[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Jan 1 08:10:22 GMT 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
044250c7 by security tracker role at 2019-01-01T08:10:14Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,53 @@
+CVE-2018-20648
+	RESERVED
+CVE-2018-20647
+	RESERVED
+CVE-2018-20646
+	RESERVED
+CVE-2018-20645
+	RESERVED
+CVE-2018-20644
+	RESERVED
+CVE-2018-20643
+	RESERVED
+CVE-2018-20642
+	RESERVED
+CVE-2018-20641
+	RESERVED
+CVE-2018-20640
+	RESERVED
+CVE-2018-20639
+	RESERVED
+CVE-2018-20638
+	RESERVED
+CVE-2018-20637
+	RESERVED
+CVE-2018-20636
+	RESERVED
+CVE-2018-20635
+	RESERVED
+CVE-2018-20634
+	RESERVED
+CVE-2018-20633
+	RESERVED
+CVE-2018-20632
+	RESERVED
+CVE-2018-20631
+	RESERVED
+CVE-2018-20630
+	RESERVED
+CVE-2018-20629
+	RESERVED
+CVE-2018-20628
+	RESERVED
+CVE-2018-20627
+	RESERVED
+CVE-2018-20626
+	RESERVED
+CVE-2018-20625
+	RESERVED
+CVE-2018-20624
+	RESERVED
 CVE-2019-3493
 	RESERVED
 CVE-2019-3492
@@ -44939,50 +44989,47 @@ CVE-2018-6349
 	RESERVED
 CVE-2018-6348
 	RESERVED
-CVE-2018-6347
-	RESERVED
-CVE-2018-6346
-	RESERVED
+CVE-2018-6347 (An issue in the Proxygen handling of HTTP2 parsing of headers/trailers ...)
+	TODO: check
+CVE-2018-6346 (A potential denial-of-service issue in the Proxygen handling of ...)
+	TODO: check
 CVE-2018-6345
 	RESERVED
-CVE-2018-6344
-	RESERVED
-CVE-2018-6343
-	RESERVED
-CVE-2018-6342
-	RESERVED
-CVE-2018-6341
-	RESERVED
-CVE-2018-6340
-	RESERVED
+CVE-2018-6344 (A heap corruption in WhatsApp can be caused by a malformed RTP packet ...)
+	TODO: check
+CVE-2018-6343 (Proxygen fails to validate that a secondary auth manager is set before ...)
+	TODO: check
+CVE-2018-6342 (react-dev-utils on Windows allows developers to run a local webserver ...)
+	TODO: check
+CVE-2018-6341 (React applications which rendered to HTML using the ReactDOMServer API ...)
+	TODO: check
+CVE-2018-6340 (The Memcache::getextendedstats function can be used to trigger an ...)
+	TODO: check
 CVE-2018-6339
 	RESERVED
 CVE-2018-6338
 	RESERVED
-CVE-2018-6337
-	RESERVED
+CVE-2018-6337 (folly::secureRandom will re-use a buffer between parent and child ...)
 	- hhvm <not-affected> (Only affects 3.26)
 	NOTE: https://github.com/facebook/hhvm/commit/e2d10a1e32d01f71aaadd81169bcb9ae86c5d6b8
 	NOTE: https://hhvm.com/blog/2018/05/24/hhvm-3.26.3.html
-CVE-2018-6336
-	RESERVED
-CVE-2018-6335
-	RESERVED
+CVE-2018-6336 (An issue was discovered in osquery. A maliciously crafted ...)
+	TODO: check
+CVE-2018-6335 (A Malformed h2 frame can cause 'std::out_of_range' exception when ...)
 	- hhvm 3.24.7+dfsg-1
 	NOTE: https://github.com/facebook/hhvm/commit/4cb57dd753a339654ca464c139db9871fe961d56
 	NOTE: https://hhvm.com/blog/2018/05/04/hhvm-3.25.3.html
-CVE-2018-6334 [ability to override global variables and members of $GLOBALS via file uploads]
-	RESERVED
+CVE-2018-6334 (Multipart-file uploads call variables to be improperly registered in ...)
 	- hhvm 3.24.7+dfsg-1 (bug #895194)
 	NOTE: https://hhvm.com/blog/2018/03/30/hhvm-3.25.2.html
 	NOTE: https://github.com/facebook/hhvm/commit/6937de5544c3eead3466b75020d8382080ed0cff
-CVE-2018-6333
-	RESERVED
+CVE-2018-6333 (The hhvm-attach deep link handler in Nuclide did not properly sanitize ...)
+	TODO: check
 CVE-2018-6332 (A potential denial-of-service issue in the Proxygen handling of ...)
 	- hhvm 3.24.7+dfsg-1 (bug #895194)
 	NOTE: https://hhvm.com/blog/2018/03/15/hhvm-3.25.html
-CVE-2018-6331
-	RESERVED
+CVE-2018-6331 (Buck parser-cache command loads/saves state using Java serialized ...)
+	TODO: check
 CVE-2018-6330
 	RESERVED
 CVE-2018-6329 (It was discovered that the Unitrends Backup (UB) before 10.1.0 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/044250c7c78e8d34597cad98ba3e1c37b5a4c9c2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/044250c7c78e8d34597cad98ba3e1c37b5a4c9c2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190101/145e5776/attachment.html>


More information about the debian-security-tracker-commits mailing list