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6071ca1bae515999b8f65fbe5b44aee99458e938

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6071ca1bae515999b8f65fbe5b44aee99458e938
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180820/0db61087/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list