[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat Sep 8 09:10:23 BST 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
eee846ed by security tracker role at 2018-09-08T08:10:14Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2018-16714
+	RESERVED
+CVE-2018-16713
+	RESERVED
+CVE-2018-16712
+	RESERVED
+CVE-2018-16711
+	RESERVED
 CVE-2018-16710 (** DISPUTED ** OctoPrint through 1.3.9 allows remote attackers to ...)
 	- octoprint <itp> (bug #718591)
 	NOTE: https://github.com/foosel/OctoPrint/issues/2814
@@ -581,8 +589,8 @@ CVE-2018-16456
 	RESERVED
 CVE-2018-16455
 	RESERVED
-CVE-2018-16454
-	RESERVED
+CVE-2018-16454 (PHP Scripts Mall Olx Clone 3.4.2 has XSS. ...)
+	TODO: check
 CVE-2018-16453
 	RESERVED
 CVE-2018-16452
@@ -855,8 +863,8 @@ CVE-2018-16365 (An issue discovered in idreamsoft iCMS V7.0.10. ...)
 	NOT-FOR-US: idreamsoft iCMS
 CVE-2018-16364
 	RESERVED
-CVE-2018-16363
-	RESERVED
+CVE-2018-16363 (The mndpsingh287 File Manager plugin V2.9 for WordPress has XSS via ...)
+	TODO: check
 CVE-2018-16362 (An issue was discovered in the Source Integration plugin before 1.5.9 ...)
 	NOT-FOR-US: Mantis plugin
 CVE-2018-16361 (An issue was discovered in BTITeam XBTIT 2.5.4. news.php allows XSS ...)
@@ -1467,54 +1475,67 @@ CVE-2018-16086
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 CVE-2018-16085
 	RESERVED
+	{DSA-4289-1}
 	- chromium-browser 69.0.3497.81-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 CVE-2018-16084
 	RESERVED
+	{DSA-4289-1}
 	- chromium-browser 69.0.3497.81-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 CVE-2018-16083
 	RESERVED
+	{DSA-4289-1}
 	- chromium-browser 69.0.3497.81-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 CVE-2018-16082
 	RESERVED
+	{DSA-4289-1}
 	- chromium-browser 69.0.3497.81-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 CVE-2018-16081
 	RESERVED
+	{DSA-4289-1}
 	- chromium-browser 69.0.3497.81-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 CVE-2018-16080
 	RESERVED
+	{DSA-4289-1}
 	- chromium-browser 69.0.3497.81-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 CVE-2018-16079
 	RESERVED
+	{DSA-4289-1}
 	- chromium-browser 69.0.3497.81-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 CVE-2018-16078
 	RESERVED
+	{DSA-4289-1}
 	- chromium-browser 69.0.3497.81-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 CVE-2018-16077
 	RESERVED
+	{DSA-4289-1}
 	- chromium-browser 69.0.3497.81-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 CVE-2018-16076
 	RESERVED
+	{DSA-4289-1}
 	- chromium-browser 69.0.3497.81-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 CVE-2018-16075
 	RESERVED
+	{DSA-4289-1}
 	- chromium-browser 69.0.3497.81-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 CVE-2018-16074
 	RESERVED
+	{DSA-4289-1}
 	- chromium-browser 69.0.3497.81-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 CVE-2018-16073
 	RESERVED
+	{DSA-4289-1}
 	- chromium-browser 69.0.3497.81-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 CVE-2018-16072
@@ -1522,30 +1543,37 @@ CVE-2018-16072
 	- chromium-browser <not-affected> (Android-specific)
 CVE-2018-16071
 	RESERVED
+	{DSA-4289-1}
 	- chromium-browser 69.0.3497.81-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 CVE-2018-16070
 	RESERVED
+	{DSA-4289-1}
 	- chromium-browser 69.0.3497.81-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 CVE-2018-16069
 	RESERVED
+	{DSA-4289-1}
 	- chromium-browser 69.0.3497.81-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 CVE-2018-16068
 	RESERVED
+	{DSA-4289-1}
 	- chromium-browser 69.0.3497.81-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 CVE-2018-16067
 	RESERVED
+	{DSA-4289-1}
 	- chromium-browser 69.0.3497.81-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 CVE-2018-16066
 	RESERVED
+	{DSA-4289-1}
 	- chromium-browser 69.0.3497.81-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 CVE-2018-16065
 	RESERVED
+	{DSA-4289-1}
 	- chromium-browser 69.0.3497.81-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 CVE-2018-16064
@@ -1562,8 +1590,8 @@ CVE-2018-16061
 	RESERVED
 CVE-2018-16060
 	RESERVED
-CVE-2018-16059
-	RESERVED
+CVE-2018-16059 (Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow ...)
+	TODO: check
 CVE-2018-16058 (In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the ...)
 	- wireshark 2.6.3-1 (low)
 	[stretch] - wireshark <no-dsa> (Minor issue)
@@ -1877,11 +1905,13 @@ CVE-2018-15919 (Remotely observable behaviour in auth-gss2.c in OpenSSH through
 	[jessie] - openssh <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2018/08/27/2
 CVE-2018-15911 (In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply ...)
+	{DSA-4288-1}
 	- ghostscript 9.22~dfsg-3 (bug #907332)
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=8e9ce5016db968b40e4ec255a3005f2786cce45f
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699665
 	NOTE: https://www.kb.cert.org/vuls/id/332928
 CVE-2018-15910 (In Artifex Ghostscript before 9.24, attackers able to supply crafted ...)
+	{DSA-4288-1}
 	- ghostscript 9.22~dfsg-3 (bug #907332)
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c3476dde7743761a4e1d39a631716199b696b880
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699656
@@ -1893,6 +1923,7 @@ CVE-2018-15909 (In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699660
 	NOTE: https://www.kb.cert.org/vuls/id/332928
 CVE-2018-15908 (In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to ...)
+	{DSA-4288-1}
 	- ghostscript 9.22~dfsg-3 (bug #907332)
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0d3901189f245232f0161addf215d7268c4d05a3
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699657
@@ -1974,30 +2005,37 @@ CVE-2018-15878
 CVE-2017-18345 (The Joomanager component through 2.0.0 for Joomla! has an arbitrary ...)
 	NOT-FOR-US: Joomla addon
 CVE-2018-16543 (In Artifex Ghostscript before 9.24, gssetresolution and gsgetresolution ...)
+	{DSA-4288-1}
 	- ghostscript <unfixed>
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5b5536fa88a9e885032bc0df3852c3439399a5c0
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699670
 CVE-2018-16542 (In Artifex Ghostscript before 9.24, attackers able to supply crafted ...)
+	{DSA-4288-1}
 	- ghostscript 9.22~dfsg-3 (bug #907332)
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b575e1ec42cc86f6a58c603f2a88fcc2af699cc8
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699668
 CVE-2018-16541 (In Artifex Ghostscript before 9.24, attackers able to supply crafted ...)
+	{DSA-4288-1}
 	- ghostscript 9.22~dfsg-3 (bug #907332)
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=241d91112771a6104de10b3948c3f350d6690c1d
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699664
 CVE-2018-16540 (In Artifex Ghostscript before 9.24, attackers able to supply crafted ...)
+	{DSA-4288-1}
 	- ghostscript 9.22~dfsg-3 (bug #907332)
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c432131c3fdb2143e148e8ba88555f7f7a63b25e
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699661
 CVE-2018-16539 (In Artifex Ghostscript before 9.24, attackers able to supply crafted ...)
+	{DSA-4288-1}
 	- ghostscript 9.22~dfsg-3 (bug #907332)
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=a054156d425b4dbdaaa9fda4b5f1182b27598c2b
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699658
 CVE-2018-16513 (In Artifex Ghostscript before 9.24, attackers able to supply crafted ...)
+	{DSA-4288-1}
 	- ghostscript 9.22~dfsg-3 (bug #907332)
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b326a71659b7837d3acde954b18bda1a6f5e9498
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699655
 CVE-2018-16511 (An issue was discovered in Artifex Ghostscript before 9.24. A type ...)
+	{DSA-4288-1}
 	- ghostscript 9.22~dfsg-3 (bug #907332)
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0edd3d6c634a577db261615a9dc2719bca7f6e01
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699659
@@ -2014,6 +2052,7 @@ CVE-2018-16509 (An issue was discovered in Artifex Ghostscript before 9.24. Inco
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699654
 	NOTE: Partially fixed in 9.22~dfsg-3, see #907703
 CVE-2018-16585 (An issue was discovered in Artifex Ghostscript before 9.24. The ...)
+	{DSA-4288-1}
 	- ghostscript <unfixed>
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=1497d65039885a52b598b137dd8622bd4672f9be
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=971472c83a345a16dac9f90f91258bb22dd77f22
@@ -2866,8 +2905,8 @@ CVE-2018-15554
 	RESERVED
 CVE-2018-15553 (fileshare.cmd on Telus Actiontec T2200H T2200H-31.128L.03 devices ...)
 	NOT-FOR-US: Telus
-CVE-2018-15552
-	RESERVED
+CVE-2018-15552 (The "PayWinner" function of a simplelottery smart contract ...)
+	TODO: check
 CVE-2018-15551
 	RESERVED
 CVE-2018-15550
@@ -3004,14 +3043,14 @@ CVE-2018-15488
 	RESERVED
 CVE-2018-15487
 	RESERVED
-CVE-2018-15486
-	RESERVED
-CVE-2018-15485
-	RESERVED
-CVE-2018-15484
-	RESERVED
-CVE-2018-15483
-	RESERVED
+CVE-2018-15486 (An issue was discovered on KONE Group Controller (KGC) devices before ...)
+	TODO: check
+CVE-2018-15485 (An issue was discovered on KONE Group Controller (KGC) devices before ...)
+	TODO: check
+CVE-2018-15484 (An issue was discovered on KONE Group Controller (KGC) devices before ...)
+	TODO: check
+CVE-2018-15483 (An issue was discovered on KONE Group Controller (KGC) devices before ...)
+	TODO: check
 CVE-2018-15482 (Certain LG devices based on Android 6.0 through 8.1 have incorrect ...)
 	NOT-FOR-US: LG devices specific issue
 CVE-2018-15481 (Improper input sanitization within the restricted administration shell ...)
@@ -3028,8 +3067,8 @@ CVE-2018-15476 (An issue was discovered in myStrom WiFi Switch V1 before 2.66, W
 	NOT-FOR-US: myStrom
 CVE-2018-15475
 	RESERVED
-CVE-2018-15474
-	RESERVED
+CVE-2018-15474 (** DISPUTED ** CSV Injection (aka Excel Macro Injection or Formula ...)
+	TODO: check
 CVE-2018-15472
 	RESERVED
 CVE-2018-15467
@@ -5623,12 +5662,12 @@ CVE-2018-14400
 	REJECTED
 CVE-2018-14399 (libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote ...)
 	NOT-FOR-US: PHPCMS
-CVE-2018-14398
-	RESERVED
-CVE-2018-14397
-	RESERVED
-CVE-2018-14396
-	RESERVED
+CVE-2018-14398 (An issue was discovered in Creme CRM 1.6.12. The value of the cancel ...)
+	TODO: check
+CVE-2018-14397 (An issue was discovered in Creme CRM 1.6.12. The organization creation ...)
+	TODO: check
+CVE-2018-14396 (An issue was discovered in Creme CRM 1.6.12. The salesman creation ...)
+	TODO: check
 CVE-2018-14395 (libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a ...)
 	{DSA-4258-1}
 	- ffmpeg 7:4.0.2-1
@@ -9120,8 +9159,8 @@ CVE-2018-12899
 	RESERVED
 CVE-2018-12898
 	RESERVED
-CVE-2018-12897
-	RESERVED
+CVE-2018-12897 (SolarWinds DameWare Mini Remote Control before 12.1 has a Buffer ...)
+	TODO: check
 CVE-2018-12896 (An issue was discovered in the Linux kernel through 4.17.3. An Integer ...)
 	- linux <unfixed>
 	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200189
@@ -10670,18 +10709,21 @@ CVE-2018-12379
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12379
 CVE-2018-12378
 	RESERVED
+	{DSA-4287-1}
 	- firefox 62.0-1
 	- firefox-esr 60.2.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2018-12378
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12378
 CVE-2018-12377
 	RESERVED
+	{DSA-4287-1}
 	- firefox 62.0-1
 	- firefox-esr 60.2.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2018-12377
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12377
 CVE-2018-12376
 	RESERVED
+	{DSA-4287-1}
 	- firefox 62.0-1
 	- firefox-esr 60.2.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2018-12376
@@ -18731,8 +18773,8 @@ CVE-2018-9285 (Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68
 	NOT-FOR-US: ASUS
 CVE-2018-9284 (authentication.cgi on D-Link DIR-868L devices with Singapore StarHub ...)
 	NOT-FOR-US: D-Link
-CVE-2018-9283
-	RESERVED
+CVE-2018-9283 (An XSS issue was discovered in CremeCRM 1.6.12. It is affected by 10 ...)
+	TODO: check
 CVE-2018-9282
 	RESERVED
 CVE-2018-9281
@@ -38919,8 +38961,8 @@ CVE-2017-17693 (Techno - Portfolio Management Panel through 2017-11-16 does not
 	NOT-FOR-US: Techno - Portfolio Management Panel
 CVE-2017-17692 (Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass ...)
 	NOT-FOR-US: Samsung Internet Browser
-CVE-2017-17691
-	RESERVED
+CVE-2017-17691 (Homeputer CL Studio fur HomeMatic 4.0 Rel 160808 and earlier uses ...)
+	TODO: check
 CVE-2017-17690
 	RESERVED
 CVE-2017-17689 (The S/MIME specification allows a Cipher Block Chaining (CBC) ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/eee846ed48682b38625d9009d651c65214a68e7b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/eee846ed48682b38625d9009d651c65214a68e7b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180908/18f011bd/attachment.html>


More information about the debian-security-tracker-commits mailing list