[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Dec 18 08:10:20 GMT 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d6224e92 by security tracker role at 2018-12-18T08:10:11Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2018-20199 (A NULL pointer dereference was discovered in ifilter_bank of ...)
+	TODO: check
+CVE-2018-20198 (A NULL pointer dereference was discovered in ifilter_bank of ...)
+	TODO: check
+CVE-2018-20197 (There is a stack-based buffer underflow in the third instance of the ...)
+	TODO: check
+CVE-2018-20196 (There is a stack-based buffer overflow in the third instance of the ...)
+	TODO: check
+CVE-2018-20195 (A NULL pointer dereference was discovered in ic_predict of ...)
+	TODO: check
+CVE-2018-20194 (There is a stack-based buffer underflow in the third instance of the ...)
+	TODO: check
+CVE-2018-20193
+	RESERVED
+CVE-2018-20192
+	RESERVED
+CVE-2018-20191
+	RESERVED
+CVE-2018-20190 (In LibSass 3.5.5, a NULL Pointer Dereference in the function ...)
+	TODO: check
+CVE-2018-20189 (In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has ...)
+	TODO: check
 CVE-2018-20188 (FUEL CMS 1.4.3 has CSRF via users/create/ to add an administrator ...)
 	NOT-FOR-US: FUEL CMS
 CVE-2018-20187
@@ -8061,6 +8083,7 @@ CVE-2018-19499 (Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code .
 CVE-2018-19498
 	RESERVED
 CVE-2018-19497 (In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in tsk/fs/hfs.c ...)
+	{DLA-1610-1}
 	- sleuthkit <unfixed> (low; bug #914796)
 	[stretch] - sleuthkit <no-dsa> (Minor issue)
 	NOTE: https://github.com/sleuthkit/sleuthkit/pull/1374
@@ -28064,7 +28087,7 @@ CVE-2018-11796 (In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansi
 	NOTE: https://issues.apache.org/jira/projects/TIKA/issues/TIKA-2727
 	NOTE: https://github.com/apache/tika/commit/86d4ba1e
 CVE-2018-11795
-	RESERVED
+	REJECTED
 CVE-2018-11794
 	RESERVED
 CVE-2018-11793
@@ -28174,6 +28197,7 @@ CVE-2018-11761 (In Apache Tika 0.1 to 1.18, the XML parsers were not configured
 CVE-2018-11760
 	RESERVED
 CVE-2018-11759 (The Apache Web Server (httpd) specific code that normalised the ...)
+	{DLA-1609-1}
 	- libapache-mod-jk 1:1.2.46-1
 	NOTE: https://tomcat.apache.org/security-jk.html#Fixed_in_Apache_Tomcat_JK_Connector_1.2.46
 	NOTE: https://www.immunit.ch/blog/2018/11/01/cve-2018-11759-apache-mod_jk-access-bypass/
@@ -38474,8 +38498,8 @@ CVE-2018-7835
 	RESERVED
 CVE-2018-7834
 	RESERVED
-CVE-2018-7833
-	RESERVED
+CVE-2018-7833 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...)
+	TODO: check
 CVE-2018-7832
 	RESERVED
 CVE-2018-7831 (An Improper Neutralization of Script-Related HTML Tags in a Web Page ...)
@@ -38516,8 +38540,8 @@ CVE-2018-7814
 	RESERVED
 CVE-2018-7813
 	RESERVED
-CVE-2018-7812
-	RESERVED
+CVE-2018-7812 (An Information Exposure through Discrepancy vulnerability exists in ...)
+	TODO: check
 CVE-2018-7811 (An Unverified Password Change vulnerability exists in the embedded web ...)
 	NOT-FOR-US: Modicon (Schneider Electric)
 CVE-2018-7810 (An Improper Neutralization of Input During Web Page Generation ...)
@@ -38532,8 +38556,8 @@ CVE-2018-7806 (Data Center Operation allows for the upload of a zip file from it
 	NOT-FOR-US: Data Center Operation
 CVE-2018-7805
 	RESERVED
-CVE-2018-7804
-	RESERVED
+CVE-2018-7804 (A URL Redirection to Untrusted Site vulnerability exists in the ...)
+	TODO: check
 CVE-2018-7803
 	RESERVED
 CVE-2018-7802
@@ -38546,8 +38570,8 @@ CVE-2018-7799 (A DLL hijacking vulnerability exists in Schneider Electric Softwa
 	NOT-FOR-US: Schneider Electric
 CVE-2018-7798 (A Insufficient Verification of Data Authenticity (CWE-345) ...)
 	NOT-FOR-US: Schneider
-CVE-2018-7797
-	RESERVED
+CVE-2018-7797 (A URL redirection vulnerability exists in Power Monitoring Expert, ...)
+	TODO: check
 CVE-2018-7796
 	RESERVED
 CVE-2018-7795 (A Cross Protocol Injection vulnerability exists in Schneider ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d6224e92fc58ad82d08947d55595d3a6d2ebbb4e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d6224e92fc58ad82d08947d55595d3a6d2ebbb4e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181218/d172d7ad/attachment.html>

More information about the debian-security-tracker-commits mailing list