[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Oct 18 21:12:34 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2d3b0fdc by security tracker role at 2018-10-18T20:10:49Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,45 @@
+CVE-2018-18482 (An issue was discovered in libpg_query 10-1.0.2. There is a memory leak ...)
+ TODO: check
+CVE-2018-18481 (A heap-based buffer over-read exists in libopencad 0.2.0 in the ...)
+ TODO: check
+CVE-2018-18480 (A heap-based buffer over-read exists in libopencad 0.2.0 in the ...)
+ TODO: check
+CVE-2018-18479
+ RESERVED
+CVE-2018-18478 (Persistent Cross-Site Scripting (XSS) issues in LibreNMS before 1.44 ...)
+ TODO: check
+CVE-2018-18477
+ RESERVED
+CVE-2018-18476
+ RESERVED
+CVE-2018-18475
+ RESERVED
+CVE-2018-18474
+ RESERVED
+CVE-2018-18473
+ RESERVED
+CVE-2018-18472
+ RESERVED
+CVE-2018-18471
+ RESERVED
+CVE-2018-18470
+ RESERVED
+CVE-2018-18469
+ RESERVED
+CVE-2018-18468
+ RESERVED
+CVE-2018-18467
+ RESERVED
+CVE-2018-18466
+ RESERVED
+CVE-2018-18465
+ RESERVED
+CVE-2018-18464
+ RESERVED
+CVE-2018-18463
+ RESERVED
+CVE-2018-18462
+ RESERVED
CVE-2018-XXXX [Injection in DefaultMailSystem::mail()]
- drupal7 <removed> (bug #911337)
NOTE: https://www.drupal.org/sa-core-2018-006
@@ -15043,20 +15085,17 @@ CVE-2018-12389
RESERVED
CVE-2018-12388
RESERVED
-CVE-2018-12387
- RESERVED
+CVE-2018-12387 (A vulnerability where the JavaScript JIT compiler inlines ...)
{DSA-4310-1}
- firefox 62.0.3-1
- firefox-esr 60.2.2esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/#CVE-2018-12387
-CVE-2018-12386
- RESERVED
+CVE-2018-12386 (A vulnerability in register allocation in JavaScript can lead to type ...)
{DSA-4310-1}
- firefox 62.0.3-1
- firefox-esr 60.2.2esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/#CVE-2018-12386
-CVE-2018-12385
- RESERVED
+CVE-2018-12385 (A potentially exploitable crash in TransportSecurityInfo used for SSL ...)
{DSA-4304-1}
- firefox 62.0.2-1
- firefox-esr 60.2.1esr-1
@@ -15073,8 +15112,7 @@ CVE-2018-12384 [ServerHello.random is all zero when handling a v2-compatible Cli
NOTE: https://hg.mozilla.org/projects/nss/rev/46f9a1f40c3d (NSS_3_36_BRANCH)
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1483128
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1622089
-CVE-2018-12383
- RESERVED
+CVE-2018-12383 (If a user saved passwords before Firefox 58 and then later set a ...)
{DSA-4304-1}
- firefox 62.0-1
- firefox-esr 60.2.1esr-1
@@ -15082,20 +15120,17 @@ CVE-2018-12383
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2018-12383
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-23/#CVE-2018-12383
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12383
-CVE-2018-12382
- RESERVED
+CVE-2018-12382 (The displayed addressbar URL can be spoofed on Firefox for Android ...)
- firefox <not-affected> (Android-specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2018-12382
-CVE-2018-12381
- RESERVED
+CVE-2018-12381 (Manually dragging and dropping an Outlook email message into the ...)
- firefox <not-affected> (Windows-specific)
- firefox-esr <not-affected> (Windows-specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2018-12381
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12381
CVE-2018-12380
RESERVED
-CVE-2018-12379
- RESERVED
+CVE-2018-12379 (When the Mozilla Updater opens a MAR format file which contains a very ...)
- firefox 62.0-1 (unimportant)
- firefox-esr 60.2.0esr-1 (unimportant)
[stretch] - firefox-esr 60.2.0esr-1~deb9u2
@@ -15103,8 +15138,7 @@ CVE-2018-12379
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2018-12379
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12379
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12379
-CVE-2018-12378
- RESERVED
+CVE-2018-12378 (A use-after-free vulnerability can occur when an IndexedDB index is ...)
{DSA-4287-1}
- firefox 62.0-1
- firefox-esr 60.2.0esr-1
@@ -15112,8 +15146,7 @@ CVE-2018-12378
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2018-12378
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12378
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12378
-CVE-2018-12377
- RESERVED
+CVE-2018-12377 (A use-after-free vulnerability can occur when refresh driver timers ...)
{DSA-4287-1}
- firefox 62.0-1
- firefox-esr 60.2.0esr-1
@@ -15121,8 +15154,7 @@ CVE-2018-12377
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2018-12377
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12377
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12377
-CVE-2018-12376
- RESERVED
+CVE-2018-12376 (Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of ...)
{DSA-4287-1}
- firefox 62.0-1
- firefox-esr 60.2.0esr-1
@@ -15130,22 +15162,18 @@ CVE-2018-12376
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2018-12376
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12376
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12376
-CVE-2018-12375
- RESERVED
+CVE-2018-12375 (Memory safety bugs present in Firefox 61. Some of these bugs showed ...)
- firefox 62.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2018-12375
-CVE-2018-12374
- RESERVED
+CVE-2018-12374 (Plaintext of decrypted emails can leak through by user submitting an ...)
{DSA-4244-1 DLA-1425-1}
- thunderbird 1:52.9.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12374
-CVE-2018-12373
- RESERVED
+CVE-2018-12373 (dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can ...)
{DSA-4244-1 DLA-1425-1}
- thunderbird 1:52.9.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12373
-CVE-2018-12372
- RESERVED
+CVE-2018-12372 (Decrypted S/MIME parts, when included in HTML crafted for an attack, ...)
{DSA-4244-1 DLA-1425-1}
- thunderbird 1:52.9.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12372
@@ -15156,31 +15184,26 @@ CVE-2018-12371
- thunderbird 1:60.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12371
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-19/#CVE-2018-12371
-CVE-2018-12370
- RESERVED
+CVE-2018-12370 (In Reader View SameSite cookie protections are not checked on exiting. ...)
- firefox 61.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12370
-CVE-2018-12369
- RESERVED
+CVE-2018-12369 (WebExtensions bundled with embedded experiments were not correctly ...)
- firefox 61.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12369
-CVE-2018-12368
- RESERVED
+CVE-2018-12368 (Windows 10 does not warn users before opening executable files with ...)
- firefox-esr <not-affected> (Windows-specific)
- firefox <not-affected> (Windows-specific)
- thunderbird <not-affected> (Windows-specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12368
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/#CVE-2018-12368
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12368
-CVE-2018-12367
- RESERVED
+CVE-2018-12367 (In the previous mitigations for Spectre, the resolution or precision ...)
{DSA-4295-1}
- firefox 61.0-1
- thunderbird 1:60.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12367
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-19/#CVE-2018-12367
-CVE-2018-12366
- RESERVED
+CVE-2018-12366 (An invalid grid size during QCMS (color profile) transformations can ...)
{DSA-4244-1 DSA-4235-1 DLA-1425-1 DLA-1406-1}
- firefox-esr 52.9.0esr-1
- firefox 61.0-1
@@ -15188,8 +15211,7 @@ CVE-2018-12366
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12366
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/#CVE-2018-12366
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12366
-CVE-2018-12365
- RESERVED
+CVE-2018-12365 (A compromised IPC child process can escape the content sandbox and ...)
{DSA-4244-1 DSA-4235-1 DLA-1425-1 DLA-1406-1}
- firefox-esr 52.9.0esr-1
- firefox 61.0-1
@@ -15197,8 +15219,7 @@ CVE-2018-12365
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12365
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/#CVE-2018-12365
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12365
-CVE-2018-12364
- RESERVED
+CVE-2018-12364 (NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin ...)
{DSA-4244-1 DSA-4235-1 DLA-1425-1 DLA-1406-1}
- firefox-esr 52.9.0esr-1
- firefox 61.0-1
@@ -15206,8 +15227,7 @@ CVE-2018-12364
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12364
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/#CVE-2018-12364
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12364
-CVE-2018-12363
- RESERVED
+CVE-2018-12363 (A use-after-free vulnerability can occur when script uses mutation ...)
{DSA-4244-1 DSA-4235-1 DLA-1425-1 DLA-1406-1}
- firefox-esr 52.9.0esr-1
- firefox 61.0-1
@@ -15215,8 +15235,7 @@ CVE-2018-12363
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12363
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/#CVE-2018-12363
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12363
-CVE-2018-12362
- RESERVED
+CVE-2018-12362 (An integer overflow can occur during graphics operations done by the ...)
{DSA-4244-1 DSA-4235-1 DLA-1425-1 DLA-1406-1}
- firefox-esr 52.9.0esr-1
- firefox 61.0-1
@@ -15224,15 +15243,13 @@ CVE-2018-12362
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12362
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/#CVE-2018-12362
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12362
-CVE-2018-12361
- RESERVED
+CVE-2018-12361 (An integer overflow can occur in the SwizzleData code while ...)
{DSA-4295-1}
- firefox 61.0-1
- thunderbird 1:60.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12361
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-19/#CVE-2018-12361
-CVE-2018-12360
- RESERVED
+CVE-2018-12360 (A use-after-free vulnerability can occur when deleting an input ...)
{DSA-4244-1 DSA-4235-1 DLA-1425-1 DLA-1406-1}
- firefox-esr 52.9.0esr-1
- firefox 61.0-1
@@ -15240,8 +15257,7 @@ CVE-2018-12360
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12360
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/#CVE-2018-12360
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12360
-CVE-2018-12359
- RESERVED
+CVE-2018-12359 (A buffer overflow can occur when rendering canvas content while ...)
{DSA-4244-1 DSA-4235-1 DLA-1425-1 DLA-1406-1}
- firefox-esr 52.9.0esr-1
- firefox 61.0-1
@@ -15249,8 +15265,7 @@ CVE-2018-12359
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12359
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/#CVE-2018-12359
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12359
-CVE-2018-12358
- RESERVED
+CVE-2018-12358 (Service workers can use redirection to avoid the tainting of ...)
- firefox 61.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12358
CVE-2018-12423 (In Synapse before 0.31.2, unauthorised users can hijack rooms when ...)
@@ -35538,8 +35553,7 @@ CVE-2018-5190 (PicturesPro Photo Cart 6 and 7 before Security-Patch-2018-B allow
NOT-FOR-US: PicturesPro Photo Cart
CVE-2018-5189 (Race condition in Jungo Windriver 12.5.1 allows local users to cause a ...)
NOT-FOR-US: Jungo Windriver
-CVE-2018-5188
- RESERVED
+CVE-2018-5188 (Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ...)
{DSA-4244-1 DSA-4235-1 DLA-1425-1 DLA-1406-1}
- firefox-esr 52.9.0esr-1
- firefox 61.0-1
@@ -35547,15 +35561,13 @@ CVE-2018-5188
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-5188
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/#CVE-2018-5188
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-5188
-CVE-2018-5187
- RESERVED
+CVE-2018-5187 (Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of ...)
{DSA-4295-1}
- firefox 61.0-1
- thunderbird 1:60.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-5187
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-19/#CVE-2018-5187
-CVE-2018-5186
- RESERVED
+CVE-2018-5186 (Memory safety bugs present in Firefox 60. Some of these bugs showed ...)
- firefox 61.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-5186
CVE-2018-5185 (Plaintext of decrypted emails can leak through by user submitting an ...)
@@ -35676,8 +35688,7 @@ CVE-2018-5157 (Same-origin protections for the PDF viewer can be bypassed, allow
- firefox-esr 52.8.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5157
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5157
-CVE-2018-5156
- RESERVED
+CVE-2018-5156 (A vulnerability can occur when capturing a media stream when the media ...)
{DSA-4295-1 DSA-4235-1 DLA-1406-1}
- firefox-esr 52.9.0esr-1
- firefox 61.0-1
@@ -44697,8 +44708,8 @@ CVE-2018-1824
RESERVED
CVE-2018-1823
RESERVED
-CVE-2018-1822
- RESERVED
+CVE-2018-1822 (IBM FlashSystem 900 product GUI allows a specially crafted attack to ...)
+ TODO: check
CVE-2018-1821
RESERVED
CVE-2018-1820 (IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site ...)
@@ -45305,8 +45316,8 @@ CVE-2018-1520
RESERVED
CVE-2018-1519
RESERVED
-CVE-2018-1518
- RESERVED
+CVE-2018-1518 (IBM InfoSphere Information Server 11.7 is affected by a weak password ...)
+ TODO: check
CVE-2018-1517 (A flaw in the java.math component in IBM SDK, Java Technology Edition ...)
NOT-FOR-US: IBM JDK
CVE-2018-1516
@@ -102731,8 +102742,7 @@ CVE-2016-9071 (Content Security Policy combined with HTTP to HTTPS redirection c
CVE-2016-9070 (A maliciously crafted page loaded to the sidebar through a bookmark ...)
- firefox 50.0-1
- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
-CVE-2016-9069
- RESERVED
+CVE-2016-9069 (A use-after-free in nsINode::ReplaceOrInsertBefore during DOM ...)
- firefox 50.0-1
CVE-2016-9068 (A use-after-free during web animations when working with timelines ...)
- firefox 50.0-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2d3b0fdc537d111bb3aca542e130276468f9c7e4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2d3b0fdc537d111bb3aca542e130276468f9c7e4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181018/8bd8c6ff/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list