[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sat Dec 8 08:10:33 GMT 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9e7a6b7b by security tracker role at 2018-12-08T08:10:23Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,61 @@
+CVE-2018-19970
+ RESERVED
+CVE-2018-19969
+ RESERVED
+CVE-2018-19968
+ RESERVED
+CVE-2018-19959
+ RESERVED
+CVE-2018-19958
+ RESERVED
+CVE-2018-19957
+ RESERVED
+CVE-2018-19956
+ RESERVED
+CVE-2018-19955
+ RESERVED
+CVE-2018-19954
+ RESERVED
+CVE-2018-19953
+ RESERVED
+CVE-2018-19952
+ RESERVED
+CVE-2018-19951
+ RESERVED
+CVE-2018-19950
+ RESERVED
+CVE-2018-19949
+ RESERVED
+CVE-2018-19948
+ RESERVED
+CVE-2018-19947
+ RESERVED
+CVE-2018-19946
+ RESERVED
+CVE-2018-19945
+ RESERVED
+CVE-2018-19944
+ RESERVED
+CVE-2018-19943
+ RESERVED
+CVE-2018-19942
+ RESERVED
+CVE-2018-19941
+ RESERVED
+CVE-2018-19940
+ RESERVED
+CVE-2018-19939 (The Goodix GT9xx touchscreen driver for custom Linux kernels on Xiaomi ...)
+ TODO: check
+CVE-2018-19938
+ RESERVED
+CVE-2018-19937
+ RESERVED
+CVE-2018-19936
+ RESERVED
+CVE-2018-19934
+ RESERVED
+CVE-2018-19933
+ RESERVED
CVE-2019-1984
RESERVED
CVE-2019-1983
@@ -798,10 +856,10 @@ CVE-2019-1586
RESERVED
CVE-2019-1585
RESERVED
-CVE-2018-19960 [unsafe handling of /tmp file]
+CVE-2018-19960 (The debug_mode function in web/web.py in OnionShare through 1.3.1, when ...)
- onionshare <unfixed> (bug #915859)
[jessie] - onionshare <no-dsa> (contrib not supported)
-CVE-2018-19935 [null pointer dereference in imap_mail]
+CVE-2018-19935 (ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote ...)
- php7.3 7.3.0-1
- php7.2 <removed>
- php7.0 <removed>
@@ -4969,26 +5027,26 @@ CVE-2018-19368
RESERVED
CVE-2018-19367 (Portainer through 1.19.2 provides an API endpoint ...)
NOT-FOR-US: Portainer
-CVE-2018-19966 [XSA-280: Fix for XSA-240 conflicts with shadow paging]
+CVE-2018-19966 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...)
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-280.txt
-CVE-2018-19965 [XSA-279: x86: DoS from attempting to use INVPCID with a non-canonical addresses]
+CVE-2018-19965 (An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest ...)
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-279.txt
-CVE-2018-19964 [XSA-277: x86: incorrect error handling for guest p2m page removals]
+CVE-2018-19964 (An issue was discovered in Xen 4.11.x allowing x86 guest OS users to ...)
- xen <unfixed>
[stretch] - xen <not-affected> (Only affects 4.11)
[jessie] - xen <not-affected> (Only affects 4.11)
NOTE: https://xenbits.xen.org/xsa/advisory-277.txt
-CVE-2018-19963 [XSA-276: resource accounting issues in x86 IOREQ server handling]
+CVE-2018-19963 (An issue was discovered in Xen 4.11 allowing HVM guest OS users to ...)
- xen <unfixed>
[stretch] - xen <not-affected> (Only affects 4.11)
[jessie] - xen <not-affected> (Only affects 4.11)
NOTE: https://xenbits.xen.org/xsa/advisory-276.txt
-CVE-2018-19962 [XSA-275: improper large page mappings with AMD IOMMUs]
+CVE-2018-19962 (An issue was discovered in Xen through 4.11.x on AMD x86 platforms, ...)
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-275.txt
-CVE-2018-19961 [XSA-275: insufficient TLB flushing]
+CVE-2018-19961 (An issue was discovered in Xen through 4.11.x on AMD x86 platforms, ...)
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-275.txt
CVE-2018-19366
@@ -5155,7 +5213,7 @@ CVE-2018-19298
CVE-2018-19297
RESERVED
CVE-2018-19296 (PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object ...)
- {DLA-1591-1}
+ {DSA-4351-1 DLA-1591-1}
- libphp-phpmailer 5.2.14+dfsg-2.4 (bug #913912)
NOTE: https://github.com/PHPMailer/PHPMailer/commit/f1231a9771505f4f34da060390d82eadb8448271
CVE-2018-19295
@@ -5896,7 +5954,8 @@ CVE-2018-19117
RESERVED
CVE-2018-19116
RESERVED
-CVE-2018-19967 [XSA-282: guest use of HLE constructs may lock up host]
+CVE-2018-19967 (An issue was discovered in Xen through 4.11.x on Intel x86 platforms ...)
+ {DLA-1577-1}
- xen <unfixed>
[stretch] - xen <postponed> (Hold back until next DSA)
NOTE: https://xenbits.xen.org/xsa/advisory-282.txt
@@ -6177,8 +6236,8 @@ CVE-2018-19003
RESERVED
CVE-2018-19002
RESERVED
-CVE-2018-19001
- RESERVED
+CVE-2018-19001 (Philips HealthSuite Health Android App, all versions. The software ...)
+ TODO: check
CVE-2018-19000
RESERVED
CVE-2018-18999
@@ -7736,79 +7795,104 @@ CVE-2018-18360
RESERVED
CVE-2018-18359
RESERVED
+ {DSA-4352-1}
- chromium 71.0.3578.80-1
CVE-2018-18358
RESERVED
+ {DSA-4352-1}
- chromium 71.0.3578.80-1
CVE-2018-18357
RESERVED
+ {DSA-4352-1}
- chromium 71.0.3578.80-1
CVE-2018-18356
RESERVED
+ {DSA-4352-1}
- chromium 71.0.3578.80-1
CVE-2018-18355
RESERVED
+ {DSA-4352-1}
- chromium 71.0.3578.80-1
CVE-2018-18354
RESERVED
+ {DSA-4352-1}
- chromium 71.0.3578.80-1
CVE-2018-18353
RESERVED
+ {DSA-4352-1}
- chromium 71.0.3578.80-1
CVE-2018-18352
RESERVED
+ {DSA-4352-1}
- chromium 71.0.3578.80-1
CVE-2018-18351
RESERVED
+ {DSA-4352-1}
- chromium 71.0.3578.80-1
CVE-2018-18350
RESERVED
+ {DSA-4352-1}
- chromium 71.0.3578.80-1
CVE-2018-18349
RESERVED
+ {DSA-4352-1}
- chromium 71.0.3578.80-1
CVE-2018-18348
RESERVED
+ {DSA-4352-1}
- chromium 71.0.3578.80-1
CVE-2018-18347
RESERVED
+ {DSA-4352-1}
- chromium 71.0.3578.80-1
CVE-2018-18346
RESERVED
+ {DSA-4352-1}
- chromium 71.0.3578.80-1
CVE-2018-18345
RESERVED
+ {DSA-4352-1}
- chromium 71.0.3578.80-1
CVE-2018-18344
RESERVED
+ {DSA-4352-1}
- sqlite3 <undetermined>
- chromium 71.0.3578.80-1
CVE-2018-18343
RESERVED
+ {DSA-4352-1}
- chromium 71.0.3578.80-1
CVE-2018-18342
RESERVED
+ {DSA-4352-1}
- chromium 71.0.3578.80-1
CVE-2018-18341
RESERVED
+ {DSA-4352-1}
- chromium 71.0.3578.80-1
CVE-2018-18340
RESERVED
+ {DSA-4352-1}
- chromium 71.0.3578.80-1
CVE-2018-18339
RESERVED
+ {DSA-4352-1}
- chromium 71.0.3578.80-1
CVE-2018-18338
RESERVED
+ {DSA-4352-1}
- chromium 71.0.3578.80-1
CVE-2018-18337
RESERVED
+ {DSA-4352-1}
- chromium 71.0.3578.80-1
CVE-2018-18336
RESERVED
+ {DSA-4352-1}
- chromium 71.0.3578.80-1
CVE-2018-18335
RESERVED
+ {DSA-4352-1}
- chromium 71.0.3578.80-1
CVE-2018-18334
RESERVED
@@ -7850,15 +7934,13 @@ CVE-2018-18316 (emlog v6.0.0 has CSRF via the admin/user.php?action=new URI. ...
NOT-FOR-US: emlog
CVE-2018-18315 (com/mossle/cdn/CdnController.java in lemon 1.9.0 allows attackers to ...)
NOT-FOR-US: lemon, different from src:lemon
-CVE-2018-18314 [Heap-based buffer overflow]
- RESERVED
+CVE-2018-18314 (Perl before 5.26.3 has a buffer overflow via a crafted regular ...)
{DSA-4347-1}
- perl 5.28.0-3
[jessie] - perl <not-affected> (Vulnerable code introduced later)
NOTE: https://rt.perl.org/Ticket/Display.html?id=131649
NOTE: maint-5.28: https://perl5.git.perl.org/perl.git/commitdiff/19a498a461d7c81ae3507c450953d1148efecf4f
-CVE-2018-18313 [Heap-buffer-overflow read in regcomp.c]
- RESERVED
+CVE-2018-18313 (Perl before 5.26.3 has a buffer over-read via a crafted regular ...)
{DSA-4347-1}
- perl 5.28.0-3
[jessie] - perl <not-affected> (Vulnerable code introduced later)
@@ -7870,8 +7952,7 @@ CVE-2018-18312 (Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflo
[jessie] - perl <not-affected> (Vulnerable code introduced later)
NOTE: https://rt.perl.org/Ticket/Display.html?id=133423
NOTE: maint-5.28: https://perl5.git.perl.org/perl.git/commitdiff/9b0464aa670d0a59bda5b75d54f2a6b6f9d1288a
-CVE-2018-18311 [Integer overflow leading to buffer overflow and segmentation fault]
- RESERVED
+CVE-2018-18311 (Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via ...)
{DSA-4347-1 DLA-1601-1}
- perl 5.28.1-1
NOTE: https://rt.perl.org/Ticket/Display.html?id=133204
@@ -8992,8 +9073,8 @@ CVE-2018-17926
RESERVED
CVE-2018-17925 (Multiple instances of this vulnerability (Unsafe ActiveX Control ...)
NOT-FOR-US: Gigasoft
-CVE-2018-17924
- RESERVED
+CVE-2018-17924 (Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix ...)
+ TODO: check
CVE-2018-17923 (SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to ...)
NOT-FOR-US: SAGA1-L8B
CVE-2018-17922 (Circontrol CirCarLife all versions prior to 4.3.1, the PAP credentials ...)
@@ -9967,9 +10048,11 @@ CVE-2018-17482
RESERVED
CVE-2018-17481
RESERVED
+ {DSA-4352-1}
- chromium 71.0.3578.80-1
CVE-2018-17480
RESERVED
+ {DSA-4352-1}
- chromium 71.0.3578.80-1
CVE-2018-17479
RESERVED
@@ -11471,8 +11554,7 @@ CVE-2018-16862 (A security flaw was found in the Linux kernel in a way that the
NOTE: https://lore.kernel.org/patchwork/patch/1011367/
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649017
NOTE: Fixed by: https://git.kernel.org/linus/6ff38bd40230af35e446239396e5fc8ebd6a5248
-CVE-2018-16861
- RESERVED
+CVE-2018-16861 (A cross-site scripting (XSS) flaw was found in the foreman component ...)
- foreman <itp> (bug #663101)
CVE-2018-16860
RESERVED
@@ -15357,8 +15439,8 @@ CVE-2018-15364 (A Named Pipe Request Processing Out-of-Bounds Read Information .
NOT-FOR-US: Trend Micro
CVE-2018-15363 (An Out-of-Bounds Read Privilege Escalation vulnerability in Trend ...)
NOT-FOR-US: Trend Micro
-CVE-2018-15362
- RESERVED
+CVE-2018-15362 (XXE in GE Proficy Cimplicity GDS versions 9.0 R2, 9.5, 10.0 ...)
+ TODO: check
CVE-2018-15361
RESERVED
CVE-2018-15360 (An attacker without authentication can login with default credentials ...)
@@ -24217,8 +24299,8 @@ CVE-2018-11907 (In all android releases(Android for MSM, Firefox OS for MSM, QRD
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11906 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11905
- RESERVED
+CVE-2018-11905 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
+ TODO: check
CVE-2018-11904 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11903 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...)
@@ -30462,35 +30544,25 @@ CVE-2018-9580 (A Elevation of privilege vulnerability in the HTC bootloader. Pro
NOT-FOR-US: HTC
CVE-2018-9579
RESERVED
-CVE-2018-9578
- RESERVED
+CVE-2018-9578 (In ixheaacd_adts_crc_start_reg of ixheaacd_adts_crc_check.c, there is ...)
NOT-FOR-US: Android libxaac
-CVE-2018-9577
- RESERVED
+CVE-2018-9577 (In impd_parametric_drc_parse_gain_set_params of ...)
NOT-FOR-US: Android libxaac
-CVE-2018-9576
- RESERVED
+CVE-2018-9576 (In impd_parse_parametric_drc_instructions of impd_drc_static_payload.c ...)
NOT-FOR-US: Android libxaac
-CVE-2018-9575
- RESERVED
+CVE-2018-9575 (In impd_parse_dwnmix_instructions of impd_drc_static_payload.c there ...)
NOT-FOR-US: Android libxaac
-CVE-2018-9574
- RESERVED
+CVE-2018-9574 (In impd_parse_split_drc_characteristic of impd_drc_static_payload.c ...)
NOT-FOR-US: Android libxaac
-CVE-2018-9573
- RESERVED
+CVE-2018-9573 (In impd_parse_filt_block of impd_drc_dynamic_payload.c there is a ...)
NOT-FOR-US: Android libxaac
-CVE-2018-9572
- RESERVED
+CVE-2018-9572 (In impd_drc_parse_coeff of impd_drc_static_payload.c there is a ...)
NOT-FOR-US: Android libxaac
-CVE-2018-9571
- RESERVED
+CVE-2018-9571 (In impd_parse_loud_eq_instructions of impd_drc_dynamic_payload.c there ...)
NOT-FOR-US: Android libxaac
-CVE-2018-9570
- RESERVED
+CVE-2018-9570 (In impd_parse_drc_ext_v1 of impd_drc_dynamic_payload.c there is a ...)
NOT-FOR-US: Android libxaac
-CVE-2018-9569
- RESERVED
+CVE-2018-9569 (In impd_init_drc_decode_post_config of impd_drc_gain_decoder.c there ...)
NOT-FOR-US: Android libxaac
CVE-2018-9568 (In sk_clone_lock of sock.c, there is a possible memory corruption due ...)
- linux 4.13.10-1
@@ -30593,17 +30665,14 @@ CVE-2018-9521 (In parseMPEGCCData of NuPlayer2CCDecoder.cpp, there is a possible
NOT-FOR-US: Android Media Framework
CVE-2018-9520
RESERVED
-CVE-2018-9519
- RESERVED
+CVE-2018-9519 (In easelcomm_hw_build_scatterlist, there is a possible out of bounds ...)
NOT-FOR-US: Android kernel
-CVE-2018-9518 [NFC: llcp: Limit size of SDP URI]
- RESERVED
+CVE-2018-9518 (In nfc_llcp_build_sdreq_tlv of llcp_commands.c, there is a possible ...)
- linux 4.16.5-1
[stretch] - linux 4.9.107-1
[jessie] - linux 3.16.57-1
NOTE: Fixed by: https://git.kernel.org/linus/fe9c842695e26d8116b61b80bfb905356f07834b (4.16-rc3)
-CVE-2018-9517
- RESERVED
+CVE-2018-9517 (In pppol2tp_connect, there is possible memory corruption due to a use ...)
- linux 4.14.2-1
[jessie] - linux 3.16.51-1
NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f026bc29a8e093edfbb2a77700454b285c97e8ad
@@ -36471,8 +36540,8 @@ CVE-2018-7366
RESERVED
CVE-2018-7365
RESERVED
-CVE-2018-7364
- RESERVED
+CVE-2018-7364 (All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product Orange ...)
+ TODO: check
CVE-2018-7363 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted ...)
NOT-FOR-US: ZTE
CVE-2018-7362 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted ...)
@@ -37484,10 +37553,10 @@ CVE-2018-7082
RESERVED
CVE-2018-7081
RESERVED
-CVE-2018-7080
- RESERVED
-CVE-2018-7079
- RESERVED
+CVE-2018-7080 (A vulnerability exists in the firmware of embedded BLE radios that are ...)
+ TODO: check
+CVE-2018-7079 (Aruba ClearPass Policy Manager guest authorization failure. Certain ...)
+ TODO: check
CVE-2018-7078 (A remote code execution was identified in HPE Integrated Lights-Out 4 ...)
NOT-FOR-US: HPE
CVE-2018-7077 (A security vulnerability in HPE XP P9000 Command View Advanced Edition ...)
@@ -37510,16 +37579,16 @@ CVE-2018-7069 (HPE has identified a remote unauthenticated access to files ...)
NOT-FOR-US: HPE
CVE-2018-7068 (HPE has identified a remote HOST header attack vulnerability in HPE ...)
NOT-FOR-US: HPE
-CVE-2018-7067
- RESERVED
-CVE-2018-7066
- RESERVED
-CVE-2018-7065
- RESERVED
+CVE-2018-7067 (A Remote Authentication bypass in Aruba ClearPass Policy Manager leads ...)
+ TODO: check
+CVE-2018-7066 (An unauthenticated remote command execution exists in Aruba ClearPass ...)
+ TODO: check
+CVE-2018-7065 (An authenticated SQL injection vulnerability in Aruba ClearPass Policy ...)
+ TODO: check
CVE-2018-7064
RESERVED
-CVE-2018-7063
- RESERVED
+CVE-2018-7063 (In Aruba ClearPass, disabled API admins can still perform read/write ...)
+ TODO: check
CVE-2018-7062
RESERVED
CVE-2018-7061
@@ -38392,7 +38461,7 @@ CVE-2018-6757 (Privilege Escalation vulnerability in Microsoft Windows client in
NOT-FOR-US: McAfee True Key
CVE-2018-6756 (Authentication Abuse vulnerability in Microsoft Windows client in ...)
NOT-FOR-US: McAfee True Key
-CVE-2018-6755 (Weak Directory Permission Vulnerability in Microsoft Windows ...)
+CVE-2018-6755 (Weak Directory Permission Vulnerability in Microsoft Windows client ...)
NOT-FOR-US: McAfee True Key
CVE-2018-6754
RESERVED
@@ -41591,15 +41660,13 @@ CVE-2018-5818
RESERVED
CVE-2018-5817
RESERVED
-CVE-2018-5816 [Integer overflow in internal/dcraw_common.cpp:identify() allows for denial of service]
- RESERVED
+CVE-2018-5816 (An integer overflow error within the "identify()" function ...)
- libraw 0.18.13-1 (low)
[stretch] - libraw <not-affected> (Fix for CVE-2018-5804 not released in stretch)
[jessie] - libraw <not-affected> (Fix for CVE-2018-5804 not in jessie LTS)
NOTE: http://seclists.org/bugtraq/2018/Jul/58
NOTE: Issue caused by an incomplete fix for CVE-2018-5804
-CVE-2018-5815 [Integer overflow in internal/dcraw_common.cpp:parse_qt() allows for denial of service]
- RESERVED
+CVE-2018-5815 (An integer overflow error within the "parse_qt()" function ...)
- libraw 0.18.13-1 (low)
[stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
@@ -41610,54 +41677,46 @@ CVE-2018-5814 (In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and
[stretch] - linux 4.9.107-1
NOTE: https://git.kernel.org/linus/22076557b07c12086eeb16b8ce2b0b735f7a27e7
NOTE: https://git.kernel.org/linus/c171654caa875919be3c533d3518da8be5be966e
-CVE-2018-5813 [infinite loop in the parse_minolta function in dcraw/dcraw.c]
- RESERVED
+CVE-2018-5813 (An error within the "parse_minolta()" function (dcraw/dcraw.c) in ...)
- libraw 0.18.11-1 (low)
[stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-13/
-CVE-2018-5812 [NULL pointer dereference in nikon_coolscan_load_raw internal/dcraw_common.cpp]
- RESERVED
+CVE-2018-5812 (An error within the "nikon_coolscan_load_raw()" function ...)
- libraw 0.18.11-1
[stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/
-CVE-2018-5811 [out-of-bounds read in nikon_coolscan_load_raw internal/dcraw_common.cpp]
- RESERVED
+CVE-2018-5811 (An error within the "nikon_coolscan_load_raw()" function ...)
- libraw 0.18.11-1
[stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/
-CVE-2018-5810 [heap-based buffer overflow in rollei_load_raw internal/dcraw_common.cpp]
- RESERVED
+CVE-2018-5810 (An error within the "rollei_load_raw()" function ...)
- libraw 0.18.11-1
[stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/
-CVE-2018-5809
- RESERVED
-CVE-2018-5808
- RESERVED
-CVE-2018-5807 [out-of-bounds read in samsung_load_raw internal/dcraw_common.cpp]
- RESERVED
+CVE-2018-5809 (An error within the "LibRaw::parse_exif()" function ...)
+ TODO: check
+CVE-2018-5808 (An error within the "find_green()" function ...)
+ TODO: check
+CVE-2018-5807 (An error within the "samsung_load_raw()" function ...)
- libraw 0.18.11-1
[stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/
-CVE-2018-5806 [NULL pointer dereference in leaf_hdr_load_raw() function in internal/dcraw_common.cpp]
- RESERVED
+CVE-2018-5806 (An error within the "leaf_hdr_load_raw()" function ...)
- libraw 0.18.8-1 (low)
[stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-03
-CVE-2018-5805 [Stack-based buffer overflow in quicktake_100_load_raw() function in internal/dcraw_common.cpp]
- RESERVED
+CVE-2018-5805 (A boundary error within the "quicktake_100_load_raw()" function ...)
- libraw 0.18.8-1 (low)
[stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-03
-CVE-2018-5804 [type confusion error in identify() function in internal/dcraw_common.cpp]
- RESERVED
+CVE-2018-5804 (A type confusion error within the "identify()" function ...)
- libraw 0.18.8-1 (low)
[stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
@@ -41666,24 +41725,21 @@ CVE-2018-5803 (In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.1
{DSA-4188-1 DSA-4187-1 DLA-1369-1}
- linux 4.15.11-1
NOTE: Fixed by: https://git.kernel.org/linus/07f2c7ab6f8d0a7e7c5764c4e6cc9c52951b9d9c
-CVE-2018-5802 [Out-of-bounds read in kodak_radc_load_raw function internal/dcraw_common.cpp]
- RESERVED
+CVE-2018-5802 (An error within the "kodak_radc_load_raw()" function ...)
- libraw 0.18.7-1
[stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
[wheezy] - libraw <ignored> (Minor issue)
NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt
NOTE: https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4
-CVE-2018-5801 [NULL pointer dereference in LibRaw::unpack function src/libraw_cxx.cpp]
- RESERVED
+CVE-2018-5801 (An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) ...)
- libraw 0.18.7-1
[stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
[wheezy] - libraw <ignored> (Minor issue)
NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt
NOTE: https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4
-CVE-2018-5800 [Heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw function in internal/dcraw_common.cpp]
- RESERVED
+CVE-2018-5800 (An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" ...)
- libraw 0.18.7-1
[stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
@@ -52496,8 +52552,8 @@ CVE-2018-1922
RESERVED
CVE-2018-1921
RESERVED
-CVE-2018-1920
- RESERVED
+CVE-2018-1920 (IBM Marketing Platform 9.1.0, 9.1.2 and 10.1 is vulnerable to a XML ...)
+ TODO: check
CVE-2018-1919
RESERVED
CVE-2018-1918
@@ -52544,8 +52600,8 @@ CVE-2018-1898
RESERVED
CVE-2018-1897 (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5., and 11.1 ...)
NOT-FOR-US: IBM
-CVE-2018-1896
- RESERVED
+CVE-2018-1896 (IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host ...)
+ TODO: check
CVE-2018-1895
RESERVED
CVE-2018-1894
@@ -52570,8 +52626,8 @@ CVE-2018-1885
RESERVED
CVE-2018-1884 (IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0, and ...)
NOT-FOR-US: IBM Case Manager
-CVE-2018-1883
- RESERVED
+CVE-2018-1883 (A problem within the IBM MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, and 9.1.0.0 ...)
+ TODO: check
CVE-2018-1882
RESERVED
CVE-2018-1881
@@ -53010,8 +53066,8 @@ CVE-2018-1665
RESERVED
CVE-2018-1664 (IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 ...)
NOT-FOR-US: IBM
-CVE-2018-1663
- RESERVED
+CVE-2018-1663 (IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, 7.6, and 2018.4 could allow ...)
+ TODO: check
CVE-2018-1662
RESERVED
CVE-2018-1661
@@ -53488,8 +53544,8 @@ CVE-2018-1426 (IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, a
NOT-FOR-US: IBM
CVE-2018-1425 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses weaker ...)
NOT-FOR-US: IBM Security Guardium Big Data Intelligence
-CVE-2018-1424
- RESERVED
+CVE-2018-1424 (IBM Marketing Platform 9.1.0, 9.1.2, and 10.1 is vulnerable to a XML ...)
+ TODO: check
CVE-2018-1423 (IBM Jazz Foundation products could disclose sensitive information to ...)
NOT-FOR-US: IBM
CVE-2018-1422 (IBM Jazz Foundation products (IBM Rational DOORS Next Generation 5.0 ...)
@@ -58822,16 +58878,14 @@ CVE-2017-16911 (The vhci_hcd driver in the Linux Kernel before version 4.14.8 an
- linux 4.14.12-1
[stretch] - linux 4.9.80-1
NOTE: Fixed by: https://git.kernel.org/linus/2f2d0088eb93db5c649d2a5e34a3800a8a935fc5
-CVE-2017-16910
- RESERVED
+CVE-2017-16910 (An error within the "LibRaw::xtrans_interpolate()" function ...)
- libraw 0.18.6-1
[stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
[wheezy] - libraw <no-dsa> (Minor issue)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2017-19
NOTE: https://github.com/LibRaw/LibRaw/commit/2f59bac59dbcbf6bbcf01a9f3eed74307e96ca7e
-CVE-2017-16909
- RESERVED
+CVE-2017-16909 (An error related to the "LibRaw::panasonic_load_raw()" function ...)
- libraw 0.18.6-1
[stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
@@ -62499,8 +62553,8 @@ CVE-2017-15837 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android
NOT-FOR-US: Qualcomm components for Android
CVE-2017-15836 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-15835
- RESERVED
+CVE-2017-15835 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
+ TODO: check
CVE-2017-15834 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-15833 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
@@ -65442,8 +65496,8 @@ CVE-2017-14890 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android
NOT-FOR-US: Qualcomm components for Android
CVE-2017-14889 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-14888
- RESERVED
+CVE-2017-14888 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
+ TODO: check
CVE-2017-14887 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-14886
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9e7a6b7bfe292c29aaf9aec8ac79587a11605883
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9e7a6b7bfe292c29aaf9aec8ac79587a11605883
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181208/8042c8d1/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list