[Git][security-tracker-team/security-tracker][master] automatic update

Thu Sep 13 21:10:30 BST 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0152ff51 by security tracker role at 2018-09-13T20:10:23Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,83 @@
+CVE-2018-17023 (Cross-site request forgery (CSRF) vulnerability on ASUS GT-AC5300 ...)
+	TODO: check
+CVE-2018-17022 (Stack-based buffer overflow on the ASUS GT-AC5300 router through ...)
+	TODO: check
+CVE-2018-17021 (Cross-site scripting (XSS) vulnerability on ASUS GT-AC5300 devices with ...)
+	TODO: check
+CVE-2018-17020 (ASUS GT-AC5300 devices with firmware through 3.0.0.4.384_32738 allow ...)
+	TODO: check
+CVE-2018-17019 (In Bro through 2.5.5, there is a DoS in IRC protocol names command ...)
+	TODO: check
+CVE-2018-17018 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N ...)
+	TODO: check
+CVE-2018-17017 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N ...)
+	TODO: check
+CVE-2018-17016 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N ...)
+	TODO: check
+CVE-2018-17015 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N ...)
+	TODO: check
+CVE-2018-17014 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N ...)
+	TODO: check
+CVE-2018-17013 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N ...)
+	TODO: check
+CVE-2018-17012 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N ...)
+	TODO: check
+CVE-2018-17011 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N ...)
+	TODO: check
+CVE-2018-17010 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N ...)
+	TODO: check
+CVE-2018-17009 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N ...)
+	TODO: check
+CVE-2018-17008 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N ...)
+	TODO: check
+CVE-2018-17007 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N ...)
+	TODO: check
+CVE-2018-17006 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N ...)
+	TODO: check
+CVE-2018-17005 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N ...)
+	TODO: check
+CVE-2018-17004 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N ...)
+	TODO: check
+CVE-2018-17003
+	RESERVED
+CVE-2018-17002
+	RESERVED
+CVE-2018-17001
+	RESERVED
+CVE-2018-17000 (A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c ...)
+	TODO: check
+CVE-2018-16999 (Netwide Assembler (NASM) 2.14rc15 has an invalid memory write ...)
+	TODO: check
+CVE-2018-16998
+	RESERVED
+CVE-2018-16997
+	RESERVED
+CVE-2018-16996
+	RESERVED
+CVE-2018-16995
+	RESERVED
+CVE-2018-16994
+	RESERVED
+CVE-2018-16993
+	RESERVED
+CVE-2018-16992
+	RESERVED
+CVE-2018-16991
+	RESERVED
+CVE-2018-16990
+	RESERVED
+CVE-2018-16989
+	RESERVED
+CVE-2018-16988
+	RESERVED
+CVE-2018-16987 (Squash TM through 1.18.0 presents the cleartext passwords of external ...)
+	TODO: check
+CVE-2018-16986
+	RESERVED
+CVE-2018-16985 (In Lizard (formerly LZ5) 2.0, use of an invalid memory address was ...)
+	TODO: check
+CVE-2018-16984
+	RESERVED
 CVE-2018-16983 (NoScript Classic before 5.1.8.7, as used in Tor Browser 7.x and other ...)
 	- mozilla-noscript <unfixed> (unimportant)
 	NOTE: This is not a security issue in NoScript by itself
@@ -408,8 +488,8 @@ CVE-2018-16798
 	RESERVED
 CVE-2018-16797 (A heap-based buffer overflow in PotPlayerMini.exe in PotPlayer 1.7.8556 ...)
 	NOT-FOR-US: PotPlayer
-CVE-2018-16796
-	RESERVED
+CVE-2018-16796 (HiScout GRC Suite before 3.1.5 allows Unrestricted Upload of Files ...)
+	TODO: check
 CVE-2018-16795
 	RESERVED
 CVE-2018-16794
@@ -417,6 +497,7 @@ CVE-2018-16794
 CVE-2018-16793
 	RESERVED
 CVE-2018-16802 (An issue was discovered in Artifex Ghostscript before 9.25. Incorrect ...)
+	{DLA-1504-1}
 	- ghostscript <unfixed>
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3e5d316b72e3965b7968bb1d96baa137cd063ac6
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=643b24dbd002fb9c131313253c307cf3951b3d47
@@ -521,34 +602,29 @@ CVE-2018-16747
 	RESERVED
 CVE-2018-16746
 	RESERVED
-CVE-2018-16745 [buffer overflow in faxrec]
-	RESERVED
+CVE-2018-16745 (An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() ...)
 	- mgetty <unfixed>
 	[stretch] - mgetty <no-dsa> (Minor issue)
 	[jessie] - mgetty <no-dsa> (Minor issue)
 	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/
 	NOTE: Upstream commit: 750939dfcaea9aa93dcea99526c49da7cafafe7f (1.2.1)
-CVE-2018-16744 [command injection in faxrec.c]
-	RESERVED
+CVE-2018-16744 (An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() ...)
 	- mgetty <unfixed>
 	[stretch] - mgetty <no-dsa> (Minor issue)
 	[jessie] - mgetty <no-dsa> (Minor issue)
 	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/
 	NOTE: Upstream commit: 750939dfcaea9aa93dcea99526c49da7cafafe7f (1.2.1)
-CVE-2018-16743 [stack-based buffer overflow with long username in contrib/next-login/login.c]
-	RESERVED
+CVE-2018-16743 (An issue was discovered in mgetty before 1.2.1. In ...)
 	- mgetty <unfixed> (unimportant)
 	NOTE: contrib/next-login/ not built in Debian packaging
 	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/
 	NOTE: Upstream commit: 5feff135626b8dde886213ce0c99cc4349028a7e (1.2.1)
-CVE-2018-16742 [stack-based buffer overflow with long arguments in contrib/scrts.c]
-	RESERVED
+CVE-2018-16742 (An issue was discovered in mgetty before 1.2.1. In contrib/scrts.c, a ...)
 	- mgetty <unfixed> (unimportant)
 	NOTE: contrib/scrts not built in Debian packaging
 	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/
 	NOTE: Upstream removed contrib/scrts in 7d018d471f4c737f77ef281f5859a3b1c9ded42f (1.2.1)
-CVE-2018-16741 [shell injection via faxq-helper]
-	RESERVED
+CVE-2018-16741 (An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, ...)
 	{DSA-4291-1 DLA-1502-1}
 	- mgetty <unfixed>
 	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/
@@ -2518,25 +2594,26 @@ CVE-2018-15919 (Remotely observable behaviour in auth-gss2.c in OpenSSH through
 	[jessie] - openssh <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2018/08/27/2
 CVE-2018-15911 (In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply ...)
-	{DSA-4288-1}
+	{DSA-4288-1 DLA-1504-1}
 	- ghostscript 9.22~dfsg-3 (bug #907332)
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=8e9ce5016db968b40e4ec255a3005f2786cce45f
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699665
 	NOTE: https://www.kb.cert.org/vuls/id/332928
 CVE-2018-15910 (In Artifex Ghostscript before 9.24, attackers able to supply crafted ...)
-	{DSA-4288-1}
+	{DSA-4288-1 DLA-1504-1}
 	- ghostscript 9.22~dfsg-3 (bug #907332)
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c3476dde7743761a4e1d39a631716199b696b880
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699656
 	NOTE: https://www.kb.cert.org/vuls/id/332928
 CVE-2018-15909 (In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using ...)
+	{DLA-1504-1}
 	- ghostscript 9.22~dfsg-3 (bug #907332)
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0b6cd1918e1ec4ffd087400a754a845180a4522b
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e01e77a36cbb2e0277bc3a63852244bec41be0f6
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699660
 	NOTE: https://www.kb.cert.org/vuls/id/332928
 CVE-2018-15908 (In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to ...)
-	{DSA-4288-1}
+	{DSA-4288-1 DLA-1504-1}
 	- ghostscript 9.22~dfsg-3 (bug #907332)
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0d3901189f245232f0161addf215d7268c4d05a3
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699657
@@ -2623,22 +2700,22 @@ CVE-2018-16543 (In Artifex Ghostscript before 9.24, gssetresolution and gsgetres
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5b5536fa88a9e885032bc0df3852c3439399a5c0
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699670
 CVE-2018-16542 (In Artifex Ghostscript before 9.24, attackers able to supply crafted ...)
-	{DSA-4288-1}
+	{DSA-4288-1 DLA-1504-1}
 	- ghostscript 9.22~dfsg-3 (bug #907332)
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b575e1ec42cc86f6a58c603f2a88fcc2af699cc8
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699668
 CVE-2018-16541 (In Artifex Ghostscript before 9.24, attackers able to supply crafted ...)
-	{DSA-4288-1}
+	{DSA-4288-1 DLA-1504-1}
 	- ghostscript 9.22~dfsg-3 (bug #907332)
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=241d91112771a6104de10b3948c3f350d6690c1d
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699664
 CVE-2018-16540 (In Artifex Ghostscript before 9.24, attackers able to supply crafted ...)
-	{DSA-4288-1}
+	{DSA-4288-1 DLA-1504-1}
 	- ghostscript 9.22~dfsg-3 (bug #907332)
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c432131c3fdb2143e148e8ba88555f7f7a63b25e
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699661
 CVE-2018-16539 (In Artifex Ghostscript before 9.24, attackers able to supply crafted ...)
-	{DSA-4288-1}
+	{DSA-4288-1 DLA-1504-1}
 	- ghostscript 9.22~dfsg-3 (bug #907332)
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=a054156d425b4dbdaaa9fda4b5f1182b27598c2b
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699658
@@ -2647,12 +2724,12 @@ CVE-2018-16539 (In Artifex Ghostscript before 9.24, attackers able to supply cra
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=150c8f69646b854a99f35f27edaae012eb2e900f
 	NOTE: Cf. https://bugs.debian.org/908300
 CVE-2018-16513 (In Artifex Ghostscript before 9.24, attackers able to supply crafted ...)
-	{DSA-4288-1}
+	{DSA-4288-1 DLA-1504-1}
 	- ghostscript 9.22~dfsg-3 (bug #907332)
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b326a71659b7837d3acde954b18bda1a6f5e9498
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699655
 CVE-2018-16511 (An issue was discovered in Artifex Ghostscript before 9.24. A type ...)
-	{DSA-4288-1}
+	{DSA-4288-1 DLA-1504-1}
 	- ghostscript 9.22~dfsg-3 (bug #907332)
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0edd3d6c634a577db261615a9dc2719bca7f6e01
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699659
@@ -2663,6 +2740,7 @@ CVE-2018-16510 (An issue was discovered in Artifex Ghostscript before 9.24. Inco
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ea735ba37dc0fd5f5622d031830b9a559dec1cc9
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699671
 CVE-2018-16509 (An issue was discovered in Artifex Ghostscript before 9.24. Incorrect ...)
+	{DLA-1504-1}
 	- ghostscript <unfixed> (bug #907332; bug #907703)
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=78911a01b67d590b4a91afac2e8417360b934156
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5516c614dc33662a2afdc377159f70218e67bde5
@@ -2671,7 +2749,7 @@ CVE-2018-16509 (An issue was discovered in Artifex Ghostscript before 9.24. Inco
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699654
 	NOTE: Partially fixed in 9.22~dfsg-3, see #907703
 CVE-2018-16585 (An issue was discovered in Artifex Ghostscript before 9.24. The ...)
-	{DSA-4288-1}
+	{DSA-4288-1 DLA-1504-1}
 	- ghostscript <unfixed> (bug #908305)
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=1497d65039885a52b598b137dd8622bd4672f9be
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=971472c83a345a16dac9f90f91258bb22dd77f22
@@ -4015,8 +4093,8 @@ CVE-2018-15312
 	RESERVED
 CVE-2018-15311
 	RESERVED
-CVE-2018-15310
-	RESERVED
+CVE-2018-15310 (A vulnerability in BIG-IP APM portal access 11.5.1-11.5.7, ...)
+	TODO: check
 CVE-2018-XXXX [libykneomgr memory corruption]
 	- libykneomgr <unfixed> (low; bug #906138)
 	[stretch] - libykneomgr <no-dsa> (Minor issue)
@@ -13273,6 +13351,7 @@ CVE-2018-11646 (webkitFaviconDatabaseSetIconForPageURL and ...)
 	NOTE: Not covered by security support
 	NOTE: https://webkitgtk.org/security/WSA-2018-0005.html
 CVE-2018-11645 (psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status ...)
+	{DLA-1504-1}
 	- ghostscript 9.21~dfsg-1 (low)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697193
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b60d50b7567369ad856cebe1efb6cd7dd2284219 (9.21rc1)
@@ -30732,16 +30811,16 @@ CVE-2015-9247 (An issue was discovered in Skybox Platform before 7.5.401. Reflec
 	NOT-FOR-US: Skybox Platform
 CVE-2015-9246 (An issue was discovered in Skybox Platform before 7.5.201. Remote ...)
 	NOT-FOR-US: Skybox Platform
-CVE-2018-5549
-	RESERVED
-CVE-2018-5548
-	RESERVED
+CVE-2018-5549 (On BIG-IP APM 11.6.0-11.6.3.1, 12.1.0-12.1.3.3, 13.0.0, and ...)
+	TODO: check
+CVE-2018-5548 (On BIG-IP APM 11.6.0-11.6.3, an insecure AES ECB mode is used for ...)
+	TODO: check
 CVE-2018-5547 (Windows Logon Integration feature of F5 BIG-IP APM client prior to ...)
 	NOT-FOR-US: F5 BIG-IP
 CVE-2018-5546 (The svpn and policyserver components of the F5 BIG-IP APM client prior ...)
 	NOT-FOR-US: F5 BIG-IP
-CVE-2018-5545
-	RESERVED
+CVE-2018-5545 (On F5 WebSafe Alert Server 1.0.0-4.2.6, a malicious, authenticated ...)
+	TODO: check
 CVE-2018-5544 (When the F5 BIG-IP APM 13.0.0-13.1.1 or 12.1.0-12.1.3 renders certain ...)
 	NOT-FOR-US: F5 BIG-IP
 CVE-2018-5543 (The F5 BIG-IP Controller for Kubernetes 1.0.0-1.5.0 (k8s-bigip-crtl) ...)
@@ -40959,8 +41038,8 @@ CVE-2018-1700
 	RESERVED
 CVE-2018-1699 (IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL ...)
 	NOT-FOR-US: IBM
-CVE-2018-1698
-	RESERVED
+CVE-2018-1698 (IBM Maximo Asset Management 7.6 through 7.6.3 could allow an ...)
+	TODO: check
 CVE-2018-1697
 	RESERVED
 CVE-2018-1696
@@ -42369,8 +42448,8 @@ CVE-2018-1332 (Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and ve
 	NOT-FOR-US: Apache Storm
 CVE-2018-1331 (In Apache Storm 0.10.0 through 0.10.2, 1.0.0 through 1.0.6, 1.1.0 ...)
 	NOT-FOR-US: Apache Storm
-CVE-2018-1330
-	RESERVED
+CVE-2018-1330 (When parsing a malformed JSON payload, libprocess in Apache Mesos ...)
+	TODO: check
 CVE-2018-1329
 	REJECTED
 CVE-2018-1328



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0152ff51e58ee2deb4dcd6f2955c81fa1ddeba97

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0152ff51e58ee2deb4dcd6f2955c81fa1ddeba97
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180913/c6fbd1d5/attachment-0001.html>
