[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Sep 25 21:10:38 BST 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fa1b45aa by security tracker role at 2018-09-25T20:10:30Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,453 @@
+CVE-2018-17531
+	RESERVED
+CVE-2018-17530
+	RESERVED
+CVE-2018-17529
+	RESERVED
+CVE-2018-17528
+	RESERVED
+CVE-2018-17527
+	RESERVED
+CVE-2018-17526
+	RESERVED
+CVE-2018-17525
+	RESERVED
+CVE-2018-17524
+	RESERVED
+CVE-2018-17523
+	RESERVED
+CVE-2018-17522
+	RESERVED
+CVE-2018-17521
+	RESERVED
+CVE-2018-17520
+	RESERVED
+CVE-2018-17519
+	RESERVED
+CVE-2018-17518
+	RESERVED
+CVE-2018-17517
+	RESERVED
+CVE-2018-17516
+	RESERVED
+CVE-2018-17515
+	RESERVED
+CVE-2018-17514
+	RESERVED
+CVE-2018-17513
+	RESERVED
+CVE-2018-17512
+	RESERVED
+CVE-2018-17511
+	RESERVED
+CVE-2018-17510
+	RESERVED
+CVE-2018-17509
+	RESERVED
+CVE-2018-17508
+	RESERVED
+CVE-2018-17507
+	RESERVED
+CVE-2018-17506
+	RESERVED
+CVE-2018-17505
+	RESERVED
+CVE-2018-17504
+	RESERVED
+CVE-2018-17503
+	RESERVED
+CVE-2018-17502
+	RESERVED
+CVE-2018-17501
+	RESERVED
+CVE-2018-17500
+	RESERVED
+CVE-2018-17499
+	RESERVED
+CVE-2018-17498
+	RESERVED
+CVE-2018-17497
+	RESERVED
+CVE-2018-17496
+	RESERVED
+CVE-2018-17495
+	RESERVED
+CVE-2018-17494
+	RESERVED
+CVE-2018-17493
+	RESERVED
+CVE-2018-17492
+	RESERVED
+CVE-2018-17491
+	RESERVED
+CVE-2018-17490
+	RESERVED
+CVE-2018-17489
+	RESERVED
+CVE-2018-17488
+	RESERVED
+CVE-2018-17487
+	RESERVED
+CVE-2018-17486
+	RESERVED
+CVE-2018-17485
+	RESERVED
+CVE-2018-17484
+	RESERVED
+CVE-2018-17483
+	RESERVED
+CVE-2018-17482
+	RESERVED
+CVE-2018-17481
+	RESERVED
+CVE-2018-17480
+	RESERVED
+CVE-2018-17479
+	RESERVED
+CVE-2018-17478
+	RESERVED
+CVE-2018-17477
+	RESERVED
+CVE-2018-17476
+	RESERVED
+CVE-2018-17475
+	RESERVED
+CVE-2018-17474
+	RESERVED
+CVE-2018-17473
+	RESERVED
+CVE-2018-17472
+	RESERVED
+CVE-2018-17471
+	RESERVED
+CVE-2018-17470
+	RESERVED
+CVE-2018-17469
+	RESERVED
+CVE-2018-17468
+	RESERVED
+CVE-2018-17467
+	RESERVED
+CVE-2018-17466
+	RESERVED
+CVE-2018-17465
+	RESERVED
+CVE-2018-17464
+	RESERVED
+CVE-2018-17463
+	RESERVED
+CVE-2018-17462
+	RESERVED
+CVE-2018-17461
+	RESERVED
+CVE-2018-17460
+	RESERVED
+CVE-2018-17457
+	RESERVED
+CVE-2018-17456
+	RESERVED
+CVE-2018-17455
+	RESERVED
+CVE-2018-17454
+	RESERVED
+CVE-2018-17453
+	RESERVED
+CVE-2018-17452
+	RESERVED
+CVE-2018-17451
+	RESERVED
+CVE-2018-17450
+	RESERVED
+CVE-2018-17449
+	RESERVED
+CVE-2018-17448
+	RESERVED
+CVE-2018-17447
+	RESERVED
+CVE-2018-17446
+	RESERVED
+CVE-2018-17445
+	RESERVED
+CVE-2018-17444
+	RESERVED
+CVE-2018-17443
+	RESERVED
+CVE-2018-17442
+	RESERVED
+CVE-2018-17441
+	RESERVED
+CVE-2018-17440
+	RESERVED
+CVE-2018-17439 (An issue was discovered in the HDF HDF5 1.10.3 library. There is a ...)
+	TODO: check
+CVE-2018-17438 (A SIGFPE signal is raised in the function H5D__select_io() of ...)
+	TODO: check
+CVE-2018-17437 (Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in ...)
+	TODO: check
+CVE-2018-17436 (ReadCode() in decompress.c in the HDF HDF5 through 1.10.3 library ...)
+	TODO: check
+CVE-2018-17435 (A heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c in the ...)
+	TODO: check
+CVE-2018-17434 (A SIGFPE signal is raised in the function apply_filters() of ...)
+	TODO: check
+CVE-2018-17433 (A heap-based buffer overflow in ReadGifImageDesc() in gifread.c in the ...)
+	TODO: check
+CVE-2018-17432 (A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in ...)
+	TODO: check
+CVE-2018-17431
+	RESERVED
+CVE-2018-17430
+	RESERVED
+CVE-2018-17429
+	RESERVED
+CVE-2018-17428
+	RESERVED
+CVE-2018-17427
+	RESERVED
+CVE-2018-17426
+	RESERVED
+CVE-2018-17425
+	RESERVED
+CVE-2018-17424
+	RESERVED
+CVE-2018-17423
+	RESERVED
+CVE-2018-17422
+	RESERVED
+CVE-2018-17421
+	RESERVED
+CVE-2018-17420
+	RESERVED
+CVE-2018-17419
+	RESERVED
+CVE-2018-17418
+	RESERVED
+CVE-2018-17417
+	RESERVED
+CVE-2018-17416
+	RESERVED
+CVE-2018-17415
+	RESERVED
+CVE-2018-17414
+	RESERVED
+CVE-2018-17413
+	RESERVED
+CVE-2018-17412
+	RESERVED
+CVE-2018-17411
+	RESERVED
+CVE-2018-17410
+	RESERVED
+CVE-2018-17409
+	RESERVED
+CVE-2018-17408
+	RESERVED
+CVE-2018-17406
+	RESERVED
+CVE-2018-17405
+	RESERVED
+CVE-2018-17404 (The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 for Android ...)
+	TODO: check
+CVE-2018-17403 (The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through ...)
+	TODO: check
+CVE-2018-17402 (The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through ...)
+	TODO: check
+CVE-2018-17401 (The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through ...)
+	TODO: check
+CVE-2018-17400 (The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through ...)
+	TODO: check
+CVE-2018-17399
+	RESERVED
+CVE-2018-17398
+	RESERVED
+CVE-2018-17397
+	RESERVED
+CVE-2018-17396
+	RESERVED
+CVE-2018-17395
+	RESERVED
+CVE-2018-17394
+	RESERVED
+CVE-2018-17393
+	RESERVED
+CVE-2018-17392
+	RESERVED
+CVE-2018-17391
+	RESERVED
+CVE-2018-17390
+	RESERVED
+CVE-2018-17389
+	RESERVED
+CVE-2018-17388
+	RESERVED
+CVE-2018-17387
+	RESERVED
+CVE-2018-17386
+	RESERVED
+CVE-2018-17385
+	RESERVED
+CVE-2018-17384
+	RESERVED
+CVE-2018-17383
+	RESERVED
+CVE-2018-17382
+	RESERVED
+CVE-2018-17381
+	RESERVED
+CVE-2018-17380
+	RESERVED
+CVE-2018-17379
+	RESERVED
+CVE-2018-17378
+	RESERVED
+CVE-2018-17377
+	RESERVED
+CVE-2018-17376
+	RESERVED
+CVE-2018-17375
+	RESERVED
+CVE-2018-17374
+	RESERVED
+CVE-2018-17373
+	RESERVED
+CVE-2018-17372
+	RESERVED
+CVE-2018-17371
+	RESERVED
+CVE-2018-17370
+	RESERVED
+CVE-2018-17369 (An issue was discovered in springboot_authority through 2017-03-06. ...)
+	TODO: check
+CVE-2018-17368 (An issue was discovered in PublicCMS V4.0.180825. For an invalid login ...)
+	TODO: check
+CVE-2018-17367
+	RESERVED
+CVE-2018-17366 (An issue was discovered in MCMS 4.6.5. There is a CSRF vulnerability ...)
+	TODO: check
+CVE-2018-17365
+	RESERVED
+CVE-2018-17364 (OTCMS 3.61 allows remote attackers to execute arbitrary PHP code via ...)
+	TODO: check
+CVE-2018-17363
+	RESERVED
+CVE-2018-17362
+	RESERVED
+CVE-2018-17361 (Multiple XSS vulnerabilities in WeaselCMS v0.3.6 allow remote attackers ...)
+	TODO: check
+CVE-2018-17360 (An issue was discovered in the Binary File Descriptor (BFD) library ...)
+	TODO: check
+CVE-2018-17359 (An issue was discovered in the Binary File Descriptor (BFD) library ...)
+	TODO: check
+CVE-2018-17358 (An issue was discovered in the Binary File Descriptor (BFD) library ...)
+	TODO: check
+CVE-2018-17357
+	RESERVED
+CVE-2018-17356
+	RESERVED
+CVE-2018-17355
+	RESERVED
+CVE-2018-17354
+	RESERVED
+CVE-2018-17353
+	RESERVED
+CVE-2018-17352
+	RESERVED
+CVE-2018-17351
+	RESERVED
+CVE-2018-17350
+	RESERVED
+CVE-2018-17349
+	RESERVED
+CVE-2018-17348
+	RESERVED
+CVE-2018-17347
+	RESERVED
+CVE-2018-17346
+	RESERVED
+CVE-2018-17345
+	RESERVED
+CVE-2018-17344
+	RESERVED
+CVE-2018-17343
+	RESERVED
+CVE-2018-17342
+	RESERVED
+CVE-2018-17341 (BigTree 4.2.23 on Windows, when Advanced or Simple Rewrite routing is ...)
+	TODO: check
+CVE-2018-17340
+	RESERVED
+CVE-2018-17339
+	RESERVED
+CVE-2018-17338 (An issue has been found in pdfalto through 0.2. It is a heap-based ...)
+	TODO: check
+CVE-2018-17337
+	RESERVED
+CVE-2018-17336 (UDisks 2.8.0 has a format string vulnerability in udisks_log in ...)
+	TODO: check
+CVE-2018-17335
+	RESERVED
+CVE-2018-17334 (An issue was discovered in libsvg2 through 2012-10-19. A stack-based ...)
+	TODO: check
+CVE-2018-17333 (An issue was discovered in libsvg2 through 2012-10-19. A stack-based ...)
+	TODO: check
+CVE-2018-17332 (An issue was discovered in libsvg2 through 2012-10-19. The ...)
+	TODO: check
+CVE-2018-17331
+	RESERVED
+CVE-2018-17330
+	RESERVED
+CVE-2018-17329
+	RESERVED
+CVE-2018-17328
+	RESERVED
+CVE-2018-17327
+	RESERVED
+CVE-2018-17326
+	RESERVED
+CVE-2018-17325
+	RESERVED
+CVE-2018-17324
+	RESERVED
+CVE-2018-17323
+	RESERVED
+CVE-2018-17322 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2018-17321 (An issue was discovered in SeaCMS 6.64. XSS exists in ...)
+	TODO: check
+CVE-2018-17320 (An issue was discovered in UCMS 1.4.6. aaddpost.php has stored XSS via ...)
+	TODO: check
+CVE-2018-17319
+	RESERVED
+CVE-2018-17318
+	RESERVED
+CVE-2018-17317 (FruityWifi (aka PatatasFritas/PatataWifi) 2.1 allows remote attackers ...)
+	TODO: check
+CVE-2018-17316
+	RESERVED
+CVE-2018-17315
+	RESERVED
+CVE-2018-17314
+	RESERVED
+CVE-2018-17313
+	RESERVED
+CVE-2018-17312
+	RESERVED
+CVE-2018-17311
+	RESERVED
+CVE-2018-17310
+	RESERVED
+CVE-2018-17309
+	RESERVED
+CVE-2018-17308
+	RESERVED
+CVE-2018-17307
+	RESERVED
+CVE-2018-17306
+	RESERVED
+CVE-2018-17305
+	RESERVED
+CVE-2018-17304
+	RESERVED
 CVE-2018-17303
 	RESERVED
 CVE-2018-17302 (Stored XSS exists in views/fields/wysiwyg.js in EspoCRM 5.3.6 via a ...)
@@ -47,13 +497,12 @@ CVE-2018-17283 (Zoho ManageEngine OpManager before 12.3 Build 123196 does not re
 CVE-2018-17282 (An issue was discovered in Exiv2 v0.26. The function ...)
 	- exiv2 <undetermined>
 	NOTE: https://github.com/Exiv2/exiv2/issues/457
-CVE-2018-17407 [writet1 protection against buffer overflow]
-	{DSA-4299-1}
+CVE-2018-17407 (An issue was discovered in t1_check_unusual_charstring functions in ...)
+	{DSA-4299-1 DLA-1514-1}
 	- texlive-bin 2018.20180907.48586-2 (bug #909317)
 	NOTE: Fixed by: https://github.com/TeX-Live/texlive-source/commit/6ed0077520e2b0da1fd060c7f88db7b2e6068e4c
 	NOTE: Introduced in: https://github.com/TeX-Live/texlive-source/commit/59cbb8f96b0543c2912d6370ce8021181661e1cf
-CVE-2018-17281 [Remote crash vulnerability in HTTP websocket upgrade (AST-2018-009)]
-	RESERVED
+CVE-2018-17281 (There is a stack consumption vulnerability in the ...)
 	- asterisk 1:13.23.1~dfsg-1 (bug #909554)
 	NOTE: https://downloads.asterisk.org/pub/security/AST-2018-009.html
 	NOTE: :https://issues.asterisk.org/jira/browse/ASTERISK-28013
@@ -297,10 +746,10 @@ CVE-2018-17176 (A replay issue was discovered on Neato Botvac Connected 2.2.0 de
 CVE-2018-17175 (In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for ...)
 	- python-marshmallow 3.0.0b14-1 (bug #909140)
 	NOTE: https://github.com/marshmallow-code/marshmallow/issues/772
-CVE-2018-17174
-	RESERVED
-CVE-2018-17173
-	RESERVED
+CVE-2018-17174 (A stack-based buffer overflow was discovered in the xtimor NMEA ...)
+	TODO: check
+CVE-2018-17173 (LG SuperSign CMS allows remote attackers to execute arbitrary code via ...)
+	TODO: check
 CVE-2018-17172
 	RESERVED
 CVE-2018-17171
@@ -340,6 +789,7 @@ CVE-2018-17155
 CVE-2018-17154
 	RESERVED
 CVE-2018-1000802 (Python Software Foundation Python (CPython) version 2.7 contains a ...)
+	{DLA-1519-1}
 	- python3.7 <not-affected> (Fixed before initial upload)
 	- python3.6 <not-affected> (Fixed before initial upload)
 	- python3.5 <not-affected> (Fixed before initial upload)
@@ -350,7 +800,7 @@ CVE-2018-1000802 (Python Software Foundation Python (CPython) version 2.7 contai
 	NOTE: Later versions did remove _call_external_zip with
 	NOTE: https://github.com/python/cpython/commit/a0934b2c1b939fdebee8dc18d49a0f6c52324773
 	NOTE: which used distutils.spawn.
-CVE-2018-17153 (It was discovered that the Western Digital My Cloud device through ...)
+CVE-2018-17153 (It was discovered that the Western Digital My Cloud device before ...)
 	NOT-FOR-US: Western Digital My Cloud device
 CVE-2018-17152
 	RESERVED
@@ -376,9 +826,8 @@ CVE-2018-17143 (The html package (aka x/net/html) through 2018-09-17 in Go misha
 	TODO: check, in golang-golang-x-net-dev?
 CVE-2018-17142 (The html package (aka x/net/html) through 2018-09-17 in Go mishandles ...)
 	TODO: check, in golang-golang-x-net-dev?
-CVE-2018-17141
-	RESERVED
-	{DSA-4298-1}
+CVE-2018-17141 (HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute ...)
+	{DSA-4298-1 DLA-1515-1}
 	- hylafax 3:6.0.6-8.1 (bug #909161)
 	NOTE: http://git.hylafax.org/HylaFAX?a=commit;h=82fa7bdbffc253de4d3e80a87d47fdbf68eabe36
 CVE-2018-17140 (The Quizlord plugin through 2.0 for WordPress is prone to Stored XSS ...)
@@ -447,8 +896,8 @@ CVE-2018-17109
 	RESERVED
 CVE-2018-17108 (The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 for Android ...)
 	NOT-FOR-US: SBIbuddy
-CVE-2018-17107
-	RESERVED
+CVE-2018-17107 (In Tgstation tgstation-server 3.2.4.0 through 3.2.1.0 (fixed in ...)
+	TODO: check
 CVE-2018-17106 (In Tinyftp Tinyftpd 1.1, a buffer overflow exists in the text variable ...)
 	NOT-FOR-US: Tinyftpd
 CVE-2018-17105
@@ -601,8 +1050,8 @@ CVE-2018-17052
 	RESERVED
 CVE-2018-17051 (K-Net Cisco Configuration Manager through 2014-11-19 has XSS via ...)
 	NOT-FOR-US: K-Net Cisco Configuration Manager
-CVE-2018-17050
-	RESERVED
+CVE-2018-17050 (The mintToken function of a smart contract implementation for PolyAi ...)
+	TODO: check
 CVE-2018-17049 (CQU-LANKERS through 2017-11-02 has XSS via the public/api.php callback ...)
 	NOT-FOR-US: CQU-LANKERS
 CVE-2018-17048
@@ -697,12 +1146,12 @@ CVE-2018-17005 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR
 	NOT-FOR-US: TP-Link
 CVE-2018-17004 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N ...)
 	NOT-FOR-US: TP-Link
-CVE-2018-17003
-	RESERVED
-CVE-2018-17002
-	RESERVED
-CVE-2018-17001
-	RESERVED
+CVE-2018-17003 (In LimeSurvey 3.14.7, HTML Injection and Stored XSS have been ...)
+	TODO: check
+CVE-2018-17002 (On the RICOH MP 2001 printer, HTML Injection and Stored XSS ...)
+	TODO: check
+CVE-2018-17001 (On the RICOH SP 4510SF printer, HTML Injection and Stored XSS ...)
+	TODO: check
 CVE-2018-17000 (A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c ...)
 	- tiff <unfixed> (bug #908778)
 	- tiff3 <removed>
@@ -779,8 +1228,8 @@ CVE-2018-16967
 	RESERVED
 CVE-2018-16966
 	RESERVED
-CVE-2018-16965
-	RESERVED
+CVE-2018-16965 (In Zoho ManageEngine SupportCenter Plus 8.1.0, there is HTML Injection ...)
+	TODO: check
 CVE-2018-16964
 	RESERVED
 CVE-2018-16963
@@ -1046,24 +1495,31 @@ CVE-2018-16835
 	RESERVED
 CVE-2018-16834
 	RESERVED
-CVE-2018-16833
-	RESERVED
+CVE-2018-16833 (Zoho ManageEngine Desktop Central 10.0.271 has XSS via the "Features & ...)
+	TODO: check
 CVE-2018-16832 (CSRF in the anti-csrf decorator in xunfeng 0.2.0 allows an attacker to ...)
 	NOT-FOR-US: xunfeng
 CVE-2018-16949 (An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before ...)
+	{DSA-4302-1 DLA-1513-1}
 	- openafs 1.8.2-1 (bug #908616)
 	NOTE: http://openafs.org/pages/security/OPENAFS-SA-2018-003.txt
 CVE-2018-16948 (An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before ...)
+	{DSA-4302-1 DLA-1513-1}
 	- openafs 1.8.2-1 (bug #908616)
 	NOTE: http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt
 CVE-2018-16947 (An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before ...)
+	{DSA-4302-1 DLA-1513-1}
 	- openafs 1.8.2-1 (bug #908616)
 	NOTE: http://openafs.org/pages/security/OPENAFS-SA-2018-001.txt
 CVE-2018-17458 [function signature mismatch in webassembly]
+	RESERVED
+	{DSA-4297-1}
 	- chromium-browser 69.0.3497.92-1 (bug #908806)
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 	NOTE: Workaround for DSA-4297-1 until CVEs assigned
 CVE-2018-17459 [url spoofing in omnibox]
+	RESERVED
+	{DSA-4297-1}
 	- chromium-browser 69.0.3497.92-1 (bug #908806)
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 	NOTE: Workaround for DSA-4297-1 until CVEs assigned
@@ -1107,10 +1563,10 @@ CVE-2018-16824
 	RESERVED
 CVE-2018-16823
 	RESERVED
-CVE-2018-16822
-	RESERVED
-CVE-2018-16821
-	RESERVED
+CVE-2018-16822 (SeaCMS 6.64 allows SQL Injection via the upload/admin/admin_video.php ...)
+	TODO: check
+CVE-2018-16821 (SeaCMS 6.64 allows arbitrary directory listing via ...)
+	TODO: check
 CVE-2018-16820 (admin/index.php in Monstra CMS 3.0.4 allows arbitrary directory ...)
 	NOT-FOR-US: Monstra CMS
 CVE-2018-16819 (admin/index.php in Monstra CMS 3.0.4 allows arbitrary file deletion ...)
@@ -1165,8 +1621,8 @@ CVE-2018-16795
 	RESERVED
 CVE-2018-16794 (Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory ...)
 	NOT-FOR-US: Microsoft ADFS 4.0 Windows Server
-CVE-2018-16793
-	RESERVED
+CVE-2018-16793 (Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions ...)
+	TODO: check
 CVE-2018-16802 (An issue was discovered in Artifex Ghostscript before 9.25. Incorrect ...)
 	{DSA-4294-1 DLA-1504-1}
 	[experimental] - ghostscript 9.25~dfsg-1~exp1
@@ -1187,12 +1643,12 @@ CVE-2018-16788
 	RESERVED
 CVE-2018-16787
 	RESERVED
-CVE-2018-16786
-	RESERVED
+CVE-2018-16786 (DedeCMS 5.7 SP2 allows XSS via an onhashchange attribute in the msg ...)
+	TODO: check
 CVE-2018-16785 (XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 ...)
 	TODO: check
-CVE-2018-16784
-	RESERVED
+CVE-2018-16784 (DedeCMS 5.7 SP2 allows XML injection, and resultant remote code ...)
+	TODO: check
 CVE-2018-16783
 	RESERVED
 CVE-2018-16782 (libimageworsener.a in ImageWorsener 1.3.2 has a buffer overflow in the ...)
@@ -1622,8 +2078,7 @@ CVE-2018-16599
 	RESERVED
 CVE-2018-16598
 	RESERVED
-CVE-2018-16597 [overlayfs file truncation without permissions]
-	RESERVED
+CVE-2018-16597 (An issue was discovered in the Linux kernel through 4.18.6. Incorrect ...)
 	- linux 4.8.5-1
 	[jessie] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1106512
@@ -1724,6 +2179,7 @@ CVE-2018-16556
 CVE-2018-16555
 	RESERVED
 CVE-2018-1000801 (okular version 18.08 and earlier contains a Directory Traversal ...)
+	{DSA-4303-1 DLA-1516-1}
 	- okular <unfixed> (bug #908168)
 	NOTE: https://bugs.kde.org/show_bug.cgi?id=398096
 	NOTE: https://cgit.kde.org/okular.git/commit/?id=8ff7abc14d41906ad978b6bc67e69693863b9d47
@@ -2395,8 +2851,8 @@ CVE-2018-16301
 	RESERVED
 CVE-2018-16300
 	RESERVED
-CVE-2018-16299
-	RESERVED
+CVE-2018-16299 (The Localize My Post plugin 1.0 for WordPress allows Directory ...)
+	TODO: check
 CVE-2018-16298 (An issue was discovered in MiniCMS 1.10. There is an ...)
 	NOT-FOR-US: MiniCMS
 CVE-2018-16297
@@ -2427,12 +2883,12 @@ CVE-2018-16285 (The UserPro plugin through 4.9.23 for WordPress allows XSS via t
 	NOT-FOR-US: Wordpress plugin
 CVE-2018-16284
 	RESERVED
-CVE-2018-16283
-	RESERVED
+CVE-2018-16283 (The Wechat Broadcast plugin 1.2.0 and earlier for WordPress allows ...)
+	TODO: check
 CVE-2018-16282 (A command injection vulnerability in the web server functionality of ...)
 	NOT-FOR-US: Moxa
-CVE-2018-16281
-	RESERVED
+CVE-2018-16281 (The DEISER "Profields - Project Custom Fields" app before 6.0.2 for ...)
+	TODO: check
 CVE-2018-16280
 	RESERVED
 CVE-2018-16279
@@ -3181,29 +3637,28 @@ CVE-2018-15969
 	RESERVED
 CVE-2018-15968
 	RESERVED
-CVE-2018-15967
-	RESERVED
+CVE-2018-15967 (Adobe Flash Player versions 30.0.0.154 and earlier have a privilege ...)
 	NOT-FOR-US: Adobe
 CVE-2018-15966
 	RESERVED
-CVE-2018-15965
-	RESERVED
-CVE-2018-15964
-	RESERVED
-CVE-2018-15963
-	RESERVED
-CVE-2018-15962
-	RESERVED
-CVE-2018-15961
-	RESERVED
-CVE-2018-15960
-	RESERVED
-CVE-2018-15959
-	RESERVED
-CVE-2018-15958
-	RESERVED
-CVE-2018-15957
-	RESERVED
+CVE-2018-15965 (Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 ...)
+	TODO: check
+CVE-2018-15964 (Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 ...)
+	TODO: check
+CVE-2018-15963 (Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 ...)
+	TODO: check
+CVE-2018-15962 (Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 ...)
+	TODO: check
+CVE-2018-15961 (Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 ...)
+	TODO: check
+CVE-2018-15960 (Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 ...)
+	TODO: check
+CVE-2018-15959 (Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 ...)
+	TODO: check
+CVE-2018-15958 (Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 ...)
+	TODO: check
+CVE-2018-15957 (Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 ...)
+	TODO: check
 CVE-2018-15956
 	RESERVED
 CVE-2018-15955
@@ -4061,14 +4516,14 @@ CVE-2018-15617
 	RESERVED
 CVE-2018-15616
 	RESERVED
-CVE-2018-15615
-	RESERVED
+CVE-2018-15615 (A vulnerability in the Supervisor component of Avaya Call Management ...)
+	TODO: check
 CVE-2018-15614
 	RESERVED
-CVE-2018-15613
-	RESERVED
-CVE-2018-15612
-	RESERVED
+CVE-2018-15613 (A cross-site scripting (XSS) vulnerability in the Runtime Config ...)
+	TODO: check
+CVE-2018-15612 (A CSRF vulnerability in the Runtime Config component of Avaya Aura ...)
+	TODO: check
 CVE-2018-15611
 	RESERVED
 CVE-2018-15610 (A vulnerability in the one-X Portal component of Avaya IP Office ...)
@@ -4234,6 +4689,7 @@ CVE-2018-1000634 (The Open Microscopy Environment OMERO.server version 5.4.0 to
 CVE-2018-1000633 (The Open Microscopy Environment OMERO.web version prior to 5.4.7 ...)
 	NOT-FOR-US: Open Microscopy Environment
 CVE-2018-1000632 (dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection ...)
+	{DLA-1517-1}
 	- dom4j 2.1.1-1 (low)
 	[stretch] - dom4j <no-dsa> (Minor issue, will be fixed via spu)
 	NOTE: https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387
@@ -5696,12 +6152,12 @@ CVE-2018-14893
 	RESERVED
 CVE-2018-14892
 	RESERVED
-CVE-2018-14891
-	RESERVED
-CVE-2018-14890
-	RESERVED
-CVE-2018-14889
-	RESERVED
+CVE-2018-14891 (Management Console in Vectra Networks Cognito Brain and Sensor before ...)
+	TODO: check
+CVE-2018-14890 (Vectra Networks Cognito Brain and Sensor before 4.2 contains a ...)
+	TODO: check
+CVE-2018-14889 (CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 ...)
+	TODO: check
 CVE-2018-14888 (inc/plugins/thankyoulike.php in the Eldenroot Thank You/Like plugin ...)
 	NOT-FOR-US: Eldenroot Thank You/Like plugin for MyBB
 CVE-2018-14887
@@ -5858,8 +6314,8 @@ CVE-2018-14827 (Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. A
 	NOT-FOR-US: Rockwell Automation RSLinx Classic
 CVE-2018-14826
 	RESERVED
-CVE-2018-14825
-	RESERVED
+CVE-2018-14825 (On Honeywell Mobile Computers (CT60 running Android OS 7.1, CN80 ...)
+	TODO: check
 CVE-2018-14824
 	RESERVED
 CVE-2018-14823
@@ -6135,12 +6591,12 @@ CVE-2018-14733
 CVE-2018-14734 (drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 ...)
 	- linux 4.17.14-1
 	NOTE: https://git.kernel.org/linus/cb2595c1393b4a5211534e6f0a0fbad369e21ad8 (4.18-rc1)
-CVE-2018-14732
-	RESERVED
-CVE-2018-14731
-	RESERVED
-CVE-2018-14730
-	RESERVED
+CVE-2018-14732 (An issue was discovered in lib/Server.js in webpack-dev-server before ...)
+	TODO: check
+CVE-2018-14731 (An issue was discovered in HMRServer.js in Parcel parcel-bundler. ...)
+	TODO: check
+CVE-2018-14730 (An issue was discovered in Browserify-HMR. Attackers are able to steal ...)
+	TODO: check
 CVE-2018-14729
 	RESERVED
 CVE-2018-14728 (upload.php in Responsive FileManager 9.13.1 allows SSRF via the url ...)
@@ -6218,14 +6674,14 @@ CVE-2018-14693
 	RESERVED
 CVE-2018-14692
 	RESERVED
-CVE-2018-14691
-	RESERVED
-CVE-2018-14690
-	RESERVED
-CVE-2018-14689
-	RESERVED
-CVE-2018-14688
-	RESERVED
+CVE-2018-14691 (An issue was discovered in Subsonic 6.1.1. The music tags feature is ...)
+	TODO: check
+CVE-2018-14690 (An issue was discovered in Subsonic 6.1.1. The general settings are ...)
+	TODO: check
+CVE-2018-14689 (An issue was discovered in Subsonic 6.1.1. The transcoding settings ...)
+	TODO: check
+CVE-2018-14688 (An issue was discovered in Subsonic 6.1.1. The radio settings are ...)
+	TODO: check
 CVE-2018-14687
 	RESERVED
 CVE-2018-14686 (system/edit_book.php in XYCMS 1.7 has stored XSS via a crafted ...)
@@ -6324,20 +6780,18 @@ CVE-2018-14648 [Mishandled search requests in servers/slapd/search.c:do_search()
 	- 389-ds-base <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1630668
 	TODO: check, not much detail provided
-CVE-2018-14647
-	RESERVED
+CVE-2018-14647 (Python's elementtree C accelerator failed to initialise Expat's hash ...)
+	TODO: check
 CVE-2018-14646
 	RESERVED
-CVE-2018-14645 [hpack: fix improper sign check on the header index value]
-	RESERVED
+CVE-2018-14645 (A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, ...)
 	- haproxy 1.8.13-2
 	[stretch] - haproxy <not-affected> (Only affects 1.8.x)
 	[jessie] - haproxy <not-affected> (Only affects 1.8.x)
 	NOTE: https://git.haproxy.org/?p=haproxy-1.8.git;a=commit;h=b4e05a3daa30f657db01ec144a0e48850c48f813
 CVE-2018-14644
 	RESERVED
-CVE-2018-14643
-	RESERVED
+CVE-2018-14643 (An authentication bypass flaw was found in the smart_proxy_dynflow ...)
 	- foreman <itp> (bug #663101)
 	NOTE: Issue in a foreman component: smart_proxy_dynflow, which might land in separate source.
 CVE-2018-14642 (An information leak vulnerability was found in Undertow. If all ...)
@@ -6369,8 +6823,7 @@ CVE-2018-14635 (When using the Linux bridge ml2 driver, non-privileged tenants a
 	NOTE: https://git.openstack.org/cgit/openstack/neutron/commit/?id=54aa6e81cb17b33ce4d5d469cc11dec2869c762d
 CVE-2018-14634
 	RESERVED
-CVE-2018-14633 [stack-based buffer overflow in chap_server_compute_md5() in iscsi target]
-	RESERVED
+CVE-2018-14633 (A security flaw was found in the chap_server_compute_md5() function in ...)
 	- linux <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2018/09/24/2
 CVE-2018-14632 (An out of bound write can occur when patching an Openshift object ...)
@@ -7417,8 +7870,8 @@ CVE-2018-14320 (This vulnerability allows remote attackers to disclose sensitive
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-18-1046/
 CVE-2018-14319
 	RESERVED
-CVE-2018-14318
-	RESERVED
+CVE-2018-14318 (This vulnerability allows remote attackers to execute arbitrary code ...)
+	TODO: check
 CVE-2018-14317 (This vulnerability allows remote attackers to execute arbitrary code ...)
 	NOT-FOR-US: Foxit Reader
 CVE-2018-14316 (This vulnerability allows remote attackers to disclose sensitive ...)
@@ -8557,7 +9010,7 @@ CVE-2018-13820 (A hardcoded passphrase, in CA Unified Infrastructure Management
 	NOT-FOR-US: CA Unified Infrastructure Management
 CVE-2018-13819 (A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, ...)
 	NOT-FOR-US: CA Unified Infrastructure Management
-CVE-2018-13818 (Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the ...)
+CVE-2018-13818 (** DISPUTED ** Twig before 2.4.4 allows Server-Side Template Injection ...)
 	- twig 2.4.4-2 (unimportant)
 	NOTE: Fixed upstream in 2.4.4
 	NOTE: Vendor of Twig disputes issue as Twig itself is not a web application and
@@ -10017,8 +10470,8 @@ CVE-2018-13142
 	RESERVED
 CVE-2018-13141
 	RESERVED
-CVE-2018-13140
-	RESERVED
+CVE-2018-13140 (Druide Antidote through 9.5.1 on Windows and Linux allows remote code ...)
+	TODO: check
 CVE-2018-13139 (A stack-based buffer overflow in psf_memset in common.c in libsndfile ...)
 	- libsndfile <unfixed> (unimportant)
 	NOTE: https://github.com/erikd/libsndfile/issues/397
@@ -10083,8 +10536,8 @@ CVE-2018-13112 (get_l2len in common/get.c in Tcpreplay 4.3.0 beta 1 allows remot
 	[stretch] - tcpreplay <no-dsa> (Minor issue)
 	[jessie] - tcpreplay <no-dsa> (Minor issue)
 	NOTE: https://github.com/appneta/tcpreplay/issues/477
-CVE-2018-13111
-	RESERVED
+CVE-2018-13111 (There exists a partial Denial of Service vulnerability in Wanscam ...)
+	TODO: check
 CVE-2018-13110 (All ADB broadband gateways / routers based on the Epicentro platform ...)
 	NOT-FOR-US: ADB broadband gateways / routers
 CVE-2018-13109 (All ADB broadband gateways / routers based on the Epicentro platform ...)
@@ -10406,8 +10859,8 @@ CVE-2018-12977 (A SQL injection vulnerability in the SoftExpert (SE) Excellence
 	NOT-FOR-US: SoftExpert (SE) Excellence Suite
 CVE-2018-12976 (In Go Doc Dot Org (gddo) through 2018-06-27, an attacker could use ...)
 	NOT-FOR-US: Go Doc Dot Org
-CVE-2018-12975
-	RESERVED
+CVE-2018-12975 (The random() function of the smart contract implementation for ...)
+	TODO: check
 CVE-2018-12974
 	RESERVED
 CVE-2018-12973 (An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter ...)
@@ -10745,12 +11198,12 @@ CVE-2018-12852
 	RESERVED
 CVE-2018-12851
 	RESERVED
-CVE-2018-12850
-	RESERVED
-CVE-2018-12849
-	RESERVED
-CVE-2018-12848
-	RESERVED
+CVE-2018-12850 (Adobe Acrobat and Reader versions 2018.011.20058 and earlier, ...)
+	TODO: check
+CVE-2018-12849 (Adobe Acrobat and Reader versions 2018.011.20058 and earlier, ...)
+	TODO: check
+CVE-2018-12848 (Adobe Acrobat and Reader versions 2018.011.20058 and earlier, ...)
+	TODO: check
 CVE-2018-12847
 	RESERVED
 CVE-2018-12846
@@ -10765,8 +11218,8 @@ CVE-2018-12842
 	RESERVED
 CVE-2018-12841
 	RESERVED
-CVE-2018-12840
-	RESERVED
+CVE-2018-12840 (Adobe Acrobat and Reader versions 2018.011.20058 and earlier, ...)
+	TODO: check
 CVE-2018-12839
 	RESERVED
 CVE-2018-12838
@@ -10843,8 +11296,8 @@ CVE-2018-12803 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30
 	NOT-FOR-US: Adobe
 CVE-2018-12802 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and ...)
 	NOT-FOR-US: Adobe
-CVE-2018-12801
-	RESERVED
+CVE-2018-12801 (Adobe Acrobat and Reader versions 2018.011.20058 and earlier, ...)
+	TODO: check
 CVE-2018-12800
 	RESERVED
 CVE-2018-12799 (Adobe Acrobat and Reader versions 2018.011.20055 and earlier, ...)
@@ -10889,14 +11342,14 @@ CVE-2018-12780 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30
 	NOT-FOR-US: Adobe
 CVE-2018-12779 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and ...)
 	NOT-FOR-US: Adobe
-CVE-2018-12778
-	RESERVED
+CVE-2018-12778 (Adobe Acrobat and Reader versions 2018.011.20058 and earlier, ...)
+	TODO: check
 CVE-2018-12777 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and ...)
 	NOT-FOR-US: Adobe
 CVE-2018-12776 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and ...)
 	NOT-FOR-US: Adobe
-CVE-2018-12775
-	RESERVED
+CVE-2018-12775 (Adobe Acrobat and Reader versions 2018.011.20058 and earlier, ...)
+	TODO: check
 CVE-2018-12774 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and ...)
 	NOT-FOR-US: Adobe
 CVE-2018-12773 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and ...)
@@ -11717,8 +12170,8 @@ CVE-2018-12513
 	RESERVED
 CVE-2018-12512
 	RESERVED
-CVE-2018-12511
-	RESERVED
+CVE-2018-12511 (In the mintToken function of a smart contract implementation for ...)
+	TODO: check
 CVE-2018-12510
 	RESERVED
 CVE-2018-12509
@@ -12127,6 +12580,7 @@ CVE-2018-12386
 	RESERVED
 CVE-2018-12385
 	RESERVED
+	{DSA-4304-1}
 	- firefox 62.0.2-1
 	- firefox-esr 60.2.1esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-22/#CVE-2018-12385
@@ -12142,6 +12596,7 @@ CVE-2018-12384 [ServerHello.random is all zero when handling a v2-compatible Cli
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1622089
 CVE-2018-12383
 	RESERVED
+	{DSA-4304-1}
 	- firefox 62.0-1
 	- firefox-esr 60.2.1esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2018-12383
@@ -12753,8 +13208,8 @@ CVE-2018-12171 (Privilege escalation in Intel Baseboard Management Controller (B
 	NOT-FOR-US: Intel Baseboard Management Controller firmware
 CVE-2018-12170
 	RESERVED
-CVE-2018-12169
-	RESERVED
+CVE-2018-12169 (Platform sample code firmware in 4th Generation Intel Core Processor, ...)
+	TODO: check
 CVE-2018-12168 (Privilege escalation in file permissions in Intel Computing ...)
 	NOT-FOR-US: Intel
 CVE-2018-12167
@@ -14188,8 +14643,8 @@ CVE-2018-11616 (This vulnerability allows remote attackers to execute arbitrary
 	NOT-FOR-US: Tencent Foxmail
 CVE-2018-11615 (This vulnerability allows remote attackers to deny service on ...)
 	NOT-FOR-US: mosca
-CVE-2018-11614
-	RESERVED
+CVE-2018-11614 (This vulnerability allows remote attackers to escalate privileges on ...)
+	TODO: check
 CVE-2018-11613
 	RESERVED
 CVE-2018-11612
@@ -14937,8 +15392,8 @@ CVE-2018-11354 (In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash. This
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-26.html
 CVE-2018-11353
 	RESERVED
-CVE-2018-11352
-	RESERVED
+CVE-2018-11352 (The Wallabag application 2.2.3 to 2.3.2 is affected by one cross-site ...)
+	TODO: check
 CVE-2018-11351 (script.php in Jirafeau before 3.4.1 is affected by two stored ...)
 	NOT-FOR-US: Jirafeau
 CVE-2018-11350 (An issue was discovered in Jirafeau before 3.4.1. The file "search by ...)
@@ -15220,10 +15675,10 @@ CVE-2018-11243 (PackLinuxElf64::unpack in p_lx_elf.cpp in UPX 3.95 allows remote
 	NOTE: https://github.com/upx/upx/issues/207
 CVE-2018-11242 (An issue was discovered in the MakeMyTrip application 7.2.4 for ...)
 	NOT-FOR-US: MakeMyTrip application for Android
-CVE-2018-11241
-	RESERVED
-CVE-2018-11240
-	RESERVED
+CVE-2018-11241 (An issue was discovered on SoftCase T-Router build 20112017 devices. A ...)
+	TODO: check
+CVE-2018-11240 (An issue was discovered on SoftCase T-Router build 20112017 devices. ...)
+	TODO: check
 CVE-2018-11239 (An integer overflow in the _transfer function of a smart contract ...)
 	NOT-FOR-US: Hexagon (HXG)
 CVE-2018-11238
@@ -16336,7 +16791,7 @@ CVE-2018-10861 (A flaw was found in the way ceph mon handles user requests. Any
 	NOTE: http://tracker.ceph.com/issues/24838
 	NOTE: https://github.com/ceph/ceph/commit/975528f632f73fbffa3f1fee304e3bbe3296cffc
 CVE-2018-10860 (perl-archive-zip is vulnerable to a directory traversal in ...)
-	{DLA-1440-1}
+	{DSA-4300-1 DLA-1440-1}
 	- libarchive-zip-perl 1.62-1 (bug #902882)
 	NOTE: https://github.com/redhotpenguin/perl-Archive-Zip/pull/33
 	NOTE: https://github.com/redhotpenguin/perl-Archive-Zip/commit/95e1df86327
@@ -17326,20 +17781,20 @@ CVE-2018-10504 (The WebDorado "Form Maker by WD" plugin before 1.12.24
 	NOT-FOR-US: Wordpress plugin
 CVE-2018-10503 (An issue was discovered in index.php in baijiacms V4 v4_1_4_20170105. ...)
 	NOT-FOR-US: baijiacms
-CVE-2018-10502
-	RESERVED
-CVE-2018-10501
-	RESERVED
-CVE-2018-10500
-	RESERVED
-CVE-2018-10499
-	RESERVED
-CVE-2018-10498
-	RESERVED
-CVE-2018-10497
-	RESERVED
-CVE-2018-10496
-	RESERVED
+CVE-2018-10502 (This vulnerability allows local attackers to escalate privileges on ...)
+	TODO: check
+CVE-2018-10501 (This vulnerability allows local attackers to escalate privileges on ...)
+	TODO: check
+CVE-2018-10500 (This vulnerability allows local attackers to escalate privileges on ...)
+	TODO: check
+CVE-2018-10499 (This vulnerability allows local attackers to execute arbitrary code on ...)
+	TODO: check
+CVE-2018-10498 (This vulnerability allows local attackers to disclose sensitive ...)
+	TODO: check
+CVE-2018-10497 (This vulnerability allows local attackers to escalate privileges on ...)
+	TODO: check
+CVE-2018-10496 (This vulnerability allows remote attackers to execute arbitrary code ...)
+	TODO: check
 CVE-2018-10495 (This vulnerability allows remote attackers to execute arbitrary code ...)
 	NOT-FOR-US: Foxit Reader
 CVE-2018-10494 (This vulnerability allows remote attackers to execute arbitrary code ...)
@@ -18625,6 +19080,7 @@ CVE-2017-18260 (Dolibarr ERP/CRM is affected by multiple SQL injection vulnerabi
 CVE-2017-18259 (Dolibarr ERP/CRM is affected by stored Cross-Site Scripting (XSS) in ...)
 	- dolibarr <removed>
 CVE-2018-9989 (ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer ...)
+	{DLA-1518-1}
 	- mbedtls 2.8.0-1
 	[stretch] - mbedtls <no-dsa> (Minor issue)
 	- polarssl <removed>
@@ -18633,6 +19089,7 @@ CVE-2018-9989 (ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a
 	NOTE: https://github.com/ARMmbed/mbedtls/commit/740b218386083dc708ce98ccc94a63a95cd5629e
 	NOTE: https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-released
 CVE-2018-9988 (ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer ...)
+	{DLA-1518-1}
 	- mbedtls 2.8.0-1
 	[stretch] - mbedtls <no-dsa> (Minor issue)
 	- polarssl <removed>
@@ -20257,8 +20714,8 @@ CVE-2018-9284 (authentication.cgi on D-Link DIR-868L devices with Singapore Star
 	NOT-FOR-US: D-Link
 CVE-2018-9283 (An XSS issue was discovered in CremeCRM 1.6.12. It is affected by 10 ...)
 	NOT-FOR-US: Creme CRM
-CVE-2018-9282
-	RESERVED
+CVE-2018-9282 (An XSS issue was discovered in Subsonic Media Server 6.1.1. The ...)
+	TODO: check
 CVE-2018-9281
 	RESERVED
 CVE-2018-9280
@@ -23483,8 +23940,7 @@ CVE-2018-8025 (CVE-2018-8025 describes an issue in Apache HBase that affects the
 	NOT-FOR-US: Apache HBase
 CVE-2018-8024 (In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible  ...)
 	NOT-FOR-US: Apache Spark
-CVE-2018-8023
-	RESERVED
+CVE-2018-8023 (Apache Mesos can be configured to require authentication to call the ...)
 	- apache-mesos <itp> (bug #760315)
 CVE-2018-8022 (A carefully crafted invalid TLS handshake can cause Apache Traffic ...)
 	- trafficserver 7.0.0-1
@@ -27575,8 +28031,8 @@ CVE-2018-6702
 	RESERVED
 CVE-2018-6701
 	RESERVED
-CVE-2018-6700
-	RESERVED
+CVE-2018-6700 (DLL Search Order Hijacking vulnerability in Microsoft Windows Client ...)
+	TODO: check
 CVE-2018-6699
 	RESERVED
 CVE-2018-6698
@@ -27611,8 +28067,8 @@ CVE-2018-6684
 	RESERVED
 CVE-2018-6683 (Exploiting Incorrectly Configured Access Control Security Levels ...)
 	NOT-FOR-US: McAfee
-CVE-2018-6682
-	RESERVED
+CVE-2018-6682 (Cross Site Scripting Exposure in McAfee True Key (TK) 4.0.0.0 and ...)
+	TODO: check
 CVE-2018-6681 (Abuse of Functionality vulnerability in the web interface in McAfee ...)
 	NOT-FOR-US: McAfee
 CVE-2018-6680
@@ -29650,8 +30106,8 @@ CVE-2018-6120
 	- chromium-browser 66.0.3359.181-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6119
-	RESERVED
+CVE-2018-6119 (Incorrect security UI in Omnibox in Google Chrome prior to ...)
+	TODO: check
 CVE-2018-6118
 	RESERVED
 	{DSA-4237-1}
@@ -30027,64 +30483,54 @@ CVE-2018-6056
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
 	- libv8 <unfixed> (unimportant)
 	NOTE: libv8 not covered by security support
-CVE-2018-6055
-	RESERVED
-CVE-2018-6054
-	RESERVED
+CVE-2018-6055 (Insufficient policy enforcement in Catalog Service in Google Chrome ...)
+	TODO: check
+CVE-2018-6054 (Use after free in WebUI in Google Chrome prior to 64.0.3282.119 ...)
 	{DSA-4103-1}
 	- chromium-browser 64.0.3282.119-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6053
-	RESERVED
+CVE-2018-6053 (Inappropriate implementation in New Tab Page in Google Chrome prior to ...)
 	{DSA-4103-1}
 	- chromium-browser 64.0.3282.119-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6052
-	RESERVED
+CVE-2018-6052 (Lack of support for a non standard no-referrer policy value in Blink ...)
 	{DSA-4103-1}
 	- chromium-browser 64.0.3282.119-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6051
-	RESERVED
+CVE-2018-6051 (XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure ...)
 	{DSA-4103-1}
 	- chromium-browser 64.0.3282.119-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6050
-	RESERVED
+CVE-2018-6050 (Incorrect security UI in Omnibox in Google Chrome prior to ...)
 	{DSA-4103-1}
 	- chromium-browser 64.0.3282.119-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6049
-	RESERVED
+CVE-2018-6049 (Incorrect security UI in permissions prompt in Google Chrome prior to ...)
 	{DSA-4103-1}
 	- chromium-browser 64.0.3282.119-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6048
-	RESERVED
+CVE-2018-6048 (Insufficient policy enforcement in Blink in Google Chrome prior to ...)
 	{DSA-4103-1}
 	- chromium-browser 64.0.3282.119-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6047
-	RESERVED
+CVE-2018-6047 (Insufficient policy enforcement in WebGL in Google Chrome prior to ...)
 	{DSA-4103-1}
 	- chromium-browser 64.0.3282.119-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6046
-	RESERVED
+CVE-2018-6046 (Insufficient data validation in DevTools in Google Chrome prior to ...)
 	{DSA-4103-1}
 	- chromium-browser 64.0.3282.119-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6045
-	RESERVED
+CVE-2018-6045 (Insufficient policy enforcement in DevTools in Google Chrome prior to ...)
 	{DSA-4103-1}
 	- chromium-browser 64.0.3282.119-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -30094,80 +30540,67 @@ CVE-2018-6044
 	{DSA-4256-1}
 	- chromium-browser 68.0.3440.75-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-CVE-2018-6043
-	RESERVED
+CVE-2018-6043 (Insufficient data validation in External Protocol Handler in Google ...)
 	{DSA-4103-1}
 	- chromium-browser 64.0.3282.119-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6042
-	RESERVED
+CVE-2018-6042 (Incorrect security UI in Omnibox in Google Chrome prior to ...)
 	{DSA-4103-1}
 	- chromium-browser 64.0.3282.119-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6041
-	RESERVED
+CVE-2018-6041 (Incorrect security UI in navigation in Google Chrome prior to ...)
 	{DSA-4103-1}
 	- chromium-browser 64.0.3282.119-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6040
-	RESERVED
+CVE-2018-6040 (Insufficient policy enforcement in Blink in Google Chrome prior to ...)
 	{DSA-4103-1}
 	- chromium-browser 64.0.3282.119-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6039
-	RESERVED
+CVE-2018-6039 (Insufficient data validation in DevTools in Google Chrome prior to ...)
 	{DSA-4103-1}
 	- chromium-browser 64.0.3282.119-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6038
-	RESERVED
+CVE-2018-6038 (Heap buffer overflow in WebGL in Google Chrome prior to 64.0.3282.119 ...)
 	{DSA-4103-1}
 	- chromium-browser 64.0.3282.119-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6037
-	RESERVED
+CVE-2018-6037 (Inappropriate implementation in autofill in Google Chrome prior to ...)
 	{DSA-4103-1}
 	- chromium-browser 64.0.3282.119-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6036
-	RESERVED
+CVE-2018-6036 (Insufficient data validation in V8 in Google Chrome prior to ...)
 	{DSA-4103-1}
 	- chromium-browser 64.0.3282.119-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6035
-	RESERVED
+CVE-2018-6035 (Insufficient policy enforcement in DevTools in Google Chrome prior to ...)
 	{DSA-4103-1}
 	- chromium-browser 64.0.3282.119-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6034
-	RESERVED
+CVE-2018-6034 (Insufficient data validation in WebGL in Google Chrome prior to ...)
 	{DSA-4103-1}
 	- chromium-browser 64.0.3282.119-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6033
-	RESERVED
+CVE-2018-6033 (Insufficient data validation in Downloads in Google Chrome prior to ...)
 	{DSA-4103-1}
 	- chromium-browser 64.0.3282.119-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6032
-	RESERVED
+CVE-2018-6032 (Insufficient policy enforcement in Blink in Google Chrome prior to ...)
 	{DSA-4103-1}
 	- chromium-browser 64.0.3282.119-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6031
-	RESERVED
+CVE-2018-6031 (Use after free in PDFium in Google Chrome prior to 64.0.3282.119 ...)
 	{DSA-4103-1}
 	- chromium-browser 64.0.3282.119-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -35605,12 +36038,12 @@ CVE-2018-3917 (On Samsung SmartThings Hub STH-ETH-250 devices with firmware vers
 	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
 CVE-2018-3916 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
 	NOT-FOR-US: Samsung
-CVE-2018-3915
-	RESERVED
-CVE-2018-3914
-	RESERVED
-CVE-2018-3913
-	RESERVED
+CVE-2018-3915 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
+	TODO: check
+CVE-2018-3914 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
+	TODO: check
+CVE-2018-3913 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
+	TODO: check
 CVE-2018-3912 (On Samsung SmartThings Hub STH-ETH-250 devices with firmware version ...)
 	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
 CVE-2018-3911 (An exploitable HTTP header injection vulnerability exists in the ...)
@@ -35623,8 +36056,8 @@ CVE-2018-3908 (An exploitable vulnerability exists in the REST parser of video-c
 	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250-Firmware
 CVE-2018-3907 (An exploitable vulnerability exists in the REST parser of video-core's ...)
 	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
-CVE-2018-3906
-	RESERVED
+CVE-2018-3906 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
+	TODO: check
 CVE-2018-3905 (An exploitable buffer overflow vulnerability exists in the camera ...)
 	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
 CVE-2018-3904 (An exploitable buffer overflow vulnerability exists in the camera ...)
@@ -35647,8 +36080,8 @@ CVE-2018-3896 (An exploitable buffer overflow vulnerabilities exist in the ...)
 	NOT-FOR-US: Samsung
 CVE-2018-3895 (An exploitable buffer overflow vulnerability exists in the ...)
 	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 Firmware
-CVE-2018-3894
-	RESERVED
+CVE-2018-3894 (An exploitable buffer overflow vulnerability exists in the ...)
+	TODO: check
 CVE-2018-3893 (An exploitable buffer overflow vulnerability exists in the ...)
 	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
 CVE-2018-3892
@@ -35681,16 +36114,16 @@ CVE-2018-3879 (An exploitable JSON injection vulnerability exists in the credent
 	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
 CVE-2018-3878 (Multiple exploitable buffer overflow vulnerabilities exist in the ...)
 	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
-CVE-2018-3877
-	RESERVED
-CVE-2018-3876
-	RESERVED
+CVE-2018-3877 (An exploitable buffer overflow vulnerability exists in the credentials ...)
+	TODO: check
+CVE-2018-3876 (An exploitable buffer overflow vulnerability exists in the credentials ...)
+	TODO: check
 CVE-2018-3875 (An exploitable buffer overflow vulnerability exists in the credentials ...)
 	NOT-FOR-US: Samsung
-CVE-2018-3874
-	RESERVED
-CVE-2018-3873
-	RESERVED
+CVE-2018-3874 (An exploitable buffer overflow vulnerability exists in the credentials ...)
+	TODO: check
+CVE-2018-3873 (An exploitable buffer overflow vulnerability exists in the credentials ...)
+	TODO: check
 CVE-2018-3872 (An exploitable buffer overflow vulnerability exists in the credentials ...)
 	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
 CVE-2018-3871 (An exploitable out-of-bounds write exists in the PCX parsing ...)
@@ -41785,10 +42218,10 @@ CVE-2018-1713
 	RESERVED
 CVE-2018-1712 (IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is ...)
 	NOT-FOR-US: IBM
-CVE-2018-1711
-	RESERVED
-CVE-2018-1710
-	RESERVED
+CVE-2018-1711 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
+	TODO: check
+CVE-2018-1710 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) ...)
+	TODO: check
 CVE-2018-1709
 	RESERVED
 CVE-2018-1708
@@ -41837,8 +42270,8 @@ CVE-2018-1687
 	RESERVED
 CVE-2018-1686
 	RESERVED
-CVE-2018-1685
-	RESERVED
+CVE-2018-1685 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
+	TODO: check
 CVE-2018-1684
 	RESERVED
 CVE-2018-1683
@@ -41869,8 +42302,8 @@ CVE-2018-1671
 	RESERVED
 CVE-2018-1670
 	RESERVED
-CVE-2018-1669
-	RESERVED
+CVE-2018-1669 (IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 ...)
+	TODO: check
 CVE-2018-1668
 	RESERVED
 CVE-2018-1667
@@ -41879,8 +42312,8 @@ CVE-2018-1666
 	RESERVED
 CVE-2018-1665
 	RESERVED
-CVE-2018-1664
-	RESERVED
+CVE-2018-1664 (IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 ...)
+	TODO: check
 CVE-2018-1663
 	RESERVED
 CVE-2018-1662
@@ -41889,8 +42322,8 @@ CVE-2018-1661
 	RESERVED
 CVE-2018-1660
 	RESERVED
-CVE-2018-1659
-	RESERVED
+CVE-2018-1659 (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 ...)
+	TODO: check
 CVE-2018-1658
 	RESERVED
 CVE-2018-1657
@@ -41993,8 +42426,8 @@ CVE-2018-1609
 	RESERVED
 CVE-2018-1608
 	RESERVED
-CVE-2018-1607
-	RESERVED
+CVE-2018-1607 (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 ...)
+	TODO: check
 CVE-2018-1606
 	RESERVED
 CVE-2018-1605
@@ -42031,8 +42464,8 @@ CVE-2018-1590
 	RESERVED
 CVE-2018-1589
 	RESERVED
-CVE-2018-1588
-	RESERVED
+CVE-2018-1588 (IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 ...)
+	TODO: check
 CVE-2018-1587 (IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through ...)
 	NOT-FOR-US: IBM Rational Rhapsody Design Manager
 CVE-2018-1586
@@ -42087,8 +42520,8 @@ CVE-2018-1562
 	RESERVED
 CVE-2018-1561
 	RESERVED
-CVE-2018-1560
-	RESERVED
+CVE-2018-1560 (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 ...)
+	TODO: check
 CVE-2018-1559
 	RESERVED
 CVE-2018-1558
@@ -42129,8 +42562,8 @@ CVE-2018-1541
 	RESERVED
 CVE-2018-1540
 	RESERVED
-CVE-2018-1539
-	RESERVED
+CVE-2018-1539 (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 ...)
+	TODO: check
 CVE-2018-1538
 	RESERVED
 CVE-2018-1537
@@ -44305,6 +44738,7 @@ CVE-2018-1063 (Context relabeling of filesystems is vulnerable to symbolic link
 CVE-2018-1062 (A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the ...)
 	NOT-FOR-US: ovirt-engine
 CVE-2018-1061 (python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is ...)
+	{DLA-1519-1}
 	- python3.7 3.7.0~b3-1 (low)
 	- python3.6 3.6.5~rc1-1 (low)
 	- python3.5 3.5.6-1 (low)
@@ -44325,6 +44759,7 @@ CVE-2018-1061 (python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.
 	NOTE: https://github.com/python/cpython/commit/942cc04ae44825ea120e3a19a80c9b348b8194d0 (3.4)
 	NOTE: https://github.com/python/cpython/commit/e052d40cea15f582b50947f7d906b39744dc62a2 (2.7)
 CVE-2018-1060 (python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is ...)
+	{DLA-1519-1}
 	- python3.7 3.7.0~b3-1 (low)
 	- python3.6 3.6.5~rc1-1 (low)
 	- python3.5 3.5.6-1 (low)
@@ -46378,16 +46813,19 @@ CVE-2018-0506 (Nootka 1.4.4 and earlier allows remote attackers to execute arbit
 	NOT-FOR-US: Nootka
 CVE-2018-0505 [mediawiki: BotPasswords can bypass CentralAuth's account lock]
 	RESERVED
+	{DSA-4301-1}
 	- mediawiki 1:1.31.1-1
 	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
 	NOTE: https://phabricator.wikimedia.org/T194605
 CVE-2018-0504 [mediawiki: Information disclosure in Special:Redirect/logid]
 	RESERVED
+	{DSA-4301-1}
 	- mediawiki 1:1.31.1-1
 	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
 	NOTE: https://phabricator.wikimedia.org/T187638
 CVE-2018-0503 [mediawiki: wgRateLimits entry for 'user' overrides 'newbie']
 	RESERVED
+	{DSA-4301-1}
 	- mediawiki 1:1.31.1-1
 	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
 	NOTE: https://phabricator.wikimedia.org/T169545
@@ -46413,12 +46851,12 @@ CVE-2018-0499 (A cross-site scripting vulnerability in ...)
 	[jessie] - xapian-core <not-affected> (vulnerable code not present)
 	NOTE: https://lists.xapian.org/pipermail/xapian-discuss/2018-July/009652.html
 CVE-2018-0498 (ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows ...)
-	{DSA-4296-1}
+	{DSA-4296-1 DLA-1518-1}
 	- mbedtls 2.12.0-1 (bug #904821)
 	- polarssl <removed>
 	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02
 CVE-2018-0497 (ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows ...)
-	{DSA-4296-1}
+	{DSA-4296-1 DLA-1518-1}
 	- mbedtls 2.12.0-1 (bug #904821)
 	- polarssl <removed>
 	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02
@@ -48057,7 +48495,7 @@ CVE-2017-1000164 (Tine 2.0 version 2017.02.4 is vulnerable to XSS in the Address
 CVE-2017-1000160 (EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting ...)
 	NOT-FOR-US: EllisLab ExpressionEngine
 CVE-2017-1000158 (CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow ...)
-	{DLA-1190-1 DLA-1189-1}
+	{DLA-1519-1 DLA-1190-1 DLA-1189-1}
 	- python3.5 3.5.5-1
 	- python3.4 <removed>
 	- python2.7 2.7.13-4
@@ -82804,7 +83242,7 @@ CVE-2017-5641 (Previous versions of Apache Flex BlazeDS (4.7.2 and earlier) did
 CVE-2017-5640 (It was noticed that a malicious process impersonating an Impala daemon ...)
 	NOT-FOR-US: Impala
 CVE-2017-5639
-	RESERVED
+	REJECTED
 CVE-2017-5638 (The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 ...)
 	- libstruts1.2-java <not-affected> (Only affects Struts 2.3.5 - Struts 2.3.31, Struts 2.5 - Struts 2.5.10)
 	NOTE: https://cwiki.apache.org/confluence/display/WW/S2-045
@@ -129998,8 +130436,8 @@ CVE-2015-8300 (Polycom BToE Connector before 3.0.0 uses weak permissions (Everyo
 	NOT-FOR-US: Polycom BToE Connector
 CVE-2015-8299 (Buffer overflow in the Group messages monitor (Falcon) in KNX ETS ...)
 	NOT-FOR-US: Falcon
-CVE-2015-8298
-	RESERVED
+CVE-2015-8298 (Multiple SQL injection vulnerabilities in the login page in RXTEC ...)
+	TODO: check
 CVE-2015-8297
 	REJECTED
 CVE-2015-8296
@@ -166237,7 +166675,7 @@ CVE-2014-5004 (lib/brbackup.rb in the brbackup gem 0.1.1 for Ruby places the dat
 	NOT-FOR-US: Ruby Gem brbackup
 CVE-2014-5003 (chef/travis-cookbooks/ci_environment/perlbrew/recipes/default.rb in ...)
 	NOT-FOR-US: Ruby Gem ciborg
-CVE-2014-5002 (The lynx gem 0.2.0 for Ruby places the configured password on command ...)
+CVE-2014-5002 (** DISPUTED ** The lynx gem 0.2.0 for Ruby places the configured ...)
 	NOT-FOR-US: Ruby Gem lynx
 CVE-2014-5001 (lib/ksymfony1.rb in the kcapifony gem 2.1.6 for Ruby places database ...)
 	NOT-FOR-US: Ruby Gem kcapifony
@@ -178738,8 +179176,7 @@ CVE-2013-7205 (Off-by-one error in the process_cgivars function in ...)
 	[squeeze] - nagios3 <no-dsa> (Minor issue)
 	[wheezy] - nagios3 <no-dsa> (Minor issue)
 	NOTE: additional changed files for nagios3, cf. CVE-2013-7108
-CVE-2013-7203
-	RESERVED
+CVE-2013-7203 (gitolite before commit fa06a34 might allow local users to read ...)
 	- gitolite3 3.5.3.1-1
 	NOTE: http://marc.info/?l=oss-security&m=138783069700756&w=2
 CVE-2013-7191 (Cross-site scripting (XSS) vulnerability in Tenmiles Helpdesk Pilot ...)
@@ -186981,8 +187418,7 @@ CVE-2013-4453 (Cross-site scripting (XSS) vulnerability in templates/login.php i
 	[squeeze] - ldap-account-manager <no-dsa> (Minor issue)
 CVE-2013-4452 (Red Hat JBoss Operations Network 3.1.2 uses world-readable permissions ...)
 	NOT-FOR-US: JBoss Operation Network
-CVE-2013-4451 [world writable files]
-	RESERVED
+CVE-2013-4451 (gitolite commit fa06a34 through 3.5.3 might allow attackers to have ...)
 	- gitolite <not-affected> (vulnerable code introduced for v3.5.3)
 	- gitolite3 <not-affected> (vulnerable code introduced for v3.5.3)
 CVE-2013-4450 (The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fa1b45aa03cb3c1ba2fb3ef2f3a35aefeb96b387

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fa1b45aa03cb3c1ba2fb3ef2f3a35aefeb96b387
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180925/c456dc1b/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list