[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon Nov 5 08:10:29 GMT 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a8ea0d18 by security tracker role at 2018-11-05T08:10:20Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,34 @@
-CVE-2018-18928 [integer-overflow in icu_63::number::impl::DecimalQuantity::toScientificString()]
+CVE-2018-18943
+	RESERVED
+CVE-2018-18942
+	RESERVED
+CVE-2018-18941
+	RESERVED
+CVE-2018-18940
+	RESERVED
+CVE-2018-18939
+	RESERVED
+CVE-2018-18938
+	RESERVED
+CVE-2018-18937
+	RESERVED
+CVE-2018-18936
+	RESERVED
+CVE-2018-18935
+	RESERVED
+CVE-2018-18934
+	RESERVED
+CVE-2018-18933
+	RESERVED
+CVE-2018-18932
+	RESERVED
+CVE-2018-18931
+	RESERVED
+CVE-2018-18930
+	RESERVED
+CVE-2018-18929
+	RESERVED
+CVE-2018-18928 (International Components for Unicode (ICU) for C/C++ 63.1 has an ...)
 	- icu <unfixed>
 	NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=900059
 	NOTE: Fixed by: https://github.com/unicode-org/icu/commit/53d8c8f3d181d87a6aa925b449b51c4a2c922a51
@@ -231,6 +261,7 @@ CVE-2018-18821
 	RESERVED
 CVE-2018-18820 [buffer overflow in url-auth]
 	RESERVED
+	{DSA-4333-1}
 	- icecast2 2.4.4-1 (bug #912611)
 	NOTE: https://www.openwall.com/lists/oss-security/2018/11/01/3
 	NOTE: https://gitlab.xiph.org/xiph/icecast-server/issues/2342
@@ -32306,6 +32337,7 @@ CVE-2018-6587 (CA API Developer Portal 3.5 up to and including 3.5 CR6 has a ...
 CVE-2018-6586 (CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored ...)
 	NOT-FOR-US: CA API Developer Portal
 CVE-2018-1000040 (In MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs ...)
+	{DSA-4334-1}
 	- mupdf 1.13.0+ds1-1
 	[jessie] - mupdf <not-affected> (vulnerable code not present)
 	[wheezy] - mupdf <not-affected> (vulnerable code not present)
@@ -32334,6 +32366,7 @@ CVE-2018-1000038 (In MuPDF 1.12.0 and earlier, a stack buffer overflow in functi
 	NOTE: http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=71ceebcf56e682504da22c4035b39a2d451e8ffd;hp=7f82c01523505052615492f8e220f4348ba46995
 	NOTE: http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=f597300439e62f5e921f0d7b1e880b5c1a1f1607;hp=093fc3b098dc5fadef5d8ad4b225db9fb124758b
 CVE-2018-1000037 (In MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF ...)
+	{DSA-4334-1}
 	- mupdf 1.13.0+ds1-1
 	[jessie] - mupdf <not-affected> (vulnerable code not present)
 	[wheezy] - mupdf <not-affected> (vulnerable code not present)
@@ -33562,6 +33595,7 @@ CVE-2018-6194 (A cross-site scripting (XSS) vulnerability in ...)
 CVE-2018-6193 (A Cross-Site Scripting (XSS) vulnerability was found in Routers2 2.24, ...)
 	NOT-FOR-US: Routers2
 CVE-2018-6192 (In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in ...)
+	{DSA-4334-1}
 	- mupdf 1.13.0+ds1-1 (bug #888487)
 	[jessie] - mupdf <no-dsa> (Minor issue)
 	[wheezy] - mupdf <no-dsa> (Minor issue)
@@ -33607,6 +33641,7 @@ CVE-2018-6188 (django.contrib.auth.forms.AuthenticationForm in Django 2.0 before
 	[wheezy] - python-django <not-affected> (Issue introduced in 1.11.8 and 2.0)
 	NOTE: https://www.djangoproject.com/weblog/2018/feb/01/security-releases/
 CVE-2018-6187 (In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow ...)
+	{DSA-4334-1}
 	- mupdf 1.13.0+ds1-1 (bug #888464)
 	[jessie] - mupdf <no-dsa> (Minor issue)
 	[wheezy] - mupdf <ignored> (Most likely not affected, minor issue)
@@ -35562,6 +35597,7 @@ CVE-2018-5688 (ILIAS before 5.2.4 has XSS via the cmd parameter to the displayHe
 CVE-2018-5687 (NewsBee allows XSS via the Company Name field in the Settings under ...)
 	NOT-FOR-US: NewsBee CMS
 CVE-2018-5686 (In MuPDF 1.12.0, there is an infinite loop vulnerability and ...)
+	{DSA-4334-1}
 	- mupdf 1.13.0+ds1-1 (bug #887130)
 	[jessie] - mupdf <no-dsa> (Minor issue)
 	[wheezy] - mupdf <no-dsa> (Minor issue)
@@ -41339,6 +41375,7 @@ CVE-2017-17868 (In Liferay Portal 6.1.0, the tags section has XSS via a Public R
 CVE-2017-17867 (Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users ...)
 	NOT-FOR-US: Inteno iopsys
 CVE-2017-17866 (pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain ...)
+	{DSA-4334-1}
 	- mupdf 1.12.0+ds1-1 (bug #885120)
 	[jessie] - mupdf <no-dsa> (Minor issue)
 	[wheezy] - mupdf <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a8ea0d1888ff58b3629465aaf3b06e9204fa0f88

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a8ea0d1888ff58b3629465aaf3b06e9204fa0f88
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181105/c3888dc5/attachment.html>

More information about the debian-security-tracker-commits mailing list