[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Fri, 20 Jul 2018 01:11:09 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
39788077 by security tracker role at 2018-07-20T08:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,41 @@
+CVE-2018-14441 (An issue was discovered in cckevincyh SSH CompanyWebsite 
through ...)
+       TODO: check
+CVE-2018-14440 (An issue was discovered in cckevincyh SSH CompanyWebsite 
through ...)
+       TODO: check
+CVE-2018-14439 (espritblock eos4j, an unofficial SDK for EOS, through 
2018-07-12 ...)
+       TODO: check
+CVE-2018-14438 (In Wireshark through 2.6.2, the create_app_running_mutex 
function in ...)
+       TODO: check
+CVE-2018-14437 (ImageMagick 7.0.8-4 has a memory leak in parse8BIM in 
coders/meta.c. ...)
+       TODO: check
+CVE-2018-14436 (ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in ...)
+       TODO: check
+CVE-2018-14435 (ImageMagick 7.0.8-4 has a memory leak in DecodeImage in 
coders/pcd.c. ...)
+       TODO: check
+CVE-2018-14434 (ImageMagick 7.0.8-4 has a memory leak for a colormap in 
WriteMPCImage ...)
+       TODO: check
+CVE-2018-14433
+       RESERVED
+CVE-2018-14432
+       RESERVED
+CVE-2018-14431
+       RESERVED
+CVE-2018-14430
+       RESERVED
+CVE-2018-14429
+       RESERVED
+CVE-2018-14428
+       RESERVED
+CVE-2018-14427
+       RESERVED
+CVE-2018-14426
+       RESERVED
+CVE-2018-14425
+       RESERVED
+CVE-2017-18343 (** DISPUTED ** The debug handler in Symfony before v2.7.33, 
2.8.x ...)
+       TODO: check
+CVE-2016-10727 (camel/providers/imapx/camel-imapx-server.c in the IMAPx 
component in ...)
+       TODO: check
 CVE-2018-14424
        RESERVED
 CVE-2018-14423 (Division-by-zero vulnerabilities in the functions 
pi_next_pcrl, ...)
@@ -311,8 +349,8 @@ CVE-2018-14337 (The CHECK macro in 
mrbgems/mruby-sprintf/src/sprintf.c in mruby 
        NOTE: https://github.com/mruby/mruby/issues/4062
        NOTE: 
https://github.com/mruby/mruby/commit/695f29cd604787f43be1af16e38d13610bf8312b
        NOTE: 
https://github.com/mruby/mruby/commit/adb1eae912659d680a9c5b7832e22cf73d36a69a
-CVE-2018-14336
-       RESERVED
+CVE-2018-14336 (TP-Link WR840N devices allow remote attackers to cause a 
denial of ...)
+       TODO: check
 CVE-2018-14335
        RESERVED
 CVE-2018-14334 (manager/editor/upload.php in joyplus-cms 1.6.0 allows 
arbitrary file ...)
@@ -3318,8 +3356,8 @@ CVE-2018-12961
        RESERVED
 CVE-2018-12960
        RESERVED
-CVE-2018-12959
-       RESERVED
+CVE-2018-12959 (The approveAndCall function of a smart contract implementation 
for ...)
+       TODO: check
 CVE-2018-12958
        RESERVED
 CVE-2018-12957
@@ -8910,11 +8948,9 @@ CVE-2018-10872 (A flaw was found in the way the Linux 
kernel handled exceptions 
 CVE-2018-10871 (389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to 
a ...)
        - 389-ds-base <unfixed>
        NOTE: https://pagure.io/389-ds-base/issue/49789
-CVE-2018-10870
-       RESERVED
+CVE-2018-10870 (redhat-certification does not properly sanitize paths in ...)
        NOT-FOR-US: Red Hat Certification
-CVE-2018-10869
-       RESERVED
+CVE-2018-10869 (redhat-certification does not properly restrict files that can 
be ...)
        NOT-FOR-US: Red Hat Certification
 CVE-2018-10868
        RESERVED
@@ -105014,7 +105050,7 @@ CVE-2016-5140 (Heap-based buffer overflow in the 
opj_j2k_read_SQcd_SQcc function
        - chromium-browser 52.0.2743.116-1
        [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
 CVE-2016-5139 (Multiple integer overflows in the opj_tcd_init_tile function in 
tcd.c ...)
-       {DSA-3645-1}
+       {DSA-3645-1 DLA-1433-1}
        - openjpeg2 2.1.2-1
        - chromium-browser 52.0.2743.116-1
        [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
@@ -143044,6 +143080,7 @@ CVE-2015-1240 (gpu/blink/webgraphicscontext3d_impl.cc 
in the WebGL implementatio
        [wheezy] - chromium-browser <end-of-life>
        [squeeze] - chromium-browser <end-of-life>
 CVE-2015-1239 (Double free vulnerability in the j2k_read_ppm_v3 function in 
OpenJPEG ...)
+       {DLA-1433-1}
        - openjpeg2 2.1.1-1
        NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=430891
        NOTE: https://github.com/uclouvain/openjpeg/issues/477



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/39788077b28225648f2fdc737fa36fd26eafb349

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/39788077b28225648f2fdc737fa36fd26eafb349
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to