[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu May 31 21:10:28 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
54a447f9 by security tracker role at 2018-05-31T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,89 @@
+CVE-2018-11628
+ RESERVED
+CVE-2018-11627 (Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs ...)
+ TODO: check
+CVE-2018-11626 (SELA (aka SimplE Lossless Audio) v0.1.2-alpha has a stack-based buffer ...)
+ TODO: check
+CVE-2018-11625 (In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file ...)
+ TODO: check
+CVE-2018-11624 (In ImageMagick 7.0.7-36 Q16, the ReadMATImage function in coders/mat.c ...)
+ TODO: check
+CVE-2018-11623
+ RESERVED
+CVE-2018-11622
+ RESERVED
+CVE-2018-11621
+ RESERVED
+CVE-2018-11620
+ RESERVED
+CVE-2018-11619
+ RESERVED
+CVE-2018-11618
+ RESERVED
+CVE-2018-11617
+ RESERVED
+CVE-2018-11616
+ RESERVED
+CVE-2018-11615
+ RESERVED
+CVE-2018-11614
+ RESERVED
+CVE-2018-11613
+ RESERVED
+CVE-2018-11612
+ RESERVED
+CVE-2018-11611
+ RESERVED
+CVE-2018-11610
+ RESERVED
+CVE-2018-11609
+ RESERVED
+CVE-2018-11608
+ RESERVED
+CVE-2018-11607
+ RESERVED
+CVE-2018-11606
+ RESERVED
+CVE-2018-11605
+ RESERVED
+CVE-2018-11604
+ RESERVED
+CVE-2018-11603
+ RESERVED
+CVE-2018-11602
+ RESERVED
+CVE-2018-11601
+ RESERVED
+CVE-2018-11600
+ RESERVED
+CVE-2018-11599
+ RESERVED
+CVE-2018-11598 (Espruino before 1.99 allows attackers to cause a denial of service ...)
+ TODO: check
+CVE-2018-11597 (Espruino before 1.99 allows attackers to cause a denial of service ...)
+ TODO: check
+CVE-2018-11596 (Espruino before 1.99 allows attackers to cause a denial of service ...)
+ TODO: check
+CVE-2018-11595 (Espruino before 1.99 allows attackers to cause a denial of service ...)
+ TODO: check
+CVE-2018-11594 (Espruino before 1.99 allows attackers to cause a denial of service ...)
+ TODO: check
+CVE-2018-11593 (Espruino before 1.99 allows attackers to cause a denial of service ...)
+ TODO: check
+CVE-2018-11592 (Espruino before 1.98 allows attackers to cause a denial of service ...)
+ TODO: check
+CVE-2018-11591 (Espruino before 1.98 allows attackers to cause a denial of service ...)
+ TODO: check
+CVE-2018-11590 (Espruino before 1.99 allows attackers to cause a denial of service ...)
+ TODO: check
+CVE-2018-11589
+ RESERVED
+CVE-2018-11588
+ RESERVED
+CVE-2018-11587
+ RESERVED
+CVE-2018-11586
+ RESERVED
CVE-2018-11585
RESERVED
CVE-2018-11584
@@ -978,8 +1064,8 @@ CVE-2018-11222
RESERVED
CVE-2018-11221
RESERVED
-CVE-2018-11220
- RESERVED
+CVE-2018-11220 (Bitmain Antminer D3, L3+, and S9 devices allow Remote Command ...)
+ TODO: check
CVE-2018-11219
RESERVED
CVE-2018-11218
@@ -1157,28 +1243,28 @@ CVE-2018-11144
RESERVED
CVE-2018-11143
RESERVED
-CVE-2018-11142
- RESERVED
-CVE-2018-11141
- RESERVED
-CVE-2018-11140
- RESERVED
-CVE-2018-11139
- RESERVED
-CVE-2018-11138
- RESERVED
-CVE-2018-11137
- RESERVED
-CVE-2018-11136
- RESERVED
-CVE-2018-11135
- RESERVED
-CVE-2018-11134
- RESERVED
-CVE-2018-11133
- RESERVED
-CVE-2018-11132
- RESERVED
+CVE-2018-11142 (The 'systemui/settings_network.php' and ...)
+ TODO: check
+CVE-2018-11141 (The 'IMAGES_JSON' and 'attachments_to_remove[]' parameters of the ...)
+ TODO: check
+CVE-2018-11140 (The 'reportID' parameter received by the '/common/run_report.php' ...)
+ TODO: check
+CVE-2018-11139 (The '/common/ajax_email_connection_test.php' script in the Quest KACE ...)
+ TODO: check
+CVE-2018-11138 (The '/common/download_agent_installer.php' script in the Quest KACE ...)
+ TODO: check
+CVE-2018-11137 (The 'checksum' parameter of the '/common/download_attachment.php' ...)
+ TODO: check
+CVE-2018-11136 (The 'orgID' parameter received by the ...)
+ TODO: check
+CVE-2018-11135 (The script '/adminui/error_details.php' in the Quest KACE System ...)
+ TODO: check
+CVE-2018-11134 (In order to perform actions that requires higher privileges, the Quest ...)
+ TODO: check
+CVE-2018-11133 (The 'fmt' parameter of the '/common/run_cross_report.php' script in the ...)
+ TODO: check
+CVE-2018-11132 (In order to perform actions that require higher privileges, the Quest ...)
+ TODO: check
CVE-2018-11131
RESERVED
CVE-2018-11130 (The header::add_FORMAT_descriptor function in header.cpp in VCFtools ...)
@@ -1397,8 +1483,8 @@ CVE-2018-11038
CVE-2018-11037 (In Exiv2 0.26, the Exiv2::PngImage::printStructure function in ...)
- exiv2 <unfixed>
NOTE: https://github.com/Exiv2/exiv2/issues/307
-CVE-2018-11036
- RESERVED
+CVE-2018-11036 (Ruckus SmartZone (formerly Virtual SmartCell Gateway or vSCG) 3.5.0, ...)
+ TODO: check
CVE-2018-11035 (In 2345 Security Guard 3.7, the driver file (2345NsProtect.sys, X64 ...)
NOT-FOR-US: 2345 Security Guard
CVE-2018-11034 (In 2345 Security Guard 3.7, the driver file (2345NsProtect.sys, X64 ...)
@@ -5418,30 +5504,30 @@ CVE-2018-9324
REJECTED
CVE-2018-9323
REJECTED
-CVE-2018-9322
- RESERVED
+CVE-2018-9322 (The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW ...)
+ TODO: check
CVE-2018-9321
REJECTED
-CVE-2018-9320
- RESERVED
+CVE-2018-9320 (The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW ...)
+ TODO: check
CVE-2018-9319
REJECTED
-CVE-2018-9318
- RESERVED
+CVE-2018-9318 (The Telematics Control Unit (aka Telematic Communication Box or TCB), ...)
+ TODO: check
CVE-2018-9317
REJECTED
CVE-2018-9316
REJECTED
CVE-2018-9315
REJECTED
-CVE-2018-9314
- RESERVED
-CVE-2018-9313
- RESERVED
-CVE-2018-9312
- RESERVED
-CVE-2018-9311
- RESERVED
+CVE-2018-9314 (The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW ...)
+ TODO: check
+CVE-2018-9313 (The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW ...)
+ TODO: check
+CVE-2018-9312 (The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW ...)
+ TODO: check
+CVE-2018-9311 (The Telematics Control Unit (aka Telematic Communication Box or TCB), ...)
+ TODO: check
CVE-2018-1000155 (OpenFlow version 1.0 onwards contains a Denial of Service and Improper ...)
NOT-FOR-US: Flaw in the OpenFlow protocol
CVE-2018-1000154 (Zammad GmbH Zammad version 2.3.0 and earlier contains a Improper ...)
@@ -6034,7 +6120,8 @@ CVE-2018-9132 (libming 0.4.8 has a NULL pointer dereference in the getInt functi
{DLA-1386-1}
- ming <removed>
NOTE: https://github.com/libming/libming/issues/133
-CVE-2018-9131 (Reaper 5.78 suffers from a local buffer overflow that allows code ...)
+CVE-2018-9131
+ REJECTED
NOT-FOR-US: Reaper
CVE-2018-9130 (IBOS 4.4.3 has XSS via a company full name. ...)
NOT-FOR-US: IBOS
@@ -16834,8 +16921,7 @@ CVE-2018-5390
RESERVED
CVE-2018-5389
RESERVED
-CVE-2018-5388 [buffer underflow in charon IKE daemon]
- RESERVED
+CVE-2018-5388 (In stroke_socket.c in strongSwan before 5.6.3, a missing packet length ...)
- strongswan <unfixed>
[stretch] - strongswan <no-dsa> (needs root priv for access to the stroke socket)
[jessie] - strongswan <no-dsa> (needs root priv for access to the stroke socket)
@@ -28726,35 +28812,35 @@ CVE-2018-1127
RESERVED
NOT-FOR-US: tendrl-api
CVE-2018-1126 (procps-ng before version 3.3.15 is vulnerable to an incorrect integer ...)
- {DSA-4208-1}
+ {DSA-4208-1 DLA-1390-1}
- procps 2:3.3.15-1 (bug #899170)
NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
NOTE: Patch: 0035-proc-alloc.-Use-size_t-not-unsigned-int.patch
NOTE: https://gitlab.com/procps-ng/procps/commit/f1077b7a558a5545837aae068422e58f1f9b1d33
CVE-2018-1125 (procps-ng before version 3.3.15 is vulnerable to a stack buffer ...)
- {DSA-4208-1}
+ {DSA-4208-1 DLA-1390-1}
- procps 2:3.3.15-1 (bug #899170)
NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
NOTE: Patch: 0008-pgrep-Prevent-a-potential-stack-based-buffer-overflo.patch
NOTE: https://gitlab.com/procps-ng/procps/commit/b51ca2a1f8ca779f7632ade6a0a259ed882fa584
CVE-2018-1124 (procps-ng before version 3.3.15 is vulnerable to multiple integer ...)
- {DSA-4208-1}
+ {DSA-4208-1 DLA-1390-1}
- procps 2:3.3.15-1 (bug #899170)
NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
NOTE: Patch: 0074-proc-readproc.c-Fix-bugs-and-overflows-in-file2strve.patch
NOTE: https://gitlab.com/procps-ng/procps/commit/36c350f07c75aabf747fb833f52a234ae5781b20
CVE-2018-1123 (procps-ng before version 3.3.15 is vulnerable to a denial of service ...)
- {DSA-4208-1}
+ {DSA-4208-1 DLA-1390-1}
- procps 2:3.3.15-1 (bug #899170)
NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
NOTE: Patch: 0054-ps-output.c-Fix-outbuf-overflows-in-pr_args-etc.patch
NOTE: https://gitlab.com/procps-ng/procps/commit/136e3724952827bbae8887a42d9d2b6f658a48ab
CVE-2018-1122 (procps-ng before version 3.3.15 is vulnerable to a local privilege ...)
- {DSA-4208-1}
+ {DSA-4208-1 DLA-1390-1}
- procps 2:3.3.15-1 (bug #899170)
NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/54a447f9f4bce189fc702e0257c5b434c8788590
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/54a447f9f4bce189fc702e0257c5b434c8788590
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180531/538a72fa/attachment.html>
More information about the debian-security-tracker-commits
mailing list