[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue May 29 09:10:29 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b3112d01 by security tracker role at 2018-05-29T08:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,41 @@
+CVE-2018-11536 (md4c before 0.2.5 has a heap-based buffer overflow because ...)
+	TODO: check
+CVE-2018-11535 (An issue was discovered in SITEMAKIN SLAC (Site Login and Access ...)
+	TODO: check
+CVE-2018-11534
+	RESERVED
+CVE-2018-11533
+	RESERVED
+CVE-2018-11532 (An issue was discovered in the ChangUonDyU Advanced Statistics plugin ...)
+	TODO: check
+CVE-2018-11531 (Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp. ...)
+	TODO: check
+CVE-2018-11530
+	RESERVED
+CVE-2018-11529
+	RESERVED
+CVE-2018-11528 (WUZHI CMS 4.1.0 has SQL Injection via an api/sms_check.php?param= URI. ...)
+	TODO: check
+CVE-2018-11527 (An issue was discovered in CScms v4.1. A Cross-site request forgery ...)
+	TODO: check
+CVE-2018-11526
+	RESERVED
+CVE-2018-11525
+	RESERVED
+CVE-2018-11524
+	RESERVED
+CVE-2018-11523 (upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such ...)
+	TODO: check
+CVE-2018-11522
+	RESERVED
+CVE-2018-11521
+	RESERVED
+CVE-2018-11520
+	RESERVED
+CVE-2018-11519
+	RESERVED
+CVE-2018-11518
+	RESERVED
 CVE-2018-11517 (mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a ...)
 	NOT-FOR-US: mySCADA myPRO
 CVE-2018-11516 (The vlc_demux_chained_Delete function in input/demux_chained.c in ...)
@@ -76,8 +114,8 @@ CVE-2018-11489 (The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibl
 	NOTE: https://github.com/pts/sam2p/issues/37
 	NOTE: Issue was reported against sam2p but issue is in dgif_lib.c from giflib.
 	TODO: check
-CVE-2018-11488
-	RESERVED
+CVE-2018-11488 (A stack exhaustion vulnerability in the search function of dtSearch ...)
+	TODO: check
 CVE-2018-11487 (PHPMyWind 5.5 has XSS via the cid parameter to newsshow.php, or the ...)
 	NOT-FOR-US: PHPMyWind
 CVE-2018-11486
@@ -394,6 +432,7 @@ CVE-2018-11364 (sav_parse_machine_integer_info_record in spss/readstat_sav_read.
 CVE-2018-11363 (jpeg_size in pdfgen.c in PDFGen before 2018-04-09 has a heap-based ...)
 	NOT-FOR-US: PDFGen
 CVE-2018-11362 (In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS ...)
+	{DLA-1388-1}
 	- wireshark <unfixed>
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14615
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f177008b04a530640de835ca878892e58b826d58
@@ -421,6 +460,7 @@ CVE-2018-11359 (In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=beaebe91b14564fb9f86f0726bab09927872721b
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-33.html
 CVE-2018-11358 (In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 ...)
+	{DLA-1388-1}
 	- wireshark <unfixed>
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14689
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=ccb1ac3c8cec47fbbbf2e80ced80644005c65252
@@ -5423,6 +5463,7 @@ CVE-2018-9271 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ...)
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5b0228945dc74ee82d2ab4a4e7af2bdfe7b75910
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
 CVE-2018-9270 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/oids.c has a ...)
+	{DLA-1388-1}
 	- wireshark 2.4.6-1 (low)
 	[stretch] - wireshark <no-dsa> (Minor issue)
 	[jessie] - wireshark <no-dsa> (Minor issue)
@@ -5430,6 +5471,7 @@ CVE-2018-9270 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/oids.c has 
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=0fbc50f9b9219be54d6db47f04b65af19696a7c7
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
 CVE-2018-9269 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ...)
+	{DLA-1388-1}
 	- wireshark 2.4.6-1 (low)
 	[stretch] - wireshark <no-dsa> (Minor issue)
 	[jessie] - wireshark <no-dsa> (Minor issue)
@@ -5437,6 +5479,7 @@ CVE-2018-9269 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ...)
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e19aba33026212cbe000ece633adf14d109489fa
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
 CVE-2018-9268 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ...)
+	{DLA-1388-1}
 	- wireshark 2.4.6-1 (low)
 	[stretch] - wireshark <no-dsa> (Minor issue)
 	[jessie] - wireshark <no-dsa> (Minor issue)
@@ -5475,6 +5518,7 @@ CVE-2018-9264 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissecto
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=0290a62be0fca8da9bb190f59dc1fe26c1d65024
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-16.html
 CVE-2018-9263 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector ...)
+	{DLA-1388-1}
 	- wireshark 2.4.6-1 (low)
 	[stretch] - wireshark <no-dsa> (Minor issue)
 	[jessie] - wireshark <no-dsa> (Minor issue)
@@ -5490,11 +5534,13 @@ CVE-2018-9262 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissect
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f05c3b91f9571210b86576ee6284e71a3306109d
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-19.html
 CVE-2018-9261 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissector ...)
+	{DLA-1388-1}
 	- wireshark 2.4.6-1
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14471
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=66bc372716e04d6a8afdf6712583c9b5d11fee55
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-18.html
 CVE-2018-9260 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 ...)
+	{DLA-1388-1}
 	- wireshark 2.4.6-1 (low)
 	[stretch] - wireshark <no-dsa> (Minor issue)
 	[jessie] - wireshark <no-dsa> (Minor issue)
@@ -5510,6 +5556,7 @@ CVE-2018-9259 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissecto
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2113179835b37549f245ac7c05ff2b96276893e4
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-15.html
 CVE-2018-9258 (In Wireshark 2.4.0 to 2.4.5, the TCP dissector could crash. This was ...)
+	{DLA-1388-1}
 	- wireshark 2.4.6-1 (low)
 	[stretch] - wireshark <no-dsa> (Minor issue)
 	[jessie] - wireshark <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b3112d0140968c725dcebafb02b0670ca225a7cc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b3112d0140968c725dcebafb02b0670ca225a7cc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180529/4f3ea068/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list