[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Sat, 13 Oct 2018 01:11:58 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
2e9f5645 by security tracker role at 2018-10-13T08:11:30Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2018-18286
+       RESERVED
+CVE-2018-18285
+       RESERVED
+CVE-2018-18284
+       RESERVED
+CVE-2018-18283
+       RESERVED
+CVE-2018-18282 (Next.js 7.0.0 and 7.0.1 has XSS via the 404 or 500 /_error 
page. ...)
+       TODO: check
+CVE-2018-18281
+       RESERVED
+CVE-2018-18280
+       RESERVED
+CVE-2018-18279
+       RESERVED
+CVE-2018-18278
+       RESERVED
+CVE-2018-18277
+       RESERVED
+CVE-2018-18276
+       RESERVED
+CVE-2018-18275
+       RESERVED
+CVE-2018-18274 (A issue was found in pdfalto 0.2. There is a heap-based buffer 
overflow ...)
+       TODO: check
+CVE-2018-18273
+       RESERVED
 CVE-2018-18272
        RESERVED
 CVE-2018-18271 (XSS exists in CMS Made Simple version 2.2.7 via the m1_extra 
parameter ...)
@@ -3882,12 +3910,12 @@ CVE-2018-16646 (In Poppler 0.68.0, the Parser::getObj() 
function in Parser.cc ma
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1622951
        NOTE: Proposed fix: 
https://gitlab.freedesktop.org/poppler/poppler/merge_requests/67
 CVE-2018-16645 (There is an excessive memory allocation issue in the functions 
...)
-       {DLA-1530-1}
+       {DSA-4316-1 DLA-1530-1}
        - imagemagick <unfixed> (bug #910889)
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/ecb31dbad39ccdc65868d5d2a37f0f0521250832
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1268
 CVE-2018-16644 (There is a missing check for length in the functions 
ReadDCMImage of ...)
-       {DLA-1530-1}
+       {DSA-4316-1 DLA-1530-1}
        - imagemagick <unfixed> (bug #910888)
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/16916c8979c32765c542e216b31cee2671b7afe7
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/afa878a689870c28b6994ecf3bb8dbfb2b76d135
@@ -3902,7 +3930,7 @@ CVE-2018-16643 (The functions ReadDCMImage in 
coders/dcm.c, ReadPWPImage in ...)
        NOTE: ImageMagick6: 
https://github.com/ImageMagick/ImageMagick6/commit/11d9dac3d991c62289d1ef7a097670166480e76c
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1199
 CVE-2018-16642 (The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 
allows ...)
-       {DLA-1530-1}
+       {DSA-4316-1 DLA-1530-1}
        - imagemagick 8:6.9.10.2+dfsg-2
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/cc4ac341f29fa368da6ef01c207deaf8c61f6a2e
        NOTE: ImageMagick6: 
https://github.com/ImageMagick/ImageMagick6/commit/97bb5dc5aad1584557057d5062601aa151bf9a13
@@ -4496,14 +4524,14 @@ CVE-2018-16415
 CVE-2018-16414
        RESERVED
 CVE-2018-16413 (ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in 
the ...)
-       {DLA-1530-1}
+       {DSA-4316-1 DLA-1530-1}
        - imagemagick <unfixed> (bug #910887)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1249
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1251
        NOTE: ImageMagick: 
https://github.com/ImageMagick/ImageMagick/commit/17a1a6f97fd088a71931bdc422f4e96bb6ffc549
        NOTE: ImageMagick6: 
https://github.com/ImageMagick/ImageMagick6/commit/4745eb1047617330141e9abfd5ae01236a71ae12
 CVE-2018-16412 (ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in 
the ...)
-       {DLA-1530-1}
+       {DSA-4316-1 DLA-1530-1}
        - imagemagick <unfixed> (bug #910887)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1250
        NOTE: Fixed with same patch as for issue #1249, as per upstream 
discussion at
@@ -4967,8 +4995,8 @@ CVE-2018-16212
        RESERVED
 CVE-2018-16211
        RESERVED
-CVE-2018-16210
-       RESERVED
+CVE-2018-16210 (WAGO 750-881 Ethernet Controller devices, versions 
01.09.18(13) and ...)
+       TODO: check
 CVE-2018-16209
        RESERVED
 CVE-2018-16208
@@ -5384,18 +5412,21 @@ CVE-2018-16060
 CVE-2018-16059 (Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow 
...)
        NOT-FOR-US: Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices
 CVE-2018-16058 (In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 
2.2.16, the ...)
+       {DSA-4315-1}
        - wireshark 2.6.3-1 (low)
        [jessie] - wireshark <no-dsa> (Minor issue)
        NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14884
        NOTE: 
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c48d6a6d60c5c9111838a945966b6cb8750777be
        NOTE: https://www.wireshark.org/security/wnpa-sec-2018-44.html
 CVE-2018-16057 (In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 
2.2.16, the ...)
+       {DSA-4315-1}
        - wireshark 2.6.3-1 (low)
        [jessie] - wireshark <no-dsa> (Minor issue)
        NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15022
        NOTE: 
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4ac83382dc49f9f7b62bffb3cfc508cdaa1e7be5
        NOTE: https://www.wireshark.org/security/wnpa-sec-2018-46.html
 CVE-2018-16056 (In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 
2.2.16, the ...)
+       {DSA-4315-1}
        - wireshark 2.6.3-1 (low)
        [jessie] - wireshark <not-affected> (vulnerable code not present)
        NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14994
@@ -6150,8 +6181,8 @@ CVE-2018-15757
        RESERVED
 CVE-2018-15756
        RESERVED
-CVE-2018-15755
-       RESERVED
+CVE-2018-15755 (Cloud Foundry CF Networking Release, versions 2.11.0 prior to 
2.16.0, ...)
+       TODO: check
 CVE-2018-15754
        RESERVED
 CVE-2018-15753 (An issue was discovered in the MensaMax (aka 
com.breustedt.mensamax) ...)
@@ -8688,8 +8719,7 @@ CVE-2018-14666
        RESERVED
 CVE-2018-14665
        RESERVED
-CVE-2018-14664
-       RESERVED
+CVE-2018-14664 (A flaw was found in foreman from versions 1.18. A stored 
cross-site ...)
        - foreman <itp> (bug #663101)
 CVE-2018-14663
        RESERVED
@@ -20691,8 +20721,8 @@ CVE-2018-10143
        RESERVED
 CVE-2018-10142
        RESERVED
-CVE-2018-10141
-       RESERVED
+CVE-2018-10141 (GlobalProtect Portal Login page in Palo Alto Networks PAN-OS 
before ...)
+       TODO: check
 CVE-2018-10140 (The PAN-OS Management Web Interface in Palo Alto Networks 
PAN-OS 8.1.2 ...)
        NOT-FOR-US: Palo Alto Networks PAN-OS
 CVE-2018-10139 (The PAN-OS response for GlobalProtect Gateway in Palo Alto 
Networks ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2e9f5645873bc3205c9ed2fd15c692592494673e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2e9f5645873bc3205c9ed2fd15c692592494673e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to