[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Nov 23 08:10:30 GMT 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
60eca076 by security tracker role at 2018-11-23T08:10:21Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,20 +1,62 @@
+CVE-2018-19478
+	RESERVED
+CVE-2018-19474
+	RESERVED
+CVE-2018-19473
+	RESERVED
+CVE-2018-19472
+	RESERVED
+CVE-2018-19471
+	RESERVED
+CVE-2018-19470
+	RESERVED
+CVE-2018-19469 (ArticleCMS through 2017-02-19 has XSS via the ...)
+	TODO: check
+CVE-2018-19468 (HuCart 5.7.4 has SQL injection in get_ip() in ...)
+	TODO: check
+CVE-2018-19467
+	RESERVED
+CVE-2018-19466
+	RESERVED
+CVE-2018-19465
+	RESERVED
+CVE-2018-19464 (Discuz! X3.4 allows XSS via admin.php because ...)
+	TODO: check
+CVE-2018-19463 (zb_system/function/lib/upload.php in Z-BlogPHP through 1.5.1 allows ...)
+	TODO: check
+CVE-2018-19462
+	RESERVED
+CVE-2018-19461
+	RESERVED
+CVE-2018-19460
+	RESERVED
+CVE-2018-19459 (Adult Filter 1.0 has a Buffer Overflow via a crafted Black Domain List ...)
+	TODO: check
+CVE-2018-19458 (In PHP Proxy 3.0.3, any user can read files from the server without ...)
+	TODO: check
+CVE-2018-19457 (Logicspice FAQ Script 2.9.7 allows uploading arbitrary files, which ...)
+	TODO: check
+CVE-2018-19456
+	RESERVED
+CVE-2018-19455
+	RESERVED
 CVE-2018-19486 [run-command: do not fall back to cwd when command is not in $PATH]
 	- git 1:2.19.2-1
 	[stretch] - git <not-affected> (Vulnerable code introduced later)
 	[jessie] - git <not-affected> (Vulnerable code introduced later)
 	NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=321fd82389742398d2924640ce3a61791fd27d60
 	NOTE: Introduced by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=e3a434468fecca7c14a6bef32050dfa60534fde6
-CVE-2018-19477
+CVE-2018-19477 (psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote ...)
 	- ghostscript 9.26~dfsg-1
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ef252e7dc214bcbd9a2539216aab9202848602bb
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;h=606a22e77e7f081781e99e44644cd0119f559e03
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700168
-CVE-2018-19476
+CVE-2018-19476 (psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers ...)
 	- ghostscript 9.26~dfsg-1
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=67d760ab775dae4efe803b5944b0439aa3c0b04a
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;h=434753adbe8be5534bfb9b7d91746023e8073d16
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700169
-CVE-2018-19475
+CVE-2018-19475 (psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote ...)
 	- ghostscript 9.26~dfsg-1
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3005fcb9bb160af199e761e03bc70a9f249a987e
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=aeea342904978c9fe17d85f4906a0f6fcce2d315
@@ -1144,6 +1186,7 @@ CVE-2018-XXXX [XSA-282: guest use of HLE constructs may lock up host]
 	[jessie] - xen 4.4.4lts4-0+deb8u1
 	NOTE: https://xenbits.xen.org/xsa/advisory-282.txt
 CVE-2018-19115 (keepalived before 2.0.7 has a heap-based buffer overflow when parsing ...)
+	{DLA-1589-1}
 	- keepalived <unfixed> (bug #914393)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1015141
 	NOTE: https://github.com/acassen/keepalived/pull/961
@@ -1822,7 +1865,7 @@ CVE-2018-18822 (Grapixel New Media v2.0 allows SQL Injection via the pages.aspx
 CVE-2018-18821
 	RESERVED
 CVE-2018-18820 (A buffer overflow was discovered in the URL-authentication backend of ...)
-	{DSA-4333-1}
+	{DSA-4333-1 DLA-1588-1}
 	- icecast2 2.4.4-1 (bug #912611)
 	NOTE: https://www.openwall.com/lists/oss-security/2018/11/01/3
 	NOTE: https://gitlab.xiph.org/xiph/icecast-server/issues/2342
@@ -44450,7 +44493,7 @@ CVE-2018-3216
 CVE-2018-3215 (Vulnerability in the Oracle Endeca Information Discovery Integrator ...)
 	NOT-FOR-US: Oracle
 CVE-2018-3214 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
-	{DSA-4326-1}
+	{DSA-4326-1 DLA-1590-1}
 	- openjdk-7 <removed>
 	- openjdk-8 8u181-b13-2
 CVE-2018-3213 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
@@ -44539,7 +44582,7 @@ CVE-2018-3182 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
 CVE-2018-3181 (Vulnerability in the Oracle Hospitality Cruise Shipboard Property ...)
 	NOT-FOR-US: Oracle
 CVE-2018-3180 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
-	{DSA-4326-1}
+	{DSA-4326-1 DLA-1590-1}
 	- openjdk-7 <removed>
 	- openjdk-8 8u181-b13-2
 	- openjdk-10 10.0.2+13-2
@@ -44577,7 +44620,7 @@ CVE-2018-3170 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
 	- mysql-5.5 <not-affected> (Only affects MySQL 8)
 	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
 CVE-2018-3169 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
-	{DSA-4326-1}
+	{DSA-4326-1 DLA-1590-1}
 	- openjdk-7 <removed>
 	- openjdk-8 8u181-b13-2
 	- openjdk-10 10.0.2+13-2
@@ -44634,7 +44677,7 @@ CVE-2018-3150 (Vulnerability in the Java SE component of Oracle Java SE ...)
 	- openjdk-10 10.0.2+13-2
 	- openjdk-11 11.0.1+13-1
 CVE-2018-3149 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
-	{DSA-4326-1}
+	{DSA-4326-1 DLA-1590-1}
 	- openjdk-7 <removed>
 	- openjdk-8 8u181-b13-2
 	- openjdk-10 10.0.2+13-2
@@ -44668,7 +44711,7 @@ CVE-2018-3141 (Vulnerability in the Hyperion Essbase Administration Services ...
 CVE-2018-3140 (Vulnerability in the Hyperion Essbase Administration Services ...)
 	NOT-FOR-US: Oracle
 CVE-2018-3139 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
-	{DSA-4326-1}
+	{DSA-4326-1 DLA-1590-1}
 	- openjdk-7 <removed>
 	- openjdk-8 8u181-b13-2
 	- openjdk-10 10.0.2+13-2
@@ -44680,7 +44723,7 @@ CVE-2018-3137 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
 	- mysql-5.5 <not-affected> (Only affects MySQL 8)
 	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
 CVE-2018-3136 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
-	{DSA-4326-1}
+	{DSA-4326-1 DLA-1590-1}
 	- openjdk-7 <removed>
 	- openjdk-8 8u181-b13-2
 	- openjdk-10 10.0.2+13-2
@@ -45092,7 +45135,7 @@ CVE-2018-2954 (Vulnerability in the Oracle Order Management component of Oracle
 CVE-2018-2953 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
 	NOT-FOR-US: Oracle
 CVE-2018-2952 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
-	{DSA-4268-1}
+	{DSA-4268-1 DLA-1590-1}
 	- openjdk-7 <removed>
 	- openjdk-8 8u181-b13-1
 	- openjdk-10 10.0.2+13-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/60eca076ca8d0e48ffe46a767930e3228cf26f34

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/60eca076ca8d0e48ffe46a767930e3228cf26f34
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181123/747959a9/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list