[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu Dec 27 08:10:26 GMT 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6907716c by security tracker role at 2018-12-27T08:10:18Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,10 +1,52 @@
+CVE-2018-20507
+	RESERVED
+CVE-2018-20506
+	RESERVED
+CVE-2018-20505
+	RESERVED
+CVE-2018-20504
+	RESERVED
+CVE-2018-20503
+	RESERVED
+CVE-2018-20502 (An issue was discovered in Bento4 1.5.1-627. There is an attempt at ...)
+	TODO: check
+CVE-2018-20501
+	RESERVED
+CVE-2018-20500
+	RESERVED
+CVE-2018-20499
+	RESERVED
+CVE-2018-20498
+	RESERVED
+CVE-2018-20497
+	RESERVED
+CVE-2018-20496
+	RESERVED
+CVE-2018-20495
+	RESERVED
+CVE-2018-20494
+	RESERVED
+CVE-2018-20493
+	RESERVED
+CVE-2018-20492
+	RESERVED
+CVE-2018-20491
+	RESERVED
+CVE-2018-20490
+	RESERVED
+CVE-2018-20489
+	RESERVED
+CVE-2018-20488
+	RESERVED
+CVE-2018-20487
+	RESERVED
 CVE-2018-20486 (MetInfo 6.x through 6.1.3 has XSS via the /admin/login/login_check.php ...)
 	NOT-FOR-US: MetInfo
 CVE-2018-20485 (Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in ...)
 	NOT-FOR-US: Zoho ManageEngine ADSelfService Plus
 CVE-2018-20484 (Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in ...)
 	NOT-FOR-US: Zoho ManageEngine ADSelfService Plus
-CVE-2018-20483 (set_file_metadata in xattr.c in GNU Wget through 1.20 stores a file's ...)
+CVE-2018-20483 (set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's ...)
 	- wget <unfixed> (bug #917375)
 	[stretch] - wget <not-affected> (Vulnerable code introduced in 1.19)
 	[jessie] - wget <not-affected> (Vulnerable code introduced in 1.19)
@@ -211,8 +253,8 @@ CVE-2018-20406 (Modules/_pickle.c in Python before 3.7.1 has an integer overflow
 	NOTE: https://github.com/python/cpython/commit/71a9c65e74a70b6ed39adc4ba81d311ac1aa2acc (3.6)
 CVE-2018-20405 (BigTree 4.3 allows full path disclosure via authenticated admin/news/ ...)
 	NOT-FOR-US: BigTree CMS
-CVE-2018-20404
-	RESERVED
+CVE-2018-20404 (ETK_E900.sys, a SmartETK driver for VIA Technologies EPIA-E900 system ...)
+	TODO: check
 CVE-2018-20403
 	RESERVED
 CVE-2018-20402 (Safe Software FME Server through 2018.1 creates and enables three ...)
@@ -837,8 +879,7 @@ CVE-2018-20219
 	RESERVED
 CVE-2018-20218
 	RESERVED
-CVE-2018-20217 [Ignore password attributes for S4U2Self requests]
-	RESERVED
+CVE-2018-20217 (A Reachable Assertion issue was discovered in the KDC in MIT Kerberos ...)
 	- krb5 <unfixed> (bug #917387)
 	NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763
 	NOTE: https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086
@@ -5421,8 +5462,7 @@ CVE-2018-19875
 	RESERVED
 CVE-2018-19874
 	RESERVED
-CVE-2018-19873 [QBmpHandler segfault on malformed BMP file]
-	RESERVED
+CVE-2018-19873 (An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer ...)
 	[experimental] - qtbase-opensource-src 5.11.3+dfsg-1
 	- qtbase-opensource-src 5.11.3+dfsg-2
 	[jessie] - qtbase-opensource-src <ignored> (Minor issue)
@@ -5432,8 +5472,7 @@ CVE-2018-19873 [QBmpHandler segfault on malformed BMP file]
 	NOTE: https://codereview.qt-project.org/#/c/238749/
 CVE-2018-19872
 	RESERVED
-CVE-2018-19871 [QImage: QTgaFile CPU exhaustion]
-	RESERVED
+CVE-2018-19871 (An issue was discovered in Qt before 5.11.3. There is QTgaFile ...)
 	- qtimageformats-opensource-src 5.11.3-2 (low)
 	[stretch] - qtimageformats-opensource-src <no-dsa> (Minor issue)
 	[jessie] - qtimageformats-opensource-src <postponed> (Minor issue)
@@ -5443,8 +5482,7 @@ CVE-2018-19871 [QImage: QTgaFile CPU exhaustion]
 	NOTE: https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
 	NOTE: https://codereview.qt-project.org/#/c/237761/
 	NOTE: qt4-x11 affected in src/plugins/imageformats/tga/qtgafile.cpp
-CVE-2018-19870 [Check for QImage allocation failure in qgifhandler]
-	RESERVED
+CVE-2018-19870 (An issue was discovered in Qt before 5.11.3. A malformed GIF image ...)
 	[experimental] - qtbase-opensource-src 5.11.3+dfsg-1
 	- qtbase-opensource-src 5.11.3+dfsg-2 (low)
 	[stretch] - qtbase-opensource-src <no-dsa> (Minor issue)
@@ -5456,8 +5494,7 @@ CVE-2018-19870 [Check for QImage allocation failure in qgifhandler]
 	NOTE: https://codereview.qt-project.org/#/c/235998/
 	NOTE: affected code can be in src/gui/image/qgifhandler.cpp or in
 	NOTE: src/plugins/imageformats/gif/qgifhandler.cpp depending on the version
-CVE-2018-19869 [Fix crash when parsing malformed url reference]
-	RESERVED
+CVE-2018-19869 (An issue was discovered in Qt before 5.11.3. A malformed SVG image ...)
 	[experimental] - qtsvg-opensource-src 5.11.3-1
 	- qtsvg-opensource-src 5.11.3-2 (low)
 	[stretch] - qtsvg-opensource-src <no-dsa> (Minor issue)
@@ -5647,8 +5684,8 @@ CVE-2018-19801
 	RESERVED
 CVE-2018-19800
 	RESERVED
-CVE-2018-19799
-	RESERVED
+CVE-2018-19799 (Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= ...)
+	TODO: check
 CVE-2018-19798
 	RESERVED
 CVE-2018-19797 (In LibSass 3.5.5, a NULL Pointer Dereference in the function ...)
@@ -6140,10 +6177,10 @@ CVE-2018-19618
 	RESERVED
 CVE-2018-19617
 	RESERVED
-CVE-2018-19616
-	RESERVED
-CVE-2018-19615
-	RESERVED
+CVE-2018-19616 (An issue was discovered in Rockwell Automation Allen-Bradley ...)
+	TODO: check
+CVE-2018-19615 (An issue was discovered in Rockwell Automation Allen-Bradley ...)
+	TODO: check
 CVE-2018-19614
 	RESERVED
 CVE-2018-19613
@@ -10183,8 +10220,8 @@ CVE-2018-19184 (cmd/evm/runner.go in Go Ethereum (aka geth) 1.8.17 allows attack
 	NOT-FOR-US: Go Ethereum
 CVE-2018-19183 (ethereumjs-vm 2.4.0 allows attackers to cause a denial of service ...)
 	NOT-FOR-US: ethereumjs-vm
-CVE-2018-19182
-	RESERVED
+CVE-2018-19182 (Engelsystem before commit hash 2e28336 allows CSRF. ...)
+	TODO: check
 CVE-2018-19181 (statics/ueditor/php/vendor/Local.class.php in YUNUCMS 1.1.5 allows ...)
 	NOT-FOR-US: YUNUCMS
 CVE-2018-19180 (statics/app/index/controller/Install.php in YUNUCMS 1.1.5 (if ...)
@@ -11736,12 +11773,12 @@ CVE-2018-18541 (In Teeworlds before 0.6.5, connection packets could be forged. T
 	NOTE: https://github.com/teeworlds/teeworlds/commit/f5fa1a92ed81ed8da721e803a036b1553a38e39e
 CVE-2018-18538
 	RESERVED
-CVE-2018-18537
-	RESERVED
-CVE-2018-18536
-	RESERVED
-CVE-2018-18535
-	RESERVED
+CVE-2018-18537 (The GLCKIo low-level driver in ASUS Aura Sync v1.07.22 and earlier ...)
+	TODO: check
+CVE-2018-18536 (The GLCKIo and Asusgio low-level drivers in ASUS Aura Sync v1.07.22 ...)
+	TODO: check
+CVE-2018-18535 (The Asusgio low-level driver in ASUS Aura Sync v1.07.22 and earlier ...)
+	TODO: check
 CVE-2018-18534
 	RESERVED
 CVE-2018-18533
@@ -13283,8 +13320,8 @@ CVE-2018-17989
 	RESERVED
 CVE-2018-17988
 	RESERVED
-CVE-2018-17987
-	RESERVED
+CVE-2018-17987 (The determineWinner function of a smart contract implementation for ...)
+	TODO: check
 CVE-2018-17986 (rars/user/data in razorCMS 3.4.8 allows CSRF for changing the password ...)
 	NOT-FOR-US: razorCMS
 CVE-2018-17985 (An issue was discovered in cp-demangle.c in GNU libiberty, as ...)
@@ -19567,8 +19604,7 @@ CVE-2018-15520
 	RESERVED
 CVE-2018-15519
 	RESERVED
-CVE-2018-15518 [Qt Base: "double free or corruption" in QXmlStreamReader]
-	RESERVED
+CVE-2018-15518 (QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption ...)
 	[experimental] - qtbase-opensource-src 5.11.3+dfsg-1
 	- qtbase-opensource-src 5.11.3+dfsg-2
 	[jessie] - qtbase-opensource-src <ignored> (Minor issue)
@@ -29251,10 +29287,10 @@ CVE-2018-11743 (The init_copy function in kernel.c in mruby 1.4.1 makes initiali
 	[jessie] - mruby <no-dsa> (Minor issue)
 	NOTE: https://github.com/mruby/mruby/commit/b64ce17852b180dfeea81cf458660be41a78974d
 	NOTE: https://github.com/mruby/mruby/issues/4027
-CVE-2018-11742
-	RESERVED
-CVE-2018-11741
-	RESERVED
+CVE-2018-11742 (NEC Univerge Sv9100 WebPro 6.00.00 devices have Cleartext Password ...)
+	TODO: check
+CVE-2018-11741 (NEC Univerge Sv9100 WebPro 6.00.00 devices have Predictable Session ...)
+	TODO: check
 CVE-2018-11740 (An issue was discovered in libtskbase.a in The Sleuth Kit (TSK) from ...)
 	- sleuthkit <unfixed> (low; bug #902187)
 	[stretch] - sleuthkit <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6907716ce60968bf824c62ae7b869a47b4c94931

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6907716ce60968bf824c62ae7b869a47b4c94931
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181227/30a42d0f/attachment.html>

More information about the debian-security-tracker-commits mailing list