[Git][security-tracker-team/security-tracker][master] automatic update

Mon Nov 19 20:10:32 GMT 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
92cdaf58 by security tracker role at 2018-11-19T20:10:21Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2018-19365
+	RESERVED
+CVE-2018-19364
+	RESERVED
+CVE-2018-19363
+	RESERVED
+CVE-2018-19362
+	RESERVED
+CVE-2018-19361
+	RESERVED
+CVE-2018-19360
+	RESERVED
 CVE-2018-19359
 	RESERVED
 CVE-2018-19358 (GNOME Keyring through 3.28.2 allows local users to retrieve login ...)
@@ -2284,8 +2296,8 @@ CVE-2018-18520 (An Invalid Memory Address Dereference exists in the function elf
 	[jessie] - elfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23787
 	NOTE: https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html
-CVE-2018-18519
-	RESERVED
+CVE-2018-18519 (BestXsoftware Best Free Keylogger 5.2.9 allows local users to gain ...)
+	TODO: check
 CVE-2018-18518
 	RESERVED
 CVE-2018-18517 (Citrix NetScaler Gateway 10.5.x before 10.5.69.003, 11.1.x before ...)
@@ -3433,6 +3445,7 @@ CVE-2018-18090
 CVE-2018-18089
 	RESERVED
 CVE-2018-18088 (OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the ...)
+	{DLA-1579-1}
 	- openjpeg2 <unfixed> (low; bug #910763)
 	[stretch] - openjpeg2 <ignored> (Minor issue)
 	NOTE: https://github.com/uclouvain/openjpeg/issues/1152
@@ -5581,8 +5594,7 @@ CVE-2018-17192
 	RESERVED
 CVE-2018-17191
 	RESERVED
-CVE-2018-17190
-	RESERVED
+CVE-2018-17190 (In all versions of Apache Spark, its standalone resource manager ...)
 	NOT-FOR-US: Apache Spark
 CVE-2018-17189
 	RESERVED
@@ -9210,12 +9222,12 @@ CVE-2018-15763 (Pivotal Container Service, versions prior to 1.2.0, contains an
 	NOT-FOR-US: Pivotal Container Service
 CVE-2018-15762 (Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions ...)
 	NOT-FOR-US: Pivotal
-CVE-2018-15761
-	RESERVED
+CVE-2018-15761 (Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions ...)
+	TODO: check
 CVE-2018-15760
 	RESERVED
-CVE-2018-15759
-	RESERVED
+CVE-2018-15759 (Pivotal Cloud Foundry On Demand Services SDK, versions prior to 0.24 ...)
+	TODO: check
 CVE-2018-15758 (Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to ...)
 	NOT-FOR-US: Spring Security OAuth
 CVE-2018-15757
@@ -26292,12 +26304,12 @@ CVE-2018-9211
 	RESERVED
 CVE-2018-9210
 	RESERVED
-CVE-2018-9209
-	RESERVED
+CVE-2018-9209 (Unauthenticated arbitrary file upload vulnerability in FineUploader ...)
+	TODO: check
 CVE-2018-9208 (Unauthenticated arbitrary file upload vulnerability in jQuery Picture ...)
 	NOT-FOR-US: jQuery Picture
-CVE-2018-9207
-	RESERVED
+CVE-2018-9207 (Arbitrary file upload in jQuery Upload File <= 4.0.2 ...)
+	TODO: check
 CVE-2018-9206 (Unauthenticated arbitrary file upload vulnerability in Blueimp ...)
 	- libjs-jquery-file-upload 9.25.0-1
 	NOTE: https://github.com/blueimp/jQuery-File-Upload/pull/3514
@@ -47425,8 +47437,8 @@ CVE-2018-1843
 	RESERVED
 CVE-2018-1842 (IBM Cognos Analytics 11 Configuration tool, under certain ...)
 	NOT-FOR-US: IBM
-CVE-2018-1841
-	RESERVED
+CVE-2018-1841 (IBM Cloud Private 2.1.0 could allow a local user to obtain the CA ...)
+	TODO: check
 CVE-2018-1840
 	RESERVED
 CVE-2018-1839
@@ -49042,6 +49054,7 @@ CVE-2017-17482 (An issue was discovered in OpenVMS through V8.4-2L2 on Alpha and
 CVE-2017-17481
 	RESERVED
 CVE-2017-17480 (In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the ...)
+	{DLA-1579-1}
 	- openjpeg2 <unfixed> (bug #884738)
 	NOTE: https://github.com/uclouvain/openjpeg/issues/1044
 	NOTE: https://github.com/uclouvain/openjpeg/commit/0bc90e4062a5f9258c91eca018c019b179066c62



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/92cdaf58f7424a50078942ddc9e6b98ea1e902dd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/92cdaf58f7424a50078942ddc9e6b98ea1e902dd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181119/256cc228/attachment.html>
