[Git][security-tracker-team/security-tracker][master] automatic update

Thu Jan 3 08:10:30 GMT 2019

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fc9a1618 by security tracker role at 2019-01-03T08:10:23Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2019-3580 (OpenRefine through 3.1 allows arbitrary file write because Directory ...)
+	TODO: check
 CVE-2019-3579
 	RESERVED
 CVE-2019-3578
@@ -435,6 +437,7 @@ CVE-2018-20623 (In GNU Binutils 2.31.1, there is a use-after-free in the error f
 	[jessie] - binutils <ignored> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24049
 CVE-2018-20622 (JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a ...)
+	{DLA-1628-1}
 	- jasper <removed>
 	NOTE: https://github.com/mdadams/jasper/issues/193
 CVE-2018-20621
@@ -524,6 +527,7 @@ CVE-2018-20586
 CVE-2018-20585
 	RESERVED
 CVE-2018-20584 (JasPer 2.0.14 allows remote attackers to cause a denial of service ...)
+	{DLA-1628-1}
 	- jasper <removed>
 	NOTE: https://github.com/mdadams/jasper/issues/192
 CVE-2018-20583 (Cross-site scripting (XSS) vulnerability in the PHP League CommonMark ...)
@@ -553,6 +557,7 @@ CVE-2018-20572 (WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php S
 CVE-2018-20571 (DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a ...)
 	NOT-FOR-US: DamiCMS
 CVE-2018-20570 (jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer ...)
+	{DLA-1628-1}
 	- jasper <removed>
 	NOTE: https://github.com/mdadams/jasper/issues/191
 CVE-2018-20569 (user/index.php in Ivan Cordoba Generic Content Management System (CMS) ...)
@@ -3925,8 +3930,8 @@ CVE-2018-20133 (ymlref allows code injection. ...)
 	NOT-FOR-US: ymlref
 CVE-2018-20132
 	RESERVED
-CVE-2018-20131
-	RESERVED
+CVE-2018-20131 (The Code42 app before 6.8.4, as used in Code42 for Enterprise, on Linux ...)
+	TODO: check
 CVE-2018-20130
 	RESERVED
 CVE-2018-20129 (An issue was discovered in DedeCMS V5.7 SP2. ...)
@@ -9821,15 +9826,19 @@ CVE-2018-19543 (An issue was discovered in JasPer 2.0.14. There is a heap-based
 	NOTE: jasper terminates properly. Still I am going to mark this bug as
 	NOTE: postponed until we receive feedback from upstream.
 CVE-2018-19542 (An issue was discovered in JasPer 2.0.14. There is a NULL pointer ...)
+	{DLA-1628-1}
 	- jasper <removed>
 	NOTE: https://github.com/mdadams/jasper/issues/182
 CVE-2018-19541 (An issue was discovered in JasPer 2.0.14. There is a heap-based buffer ...)
+	{DLA-1628-1}
 	- jasper <removed>
 	NOTE: https://github.com/mdadams/jasper/issues/182
 CVE-2018-19540 (An issue was discovered in JasPer 2.0.14. There is a heap-based buffer ...)
+	{DLA-1628-1}
 	- jasper <removed>
 	NOTE: https://github.com/mdadams/jasper/issues/182
 CVE-2018-19539 (An issue was discovered in JasPer 2.0.14. There is an access violation ...)
+	{DLA-1628-1}
 	- jasper <removed>
 	NOTE: https://github.com/mdadams/jasper/issues/182
 CVE-2018-19538
@@ -11146,6 +11155,7 @@ CVE-2018-19144
 CVE-2018-19140
 	RESERVED
 CVE-2018-19139 (An issue has been found in JasPer 2.0.14. There is a memory leak in ...)
+	{DLA-1628-1}
 	- jasper <removed> (low)
 	NOTE: https://github.com/mdadams/jasper/issues/188
 CVE-2018-19138 (WSTMart 2.0.7 has CSRF via the index.php/admin/staffs/add.html URI. ...)
@@ -11746,8 +11756,8 @@ CVE-2018-18895
 	RESERVED
 CVE-2018-18894
 	RESERVED
-CVE-2018-18893
-	RESERVED
+CVE-2018-18893 (Jinjava before 2.4.6 does not block the getClass method, related to ...)
+	TODO: check
 CVE-2018-18892 (MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php ...)
 	NOT-FOR-US: MiniCMS
 CVE-2018-18891 (MiniCMS 1.10 allows file deletion via ...)
@@ -11785,6 +11795,7 @@ CVE-2018-18875
 CVE-2018-18874 (nc-cms through 2017-03-10 allows remote attackers to execute arbitrary ...)
 	NOT-FOR-US: nc-cms
 CVE-2018-18873 (An issue was discovered in JasPer 2.0.14. There is a NULL pointer ...)
+	{DLA-1628-1}
 	- jasper <removed>
 	NOTE: https://github.com/mdadams/jasper/issues/184
 CVE-2018-18872
@@ -13341,8 +13352,8 @@ CVE-2018-18266
 	RESERVED
 CVE-2018-18265
 	RESERVED
-CVE-2018-18264
-	RESERVED
+CVE-2018-18264 (Kubernetes Dashboard before 1.10.1 allows attackers to bypass ...)
+	TODO: check
 CVE-2018-18263
 	RESERVED
 CVE-2018-18262 (Zoho ManageEngine OpManager 12.3 before build 123214 has XSS. ...)
@@ -16119,8 +16130,8 @@ CVE-2018-17174 (A stack-based buffer overflow was discovered in the xtimor NMEA
 	NOT-FOR-US: nmealib
 CVE-2018-17173 (LG SuperSign CMS allows remote attackers to execute arbitrary code via ...)
 	NOT-FOR-US: LG SuperSign CMS
-CVE-2018-17172
-	RESERVED
+CVE-2018-17172 (The web application on Xerox AltaLink B80xx before 100.008.028.05200, ...)
+	TODO: check
 CVE-2018-17171
 	RESERVED
 CVE-2018-17170



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fc9a161802ab0412e06486f009877bec23774360

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fc9a161802ab0412e06486f009877bec23774360
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190103/38f495fc/attachment.html>
