[Git][security-tracker-team/security-tracker][master] automatic update

Fri Dec 14 08:10:24 GMT 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
df0f2b78 by security tracker role at 2018-12-14T08:10:17Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2018-20146
+	RESERVED
 CVE-2018-XXXX [Several security issues versions 3.8-5.0]
 	- wordpress <unfixed> (bug #916403)
 	NOTE: https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
@@ -48,8 +50,7 @@ CVE-2018-20123 [pvrdma: memory leakage in device hotplug]
 	- qemu <unfixed>
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02817.html
-CVE-2018-20145 [mosquitto acl bypass]
-	RESERVED
+CVE-2018-20145 (Eclipse Mosquitto 1.5.x before 1.5.5 allows ACL bypass: if the option ...)
 	- mosquitto 1.5.5-1
 	[stretch] - mosquitto <not-affected> (Only affects 1.5.x)
 	[jessie] - mosquitto <not-affected> (Only affects 1.5.x)
@@ -9854,16 +9855,16 @@ CVE-2018-18099
 	RESERVED
 CVE-2018-18098
 	RESERVED
-CVE-2018-18097
-	RESERVED
-CVE-2018-18096
-	RESERVED
+CVE-2018-18097 (Improper directory permissions in Intel Solid State Drive Toolbox ...)
+	TODO: check
+CVE-2018-18096 (Improper memory handling in Intel QuickAssist Technology for Linux ...)
+	TODO: check
 CVE-2018-18095
 	RESERVED
 CVE-2018-18094
 	RESERVED
-CVE-2018-18093
-	RESERVED
+CVE-2018-18093 (Improper file permissions in the installer for Intel VTune Amplifier ...)
+	TODO: check
 CVE-2018-18092
 	RESERVED
 CVE-2018-18091
@@ -12808,8 +12809,7 @@ CVE-2018-16873 [cmd/go: remote command execution during "go get -u"]
 	NOTE: https://github.com/golang/go/commit/90d609ba6156299642d08afc06d85ab770a03972 (1.10.6)
 	NOTE: https://github.com/golang/go/commit/7ef6ee2c5727f0d11206b4d1866c18e6ab4785be (1.10.6)
 	TODO: check other versions
-CVE-2018-16872 [usb-mtp: path traversal by host filesystem manipulation in Media Transfer Protocol (MTP)]
-	RESERVED
+CVE-2018-16872 (A flaw was found in qemu Media Transfer Protocol (MTP). The code ...)
 	- qemu <unfixed> (bug #916397)
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg03135.html
@@ -15717,12 +15717,12 @@ CVE-2018-15778
 	RESERVED
 CVE-2018-15777
 	RESERVED
-CVE-2018-15776
-	RESERVED
+CVE-2018-15776 (Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an ...)
+	TODO: check
 CVE-2018-15775
 	RESERVED
-CVE-2018-15774
-	RESERVED
+CVE-2018-15774 (Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 ...)
+	TODO: check
 CVE-2018-15773 (Dell Encryption (formerly Dell Data Protection | Encryption) v10.1.0 ...)
 	NOT-FOR-US: Dell
 CVE-2018-15772 (Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for ...)
@@ -15763,8 +15763,8 @@ CVE-2018-15756 (Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, .
 	NOTE: https://pivotal.io/security/cve-2018-15756
 CVE-2018-15755 (Cloud Foundry CF Networking Release, versions 2.11.0 prior to 2.16.0, ...)
 	NOT-FOR-US: Cloud Foundry
-CVE-2018-15754
-	RESERVED
+CVE-2018-15754 (Cloud Foundry UAA, all versions in v60.x, v61.x, v62.x, v63.x, and ...)
+	TODO: check
 CVE-2018-15753 (An issue was discovered in the MensaMax (aka com.breustedt.mensamax) ...)
 	NOT-FOR-US: MensaMax application for Android
 CVE-2018-15752 (An issue was discovered in the MensaMax (aka com.breustedt.mensamax) ...)
@@ -18546,8 +18546,7 @@ CVE-2018-14624 (A vulnerability was discovered in 389-ds-base through versions .
 	NOTE: https://pagure.io/389-ds-base/c/8ff8cb850 (master)
 	NOTE: https://pagure.io/389-ds-base/c/c5e78249d (389-ds-base-1.3.8)
 	NOTE: https://pagure.io/389-ds-base/c/9f28620d2 (389-ds-base-1.3.7)
-CVE-2018-14623
-	RESERVED
+CVE-2018-14623 (A SQL injection flaw was found in katello's errata-related API. An ...)
 	NOT-FOR-US: Katello
 CVE-2018-14622 (A null-pointer dereference vulnerability was found in libtirpc before ...)
 	{DLA-1487-1}
@@ -24924,8 +24923,8 @@ CVE-2018-12208
 	RESERVED
 CVE-2018-12207
 	RESERVED
-CVE-2018-12206
-	RESERVED
+CVE-2018-12206 (Improper configuration of hardware access in Intel QuickAssist ...)
+	TODO: check
 CVE-2018-12205
 	RESERVED
 CVE-2018-12204
@@ -39885,8 +39884,8 @@ CVE-2018-6709
 	RESERVED
 CVE-2018-6708
 	RESERVED
-CVE-2018-6707
-	RESERVED
+CVE-2018-6707 (Denial of Service through Resource Depletion vulnerability in the ...)
+	TODO: check
 CVE-2018-6706 (Insecure handling of temporary files in non-Windows McAfee Agent 5.0.0 ...)
 	NOT-FOR-US: McAfee
 CVE-2018-6705 (Privilege escalation vulnerability in McAfee Agent (MA) for Linux ...)
@@ -44128,8 +44127,8 @@ CVE-2018-5413
 	RESERVED
 CVE-2018-5412
 	RESERVED
-CVE-2018-5411
-	RESERVED
+CVE-2018-5411 (Pixar's Tractor software, versions 2.2 and earlier, contain a stored ...)
+	TODO: check
 CVE-2018-5410
 	RESERVED
 CVE-2018-5409
@@ -48800,10 +48799,10 @@ CVE-2018-3707
 	RESERVED
 CVE-2018-3706
 	RESERVED
-CVE-2018-3705
-	RESERVED
-CVE-2018-3704
-	RESERVED
+CVE-2018-3705 (Improper directory permissions in the installer for the Intel System ...)
+	TODO: check
+CVE-2018-3704 (Improper directory permissions in the installer for the Intel Parallel ...)
+	TODO: check
 CVE-2018-3703
 	RESERVED
 CVE-2018-3702



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/df0f2b78a113ff18affa4ebc95b3a82168e74f7b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/df0f2b78a113ff18affa4ebc95b3a82168e74f7b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181214/45ba0c83/attachment-0001.html>
