[Git][security-tracker-team/security-tracker][master] automatic update

Sun Oct 28 20:10:38 GMT 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ecba9cd1 by security tracker role at 2018-10-28T20:10:23Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2018-18765 (An exploitable arbitrary memory read vulnerability exists in the MQTT ...)
+	TODO: check
+CVE-2018-18764 (An exploitable arbitrary memory read vulnerability exists in the MQTT ...)
+	TODO: check
+CVE-2018-18763
+	RESERVED
+CVE-2018-18762
+	RESERVED
+CVE-2018-18761
+	RESERVED
+CVE-2018-18760
+	RESERVED
+CVE-2018-18759
+	RESERVED
+CVE-2018-18758
+	RESERVED
+CVE-2018-18757
+	RESERVED
+CVE-2018-18756
+	RESERVED
+CVE-2018-18755
+	RESERVED
+CVE-2018-18754 (ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root account ...)
+	TODO: check
+CVE-2018-18753 (Typecho V1.1 allows remote attackers to send shell commands via ...)
+	TODO: check
+CVE-2018-18752 (Webiness Inventory 2.3 suffers from an Arbitrary File upload ...)
+	TODO: check
+CVE-2018-18751 (An issue was discovered in GNU gettext 0.19.8. There is a double free ...)
+	TODO: check
 CVE-2018-18750
 	RESERVED
 CVE-2018-18749 (data-tools through 2017-07-26 has an Integer Overflow leading to an ...)
@@ -450,6 +480,7 @@ CVE-2018-18559 (In the Linux kernel through 4.19, a use-after-free can occur due
 CVE-2018-18558
 	RESERVED
 CVE-2018-18557 (LibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a ...)
+	{DLA-1557-1}
 	- tiff 4.0.9+git181026-1 (bug #911635)
 	- tiff3 <removed>
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1697
@@ -496,6 +527,7 @@ CVE-2018-18540 (TeaKKi 2.7 allows XSS via a crafted onerror attribute for a pict
 CVE-2018-18539
 	RESERVED
 CVE-2018-18541 (In Teeworlds before 0.6.5, connection packets could be forged. There ...)
+	{DSA-4329-1}
 	- teeworlds 0.7.0-1 (bug #911487)
 	[jessie] - teeworlds <end-of-life> (Not supported in jessie LTS)
 	NOTE: https://www.teeworlds.com/forum/viewtopic.php?id=12544
@@ -4009,11 +4041,13 @@ CVE-2018-17103 (** DISPUTED ** An issue was discovered in GetSimple CMS v3.3.13.
 CVE-2018-17102 (An issue was discovered in QuickAppsCMS (aka QACMS) through ...)
 	NOT-FOR-US: QuickAppsCMS
 CVE-2018-17101 (An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds ...)
+	{DLA-1557-1}
 	- tiff 4.0.9+git181026-1 (bug #909037)
 	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2807
 	NOTE: https://gitlab.com/libtiff/libtiff/merge_requests/33/diffs?commit_id=f1b94e8a3ba49febdd3361c0214a1d1149251577
 CVE-2018-17100 (An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in ...)
+	{DLA-1557-1}
 	- tiff 4.0.9+git181026-1 (bug #909038)
 	- tiff3 <removed>
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2810



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ecba9cd10797d80f238a279c0000f06cf8a0bc3f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ecba9cd10797d80f238a279c0000f06cf8a0bc3f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181028/c65f5cb9/attachment-0001.html>
