[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Nov 23 20:10:32 GMT 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bf6d43a3 by security tracker role at 2018-11-23T20:10:20Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,53 @@
+CVE-2018-19504 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) ...)
+	TODO: check
+CVE-2018-19503 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) ...)
+	TODO: check
+CVE-2018-19502 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) ...)
+	TODO: check
+CVE-2018-19501
+	RESERVED
+CVE-2018-19500
+	RESERVED
+CVE-2018-19499 (Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code ...)
+	TODO: check
+CVE-2018-19498
+	RESERVED
+CVE-2018-19497
+	RESERVED
+CVE-2018-19496
+	RESERVED
+CVE-2018-19495
+	RESERVED
+CVE-2018-19494
+	RESERVED
+CVE-2018-19493
+	RESERVED
+CVE-2018-19492 (An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue ...)
+	TODO: check
+CVE-2018-19491 (An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows ...)
+	TODO: check
+CVE-2018-19490 (An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue ...)
+	TODO: check
+CVE-2018-19489
+	RESERVED
+CVE-2018-19488
+	RESERVED
+CVE-2018-19487
+	RESERVED
+CVE-2018-19485
+	RESERVED
+CVE-2018-19484
+	RESERVED
+CVE-2018-19483
+	RESERVED
+CVE-2018-19482
+	RESERVED
+CVE-2018-19481
+	RESERVED
+CVE-2018-19480
+	RESERVED
+CVE-2018-19479
+	RESERVED
 CVE-2018-19478
 	RESERVED
 CVE-2018-19474
@@ -40,7 +90,7 @@ CVE-2018-19456
 	RESERVED
 CVE-2018-19455
 	RESERVED
-CVE-2018-19486 [run-command: do not fall back to cwd when command is not in $PATH]
+CVE-2018-19486 (Git before 2.19.2 on Linux and UNIX executes commands from the current ...)
 	- git 1:2.19.2-1
 	[stretch] - git <not-affected> (Vulnerable code introduced later)
 	[jessie] - git <not-affected> (Vulnerable code introduced later)
@@ -449,6 +499,7 @@ CVE-2018-19298
 CVE-2018-19297
 	RESERVED
 CVE-2018-19296 (PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object ...)
+	{DLA-1591-1}
 	- libphp-phpmailer <unfixed> (bug #913912)
 	NOTE: https://github.com/PHPMailer/PHPMailer/commit/f1231a9771505f4f34da060390d82eadb8448271
 CVE-2018-19295
@@ -1148,6 +1199,7 @@ CVE-2018-19122 (An issue has been found in libIEC61850 v1.3. It is a NULL pointe
 CVE-2018-19121 (An issue has been found in libIEC61850 v1.3. It is a SEGV in ...)
 	NOT-FOR-US: libIEC61850
 CVE-2018-19141 (Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before ...)
+	{DLA-1592-1}
 	- otrs2 6.0.1-1
 	NOTE: https://community.otrs.com/security-advisory-2018-09-security-update-for-otrs-framework/
 	NOTE: Only the 4.x and 5.x series are affected (and possibly earlier versions).
@@ -1158,6 +1210,7 @@ CVE-2018-19142 (Open Ticket Request System (OTRS) 6.0.x before 6.0.13 allows an
 	[jessie] - otrs2 <not-affected> (Only affects 6.x)
 	NOTE: https://community.otrs.com/security-advisory-2018-08-security-update-for-otrs-framework/
 CVE-2018-19143 (Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before ...)
+	{DLA-1592-1}
 	- otrs2 6.0.13-1
 	NOTE: https://community.otrs.com/security-advisory-2018-07-security-update-for-otrs-framework/
 CVE-2018-19120 [HTML Thumbnailer automatic remote file access]
@@ -41546,7 +41599,7 @@ CVE-2018-4015
 CVE-2018-4014
 	RESERVED
 CVE-2018-4013 (An exploitable code execution vulnerability exists in the HTTP ...)
-	{DLA-1582-1}
+	{DSA-4343-1 DLA-1582-1}
 	- liblivemedia 2018.10.17-1
 	NOTE: http://lists.live555.com/pipermail/live-devel/2018-October/021071.html
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2018-0684
@@ -90757,7 +90810,7 @@ CVE-2017-5225 (LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in
 CVE-2017-5224
 	RESERVED
 CVE-2017-5223 (An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML ...)
-	{DLA-817-1}
+	{DLA-1591-1 DLA-817-1}
 	- libphp-phpmailer 5.2.14+dfsg-2.3 (bug #853232)
 	NOTE: Fixed by: https://github.com/PHPMailer/PHPMailer/commit/ad4cb09682682da2217799a0c521d4cdc6753402 (v5.2.22)
 	NOTE: http://kalilinux.co/2017/01/12/phpmailer-cve-2017-5223-local-information-disclosure-vulnerability-analysis/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bf6d43a3556dd45fca97dd004e20e82ac475166e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bf6d43a3556dd45fca97dd004e20e82ac475166e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181123/33b4cbee/attachment.html>

More information about the debian-security-tracker-commits mailing list