Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 2e9f5645 by security tracker role at 2018-10-13T08:11:30Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,31 @@ +CVE-2018-18286 + RESERVED +CVE-2018-18285 + RESERVED +CVE-2018-18284 + RESERVED +CVE-2018-18283 + RESERVED +CVE-2018-18282 (Next.js 7.0.0 and 7.0.1 has XSS via the 404 or 500 /_error page. ...) + TODO: check +CVE-2018-18281 + RESERVED +CVE-2018-18280 + RESERVED +CVE-2018-18279 + RESERVED +CVE-2018-18278 + RESERVED +CVE-2018-18277 + RESERVED +CVE-2018-18276 + RESERVED +CVE-2018-18275 + RESERVED +CVE-2018-18274 (A issue was found in pdfalto 0.2. There is a heap-based buffer overflow ...) + TODO: check +CVE-2018-18273 + RESERVED CVE-2018-18272 RESERVED CVE-2018-18271 (XSS exists in CMS Made Simple version 2.2.7 via the m1_extra parameter ...) @@ -3882,12 +3910,12 @@ CVE-2018-16646 (In Poppler 0.68.0, the Parser::getObj() function in Parser.cc ma NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1622951 NOTE: Proposed fix: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/67 CVE-2018-16645 (There is an excessive memory allocation issue in the functions ...) - {DLA-1530-1} + {DSA-4316-1 DLA-1530-1} - imagemagick <unfixed> (bug #910889) NOTE: https://github.com/ImageMagick/ImageMagick/commit/ecb31dbad39ccdc65868d5d2a37f0f0521250832 NOTE: https://github.com/ImageMagick/ImageMagick/issues/1268 CVE-2018-16644 (There is a missing check for length in the functions ReadDCMImage of ...) - {DLA-1530-1} + {DSA-4316-1 DLA-1530-1} - imagemagick <unfixed> (bug #910888) NOTE: https://github.com/ImageMagick/ImageMagick/commit/16916c8979c32765c542e216b31cee2671b7afe7 NOTE: https://github.com/ImageMagick/ImageMagick/commit/afa878a689870c28b6994ecf3bb8dbfb2b76d135 @@ -3902,7 +3930,7 @@ CVE-2018-16643 (The functions ReadDCMImage in coders/dcm.c, ReadPWPImage in ...) NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/11d9dac3d991c62289d1ef7a097670166480e76c NOTE: https://github.com/ImageMagick/ImageMagick/issues/1199 CVE-2018-16642 (The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 allows ...) - {DLA-1530-1} + {DSA-4316-1 DLA-1530-1} - imagemagick 8:6.9.10.2+dfsg-2 NOTE: https://github.com/ImageMagick/ImageMagick/commit/cc4ac341f29fa368da6ef01c207deaf8c61f6a2e NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/97bb5dc5aad1584557057d5062601aa151bf9a13 @@ -4496,14 +4524,14 @@ CVE-2018-16415 CVE-2018-16414 RESERVED CVE-2018-16413 (ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the ...) - {DLA-1530-1} + {DSA-4316-1 DLA-1530-1} - imagemagick <unfixed> (bug #910887) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1249 NOTE: https://github.com/ImageMagick/ImageMagick/issues/1251 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/17a1a6f97fd088a71931bdc422f4e96bb6ffc549 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/4745eb1047617330141e9abfd5ae01236a71ae12 CVE-2018-16412 (ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the ...) - {DLA-1530-1} + {DSA-4316-1 DLA-1530-1} - imagemagick <unfixed> (bug #910887) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1250 NOTE: Fixed with same patch as for issue #1249, as per upstream discussion at @@ -4967,8 +4995,8 @@ CVE-2018-16212 RESERVED CVE-2018-16211 RESERVED -CVE-2018-16210 - RESERVED +CVE-2018-16210 (WAGO 750-881 Ethernet Controller devices, versions 01.09.18(13) and ...) + TODO: check CVE-2018-16209 RESERVED CVE-2018-16208 @@ -5384,18 +5412,21 @@ CVE-2018-16060 CVE-2018-16059 (Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow ...) NOT-FOR-US: Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices CVE-2018-16058 (In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the ...) + {DSA-4315-1} - wireshark 2.6.3-1 (low) [jessie] - wireshark <no-dsa> (Minor issue) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14884 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c48d6a6d60c5c9111838a945966b6cb8750777be NOTE: https://www.wireshark.org/security/wnpa-sec-2018-44.html CVE-2018-16057 (In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the ...) + {DSA-4315-1} - wireshark 2.6.3-1 (low) [jessie] - wireshark <no-dsa> (Minor issue) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15022 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4ac83382dc49f9f7b62bffb3cfc508cdaa1e7be5 NOTE: https://www.wireshark.org/security/wnpa-sec-2018-46.html CVE-2018-16056 (In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the ...) + {DSA-4315-1} - wireshark 2.6.3-1 (low) [jessie] - wireshark <not-affected> (vulnerable code not present) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14994 @@ -6150,8 +6181,8 @@ CVE-2018-15757 RESERVED CVE-2018-15756 RESERVED -CVE-2018-15755 - RESERVED +CVE-2018-15755 (Cloud Foundry CF Networking Release, versions 2.11.0 prior to 2.16.0, ...) + TODO: check CVE-2018-15754 RESERVED CVE-2018-15753 (An issue was discovered in the MensaMax (aka com.breustedt.mensamax) ...) @@ -8688,8 +8719,7 @@ CVE-2018-14666 RESERVED CVE-2018-14665 RESERVED -CVE-2018-14664 - RESERVED +CVE-2018-14664 (A flaw was found in foreman from versions 1.18. A stored cross-site ...) - foreman <itp> (bug #663101) CVE-2018-14663 RESERVED @@ -20691,8 +20721,8 @@ CVE-2018-10143 RESERVED CVE-2018-10142 RESERVED -CVE-2018-10141 - RESERVED +CVE-2018-10141 (GlobalProtect Portal Login page in Palo Alto Networks PAN-OS before ...) + TODO: check CVE-2018-10140 (The PAN-OS Management Web Interface in Palo Alto Networks PAN-OS 8.1.2 ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2018-10139 (The PAN-OS response for GlobalProtect Gateway in Palo Alto Networks ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2e9f5645873bc3205c9ed2fd15c692592494673e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2e9f5645873bc3205c9ed2fd15c692592494673e You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits