[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon Sep 17 09:10:22 BST 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
85008a49 by security tracker role at 2018-09-17T08:10:14Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,19 +1,109 @@
-CVE-2018-XXXX [gs 699708: 'Hide' non-replaceable error handlers for SAFER]
-	- ghostscript 9.25~dfsg-1
-	[stretch] - ghostscript 9.20~dfsg-3.2+deb9u5
-	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=fb713b3818b52d8a6cf62c951eba2e1795ff9624
-CVE-2018-17095
+CVE-2018-17140 (The Quizlord plugin through 2.0 for WordPress is prone to Stored XSS ...)
+	TODO: check
+CVE-2018-17139 (UltimatePOS 2.5 allows users to upload arbitrary files, which leads to ...)
+	TODO: check
+CVE-2018-17138 (The Jibu Pro plugin through 1.7 for WordPress is prone to Stored XSS ...)
+	TODO: check
+CVE-2018-17137 (Prezi Next 1.3.101.11 has a documented purpose of creating HTML5 ...)
+	TODO: check
+CVE-2018-17136 (zzcms 8.3 contains a SQL Injection vulnerability in /user/check.php via ...)
+	TODO: check
+CVE-2018-17135
 	RESERVED
-CVE-2018-17094
+CVE-2018-17134 (admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute ...)
+	TODO: check
+CVE-2018-17133 (admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute ...)
+	TODO: check
+CVE-2018-17132 (admin/goods_update.php in PHPMyWind 5.5 allows Admin users to execute ...)
+	TODO: check
+CVE-2018-17131 (admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute ...)
+	TODO: check
+CVE-2018-17130 (PHPMyWind 5.5 has XSS in member.php via an HTTP Referer header, ...)
+	TODO: check
+CVE-2018-17129 (MetInfo 6.1.0 has XSS in doexport() in ...)
+	TODO: check
+CVE-2018-17128 (A Persistent XSS issue was discovered in the Visual Editor in MyBB ...)
+	TODO: check
+CVE-2018-17127 (blocking_request.cgi on ASUS GT-AC5300 devices through ...)
+	TODO: check
+CVE-2018-17126 (CScms 4.1 allows remote code execution, as demonstrated by ...)
+	TODO: check
+CVE-2018-17125 (CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring ...)
+	TODO: check
+CVE-2018-17124
+	RESERVED
+CVE-2018-17123
+	RESERVED
+CVE-2018-17122
+	RESERVED
+CVE-2018-17121
 	RESERVED
-CVE-2018-17093
+CVE-2018-17120
 	RESERVED
-CVE-2018-17092
+CVE-2018-17119
 	RESERVED
-CVE-2018-17091
+CVE-2018-17118
 	RESERVED
-CVE-2018-17090
+CVE-2018-17117
 	RESERVED
+CVE-2018-17116
+	RESERVED
+CVE-2018-17115
+	RESERVED
+CVE-2018-17114
+	RESERVED
+CVE-2018-17113 (App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.swf ...)
+	TODO: check
+CVE-2018-17112
+	RESERVED
+CVE-2018-17111
+	RESERVED
+CVE-2018-17110 (Simple POS 4.0.24 allows SQL Injection via a products/get_products/ ...)
+	TODO: check
+CVE-2018-17109
+	RESERVED
+CVE-2018-17108 (The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 for Android ...)
+	TODO: check
+CVE-2018-17107
+	RESERVED
+CVE-2018-17106 (In Tinyftp Tinyftpd 1.1, a buffer overflow exists in the text variable ...)
+	TODO: check
+CVE-2018-17105
+	RESERVED
+CVE-2018-17104 (An issue was discovered in Microweber 1.0.7. There is a CSRF attack ...)
+	TODO: check
+CVE-2018-17103 (** DISPUTED ** An issue was discovered in GetSimple CMS v3.3.13. There ...)
+	TODO: check
+CVE-2018-17102 (An issue was discovered in QuickAppsCMS (aka QACMS) through ...)
+	TODO: check
+CVE-2018-17101 (An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds ...)
+	TODO: check
+CVE-2018-17100 (An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in ...)
+	TODO: check
+CVE-2018-17099
+	RESERVED
+CVE-2018-17098 (The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 ...)
+	TODO: check
+CVE-2018-17097 (The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 ...)
+	TODO: check
+CVE-2018-17096 (The BPMDetect class in BPMDetect.cpp in libSoundTouch.a in Olli ...)
+	TODO: check
+CVE-2018-XXXX [gs 699708: 'Hide' non-replaceable error handlers for SAFER]
+	- ghostscript 9.25~dfsg-1
+	[stretch] - ghostscript 9.20~dfsg-3.2+deb9u5
+	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=fb713b3818b52d8a6cf62c951eba2e1795ff9624
+CVE-2018-17095 (An issue has been discovered in mpruett Audio File Library (aka ...)
+	TODO: check
+CVE-2018-17094 (An issue has been discovered in mackyle xar 1.6.1. There is a NULL ...)
+	TODO: check
+CVE-2018-17093 (An issue has been discovered in mackyle xar 1.6.1. There is a NULL ...)
+	TODO: check
+CVE-2018-17092 (An issue was discovered in DonLinkage 6.6.8. SQL injection in ...)
+	TODO: check
+CVE-2018-17091 (An issue was discovered in DonLinkage 6.6.8. It allows remote attackers ...)
+	TODO: check
+CVE-2018-17090 (An issue was discovered in DonLinkage 6.6.8. The modules ...)
+	TODO: check
 CVE-2018-17089
 	RESERVED
 CVE-2018-17087
@@ -664,7 +754,7 @@ CVE-2018-16794
 CVE-2018-16793
 	RESERVED
 CVE-2018-16802 (An issue was discovered in Artifex Ghostscript before 9.25. Incorrect ...)
-	{DLA-1504-1}
+	{DSA-4294-1 DLA-1504-1}
 	[experimental] - ghostscript 9.25~dfsg-1~exp1
 	- ghostscript 9.25~dfsg-1
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3e5d316b72e3965b7968bb1d96baa137cd063ac6
@@ -1851,7 +1941,7 @@ CVE-2018-16311
 CVE-2018-16310 (Technicolor TG588V V2 devices allow remote attackers to cause a denial ...)
 	NOT-FOR-US: Technicolor
 CVE-2018-16309
-	RESERVED
+	REJECTED
 CVE-2018-16308 (The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV ...)
 	NOT-FOR-US: Ninja Forms plugin for WordPress
 CVE-2018-16307 (An "Out-of-band resource load" issue was discovered on Xiaomi MIWiFi ...)
@@ -2915,7 +3005,7 @@ CVE-2018-16510 (An issue was discovered in Artifex Ghostscript before 9.24. Inco
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ea735ba37dc0fd5f5622d031830b9a559dec1cc9
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699671
 CVE-2018-16509 (An issue was discovered in Artifex Ghostscript before 9.24. Incorrect ...)
-	{DLA-1504-1}
+	{DSA-4294-1 DLA-1504-1}
 	[experimental] - ghostscript 9.25~dfsg-1~exp1
 	- ghostscript 9.25~dfsg-1 (bug #907332; bug #907703)
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=78911a01b67d590b4a91afac2e8417360b934156
@@ -11646,6 +11736,7 @@ CVE-2018-12372
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12372
 CVE-2018-12371
 	RESERVED
+	{DSA-4295-1}
 	- firefox 61.0-1
 	- thunderbird 1:60.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12371
@@ -11668,6 +11759,7 @@ CVE-2018-12368
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12368
 CVE-2018-12367
 	RESERVED
+	{DSA-4295-1}
 	- firefox 61.0-1
 	- thunderbird 1:60.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12367
@@ -11719,6 +11811,7 @@ CVE-2018-12362
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12362
 CVE-2018-12361
 	RESERVED
+	{DSA-4295-1}
 	- firefox 61.0-1
 	- thunderbird 1:60.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12361
@@ -32010,6 +32103,7 @@ CVE-2018-5188
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-5188
 CVE-2018-5187
 	RESERVED
+	{DSA-4295-1}
 	- firefox 61.0-1
 	- thunderbird 1:60.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-5187
@@ -32136,7 +32230,7 @@ CVE-2018-5157 (Same-origin protections for the PDF viewer can be bypassed, allow
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5157
 CVE-2018-5156
 	RESERVED
-	{DSA-4235-1 DLA-1406-1}
+	{DSA-4295-1 DSA-4235-1 DLA-1406-1}
 	- firefox-esr 52.9.0esr-1
 	- firefox 61.0-1
 	- thunderbird 1:60.0-1
@@ -35987,7 +36081,7 @@ CVE-2018-3642
 CVE-2018-3641 (Escalation of privilege in all versions of the Intel Remote Keyboard ...)
 	NOT-FOR-US: Intel
 CVE-2018-3640 (Systems with microprocessors utilizing speculative execution and that ...)
-	{DSA-4273-1 DLA-1446-1}
+	{DSA-4273-2 DSA-4273-1 DLA-1446-1}
 	- intel-microcode 3.20180703.1
 	NOTE: https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
 	NOTE: No software mitigations planned to be implemented in src:linux
@@ -35995,7 +36089,7 @@ CVE-2018-3640 (Systems with microprocessors utilizing speculative execution and
 	NOTE: The 3.20180703.1 release for intel-microcode was the first batch of updates which targeted
 	NOTE: most server type CPUs, additional models were supported in the 3.20180807a.1 release
 CVE-2018-3639 (Systems with microprocessors utilizing speculative execution and ...)
-	{DSA-4273-1 DSA-4210-1 DLA-1446-1 DLA-1423-1}
+	{DSA-4273-2 DSA-4273-1 DSA-4210-1 DLA-1446-1 DLA-1423-1}
 	- intel-microcode 3.20180703.1
 	- linux 4.16.12-1
 	[stretch] - linux 4.9.107-1
@@ -45832,10 +45926,12 @@ CVE-2018-0499 (A cross-site scripting vulnerability in ...)
 	[jessie] - xapian-core <not-affected> (vulnerable code not present)
 	NOTE: https://lists.xapian.org/pipermail/xapian-discuss/2018-July/009652.html
 CVE-2018-0498 (ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows ...)
+	{DSA-4296-1}
 	- mbedtls 2.12.0-1 (bug #904821)
 	- polarssl <removed>
 	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02
 CVE-2018-0497 (ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows ...)
+	{DSA-4296-1}
 	- mbedtls 2.12.0-1 (bug #904821)
 	- polarssl <removed>
 	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/85008a49ff6c87b842a84cbfec6b906c1155e576

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/85008a49ff6c87b842a84cbfec6b906c1155e576
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180917/d15c36b3/attachment.html>


More information about the debian-security-tracker-commits mailing list