[Git][security-tracker-team/security-tracker][master] automatic update

Wed Nov 21 08:10:28 GMT 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e9e160e3 by security tracker role at 2018-11-21T08:10:18Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2018-19408
+	RESERVED
+CVE-2018-19407 (The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel ...)
+	TODO: check
+CVE-2018-19406 (kvm_pv_send_ipi in arch/x86/kvm/lapic.c in the Linux kernel through ...)
+	TODO: check
+CVE-2018-19405
+	RESERVED
+CVE-2018-19404 (In YXcms 1.4.7, protected/apps/appmanage/controller/indexController.php ...)
+	TODO: check
+CVE-2018-19403
+	RESERVED
+CVE-2018-19402
+	RESERVED
+CVE-2018-19401
+	RESERVED
+CVE-2018-19400
+	RESERVED
+CVE-2018-19399
+	RESERVED
+CVE-2018-19398
+	RESERVED
+CVE-2018-19397
+	RESERVED
+CVE-2018-19396 (ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows ...)
+	TODO: check
+CVE-2018-19395 (ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows ...)
+	TODO: check
+CVE-2018-19394
+	RESERVED
+CVE-2018-19393
+	RESERVED
+CVE-2018-19392
+	RESERVED
+CVE-2018-19391
+	RESERVED
+CVE-2018-19390 (FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to ...)
+	TODO: check
+CVE-2018-19389 (FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to ...)
+	TODO: check
+CVE-2018-19388 (FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to ...)
+	TODO: check
+CVE-2018-19387 (format_cb_pane_tabs in format.c in tmux 2.7 through 2.8 might allow ...)
+	TODO: check
+CVE-2018-19386
+	RESERVED
 CVE-2018-19385
 	RESERVED
 CVE-2018-19384
@@ -16,8 +62,8 @@ CVE-2018-19378
 	RESERVED
 CVE-2018-19377
 	RESERVED
-CVE-2018-19376
-	RESERVED
+CVE-2018-19376 (An issue was discovered in GreenCMS v2.3.0603. There is a CSRF ...)
+	TODO: check
 CVE-2018-19375
 	RESERVED
 CVE-2018-19374
@@ -2308,7 +2354,7 @@ CVE-2018-18546 (ThinkPHP 3.2.4 has SQL Injection via the order parameter because
 	NOT-FOR-US: ThinkPHP
 CVE-2018-18545 (Fiyo CMS 2.0.7 has XSS via the dapur\apps\app_user\edit_user.php name ...)
 	NOT-FOR-US: Fiyo CMS
-CVE-2018-18544 (There is a memory leak in the function WriteMSLImage of coders/msl.c in ...)
+CVE-2018-18544 (There is a memory leak in the function WriteMSLImage of coders/msl.c ...)
 	- imagemagick 8:6.9.10.14+dfsg-1 (unimportant)
 	- graphicsmagick 1.3.31-1 (unimportant)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1360
@@ -41265,6 +41311,7 @@ CVE-2018-4015
 CVE-2018-4014
 	RESERVED
 CVE-2018-4013 (An exploitable code execution vulnerability exists in the HTTP ...)
+	{DLA-1582-1}
 	- liblivemedia 2018.10.17-1
 	NOTE: http://lists.live555.com/pipermail/live-devel/2018-October/021071.html
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2018-0684
@@ -62607,6 +62654,7 @@ CVE-2017-14134 (A Reflected XSS Vulnerability affects the forgotten password pag
 CVE-2017-14133
 	RESERVED
 CVE-2017-14132 (JasPer 2.0.13 allows remote attackers to cause a denial of service ...)
+	{DLA-1583-1}
 	- jasper <removed> (low)
 	[wheezy] - jasper <ignored> (Minor issue)
 	NOTE: https://github.com/mdadams/jasper/issues/147
@@ -63639,6 +63687,7 @@ CVE-2017-13749 (There is a reachable assertion abort in the function jpc_pi_next
 	- jasper <removed> (unimportant)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1485285
 CVE-2017-13748 (There are lots of memory leaks in JasPer 2.0.12, triggered in the ...)
+	{DLA-1583-1}
 	- jasper <removed> (low)
 	[wheezy] - jasper <ignored> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1485287
@@ -106728,6 +106777,7 @@ CVE-2016-8691 (The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in Ja
 	NOTE: Fixed by: https://github.com/mdadams/jasper/commit/d8c2604cd438c41ec72aff52c16ebd8183068020 (version-1.900.4)
 	NOTE: Not suitable for code injection, hardly denial of service
 CVE-2016-8690 (The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before ...)
+	{DLA-1583-1}
 	- jasper <removed> (low; bug #841112)
 	[wheezy] - jasper <no-dsa> (Minor issue)
 	NOTE: CVE ID for the first and fifth items of http://www.openwall.com/lists/oss-security/2016/08/23/6 post
@@ -144739,6 +144789,7 @@ CVE-2015-5223 (OpenStack Object Storage (Swift) before 2.4.0 allows attackers to
 CVE-2015-5222 (Red Hat OpenShift Enterprise 3.0.0.0 does not properly check ...)
 	NOT-FOR-US: OpenShift
 CVE-2015-5221 (Use-after-free vulnerability in the mif_process_cmpt function in ...)
+	{DLA-1583-1}
 	- jasper <removed> (bug #796253)
 	[wheezy] - jasper <no-dsa> (Minor issue)
 	[squeeze] - jasper <no-dsa> (Minor issue)
@@ -144803,6 +144854,7 @@ CVE-2015-5205
 CVE-2015-5204 (CRLF injection vulnerability in the Apache Cordova File Transfer ...)
 	NOT-FOR-US: Apache Cordova Android File Transfer Plugin
 CVE-2015-5203 (Double free vulnerability in the jasper_image_stop_load function in ...)
+	{DLA-1583-1}
 	- jasper <removed> (bug #796107)
 	[wheezy] - jasper <no-dsa> (Minor issue)
 	[squeeze] - jasper <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e9e160e344a0ca94bdbf166990b5b4b64bb0a27a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e9e160e344a0ca94bdbf166990b5b4b64bb0a27a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181121/8ddb2979/attachment-0001.html>
