[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon Nov 12 20:10:29 GMT 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f2f28585 by security tracker role at 2018-11-12T20:10:20Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,12 +1,50 @@
-CVE-2018-19207
+CVE-2018-19219 (In LibSaas 3.5-stable, there is an illegal address access at ...)
+	TODO: check
+CVE-2018-19218 (In LibSaas 3.5-stable, there is an illegal address access at ...)
+	TODO: check
+CVE-2018-19217 (In ncurses 6.1, there is a NULL pointer dereference at the function ...)
+	TODO: check
+CVE-2018-19216 (Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken ...)
+	TODO: check
+CVE-2018-19215 (Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in ...)
+	TODO: check
+CVE-2018-19214 (Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in ...)
+	TODO: check
+CVE-2018-19213 (Netwide Assembler (NASM) through 2.14rc16 has memory leaks that may ...)
+	TODO: check
+CVE-2018-19212 (In libwebm through 2018-10-03, there is an abort caused by ...)
+	TODO: check
+CVE-2018-19211 (In ncurses 6.1, there is a NULL pointer dereference at function ...)
+	TODO: check
+CVE-2018-19210 (In LibTIFF 4.0.9, there is a NULL pointer dereference in the ...)
+	TODO: check
+CVE-2018-19209 (Netwide Assembler (NASM) 2.14rc15 has a NULL pointer dereference in the ...)
+	TODO: check
+CVE-2018-19208 (In libwpd 0.10.2, there is a NULL pointer dereference in the function ...)
+	TODO: check
+CVE-2018-19204 (PRTG Network Monitor before 18.3.44.2054 allows a remote authenticated ...)
+	TODO: check
+CVE-2018-19203 (PRTG Network Monitor before 18.2.41.1652 allows remote unauthenticated ...)
+	TODO: check
+CVE-2018-19202
+	RESERVED
+CVE-2018-19201
+	RESERVED
+CVE-2018-19200 (An issue was discovered in uriparser before 0.9.0. UriCommon.c allows ...)
+	TODO: check
+CVE-2018-19199 (An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an ...)
+	TODO: check
+CVE-2018-19198 (An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an ...)
+	TODO: check
+CVE-2018-19207 (The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before ...)
 	NOT-FOR-US: WordPress plugin wp-gdpr-compliance
-CVE-2018-19206 [XSS via crafted use of <svg><style>]
+CVE-2018-19206 (steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use ...)
 	- roundcube 1.3.8+dfsg.1-1
 	NOTE: https://roundcube.net/news/2018/10/26/update-1.3.8-released
 	NOTE: https://github.com/roundcube/roundcubemail/issues/6410
 	NOTE: https://github.com/roundcube/roundcubemail/commit/102fbf1169116fef32a940b9fb1738bc45276059 (released-1.3)
 	NOTE: https://github.com/roundcube/roundcubemail/commit/adcac3b9de2728c34c4d2b107e54823b6a7f6a5b (master)
-CVE-2018-19205 [mishandles GnuPG MDC integrity-protection warnings]
+CVE-2018-19205 (Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection ...)
 	- roundcube 1.3.8+dfsg.1-1
 	NOTE: https://roundcube.net/news/2018/07/27/update-1.3.7-released
 	NOTE: https://github.com/roundcube/roundcubemail/issues/6289
@@ -5732,6 +5770,7 @@ CVE-2018-16839 (Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer o
 CVE-2018-16838
 	RESERVED
 CVE-2018-16837 (Ansible "User" module leaks any data which is passed on as a parameter ...)
+	{DLA-1576-1}
 	- ansible 2.7.1+dfsg-1 (bug #912297)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1640642
 	NOTE: https://github.com/ansible/ansible/pull/47436
@@ -9602,7 +9641,7 @@ CVE-2018-XXXX [libykneomgr memory corruption]
 	[jessie] - libykneomgr <no-dsa> (Minor issue)
 	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-004-libykneomgr/
 CVE-2018-15470 (An issue was discovered in Xen through 4.11.x. The logic in oxenstored ...)
-	{DSA-4274-1}
+	{DSA-4274-1 DLA-1577-1}
 	- xen 4.11.1~pre.20180911.5acdd26fdc+dfsg-2 (unimportant)
 	NOTE: https://xenbits.xen.org/xsa/advisory-272.html
 CVE-2018-15471 (An issue was discovered in xenvif_set_hash_mapping in ...)
@@ -9617,7 +9656,7 @@ CVE-2018-15468 (An issue was discovered in Xen through 4.11.x. The DEBUGCTL MSR
 	[jessie] - xen <not-affected> (Only affects 4.6 and later)
 	NOTE: https://xenbits.xen.org/xsa/advisory-269.html
 CVE-2018-15469 (An issue was discovered in Xen through 4.11.x. ARM never properly ...)
-	{DSA-4274-1}
+	{DSA-4274-1 DLA-1577-1}
 	- xen 4.11.1~pre.20180911.5acdd26fdc+dfsg-2
 	NOTE: https://xenbits.xen.org/xsa/advisory-268.html
 CVE-2018-15309
@@ -15514,7 +15553,7 @@ CVE-2018-12895 (WordPress through 4.9.6 allows Author users to execute arbitrary
 CVE-2018-12894
 	RESERVED
 CVE-2018-12893 (An issue was discovered in Xen through 4.10.x. One of the fixes in ...)
-	{DSA-4236-1}
+	{DSA-4236-1 DLA-1577-1}
 	- xen 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9
 	NOTE: https://xenbits.xen.org/xsa/advisory-265.html
 CVE-2018-12892 (An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass ...)
@@ -15523,7 +15562,7 @@ CVE-2018-12892 (An issue was discovered in Xen 4.7 through 4.10.x. libxl fails t
 	[jessie] - xen <not-affected> (Issue introduced in 4.7)
 	NOTE: https://xenbits.xen.org/xsa/advisory-266.html
 CVE-2018-12891 (An issue was discovered in Xen through 4.10.x. Certain PV MMU ...)
-	{DSA-4236-1}
+	{DSA-4236-1 DLA-1577-1}
 	- xen 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9
 	NOTE: https://xenbits.xen.org/xsa/advisory-264.html
 CVE-2018-12890
@@ -17028,7 +17067,7 @@ CVE-2018-12394
 	RESERVED
 CVE-2018-12393
 	RESERVED
-	{DSA-4337-1 DSA-4324-1 DLA-1571-1}
+	{DSA-4337-1 DSA-4324-1 DLA-1575-1 DLA-1571-1}
 	- firefox-esr 60.3.0esr-1
 	- firefox 63.0-1
 	- thunderbird 1:60.3.0-1
@@ -17037,7 +17076,7 @@ CVE-2018-12393
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/#CVE-2018-12393
 CVE-2018-12392
 	RESERVED
-	{DSA-4337-1 DSA-4324-1 DLA-1571-1}
+	{DSA-4337-1 DSA-4324-1 DLA-1575-1 DLA-1571-1}
 	- firefox-esr 60.3.0esr-1
 	- firefox 63.0-1
 	- thunderbird 1:60.3.0-1
@@ -17054,7 +17093,7 @@ CVE-2018-12391
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/#CVE-2018-12391
 CVE-2018-12390
 	RESERVED
-	{DSA-4337-1 DSA-4324-1 DLA-1571-1}
+	{DSA-4337-1 DSA-4324-1 DLA-1575-1 DLA-1571-1}
 	- firefox-esr 60.3.0esr-1
 	- firefox 63.0-1
 	- thunderbird 1:60.3.0-1
@@ -17063,7 +17102,7 @@ CVE-2018-12390
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/#CVE-2018-12390
 CVE-2018-12389
 	RESERVED
-	{DSA-4337-1 DSA-4324-1 DLA-1571-1}
+	{DSA-4337-1 DSA-4324-1 DLA-1575-1 DLA-1571-1}
 	- firefox-esr 60.3.0esr-1
 	- thunderbird 1:60.3.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12389
@@ -17083,7 +17122,7 @@ CVE-2018-12386 (A vulnerability in register allocation in JavaScript can lead to
 	- firefox-esr 60.2.2esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/#CVE-2018-12386
 CVE-2018-12385 (A potentially exploitable crash in TransportSecurityInfo used for SSL ...)
-	{DSA-4327-1 DSA-4304-1}
+	{DSA-4327-1 DSA-4304-1 DLA-1575-1}
 	- firefox 62.0.2-1
 	- firefox-esr 60.2.1esr-1
 	- thunderbird 1:60.2.1-1
@@ -17100,7 +17139,7 @@ CVE-2018-12384 [ServerHello.random is all zero when handling a v2-compatible Cli
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1483128
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1622089
 CVE-2018-12383 (If a user saved passwords before Firefox 58 and then later set a ...)
-	{DSA-4327-1 DSA-4304-1}
+	{DSA-4327-1 DSA-4304-1 DLA-1575-1}
 	- firefox 62.0-1
 	- firefox-esr 60.2.1esr-1
 	- thunderbird 1:60.2.1-1
@@ -17118,7 +17157,7 @@ CVE-2018-12381 (Manually dragging and dropping an Outlook email message into the
 CVE-2018-12380
 	RESERVED
 CVE-2018-12379 (When the Mozilla Updater opens a MAR format file which contains a very ...)
-	{DSA-4327-1}
+	{DSA-4327-1 DLA-1575-1}
 	- firefox 62.0-1 (unimportant)
 	- firefox-esr 60.2.0esr-1 (unimportant)
 	[stretch] - firefox-esr 60.2.0esr-1~deb9u2
@@ -17127,7 +17166,7 @@ CVE-2018-12379 (When the Mozilla Updater opens a MAR format file which contains
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12379
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12379
 CVE-2018-12378 (A use-after-free vulnerability can occur when an IndexedDB index is ...)
-	{DSA-4327-1 DSA-4287-1}
+	{DSA-4327-1 DSA-4287-1 DLA-1575-1}
 	- firefox 62.0-1
 	- firefox-esr 60.2.0esr-1
 	- thunderbird 1:60.2.1-1
@@ -17135,7 +17174,7 @@ CVE-2018-12378 (A use-after-free vulnerability can occur when an IndexedDB index
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12378
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12378
 CVE-2018-12377 (A use-after-free vulnerability can occur when refresh driver timers ...)
-	{DSA-4327-1 DSA-4287-1}
+	{DSA-4327-1 DSA-4287-1 DLA-1575-1}
 	- firefox 62.0-1
 	- firefox-esr 60.2.0esr-1
 	- thunderbird 1:60.2.1-1
@@ -17143,7 +17182,7 @@ CVE-2018-12377 (A use-after-free vulnerability can occur when refresh driver tim
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12377
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12377
 CVE-2018-12376 (Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of ...)
-	{DSA-4327-1 DSA-4287-1}
+	{DSA-4327-1 DSA-4287-1 DLA-1575-1}
 	- firefox 62.0-1
 	- firefox-esr 60.2.0esr-1
 	- thunderbird 1:60.2.1-1
@@ -17167,7 +17206,7 @@ CVE-2018-12372 (Decrypted S/MIME parts, when included in HTML crafted for an att
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12372
 CVE-2018-12371
 	RESERVED
-	{DSA-4295-1}
+	{DSA-4295-1 DLA-1575-1}
 	- firefox 61.0-1
 	- thunderbird 1:60.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12371
@@ -17186,7 +17225,7 @@ CVE-2018-12368 (Windows 10 does not warn users before opening executable files w
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/#CVE-2018-12368
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12368
 CVE-2018-12367 (In the previous mitigations for Spectre, the resolution or precision ...)
-	{DSA-4295-1}
+	{DSA-4295-1 DLA-1575-1}
 	- firefox 61.0-1
 	- thunderbird 1:60.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12367
@@ -17232,7 +17271,7 @@ CVE-2018-12362 (An integer overflow can occur during graphics operations done by
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/#CVE-2018-12362
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12362
 CVE-2018-12361 (An integer overflow can occur in the SwizzleData code while ...)
-	{DSA-4295-1}
+	{DSA-4295-1 DLA-1575-1}
 	- firefox 61.0-1
 	- thunderbird 1:60.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12361
@@ -26364,7 +26403,7 @@ CVE-2018-8899 (IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.
 CVE-2018-8898 (A flaw in the authentication mechanism in the Login Panel of router ...)
 	NOT-FOR-US: D-Link
 CVE-2018-8897 (A statement in the System Programming Guide of the Intel 64 and IA-32 ...)
-	{DSA-4201-1 DSA-4196-1 DLA-1392-1 DLA-1383-1}
+	{DSA-4201-1 DSA-4196-1 DLA-1577-1 DLA-1392-1 DLA-1383-1}
 	- linux 4.15.17-1
 	NOTE: Fixed by: https://git.kernel.org/linus/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9 (4.16-rc7)
 	- xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6
@@ -30010,11 +30049,11 @@ CVE-2018-7542 (An issue was discovered in Xen 4.8.x through 4.10.x allowing x86
 	[wheezy] - xen <not-affected> (Vulnerable code introduced later)
 	NOTE: https://xenbits.xen.org/xsa/advisory-256.html
 CVE-2018-7541 (An issue was discovered in Xen through 4.10.x allowing guest OS users ...)
-	{DSA-4131-1 DLA-1300-1}
+	{DSA-4131-1 DLA-1577-1 DLA-1300-1}
 	- xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5
 	NOTE: https://xenbits.xen.org/xsa/advisory-255.html
 CVE-2018-7540 (An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS ...)
-	{DSA-4131-1 DLA-1300-1}
+	{DSA-4131-1 DLA-1577-1 DLA-1300-1}
 	- xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5
 	NOTE: https://xenbits.xen.org/xsa/advisory-252.html
 CVE-2018-7644 (The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp ...)
@@ -37561,7 +37600,7 @@ CVE-2018-5188 (Memory safety bugs present in Firefox 60, Firefox ESR 60, and Fir
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/#CVE-2018-5188
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-5188
 CVE-2018-5187 (Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of ...)
-	{DSA-4295-1}
+	{DSA-4295-1 DLA-1575-1}
 	- firefox 61.0-1
 	- thunderbird 1:60.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-5187
@@ -37689,7 +37728,7 @@ CVE-2018-5157 (Same-origin protections for the PDF viewer can be bypassed, allow
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5157
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5157
 CVE-2018-5156 (A vulnerability can occur when capturing a media stream when the media ...)
-	{DSA-4295-1 DSA-4235-1 DLA-1406-1}
+	{DSA-4295-1 DSA-4235-1 DLA-1575-1 DLA-1406-1}
 	- firefox-esr 52.9.0esr-1
 	- firefox 61.0-1
 	- thunderbird 1:60.0-1
@@ -46631,8 +46670,8 @@ CVE-2018-1886
 	RESERVED
 CVE-2018-1885
 	RESERVED
-CVE-2018-1884
-	RESERVED
+CVE-2018-1884 (IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0, and ...)
+	TODO: check
 CVE-2018-1883
 	RESERVED
 CVE-2018-1882
@@ -46803,8 +46842,8 @@ CVE-2018-1800 (IBM Sterling B2B Integrator Standard Edition 5.2.6.0 and 6.2.6.1
 	NOT-FOR-US: IBM
 CVE-2018-1799 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
 	NOT-FOR-US: IBM
-CVE-2018-1798
-	RESERVED
+CVE-2018-1798 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)
+	TODO: check
 CVE-2018-1797
 	RESERVED
 CVE-2018-1796
@@ -46827,8 +46866,8 @@ CVE-2018-1788 (IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly ...
 	NOT-FOR-US: IBM
 CVE-2018-1787
 	RESERVED
-CVE-2018-1786
-	RESERVED
+CVE-2018-1786 (IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly ...)
+	TODO: check
 CVE-2018-1785 (IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses ...)
 	NOT-FOR-US: IBM
 CVE-2018-1784
@@ -54374,7 +54413,7 @@ CVE-2017-16543 (Zoho ManageEngine Applications Manager 13 before build 13500 all
 CVE-2017-16542 (Zoho ManageEngine Applications Manager 13 before build 13500 allows ...)
 	NOT-FOR-US: Zoho
 CVE-2017-16541 (Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to ...)
-	{DSA-4327-1}
+	{DSA-4327-1 DLA-1575-1}
 	- firefox 62.0-1 (unimportant)
 	- firefox-esr 60.2.0esr-1 (unimportant)
 	[stretch] - firefox-esr 60.2.0esr-1~deb9u2



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f2f2858584e212476d93b5ec5fa3123642328b24

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f2f2858584e212476d93b5ec5fa3123642328b24
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181112/6f23abc5/attachment.html>

More information about the debian-security-tracker-commits mailing list