[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Nov 6 20:10:54 GMT 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
09c15896 by security tracker role at 2018-11-06T20:10:26Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,141 @@
+CVE-2018-19048
+ RESERVED
+CVE-2018-19047
+ RESERVED
+CVE-2018-19046
+ RESERVED
+CVE-2018-19045
+ RESERVED
+CVE-2018-19044
+ RESERVED
+CVE-2018-19043
+ RESERVED
+CVE-2018-19042
+ RESERVED
+CVE-2018-19041
+ RESERVED
+CVE-2018-19040
+ RESERVED
+CVE-2018-19039
+ RESERVED
+CVE-2018-19038
+ RESERVED
+CVE-2018-19037
+ RESERVED
+CVE-2018-19036
+ RESERVED
+CVE-2018-19035
+ RESERVED
+CVE-2018-19034
+ RESERVED
+CVE-2018-19033
+ RESERVED
+CVE-2018-19032
+ RESERVED
+CVE-2018-19031
+ RESERVED
+CVE-2018-19030
+ RESERVED
+CVE-2018-19029
+ RESERVED
+CVE-2018-19028
+ RESERVED
+CVE-2018-19027
+ RESERVED
+CVE-2018-19026
+ RESERVED
+CVE-2018-19025
+ RESERVED
+CVE-2018-19024
+ RESERVED
+CVE-2018-19023
+ RESERVED
+CVE-2018-19022
+ RESERVED
+CVE-2018-19021
+ RESERVED
+CVE-2018-19020
+ RESERVED
+CVE-2018-19019
+ RESERVED
+CVE-2018-19018
+ RESERVED
+CVE-2018-19017
+ RESERVED
+CVE-2018-19016
+ RESERVED
+CVE-2018-19015
+ RESERVED
+CVE-2018-19014
+ RESERVED
+CVE-2018-19013
+ RESERVED
+CVE-2018-19012
+ RESERVED
+CVE-2018-19011
+ RESERVED
+CVE-2018-19010
+ RESERVED
+CVE-2018-19009
+ RESERVED
+CVE-2018-19008
+ RESERVED
+CVE-2018-19007
+ RESERVED
+CVE-2018-19006
+ RESERVED
+CVE-2018-19005
+ RESERVED
+CVE-2018-19004
+ RESERVED
+CVE-2018-19003
+ RESERVED
+CVE-2018-19002
+ RESERVED
+CVE-2018-19001
+ RESERVED
+CVE-2018-19000
+ RESERVED
+CVE-2018-18999
+ RESERVED
+CVE-2018-18998
+ RESERVED
+CVE-2018-18997
+ RESERVED
+CVE-2018-18996
+ RESERVED
+CVE-2018-18995
+ RESERVED
+CVE-2018-18994
+ RESERVED
+CVE-2018-18993
+ RESERVED
+CVE-2018-18992
+ RESERVED
+CVE-2018-18991
+ RESERVED
+CVE-2018-18990
+ RESERVED
+CVE-2018-18989
+ RESERVED
+CVE-2018-18988
+ RESERVED
+CVE-2018-18987
+ RESERVED
+CVE-2018-18986
+ RESERVED
+CVE-2018-18985
+ RESERVED
+CVE-2018-18984
+ RESERVED
+CVE-2018-18983
+ RESERVED
+CVE-2018-18982
+ RESERVED
+CVE-2018-18981
+ RESERVED
+CVE-2014-10077 (Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 ...)
+ TODO: check
CVE-2018-18980 (An XML External Entity injection (XXE) vulnerability exists in Zoho ...)
NOT-FOR-US: Zoho ManageEngine Network Configuration Manager and OpManager
CVE-2018-18979
@@ -3666,6 +3804,7 @@ CVE-2018-17473
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17472
RESERVED
+ {DSA-4330-1}
- chromium-browser 70.0.3538.67-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17471
@@ -4371,8 +4510,8 @@ CVE-2018-17186
RESERVED
CVE-2018-17185
RESERVED
-CVE-2018-17184
- RESERVED
+CVE-2018-17184 (A malicious user with enough administration entitlements can inject ...)
+ TODO: check
CVE-2018-17182 (An issue was discovered in the Linux kernel through 4.18.8. The ...)
{DSA-4308-1 DLA-1531-1 DLA-1529-1}
- linux 4.18.10-1
@@ -4849,8 +4988,8 @@ CVE-2018-16988
RESERVED
CVE-2018-16987 (Squash TM through 1.18.0 presents the cleartext passwords of external ...)
NOT-FOR-US: Squash TM
-CVE-2018-16986
- RESERVED
+CVE-2018-16986 (Texas Instruments BLE-STACK v2.2.1 for SimpleLink CC2640 and CC2650 ...)
+ TODO: check
CVE-2018-16985 (In Lizard (formerly LZ5) 2.0, use of an invalid memory address was ...)
NOT-FOR-US: Lizard
CVE-2018-16984 (An issue was discovered in Django 2.1 before 2.1.2, in which ...)
@@ -5160,7 +5299,7 @@ CVE-2018-16843
- nginx <unfixed>
NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html
CVE-2018-16842 (Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based ...)
- {DSA-4331-1}
+ {DSA-4331-1 DLA-1568-1}
- curl 7.62.0-1
NOTE: https://curl.haxx.se/docs/CVE-2018-16842.html
NOTE: Fixed by: https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211
@@ -5174,7 +5313,7 @@ CVE-2018-16840 (A heap use-after-free flaw was found in curl versions from 7.59.
NOTE: Fixed by: https://github.com/curl/curl/commit/81d135d67155c5295b1033679c606165d4e28f3f
NOTE: Introduced by: https://github.com/curl/curl/commit/b46cfbc068ebe90f18e9777b9e877e4934c1b5e3
CVE-2018-16839 (Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun ...)
- {DSA-4331-1}
+ {DSA-4331-1 DLA-1568-1}
- curl 7.62.0-1
NOTE: https://curl.haxx.se/docs/CVE-2018-16839.html
NOTE: Fixed by: https://github.com/curl/curl/commit/f3a24d7916b9173c69a3e0ee790102993833d6c5
@@ -6101,14 +6240,14 @@ CVE-2018-16477
RESERVED
CVE-2018-16476
RESERVED
-CVE-2018-16475
- RESERVED
-CVE-2018-16474
- RESERVED
-CVE-2018-16473
- RESERVED
-CVE-2018-16472
- RESERVED
+CVE-2018-16475 (A Path Traversal in Knightjs versions <= 0.0.1 allows an attacker to ...)
+ TODO: check
+CVE-2018-16474 (A stored xss in tianma-static module versions <=1.0.4 allows an ...)
+ TODO: check
+CVE-2018-16473 (A path traversal in takeapeek module versions <=0.2.2 allows an ...)
+ TODO: check
+CVE-2018-16472 (A prototype pollution attack in cached-path-relative versions <=1.0.1 ...)
+ TODO: check
CVE-2018-16471 [Possible XSS vulnerability in Rack]
RESERVED
- ruby-rack <unfixed> (bug #913005)
@@ -24116,8 +24255,7 @@ CVE-2018-9517
[jessie] - linux 3.16.51-1
NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f026bc29a8e093edfbb2a77700454b285c97e8ad
NOTE: https://source.android.com/security/bulletin/pixel/2018-09-01
-CVE-2018-9516
- RESERVED
+CVE-2018-9516 (In hid_debug_events_read of drivers/hid/hid-debug.c, there is a ...)
{DSA-4308-1 DLA-1531-1 DLA-1529-1}
- linux 4.17.6-1
NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=717adfdaf14704fd3ec7fa2c04520c0723247eac
@@ -24174,10 +24312,9 @@ CVE-2018-9491 (In AMediaCodecCryptoInfo_new of NdkMediaCodec.cpp, there is a pos
NOT-FOR-US: Android
CVE-2018-9490 (In CollectValuesOrEntriesImpl of elements.cc, there is possible remote ...)
NOT-FOR-US: Android
-CVE-2018-9489
- RESERVED
-CVE-2018-9488
- RESERVED
+CVE-2018-9489 (When wifi is switched, function sendNetworkStateChangeBroadcast of ...)
+ TODO: check
+CVE-2018-9488 (In the SELinux permissions of crash_dump.te, there is a permissions ...)
NOT-FOR-US: Android
CVE-2018-9487
RESERVED
@@ -24242,8 +24379,7 @@ CVE-2018-9467
CVE-2018-9466
RESERVED
NOT-FOR-US: Android
-CVE-2018-9465
- RESERVED
+CVE-2018-9465 (In task_get_unused_fd_flags of binder.c, there is a possible memory ...)
- linux 4.14.12-1 (unimportant)
NOTE: Android drivers from staging not enabled in any released suite
NOTE: https://git.kernel.org/linus/7f3dc0088b98533f17128058fac73cd8b2752ef1
@@ -24257,49 +24393,38 @@ CVE-2018-9461
RESERVED
CVE-2018-9460
RESERVED
-CVE-2018-9459
- RESERVED
+CVE-2018-9459 (In Attachment of Attachment.java and getFilePath of ...)
NOT-FOR-US: Android
-CVE-2018-9458
- RESERVED
+CVE-2018-9458 (In computeFocusedWindow of RootWindowContainer.java, and related ...)
NOT-FOR-US: Android
CVE-2018-9457
RESERVED
CVE-2018-9456
RESERVED
NOT-FOR-US: Android
-CVE-2018-9455
- RESERVED
+CVE-2018-9455 (In sdpu_extract_attr_seq of sdp_utils.cc, there is a possible out of ...)
NOT-FOR-US: Android
-CVE-2018-9454
- RESERVED
+CVE-2018-9454 (In bnep_data_ind of bnep_main.cc, there is a possible out of bounds ...)
NOT-FOR-US: Android
-CVE-2018-9453
- RESERVED
+CVE-2018-9453 (In avdt_msg_prs_cfg of avdt_msg.cc, there is a possible out of bounds ...)
NOT-FOR-US: Android
CVE-2018-9452 (In getOffsetForHorizontal of Layout.java, there is a possible ...)
NOT-FOR-US: Android
-CVE-2018-9451
- RESERVED
+CVE-2018-9451 (In DynamicRefTable::load of ResourceTypes.cpp, there is a possible out ...)
NOT-FOR-US: Android
-CVE-2018-9450
- RESERVED
+CVE-2018-9450 (In avrc_proc_vendor_command of avrc_api.cc, there is a possible out of ...)
NOT-FOR-US: Android
CVE-2018-9449
RESERVED
-CVE-2018-9448
- RESERVED
+CVE-2018-9448 (In avct_bcb_msg_ind of avct_bcb_act.cc, there is a possible out of ...)
NOT-FOR-US: Android
CVE-2018-9447
RESERVED
-CVE-2018-9446
- RESERVED
+CVE-2018-9446 (In smp_br_state_machine_event of smp_br_main.cc, there is a possible ...)
NOT-FOR-US: Android
-CVE-2018-9445
- RESERVED
+CVE-2018-9445 (In readMetadata of Utils.cpp, there is a possible path traversal bug ...)
NOT-FOR-US: Android
-CVE-2018-9444
- RESERVED
+CVE-2018-9444 (In ih264d_video_decode of ih264d_api.c there is a possible resource ...)
NOT-FOR-US: Android Media Framework
CVE-2018-9443
RESERVED
@@ -24312,14 +24437,11 @@ CVE-2018-9440
NOT-FOR-US: Android Media Framework
CVE-2018-9439
RESERVED
-CVE-2018-9438
- RESERVED
+CVE-2018-9438 (When a device connects only over WiFi VPN, the device may not receive ...)
NOT-FOR-US: Android
-CVE-2018-9437
- RESERVED
+CVE-2018-9437 (In getstring of ID3.cpp there is a possible out-of-bounds read due to ...)
NOT-FOR-US: Android Media Framework
-CVE-2018-9436
- RESERVED
+CVE-2018-9436 (In bnep_data_ind of bnep_main.cc, there is a possible out of bounds ...)
NOT-FOR-US: Android
CVE-2018-9435
RESERVED
@@ -24344,8 +24466,7 @@ CVE-2018-9429
CVE-2018-9428
RESERVED
NOT-FOR-US: Android Media Framework
-CVE-2018-9427
- RESERVED
+CVE-2018-9427 (In CopyToOMX of OMXNodeInstance.cpp there is a possible out-of-bounds ...)
NOT-FOR-US: Android Media Framework
CVE-2018-9426
RESERVED
@@ -24358,8 +24479,7 @@ CVE-2018-9424
CVE-2018-9423
RESERVED
NOT-FOR-US: Android Media Framework
-CVE-2018-9422
- RESERVED
+CVE-2018-9422 (In get_futex_key of futex.c, there is a use-after-free due to improper ...)
{DLA-1422-1}
- linux 4.6.1-1
NOTE: https://git.kernel.org/linus/65d8fc777f6dcfee12785c057a6b57f679641c90
@@ -24381,8 +24501,7 @@ CVE-2018-9417
CVE-2018-9416
RESERVED
NOT-FOR-US: Android kernel (no source release, so not from upstream kernel)
-CVE-2018-9415
- RESERVED
+CVE-2018-9415 (In driver_override_store and driver_override_show of bus.c, there is a ...)
- linux 4.16.12-1
[stretch] - linux 4.9.107-1
[jessie] - linux <not-affected> (Vulnerable code not present)
@@ -24451,8 +24570,7 @@ CVE-2018-9387
RESERVED
CVE-2018-9386
RESERVED
-CVE-2018-9385 [ARM: amba: Don't read past the end of sysfs "driver_override" buffer]
- RESERVED
+CVE-2018-9385 (In driver_override_store of bus.c, there is a possible out of bounds ...)
- linux 4.16.12-1
[stretch] - linux 4.9.107-1
[jessie] - linux <not-affected> (Vulnerable code not present)
@@ -24502,26 +24620,25 @@ CVE-2018-9365
NOT-FOR-US: Android
CVE-2018-9364
RESERVED
-CVE-2018-9363 [HID: Bluetooth: hidp: buffer overflow in hidp_process_report]
- RESERVED
+CVE-2018-9363 (In the hidp_process_report in bluetooth, there is an integer overflow. ...)
{DSA-4308-1 DLA-1531-1 DLA-1529-1}
- linux 4.17.15-1
-CVE-2018-9362
- RESERVED
-CVE-2018-9361
- RESERVED
-CVE-2018-9360
- RESERVED
-CVE-2018-9359
- RESERVED
-CVE-2018-9358
- RESERVED
-CVE-2018-9357
- RESERVED
-CVE-2018-9356
- RESERVED
-CVE-2018-9355
- RESERVED
+CVE-2018-9362 (In processMessagePart of InboundSmsHandler.java, there is a possible ...)
+ TODO: check
+CVE-2018-9361 (In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds ...)
+ TODO: check
+CVE-2018-9360 (In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds ...)
+ TODO: check
+CVE-2018-9359 (In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds ...)
+ TODO: check
+CVE-2018-9358 (In gatts_process_attribute_req of gatt_sc.cc, there is a possible read ...)
+ TODO: check
+CVE-2018-9357 (In BNEP_Write of bnep_api.cc, there is a possible out of bounds write ...)
+ TODO: check
+CVE-2018-9356 (In bnep_data_ind of bnep_main.c, there is a possible remote code ...)
+ TODO: check
+CVE-2018-9355 (In bta_dm_sdp_result of bta_dm_act.cc, there is a possible out of ...)
+ TODO: check
CVE-2018-9354
RESERVED
CVE-2018-9353
@@ -46450,8 +46567,8 @@ CVE-2018-1696
RESERVED
CVE-2018-1695 (IBM WebSphere Application Server 7.0, 8.0, and 8.5.5 installations ...)
NOT-FOR-US: IBM
-CVE-2018-1694
- RESERVED
+CVE-2018-1694 (IBM Jazz applications (IBM Rational Collaborative Lifecycle Management ...)
+ TODO: check
CVE-2018-1693
RESERVED
CVE-2018-1692 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through ...)
@@ -46626,8 +46743,8 @@ CVE-2018-1608
RESERVED
CVE-2018-1607 (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 ...)
NOT-FOR-US: IBM
-CVE-2018-1606
- RESERVED
+CVE-2018-1606 (IBM Jazz based applications (IBM Rational Collaborative Lifecycle ...)
+ TODO: check
CVE-2018-1605 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through ...)
NOT-FOR-US: IBM
CVE-2018-1604 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through ...)
@@ -102217,7 +102334,7 @@ CVE-2016-9587 (Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper
NOTE: Fixed by: https://github.com/ansible/ansible/commit/cc4634a5e73c06c6b4581f11171289ca9228391e (v2.2.1.0-0.4.rc4)
NOTE: Fix in 2.2.0.0-2 only partially addressed the issues, and needed a follow-up, 2.2.0.0-3
CVE-2016-9586 (curl before version 7.52.0 is vulnerable to a buffer overflow when ...)
- {DLA-767-1}
+ {DLA-1568-1 DLA-767-1}
- curl 7.52.1-1 (bug #848958)
NOTE: https://curl.haxx.se/docs/adv_20161221A.html
NOTE: Fixed by: https://github.com/curl/curl/commit/3ab3c16db6a5674f53cf23d56512a405fde0b2c9
@@ -110065,7 +110182,7 @@ CVE-2016-7168 (Cross-site scripting (XSS) vulnerability in the media_handle_uplo
NOTE: Fixed in 4.6.1 release upstream
NOTE: Fixed by: https://core.trac.wordpress.org/changeset/38538
CVE-2016-7167 (Multiple integer overflows in the (1) curl_escape, (2) ...)
- {DLA-625-1}
+ {DLA-1568-1 DLA-625-1}
- curl 7.51.0-1 (bug #837945)
NOTE: Upstream advisory: https://curl.haxx.se/docs/adv_20160914.html
NOTE: Upstream patch: https://curl.haxx.se/CVE-2016-7167.patch
@@ -110201,7 +110318,7 @@ CVE-2016-7136 (z3c.form in Plone CMS 5.x through 5.0.6 and 4.x through 4.3.11 al
CVE-2016-7135 (Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and ...)
NOT-FOR-US: Plone
CVE-2016-7141 (curl and libcurl before 7.50.2, when built with NSS and the ...)
- {DLA-616-1}
+ {DLA-1568-1 DLA-616-1}
- curl 7.51.0-1 (bug #836918)
NOTE: Only affects libcurl3-nss
NOTE: http://seclists.org/oss-sec/2016/q3/419
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/09c158966827c99c0f7dafc000f84ceb0657f49d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/09c158966827c99c0f7dafc000f84ceb0657f49d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181106/27f53f52/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list