[Git][security-tracker-team/security-tracker][master] automatic update

Wed Sep 5 21:10:26 BST 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cd556c47 by security tracker role at 2018-09-05T20:10:18Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,6 +1,59 @@
+CVE-2018-16545 (Kaizen Asset Manager (Enterprise Edition) and Training Manager ...)
+	TODO: check
+CVE-2018-16544
+	RESERVED
+CVE-2018-16538
+	RESERVED
+CVE-2018-16537
+	RESERVED
+CVE-2018-16536
+	RESERVED
+CVE-2018-16535
+	RESERVED
+CVE-2018-16534
+	RESERVED
+CVE-2018-16533
+	RESERVED
+CVE-2018-16532
+	RESERVED
+CVE-2018-16531
+	RESERVED
+CVE-2018-16530
+	RESERVED
+CVE-2018-16529
+	RESERVED
+CVE-2018-16528
+	RESERVED
+CVE-2018-16527
+	RESERVED
+CVE-2018-16526
+	RESERVED
+CVE-2018-16525
+	RESERVED
+CVE-2018-16524
+	RESERVED
+CVE-2018-16523
+	RESERVED
+CVE-2018-16522
+	RESERVED
+CVE-2018-16521 (An XML External Entity (XXE) vulnerability exists in HTML Form Entry ...)
+	TODO: check
+CVE-2018-16520
+	RESERVED
+CVE-2018-16519
+	RESERVED
+CVE-2018-16518 (A directory traversal vulnerability with remote code execution in ...)
+	TODO: check
+CVE-2018-16517
+	RESERVED
+CVE-2018-16516 (helpers.py in Flask-Admin 1.5.2 has Reflected XSS via a crafted URL. ...)
+	TODO: check
+CVE-2018-16514
+	RESERVED
 CVE-2018-XXXX [Interger overflow while running jhead]
 	- jhead <unfixed> (bug #907925)
 CVE-2018-16515
+	RESERVED
 	- matrix-synapse <unfixed> (bug #908044)
 	NOTE: https://matrix.org/blog/2018/09/05/pre-disclosure-upcoming-critical-security-fix-for-synapse/
 CVE-2018-16512
@@ -1391,7 +1444,7 @@ CVE-2018-15911 (In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=8e9ce5016db968b40e4ec255a3005f2786cce45f
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699665
 	NOTE: https://www.kb.cert.org/vuls/id/332928
-CVE-2018-15910 (In Artifex Ghostscript 9.23 before 2018-08-23, attackers able to supply ...)
+CVE-2018-15910 (In Artifex Ghostscript before 9.24, attackers able to supply crafted ...)
 	- ghostscript 9.22~dfsg-3 (bug #907332)
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c3476dde7743761a4e1d39a631716199b696b880
 	NOTE: https://www.kb.cert.org/vuls/id/332928
@@ -1480,27 +1533,27 @@ CVE-2018-15878
 	RESERVED
 CVE-2017-18345 (The Joomanager component through 2.0.0 for Joomla! has an arbitrary ...)
 	NOT-FOR-US: Joomla addon
-CVE-2018-16543
+CVE-2018-16543 (In Artifex Ghostscript before 9.24, gssetresolution and gsgetresolution ...)
 	- ghostscript <unfixed>
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5b5536fa88a9e885032bc0df3852c3439399a5c0
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699670
-CVE-2018-16542
+CVE-2018-16542 (In Artifex Ghostscript before 9.24, attackers able to supply crafted ...)
 	- ghostscript 9.22~dfsg-3 (bug #907332)
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b575e1ec42cc86f6a58c603f2a88fcc2af699cc8
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699668
-CVE-2018-16541
+CVE-2018-16541 (In Artifex Ghostscript before 9.24, attackers able to supply crafted ...)
 	- ghostscript 9.22~dfsg-3 (bug #907332)
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=241d91112771a6104de10b3948c3f350d6690c1d
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699664
-CVE-2018-16540
+CVE-2018-16540 (In Artifex Ghostscript before 9.24, attackers able to supply crafted ...)
 	- ghostscript 9.22~dfsg-3 (bug #907332)
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c432131c3fdb2143e148e8ba88555f7f7a63b25e
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699661
-CVE-2018-16539
+CVE-2018-16539 (In Artifex Ghostscript before 9.24, attackers able to supply crafted ...)
 	- ghostscript 9.22~dfsg-3 (bug #907332)
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=a054156d425b4dbdaaa9fda4b5f1182b27598c2b
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699658
-CVE-2018-16513
+CVE-2018-16513 (In Artifex Ghostscript before 9.24, attackers able to supply crafted ...)
 	- ghostscript 9.22~dfsg-3 (bug #907332)
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b326a71659b7837d3acde954b18bda1a6f5e9498
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699655
@@ -4451,8 +4504,7 @@ CVE-2018-14619 (A flaw was found in the crypto subsystem of the Linux kernel bef
 	[jessie] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/b32a7dc8aef1882fbf983eb354837488cc9d54dc
 	NOTE: http://www.openwall.com/lists/oss-security/2018/08/28/1
-CVE-2018-14618 [Curl_ntlm_core_mk_nt_hash: return error on too long password]
-	RESERVED
+CVE-2018-14618 (curl before version 7.61.1 is vulnerable to a buffer overrun in the ...)
 	- curl <unfixed>
 	NOTE: https://curl.haxx.se/docs/CVE-2018-14618.html
 	NOTE: https://github.com/curl/curl/issues/2756
@@ -5060,7 +5112,7 @@ CVE-2016-10727 (camel/providers/imapx/camel-imapx-server.c in the IMAPx componen
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1334842
 	NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/commit/f26a6f67
 CVE-2018-14424 (The daemon in GDM through 3.29.1 does not properly unexport display ...)
-	{DSA-4270-1}
+	{DSA-4270-1 DLA-1494-1}
 	- gdm3 3.28.2-4
 	NOTE: https://gitlab.gnome.org/GNOME/gdm/issues/401
 	NOTE: https://gitlab.gnome.org/GNOME/gdm/commit/6060db704a19b0db68f2e9e6a2d020c0c78b6bba
@@ -9246,7 +9298,7 @@ CVE-2018-1000552 (Trovebox version <= 4.0.0-rc6 contains a SQL Injection vuln
 CVE-2018-1000551 (Trovebox version <= 4.0.0-rc6 contains a PHP Type juggling ...)
 	NOT-FOR-US: Trovebox
 CVE-2018-1000550 (The Sympa Community Sympa version prior to version 6.2.32 contains a ...)
-	{DLA-1441-1}
+	{DSA-4285-1 DLA-1441-1}
 	- sympa 6.2.32~dfsg-1
 	NOTE: https://sympa-community.github.io/security/2018-001.html
 CVE-2018-1000549 (Wekan version 1.04.0 contains a Email / Username Enumeration ...)
@@ -14285,6 +14337,7 @@ CVE-2018-10860 (perl-archive-zip is vulnerable to a directory traversal in ...)
 	NOTE: https://github.com/redhotpenguin/perl-Archive-Zip/pull/33
 	NOTE: https://github.com/redhotpenguin/perl-Archive-Zip/commit/95e1df86327
 CVE-2018-10859 (git-annex is vulnerable to an Information Exposure when decrypting ...)
+	{DLA-1495-1}
 	- git-annex 6.20180626-1
 	[stretch] - git-annex 6.20170101-1+deb9u2
 	NOTE: http://www.openwall.com/lists/oss-security/2018/06/26/4
@@ -14294,6 +14347,7 @@ CVE-2018-10858 (A heap-buffer overflow was found in the way samba clients proces
 	- samba 2:4.8.4+dfsg-1
 	NOTE: https://www.samba.org/samba/security/CVE-2018-10858.html
 CVE-2018-10857 (git-annex is vulnerable to a private data exposure and exfiltration ...)
+	{DLA-1495-1}
 	- git-annex 6.20180626-1
 	[stretch] - git-annex 6.20170101-1+deb9u2
 	NOTE: http://www.openwall.com/lists/oss-security/2018/06/26/4
@@ -18505,12 +18559,12 @@ CVE-2018-9196
 	RESERVED
 CVE-2018-9195
 	RESERVED
-CVE-2018-9194
-	RESERVED
+CVE-2018-9194 (A plaintext recovery of encrypted messages or a Man-in-the-middle ...)
+	TODO: check
 CVE-2018-9193
 	RESERVED
-CVE-2018-9192
-	RESERVED
+CVE-2018-9192 (A plaintext recovery of encrypted messages or a Man-in-the-middle ...)
+	TODO: check
 CVE-2018-9191
 	RESERVED
 CVE-2018-9190
@@ -40715,8 +40769,8 @@ CVE-2018-1355 (An open redirect vulnerability in Fortinet FortiManager 6.0.0 and
 	NOT-FOR-US: Fortinet
 CVE-2018-1354 (An improper access control vulnerability in Fortinet FortiManager ...)
 	NOT-FOR-US: Fortinet
-CVE-2018-1353
-	RESERVED
+CVE-2018-1353 (An information disclosure vulnerability in Fortinet FortiManager 6.0.1 ...)
+	TODO: check
 CVE-2018-1352
 	RESERVED
 CVE-2018-1351 (A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager ...)
@@ -57008,7 +57062,8 @@ CVE-2017-13105 (Hi Security Virus Cleaner - Antivirus, Booster, 3.7.1.1329, ...)
 	NOT-FOR-US: Hi Security Virus Cleaner - Antivirus, Booster Android application
 CVE-2017-13104 (Uber Technologies, Inc. UberEATS: Uber for Food Delivery, 1.108.10001, ...)
 	NOT-FOR-US: Uber Technologies, Inc. UberEATS: Uber for Food Delivery iOS application
-CVE-2017-13103 (Pinterest, 6.37, 2017-10-24, iOS application uses a hard-coded key for ...)
+CVE-2017-13103
+	REJECTED
 	NOT-FOR-US: Pinterest iOS application
 CVE-2017-13102 (Gameloft Asphalt Xtreme: Offroad Rally Racing, 1.6.0, 2017-08-13, iOS ...)
 	NOT-FOR-US: Gameloft Asphalt Xtreme: Offroad Rally Racing iOS application
@@ -57457,7 +57512,7 @@ CVE-2017-12973 (Nimbus JOSE+JWT before 4.39 proceeds improperly after detection
 CVE-2017-12972 (In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when ...)
 	NOT-FOR-US: Nimbus JOSE + JWT
 CVE-2017-12976 (git-annex before 6.20170818 allows remote attackers to execute ...)
-	{DSA-4010-1 DLA-1144-1}
+	{DSA-4010-1 DLA-1495-1 DLA-1144-1}
 	- git-annex 6.20170818-1 (bug #873088)
 	NOTE: http://source.git-annex.branchable.com/?p=source.git;a=commit;h=df11e54788b254efebb4898b474de11ae8d3b471
 	NOTE: http://source.git-annex.branchable.com/?p=source.git;a=commit;h=c24d0f0e8984576654e2be149005bc884fe0403a
@@ -79351,6 +79406,7 @@ CVE-2017-5996 (The agent in Bomgar Remote Support 15.2.x before 15.2.3, 16.1.x b
 CVE-2017-5995 (The NetApp ONTAP Select Deploy administration utility 2.0 through ...)
 	NOT-FOR-US: NetApp ONTAP Select Deploy administration utility
 CVE-2017-14431 (Memory leak in Xen 3.3 through 4.8.x allows guest OS users to cause a ...)
+	{DLA-1493-1}
 	- xen 4.8.1-1 (bug #856229)
 	[wheezy] - xen <no-dsa> (Minor issue)
 	NOTE: https://xenbits.xen.org/xsa/advisory-207.html
@@ -99777,8 +99833,7 @@ CVE-2016-1000234
 	RESERVED
 CVE-2016-1000233
 	RESERVED
-CVE-2016-1000232
-	RESERVED
+CVE-2016-1000232 (NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression ...)
 	NOT-FOR-US: nodejs tough-cookie
 	NOTE: https://nodesecurity.io/advisories/130
 CVE-2016-1000231
@@ -106602,8 +106657,7 @@ CVE-2016-6249 (F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout
 CVE-2016-1000037
 	RESERVED
 	- pagure <itp> (bug #829046)
-CVE-2016-1000030 [X.509 Certificates Improperly Imported]
-	RESERVED
+CVE-2016-1000030 (Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates ...)
 	- pidgin 2.11.0-1 (unimportant)
 	[jessie] - pidgin 2.11.0-0+deb8u1
 	NOTE: http://www.pidgin.im/news/security/?id=91
@@ -111440,6 +111494,7 @@ CVE-2016-5026 (hs.py in OnionShare before 0.9.1 allows local users to modify the
 	[jessie] - onionshare <not-affected> (Vulnerable code not present)
 	NOTE: Neutralised by kernel hardening (also contrib and non-free not supported)
 CVE-2016-4963 (The libxl device-handling in Xen through 4.6.x allows local guest OS ...)
+	{DLA-1493-1}
 	- xen 4.8.0~rc3-1
 	[wheezy] - xen <no-dsa> (Minor issue, too intrusive to backport, libvirt doesn't have libxl driver enabled)
 	NOTE: http://xenbits.xen.org/xsa/advisory-178.html



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cd556c470fb83213b48dcb6c78666be95f33a18a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cd556c470fb83213b48dcb6c78666be95f33a18a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180905/0dc66ba4/attachment.html>
