[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat May 26 09:10:23 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d53dd174 by security tracker role at 2018-05-26T08:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,7 @@
+CVE-2018-11482
+	RESERVED
+CVE-2018-11481
+	RESERVED
 CVE-2018-11480
 	RESERVED
 CVE-2018-11479 (The VPN component in Windscribe 1.81 uses the OpenVPN client for ...)
@@ -1320,7 +1324,7 @@ CVE-2017-18267 (The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppl
 	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103238
 	NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=60b4fe65bc9dc9b82bbadf0be2e3781be796a13d
 CVE-2017-18266 (The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not ...)
-	{DLA-1384-1}
+	{DSA-4211-1 DLA-1384-1}
 	- xdg-utils 1.1.3-1 (bug #898317)
 	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103807
 	NOTE: Upstream bug discussed possible other approach to fix the issue.
@@ -5720,6 +5724,7 @@ CVE-2018-9133 (ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLab
 	NOTE: IM6: https://github.com/ImageMagick/ImageMagick/commit/089fca04e0130549fa15f48ace3f56e30a06049a
 	NOTE: IM7: https://github.com/ImageMagick/ImageMagick/commit/19b96ba61431914e2ac316b72c0789965f2b7c09
 CVE-2018-9132 (libming 0.4.8 has a NULL pointer dereference in the getInt function of ...)
+	{DLA-1386-1}
 	- ming <removed>
 	NOTE: https://github.com/libming/libming/issues/133
 CVE-2018-9131 (Reaper 5.78 suffers from a local buffer overflow that allows code ...)
@@ -6020,6 +6025,7 @@ CVE-2018-9011
 CVE-2018-9010 (Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 devices allow remote ...)
 	NOT-FOR-US: Intelbras
 CVE-2018-9009 (In libming 0.4.8, there is a use-after-free in the decompileJUMP ...)
+	{DLA-1386-1}
 	- ming <removed>
 	NOTE: https://github.com/libming/libming/issues/131
 CVE-2018-9008
@@ -8779,6 +8785,7 @@ CVE-2018-7877 (There is a heap-based buffer overflow in the getString function o
 	[wheezy] - ming 1:0.4.4-1.1+deb7u8
 	NOTE: https://github.com/libming/libming/issues/110
 CVE-2018-7876 (In libming 0.4.8, a memory exhaustion vulnerability was found in the ...)
+	{DLA-1386-1}
 	- ming <removed>
 	NOTE: https://github.com/libming/libming/issues/109
 CVE-2018-7875 (There is a heap-based buffer over-read in the getString function of ...)
@@ -8790,6 +8797,7 @@ CVE-2018-7874 (An invalid memory address dereference was discovered in strlenext
 	[wheezy] - ming 1:0.4.4-1.1+deb7u8
 	NOTE: https://github.com/libming/libming/issues/115
 CVE-2018-7873 (There is a heap-based buffer overflow in the getString function of ...)
+	{DLA-1386-1}
 	- ming <removed>
 	NOTE: https://github.com/libming/libming/issues/111
 CVE-2018-7872 (An invalid memory address dereference was discovered in the function ...)
@@ -8817,6 +8825,7 @@ CVE-2018-7867 (There is a heap-based buffer overflow in the getString function o
 	- ming <removed>
 	NOTE: https://github.com/libming/libming/issues/116
 CVE-2018-7866 (A NULL pointer dereference was discovered in newVar3 in ...)
+	{DLA-1386-1}
 	- ming <removed>
 	NOTE: https://github.com/libming/libming/issues/118
 CVE-2018-7865
@@ -10154,7 +10163,7 @@ CVE-2018-7451
 	RESERVED
 CVE-2018-7450
 	RESERVED
-CVE-2018-7449 (SEGGER FTP Server for Windows before 3.22a allows remote attackers to ...)
+CVE-2018-7449 (Free SEGGER embOS/IP FTP Server Utility 3.22 (not to be mistaken with the embOS/IP FTP Server add-on that is used by the utility) allows remote attackers to cause a denial of service (daemon crash) via an invalid LIST, STOR, or RETR command. ...)
 	NOT-FOR-US: SEGGER embOS/IP FTP Server
 CVE-2018-7448 (Remote code execution vulnerability in ...)
 	NOT-FOR-US: CMS Made Simple



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d53dd1748404649fbd7fef61a105c90d0e41c9eb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d53dd1748404649fbd7fef61a105c90d0e41c9eb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180526/20fb7faf/attachment.html>

More information about the debian-security-tracker-commits mailing list