[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Jan 1 08:10:22 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
044250c7 by security tracker role at 2019-01-01T08:10:14Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,53 @@
+CVE-2018-20648
+ RESERVED
+CVE-2018-20647
+ RESERVED
+CVE-2018-20646
+ RESERVED
+CVE-2018-20645
+ RESERVED
+CVE-2018-20644
+ RESERVED
+CVE-2018-20643
+ RESERVED
+CVE-2018-20642
+ RESERVED
+CVE-2018-20641
+ RESERVED
+CVE-2018-20640
+ RESERVED
+CVE-2018-20639
+ RESERVED
+CVE-2018-20638
+ RESERVED
+CVE-2018-20637
+ RESERVED
+CVE-2018-20636
+ RESERVED
+CVE-2018-20635
+ RESERVED
+CVE-2018-20634
+ RESERVED
+CVE-2018-20633
+ RESERVED
+CVE-2018-20632
+ RESERVED
+CVE-2018-20631
+ RESERVED
+CVE-2018-20630
+ RESERVED
+CVE-2018-20629
+ RESERVED
+CVE-2018-20628
+ RESERVED
+CVE-2018-20627
+ RESERVED
+CVE-2018-20626
+ RESERVED
+CVE-2018-20625
+ RESERVED
+CVE-2018-20624
+ RESERVED
CVE-2019-3493
RESERVED
CVE-2019-3492
@@ -44939,50 +44989,47 @@ CVE-2018-6349
RESERVED
CVE-2018-6348
RESERVED
-CVE-2018-6347
- RESERVED
-CVE-2018-6346
- RESERVED
+CVE-2018-6347 (An issue in the Proxygen handling of HTTP2 parsing of headers/trailers ...)
+ TODO: check
+CVE-2018-6346 (A potential denial-of-service issue in the Proxygen handling of ...)
+ TODO: check
CVE-2018-6345
RESERVED
-CVE-2018-6344
- RESERVED
-CVE-2018-6343
- RESERVED
-CVE-2018-6342
- RESERVED
-CVE-2018-6341
- RESERVED
-CVE-2018-6340
- RESERVED
+CVE-2018-6344 (A heap corruption in WhatsApp can be caused by a malformed RTP packet ...)
+ TODO: check
+CVE-2018-6343 (Proxygen fails to validate that a secondary auth manager is set before ...)
+ TODO: check
+CVE-2018-6342 (react-dev-utils on Windows allows developers to run a local webserver ...)
+ TODO: check
+CVE-2018-6341 (React applications which rendered to HTML using the ReactDOMServer API ...)
+ TODO: check
+CVE-2018-6340 (The Memcache::getextendedstats function can be used to trigger an ...)
+ TODO: check
CVE-2018-6339
RESERVED
CVE-2018-6338
RESERVED
-CVE-2018-6337
- RESERVED
+CVE-2018-6337 (folly::secureRandom will re-use a buffer between parent and child ...)
- hhvm <not-affected> (Only affects 3.26)
NOTE: https://github.com/facebook/hhvm/commit/e2d10a1e32d01f71aaadd81169bcb9ae86c5d6b8
NOTE: https://hhvm.com/blog/2018/05/24/hhvm-3.26.3.html
-CVE-2018-6336
- RESERVED
-CVE-2018-6335
- RESERVED
+CVE-2018-6336 (An issue was discovered in osquery. A maliciously crafted ...)
+ TODO: check
+CVE-2018-6335 (A Malformed h2 frame can cause 'std::out_of_range' exception when ...)
- hhvm 3.24.7+dfsg-1
NOTE: https://github.com/facebook/hhvm/commit/4cb57dd753a339654ca464c139db9871fe961d56
NOTE: https://hhvm.com/blog/2018/05/04/hhvm-3.25.3.html
-CVE-2018-6334 [ability to override global variables and members of $GLOBALS via file uploads]
- RESERVED
+CVE-2018-6334 (Multipart-file uploads call variables to be improperly registered in ...)
- hhvm 3.24.7+dfsg-1 (bug #895194)
NOTE: https://hhvm.com/blog/2018/03/30/hhvm-3.25.2.html
NOTE: https://github.com/facebook/hhvm/commit/6937de5544c3eead3466b75020d8382080ed0cff
-CVE-2018-6333
- RESERVED
+CVE-2018-6333 (The hhvm-attach deep link handler in Nuclide did not properly sanitize ...)
+ TODO: check
CVE-2018-6332 (A potential denial-of-service issue in the Proxygen handling of ...)
- hhvm 3.24.7+dfsg-1 (bug #895194)
NOTE: https://hhvm.com/blog/2018/03/15/hhvm-3.25.html
-CVE-2018-6331
- RESERVED
+CVE-2018-6331 (Buck parser-cache command loads/saves state using Java serialized ...)
+ TODO: check
CVE-2018-6330
RESERVED
CVE-2018-6329 (It was discovered that the Unitrends Backup (UB) before 10.1.0 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/044250c7c78e8d34597cad98ba3e1c37b5a4c9c2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/044250c7c78e8d34597cad98ba3e1c37b5a4c9c2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190101/145e5776/attachment.html>
More information about the debian-security-tracker-commits
mailing list