[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sat Sep 8 09:10:23 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
eee846ed by security tracker role at 2018-09-08T08:10:14Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2018-16714
+ RESERVED
+CVE-2018-16713
+ RESERVED
+CVE-2018-16712
+ RESERVED
+CVE-2018-16711
+ RESERVED
CVE-2018-16710 (** DISPUTED ** OctoPrint through 1.3.9 allows remote attackers to ...)
- octoprint <itp> (bug #718591)
NOTE: https://github.com/foosel/OctoPrint/issues/2814
@@ -581,8 +589,8 @@ CVE-2018-16456
RESERVED
CVE-2018-16455
RESERVED
-CVE-2018-16454
- RESERVED
+CVE-2018-16454 (PHP Scripts Mall Olx Clone 3.4.2 has XSS. ...)
+ TODO: check
CVE-2018-16453
RESERVED
CVE-2018-16452
@@ -855,8 +863,8 @@ CVE-2018-16365 (An issue discovered in idreamsoft iCMS V7.0.10. ...)
NOT-FOR-US: idreamsoft iCMS
CVE-2018-16364
RESERVED
-CVE-2018-16363
- RESERVED
+CVE-2018-16363 (The mndpsingh287 File Manager plugin V2.9 for WordPress has XSS via ...)
+ TODO: check
CVE-2018-16362 (An issue was discovered in the Source Integration plugin before 1.5.9 ...)
NOT-FOR-US: Mantis plugin
CVE-2018-16361 (An issue was discovered in BTITeam XBTIT 2.5.4. news.php allows XSS ...)
@@ -1467,54 +1475,67 @@ CVE-2018-16086
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16085
RESERVED
+ {DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16084
RESERVED
+ {DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16083
RESERVED
+ {DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16082
RESERVED
+ {DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16081
RESERVED
+ {DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16080
RESERVED
+ {DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16079
RESERVED
+ {DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16078
RESERVED
+ {DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16077
RESERVED
+ {DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16076
RESERVED
+ {DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16075
RESERVED
+ {DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16074
RESERVED
+ {DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16073
RESERVED
+ {DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16072
@@ -1522,30 +1543,37 @@ CVE-2018-16072
- chromium-browser <not-affected> (Android-specific)
CVE-2018-16071
RESERVED
+ {DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16070
RESERVED
+ {DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16069
RESERVED
+ {DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16068
RESERVED
+ {DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16067
RESERVED
+ {DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16066
RESERVED
+ {DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16065
RESERVED
+ {DSA-4289-1}
- chromium-browser 69.0.3497.81-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16064
@@ -1562,8 +1590,8 @@ CVE-2018-16061
RESERVED
CVE-2018-16060
RESERVED
-CVE-2018-16059
- RESERVED
+CVE-2018-16059 (Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow ...)
+ TODO: check
CVE-2018-16058 (In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the ...)
- wireshark 2.6.3-1 (low)
[stretch] - wireshark <no-dsa> (Minor issue)
@@ -1877,11 +1905,13 @@ CVE-2018-15919 (Remotely observable behaviour in auth-gss2.c in OpenSSH through
[jessie] - openssh <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2018/08/27/2
CVE-2018-15911 (In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply ...)
+ {DSA-4288-1}
- ghostscript 9.22~dfsg-3 (bug #907332)
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=8e9ce5016db968b40e4ec255a3005f2786cce45f
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699665
NOTE: https://www.kb.cert.org/vuls/id/332928
CVE-2018-15910 (In Artifex Ghostscript before 9.24, attackers able to supply crafted ...)
+ {DSA-4288-1}
- ghostscript 9.22~dfsg-3 (bug #907332)
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c3476dde7743761a4e1d39a631716199b696b880
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699656
@@ -1893,6 +1923,7 @@ CVE-2018-15909 (In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699660
NOTE: https://www.kb.cert.org/vuls/id/332928
CVE-2018-15908 (In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to ...)
+ {DSA-4288-1}
- ghostscript 9.22~dfsg-3 (bug #907332)
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0d3901189f245232f0161addf215d7268c4d05a3
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699657
@@ -1974,30 +2005,37 @@ CVE-2018-15878
CVE-2017-18345 (The Joomanager component through 2.0.0 for Joomla! has an arbitrary ...)
NOT-FOR-US: Joomla addon
CVE-2018-16543 (In Artifex Ghostscript before 9.24, gssetresolution and gsgetresolution ...)
+ {DSA-4288-1}
- ghostscript <unfixed>
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5b5536fa88a9e885032bc0df3852c3439399a5c0
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699670
CVE-2018-16542 (In Artifex Ghostscript before 9.24, attackers able to supply crafted ...)
+ {DSA-4288-1}
- ghostscript 9.22~dfsg-3 (bug #907332)
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b575e1ec42cc86f6a58c603f2a88fcc2af699cc8
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699668
CVE-2018-16541 (In Artifex Ghostscript before 9.24, attackers able to supply crafted ...)
+ {DSA-4288-1}
- ghostscript 9.22~dfsg-3 (bug #907332)
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=241d91112771a6104de10b3948c3f350d6690c1d
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699664
CVE-2018-16540 (In Artifex Ghostscript before 9.24, attackers able to supply crafted ...)
+ {DSA-4288-1}
- ghostscript 9.22~dfsg-3 (bug #907332)
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c432131c3fdb2143e148e8ba88555f7f7a63b25e
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699661
CVE-2018-16539 (In Artifex Ghostscript before 9.24, attackers able to supply crafted ...)
+ {DSA-4288-1}
- ghostscript 9.22~dfsg-3 (bug #907332)
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=a054156d425b4dbdaaa9fda4b5f1182b27598c2b
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699658
CVE-2018-16513 (In Artifex Ghostscript before 9.24, attackers able to supply crafted ...)
+ {DSA-4288-1}
- ghostscript 9.22~dfsg-3 (bug #907332)
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b326a71659b7837d3acde954b18bda1a6f5e9498
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699655
CVE-2018-16511 (An issue was discovered in Artifex Ghostscript before 9.24. A type ...)
+ {DSA-4288-1}
- ghostscript 9.22~dfsg-3 (bug #907332)
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0edd3d6c634a577db261615a9dc2719bca7f6e01
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699659
@@ -2014,6 +2052,7 @@ CVE-2018-16509 (An issue was discovered in Artifex Ghostscript before 9.24. Inco
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699654
NOTE: Partially fixed in 9.22~dfsg-3, see #907703
CVE-2018-16585 (An issue was discovered in Artifex Ghostscript before 9.24. The ...)
+ {DSA-4288-1}
- ghostscript <unfixed>
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=1497d65039885a52b598b137dd8622bd4672f9be
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=971472c83a345a16dac9f90f91258bb22dd77f22
@@ -2866,8 +2905,8 @@ CVE-2018-15554
RESERVED
CVE-2018-15553 (fileshare.cmd on Telus Actiontec T2200H T2200H-31.128L.03 devices ...)
NOT-FOR-US: Telus
-CVE-2018-15552
- RESERVED
+CVE-2018-15552 (The "PayWinner" function of a simplelottery smart contract ...)
+ TODO: check
CVE-2018-15551
RESERVED
CVE-2018-15550
@@ -3004,14 +3043,14 @@ CVE-2018-15488
RESERVED
CVE-2018-15487
RESERVED
-CVE-2018-15486
- RESERVED
-CVE-2018-15485
- RESERVED
-CVE-2018-15484
- RESERVED
-CVE-2018-15483
- RESERVED
+CVE-2018-15486 (An issue was discovered on KONE Group Controller (KGC) devices before ...)
+ TODO: check
+CVE-2018-15485 (An issue was discovered on KONE Group Controller (KGC) devices before ...)
+ TODO: check
+CVE-2018-15484 (An issue was discovered on KONE Group Controller (KGC) devices before ...)
+ TODO: check
+CVE-2018-15483 (An issue was discovered on KONE Group Controller (KGC) devices before ...)
+ TODO: check
CVE-2018-15482 (Certain LG devices based on Android 6.0 through 8.1 have incorrect ...)
NOT-FOR-US: LG devices specific issue
CVE-2018-15481 (Improper input sanitization within the restricted administration shell ...)
@@ -3028,8 +3067,8 @@ CVE-2018-15476 (An issue was discovered in myStrom WiFi Switch V1 before 2.66, W
NOT-FOR-US: myStrom
CVE-2018-15475
RESERVED
-CVE-2018-15474
- RESERVED
+CVE-2018-15474 (** DISPUTED ** CSV Injection (aka Excel Macro Injection or Formula ...)
+ TODO: check
CVE-2018-15472
RESERVED
CVE-2018-15467
@@ -5623,12 +5662,12 @@ CVE-2018-14400
REJECTED
CVE-2018-14399 (libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote ...)
NOT-FOR-US: PHPCMS
-CVE-2018-14398
- RESERVED
-CVE-2018-14397
- RESERVED
-CVE-2018-14396
- RESERVED
+CVE-2018-14398 (An issue was discovered in Creme CRM 1.6.12. The value of the cancel ...)
+ TODO: check
+CVE-2018-14397 (An issue was discovered in Creme CRM 1.6.12. The organization creation ...)
+ TODO: check
+CVE-2018-14396 (An issue was discovered in Creme CRM 1.6.12. The salesman creation ...)
+ TODO: check
CVE-2018-14395 (libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a ...)
{DSA-4258-1}
- ffmpeg 7:4.0.2-1
@@ -9120,8 +9159,8 @@ CVE-2018-12899
RESERVED
CVE-2018-12898
RESERVED
-CVE-2018-12897
- RESERVED
+CVE-2018-12897 (SolarWinds DameWare Mini Remote Control before 12.1 has a Buffer ...)
+ TODO: check
CVE-2018-12896 (An issue was discovered in the Linux kernel through 4.17.3. An Integer ...)
- linux <unfixed>
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200189
@@ -10670,18 +10709,21 @@ CVE-2018-12379
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12379
CVE-2018-12378
RESERVED
+ {DSA-4287-1}
- firefox 62.0-1
- firefox-esr 60.2.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2018-12378
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12378
CVE-2018-12377
RESERVED
+ {DSA-4287-1}
- firefox 62.0-1
- firefox-esr 60.2.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2018-12377
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12377
CVE-2018-12376
RESERVED
+ {DSA-4287-1}
- firefox 62.0-1
- firefox-esr 60.2.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2018-12376
@@ -18731,8 +18773,8 @@ CVE-2018-9285 (Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68
NOT-FOR-US: ASUS
CVE-2018-9284 (authentication.cgi on D-Link DIR-868L devices with Singapore StarHub ...)
NOT-FOR-US: D-Link
-CVE-2018-9283
- RESERVED
+CVE-2018-9283 (An XSS issue was discovered in CremeCRM 1.6.12. It is affected by 10 ...)
+ TODO: check
CVE-2018-9282
RESERVED
CVE-2018-9281
@@ -38919,8 +38961,8 @@ CVE-2017-17693 (Techno - Portfolio Management Panel through 2017-11-16 does not
NOT-FOR-US: Techno - Portfolio Management Panel
CVE-2017-17692 (Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass ...)
NOT-FOR-US: Samsung Internet Browser
-CVE-2017-17691
- RESERVED
+CVE-2017-17691 (Homeputer CL Studio fur HomeMatic 4.0 Rel 160808 and earlier uses ...)
+ TODO: check
CVE-2017-17690
RESERVED
CVE-2017-17689 (The S/MIME specification allows a Cipher Block Chaining (CBC) ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/eee846ed48682b38625d9009d651c65214a68e7b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/eee846ed48682b38625d9009d651c65214a68e7b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180908/18f011bd/attachment.html>
More information about the debian-security-tracker-commits
mailing list