[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Oct 22 21:10:33 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a8ca9604 by security tracker role at 2018-10-22T20:10:25Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2018-18575
+ RESERVED
+CVE-2018-18574
+ RESERVED
+CVE-2018-18573
+ RESERVED
+CVE-2018-18572
+ RESERVED
+CVE-2018-18571
+ RESERVED
+CVE-2018-18570
+ RESERVED
+CVE-2018-18569
+ RESERVED
+CVE-2018-18568
+ RESERVED
+CVE-2018-18567
+ RESERVED
+CVE-2018-18566
+ RESERVED
+CVE-2018-18565
+ RESERVED
+CVE-2018-18564
+ RESERVED
+CVE-2018-18563
+ RESERVED
+CVE-2018-18562
+ RESERVED
+CVE-2018-18561
+ RESERVED
+CVE-2018-18560
+ RESERVED
+CVE-2018-18559 (In the Linux kernel through 4.19, a use-after-free can occur due to a ...)
+ TODO: check
+CVE-2018-18558
+ RESERVED
+CVE-2018-18557 (LibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a ...)
+ TODO: check
CVE-2018-XXXX [out of bounds memory read in MED files]
- libopenmpt 0.3.13-1 (bug #911584)
NOTE: https://lib.openmpt.org/libopenmpt/2018/10/21/security-updates-0.3.13-0.2.10933-beta36-0.2.7561-beta20.5-p11-0.2.7386-beta20.3-p14/
@@ -639,6 +677,7 @@ CVE-2018-18286
CVE-2018-18285
RESERVED
CVE-2018-18284 (Artifex Ghostscript 9.25 and earlier allows attackers to bypass a ...)
+ {DLA-1552-1}
- ghostscript 9.25~dfsg-3 (bug #911175)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699963
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1696
@@ -1255,7 +1294,7 @@ CVE-2018-18076
RESERVED
CVE-2018-18075 (WikidForum 2.20 has SQL Injection via the rpc.php parent_post_id or ...)
NOT-FOR-US: WikidForum
-CVE-2018-18074 (The Requests package through 2.19.1 before 2018-09-14 for Python sends ...)
+CVE-2018-18074 (The Requests package before 2.20.0 for Python sends an HTTP ...)
- requests <unfixed> (low; bug #910766)
[stretch] - requests <no-dsa> (Minor issue)
[jessie] - requests <postponed> (Minor issue)
@@ -1263,6 +1302,7 @@ CVE-2018-18074 (The Requests package through 2.19.1 before 2018-09-14 for Python
NOTE: https://github.com/requests/requests/pull/4718
NOTE: https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff
CVE-2018-18073 (Artifex Ghostscript allows attackers to bypass a sandbox protection ...)
+ {DLA-1552-1}
- ghostscript 9.25~dfsg-3 (bug #910758)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1690
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699927
@@ -1575,6 +1615,7 @@ CVE-2018-17962 (Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c be
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03268.html
CVE-2018-17961 (Artifex Ghostscript 9.25 and earlier allows attackers to bypass a ...)
+ {DLA-1552-1}
- ghostscript 9.25~dfsg-3 (bug #910678)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1682
NOTE: https://www.openwall.com/lists/oss-security/2018/10/09/4
@@ -7012,10 +7053,10 @@ CVE-2018-15706
RESERVED
CVE-2018-15705
RESERVED
-CVE-2018-15704
- RESERVED
-CVE-2018-15703
- RESERVED
+CVE-2018-15704 (Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer ...)
+ TODO: check
+CVE-2018-15703 (Advantech WebAccess 8.3.2 and below is vulnerable to multiple ...)
+ TODO: check
CVE-2018-15702 (The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is ...)
NOT-FOR-US: TP-Link
CVE-2018-15701 (The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is ...)
@@ -15749,8 +15790,8 @@ CVE-2018-12247 (An issue was discovered in mruby 1.4.1. There is a NULL pointer
NOTE: Introduced by: https://github.com/mruby/mruby/commit/f408143c289b8017883294f13d36d43b50c8bc5d
NOTE: Fixed by: https://github.com/mruby/mruby/commit/55edae0226409de25e59922807cb09acb45731a2
NOTE: https://github.com/mruby/mruby/issues/4036
-CVE-2018-12246
- RESERVED
+CVE-2018-12246 (Symantec Web Isolation (WI) 1.11 prior to 1.11.21 is susceptible to a ...)
+ TODO: check
CVE-2018-12245
RESERVED
CVE-2018-12244
@@ -44879,8 +44920,8 @@ CVE-2018-1852
RESERVED
CVE-2018-1851
RESERVED
-CVE-2018-1850
- RESERVED
+CVE-2018-1850 (IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 and 9.0.5.0 ...)
+ TODO: check
CVE-2018-1849
RESERVED
CVE-2018-1848
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a8ca9604c5691ae3c488c10999ec76451d2e8cb5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a8ca9604c5691ae3c488c10999ec76451d2e8cb5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181022/1f3442f0/attachment.html>
More information about the debian-security-tracker-commits
mailing list