[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Nov 9 08:10:25 GMT 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bb4b0558 by security tracker role at 2018-11-09T08:10:15Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,8 +1,18 @@
+CVE-2018-19120
+	RESERVED
+CVE-2018-19119
+	RESERVED
+CVE-2018-19118
+	RESERVED
+CVE-2018-19117
+	RESERVED
+CVE-2018-19116
+	RESERVED
 CVE-2018-XXXX [XSA-282: guest use of HLE constructs may lock up host]
 	- xen <unfixed>
 	[stretch] - xen <postponed> (Hold back until next DSA)
 	NOTE: https://xenbits.xen.org/xsa/advisory-282.txt
-CVE-2018-19115 [heap-based buffer overflow when parsing HTTP status]
+CVE-2018-19115 (keepalived through 2.0.8 has a heap-based buffer overflow when parsing ...)
 	- keepalived <unfixed>
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1015141
 	NOTE: https://github.com/acassen/keepalived/pull/961
@@ -164,20 +174,17 @@ CVE-2018-19048
 	RESERVED
 CVE-2018-19047 (** DISPUTED ** mPDF through 7.1.6, if deployed as a web application ...)
 	NOT-FOR-US: mPDF
-CVE-2018-19046 [unsafe handling of /tmp files]
-	RESERVED
+CVE-2018-19046 (keepalived 2.0.8 didn't check for existing plain files when writing ...)
 	- keepalived <unfixed>
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1015141
 	NOTE: https://github.com/acassen/keepalived/issues/1048
-CVE-2018-19045 [unsafe modes for temporary files]
-	RESERVED
+CVE-2018-19045 (keepalived 2.0.8 used mode 0666 when creating new temporary files upon ...)
 	- keepalived <unfixed>
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1015141
 	NOTE: https://github.com/acassen/keepalived/commit/5241e4d7b177d0b6f073cfc9ed5444bf51ec89d6
 	NOTE: https://github.com/acassen/keepalived/commit/c6247a9ef2c7b33244ab1d3aa5d629ec49f0a067
 	NOTE: ttps://github.com/acassen/keepalived/issues/1048
-CVE-2018-19044 [improper check for pathnames with symlinks]
-	RESERVED
+CVE-2018-19044 (keepalived 2.0.8 didn't check for pathnames with symlinks when writing ...)
 	- keepalived <unfixed>
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1015141
 	NOTE: https://github.com/acassen/keepalived/commit/04f2d32871bb3b11d7dc024039952f2fe2750306
@@ -5493,19 +5500,21 @@ CVE-2018-16847 (An OOB heap buffer r/w access issue was found in the NVM Express
 CVE-2018-16846
 	RESERVED
 CVE-2018-16845 (nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ...)
-	{DLA-1572-1}
+	{DSA-4335-1 DLA-1572-1}
 	- nginx 1.14.1-1 (bug #913090)
 	NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html
 	NOTE: https://nginx.org/download/patch.2018.mp4.txt
 	NOTE: http://hg.nginx.org/nginx/rev/fdc19a3289c1
 	NOTE: Fixed in 1.15.6, 1.14.1.
 CVE-2018-16844 (nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the ...)
+	{DSA-4335-1}
 	- nginx 1.14.1-1 (bug #913090)
 	[jessie] - nginx <not-affected> (HTTP 2.0 support added later)
 	NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html
 	NOTE: http://hg.nginx.org/nginx/rev/9200b41db765
 	NOTE: Fixed in 1.15.6, 1.14.1.
 CVE-2018-16843 (nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the ...)
+	{DSA-4335-1}
 	- nginx 1.14.1-1 (bug #913090)
 	[jessie] - nginx <not-affected> (HTTP 2.0 support added later)
 	NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html
@@ -9106,10 +9115,10 @@ CVE-2018-15453
 	RESERVED
 CVE-2018-15452
 	RESERVED
-CVE-2018-15451
-	RESERVED
-CVE-2018-15450
-	RESERVED
+CVE-2018-15451 (A vulnerability in the web-based management interface of Cisco Prime ...)
+	TODO: check
+CVE-2018-15450 (A vulnerability in the web-based UI of Cisco Prime Collaboration ...)
+	TODO: check
 CVE-2018-15449 (A vulnerability in the web-based management interface of Cisco Video ...)
 	NOT-FOR-US: Cisco
 CVE-2018-15448 (A vulnerability in the user management functions of Cisco Registered ...)
@@ -29160,8 +29169,8 @@ CVE-2018-7738 (In util-linux before 2.32-rc1, bash-completion/umount allows loca
 	NOTE: src:util-linux/2.28-1 takes over the umount completion from
 	NOTE: src:bash-completion (which in turn starting from 1:2.1-4.3
 	NOTE: does not provide the umount completion in the binary packaage)
-CVE-2018-7718
-	RESERVED
+CVE-2018-7718 (An issue was discovered in Telexy QPath 5.4.462. A low privileged ...)
+	TODO: check
 CVE-2018-7717 (The htmlImageAddTitleAttribute function in sige.php in the Kubik-Rubik ...)
 	NOT-FOR-US: Kubik-Rubik Simple Image Gallery Extended (SIGE) extension for Joomla!
 CVE-2018-7716 (PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation ...)
@@ -46495,8 +46504,8 @@ CVE-2018-1859
 	RESERVED
 CVE-2018-1858
 	RESERVED
-CVE-2018-1857
-	RESERVED
+CVE-2018-1857 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 ...)
+	TODO: check
 CVE-2018-1856
 	RESERVED
 CVE-2018-1855
@@ -46525,8 +46534,8 @@ CVE-2018-1844 (IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to a XM
 	NOT-FOR-US: IBM
 CVE-2018-1843
 	RESERVED
-CVE-2018-1842
-	RESERVED
+CVE-2018-1842 (IBM Cognos Analytics 11 Configuration tool, under certain ...)
+	TODO: check
 CVE-2018-1841
 	RESERVED
 CVE-2018-1840
@@ -46541,8 +46550,8 @@ CVE-2018-1836
 	RESERVED
 CVE-2018-1835 (IBM Daeja ViewONE Professional, Standard & Virtual 5 is vulnerable to ...)
 	NOT-FOR-US: IBM
-CVE-2018-1834
-	RESERVED
+CVE-2018-1834 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
+	TODO: check
 CVE-2018-1833
 	RESERVED
 CVE-2018-1832
@@ -46605,14 +46614,14 @@ CVE-2018-1804
 	RESERVED
 CVE-2018-1803
 	RESERVED
-CVE-2018-1802
-	RESERVED
+CVE-2018-1802 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
+	TODO: check
 CVE-2018-1801
 	RESERVED
 CVE-2018-1800 (IBM Sterling B2B Integrator Standard Edition 5.2.6.0 and 6.2.6.1 could ...)
 	NOT-FOR-US: IBM
-CVE-2018-1799
-	RESERVED
+CVE-2018-1799 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
+	TODO: check
 CVE-2018-1798
 	RESERVED
 CVE-2018-1797
@@ -46647,10 +46656,10 @@ CVE-2018-1783 (IBM GPFS (IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10
 	NOT-FOR-US: IBM
 CVE-2018-1782 (IBM GPFS (IBM Spectrum Scale 5.0.1.0 and 5.0.1.1) allows a local, ...)
 	NOT-FOR-US: IBM
-CVE-2018-1781
-	RESERVED
-CVE-2018-1780
-	RESERVED
+CVE-2018-1781 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
+	TODO: check
+CVE-2018-1780 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
+	TODO: check
 CVE-2018-1779
 	RESERVED
 CVE-2018-1778
@@ -46661,8 +46670,8 @@ CVE-2018-1776
 	RESERVED
 CVE-2018-1775
 	RESERVED
-CVE-2018-1774
-	RESERVED
+CVE-2018-1774 (IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and2018.3.6 is vulnerable to ...)
+	TODO: check
 CVE-2018-1773 (IBM Datacap Fastdoc Capture 9.1.1, 9.1.3, and 9.1.4 could allow an ...)
 	NOT-FOR-US: IBM
 CVE-2018-1772
@@ -46841,8 +46850,8 @@ CVE-2018-1686 (IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to ..
 	NOT-FOR-US: IBM
 CVE-2018-1685 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
 	NOT-FOR-US: IBM
-CVE-2018-1684
-	RESERVED
+CVE-2018-1684 (IBM WebSphere MQ 8.0 through 9.1 is vulnerable to a error with MQTT ...)
+	TODO: check
 CVE-2018-1683 (IBM WebSphere Application Server Liberty could allow a remote attacker ...)
 	NOT-FOR-US: IBM
 CVE-2018-1682
@@ -100210,8 +100219,8 @@ CVE-2017-1121 (IBM WebSphere Application Server 7.0, 8.0, and 9.0 is vulnerable
 	NOT-FOR-US: IBM
 CVE-2017-1120 (IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site ...)
 	NOT-FOR-US: IBM
-CVE-2017-1119
-	RESERVED
+CVE-2017-1119 (IBM Marketing Operations 9.1.0, 9.1.2, and 10.1 could allow a remote ...)
+	TODO: check
 CVE-2017-1118 (IBM WebSphere MQ Internet Pass-Thru 2.0 and 2.1 could allow n attacker ...)
 	NOT-FOR-US: IBM
 CVE-2017-1117 (IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to ...)
@@ -100799,8 +100808,8 @@ CVE-2016-9751 (Cross-site scripting (XSS) vulnerability in the search results fr
 	NOTE: Request to mark the package as unsupported in #779104
 CVE-2016-9750 (IBM QRadar 7.2 and 7.3 stores user credentials in plain in clear text ...)
 	NOT-FOR-US: IBM
-CVE-2016-9749
-	RESERVED
+CVE-2016-9749 (IBM Campaign 9.1.0, 9.1.2, 10.0, and 10.1 could allow an authenticated ...)
+	TODO: check
 CVE-2016-9748 (IBM Rational DOORS Next Generation 5.0 and 6.0 discloses sensitive ...)
 	NOT-FOR-US: IBM
 CVE-2016-9747 (IBM RELM 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bb4b0558e7fdf8468c4ca04369b6971c0fab12d3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bb4b0558e7fdf8468c4ca04369b6971c0fab12d3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181109/377b1aa2/attachment.html>

More information about the debian-security-tracker-commits mailing list