[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat Oct 13 09:11:42 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2e9f5645 by security tracker role at 2018-10-13T08:11:30Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2018-18286
+	RESERVED
+CVE-2018-18285
+	RESERVED
+CVE-2018-18284
+	RESERVED
+CVE-2018-18283
+	RESERVED
+CVE-2018-18282 (Next.js 7.0.0 and 7.0.1 has XSS via the 404 or 500 /_error page. ...)
+	TODO: check
+CVE-2018-18281
+	RESERVED
+CVE-2018-18280
+	RESERVED
+CVE-2018-18279
+	RESERVED
+CVE-2018-18278
+	RESERVED
+CVE-2018-18277
+	RESERVED
+CVE-2018-18276
+	RESERVED
+CVE-2018-18275
+	RESERVED
+CVE-2018-18274 (A issue was found in pdfalto 0.2. There is a heap-based buffer overflow ...)
+	TODO: check
+CVE-2018-18273
+	RESERVED
 CVE-2018-18272
 	RESERVED
 CVE-2018-18271 (XSS exists in CMS Made Simple version 2.2.7 via the m1_extra parameter ...)
@@ -3882,12 +3910,12 @@ CVE-2018-16646 (In Poppler 0.68.0, the Parser::getObj() function in Parser.cc ma
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1622951
 	NOTE: Proposed fix: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/67
 CVE-2018-16645 (There is an excessive memory allocation issue in the functions ...)
-	{DLA-1530-1}
+	{DSA-4316-1 DLA-1530-1}
 	- imagemagick <unfixed> (bug #910889)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/ecb31dbad39ccdc65868d5d2a37f0f0521250832
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1268
 CVE-2018-16644 (There is a missing check for length in the functions ReadDCMImage of ...)
-	{DLA-1530-1}
+	{DSA-4316-1 DLA-1530-1}
 	- imagemagick <unfixed> (bug #910888)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/16916c8979c32765c542e216b31cee2671b7afe7
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/afa878a689870c28b6994ecf3bb8dbfb2b76d135
@@ -3902,7 +3930,7 @@ CVE-2018-16643 (The functions ReadDCMImage in coders/dcm.c, ReadPWPImage in ...)
 	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/11d9dac3d991c62289d1ef7a097670166480e76c
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1199
 CVE-2018-16642 (The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 allows ...)
-	{DLA-1530-1}
+	{DSA-4316-1 DLA-1530-1}
 	- imagemagick 8:6.9.10.2+dfsg-2
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/cc4ac341f29fa368da6ef01c207deaf8c61f6a2e
 	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/97bb5dc5aad1584557057d5062601aa151bf9a13
@@ -4496,14 +4524,14 @@ CVE-2018-16415
 CVE-2018-16414
 	RESERVED
 CVE-2018-16413 (ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the ...)
-	{DLA-1530-1}
+	{DSA-4316-1 DLA-1530-1}
 	- imagemagick <unfixed> (bug #910887)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1249
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1251
 	NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/17a1a6f97fd088a71931bdc422f4e96bb6ffc549
 	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/4745eb1047617330141e9abfd5ae01236a71ae12
 CVE-2018-16412 (ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the ...)
-	{DLA-1530-1}
+	{DSA-4316-1 DLA-1530-1}
 	- imagemagick <unfixed> (bug #910887)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1250
 	NOTE: Fixed with same patch as for issue #1249, as per upstream discussion at
@@ -4967,8 +4995,8 @@ CVE-2018-16212
 	RESERVED
 CVE-2018-16211
 	RESERVED
-CVE-2018-16210
-	RESERVED
+CVE-2018-16210 (WAGO 750-881 Ethernet Controller devices, versions 01.09.18(13) and ...)
+	TODO: check
 CVE-2018-16209
 	RESERVED
 CVE-2018-16208
@@ -5384,18 +5412,21 @@ CVE-2018-16060
 CVE-2018-16059 (Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow ...)
 	NOT-FOR-US: Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices
 CVE-2018-16058 (In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the ...)
+	{DSA-4315-1}
 	- wireshark 2.6.3-1 (low)
 	[jessie] - wireshark <no-dsa> (Minor issue)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14884
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c48d6a6d60c5c9111838a945966b6cb8750777be
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-44.html
 CVE-2018-16057 (In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the ...)
+	{DSA-4315-1}
 	- wireshark 2.6.3-1 (low)
 	[jessie] - wireshark <no-dsa> (Minor issue)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15022
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4ac83382dc49f9f7b62bffb3cfc508cdaa1e7be5
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-46.html
 CVE-2018-16056 (In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the ...)
+	{DSA-4315-1}
 	- wireshark 2.6.3-1 (low)
 	[jessie] - wireshark <not-affected> (vulnerable code not present)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14994
@@ -6150,8 +6181,8 @@ CVE-2018-15757
 	RESERVED
 CVE-2018-15756
 	RESERVED
-CVE-2018-15755
-	RESERVED
+CVE-2018-15755 (Cloud Foundry CF Networking Release, versions 2.11.0 prior to 2.16.0, ...)
+	TODO: check
 CVE-2018-15754
 	RESERVED
 CVE-2018-15753 (An issue was discovered in the MensaMax (aka com.breustedt.mensamax) ...)
@@ -8688,8 +8719,7 @@ CVE-2018-14666
 	RESERVED
 CVE-2018-14665
 	RESERVED
-CVE-2018-14664
-	RESERVED
+CVE-2018-14664 (A flaw was found in foreman from versions 1.18. A stored cross-site ...)
 	- foreman <itp> (bug #663101)
 CVE-2018-14663
 	RESERVED
@@ -20691,8 +20721,8 @@ CVE-2018-10143
 	RESERVED
 CVE-2018-10142
 	RESERVED
-CVE-2018-10141
-	RESERVED
+CVE-2018-10141 (GlobalProtect Portal Login page in Palo Alto Networks PAN-OS before ...)
+	TODO: check
 CVE-2018-10140 (The PAN-OS Management Web Interface in Palo Alto Networks PAN-OS 8.1.2 ...)
 	NOT-FOR-US: Palo Alto Networks PAN-OS
 CVE-2018-10139 (The PAN-OS response for GlobalProtect Gateway in Palo Alto Networks ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2e9f5645873bc3205c9ed2fd15c692592494673e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2e9f5645873bc3205c9ed2fd15c692592494673e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181013/efbceea2/attachment.html>

More information about the debian-security-tracker-commits mailing list