[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Thu, 27 Dec 2018 00:11:02 -0800

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
6907716c by security tracker role at 2018-12-27T08:10:18Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,10 +1,52 @@
+CVE-2018-20507
+       RESERVED
+CVE-2018-20506
+       RESERVED
+CVE-2018-20505
+       RESERVED
+CVE-2018-20504
+       RESERVED
+CVE-2018-20503
+       RESERVED
+CVE-2018-20502 (An issue was discovered in Bento4 1.5.1-627. There is an 
attempt at ...)
+       TODO: check
+CVE-2018-20501
+       RESERVED
+CVE-2018-20500
+       RESERVED
+CVE-2018-20499
+       RESERVED
+CVE-2018-20498
+       RESERVED
+CVE-2018-20497
+       RESERVED
+CVE-2018-20496
+       RESERVED
+CVE-2018-20495
+       RESERVED
+CVE-2018-20494
+       RESERVED
+CVE-2018-20493
+       RESERVED
+CVE-2018-20492
+       RESERVED
+CVE-2018-20491
+       RESERVED
+CVE-2018-20490
+       RESERVED
+CVE-2018-20489
+       RESERVED
+CVE-2018-20488
+       RESERVED
+CVE-2018-20487
+       RESERVED
 CVE-2018-20486 (MetInfo 6.x through 6.1.3 has XSS via the 
/admin/login/login_check.php ...)
        NOT-FOR-US: MetInfo
 CVE-2018-20485 (Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has 
XSS in ...)
        NOT-FOR-US: Zoho ManageEngine ADSelfService Plus
 CVE-2018-20484 (Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has 
XSS in ...)
        NOT-FOR-US: Zoho ManageEngine ADSelfService Plus
-CVE-2018-20483 (set_file_metadata in xattr.c in GNU Wget through 1.20 stores a 
file's ...)
+CVE-2018-20483 (set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores 
a file's ...)
        - wget <unfixed> (bug #917375)
        [stretch] - wget <not-affected> (Vulnerable code introduced in 1.19)
        [jessie] - wget <not-affected> (Vulnerable code introduced in 1.19)
@@ -211,8 +253,8 @@ CVE-2018-20406 (Modules/_pickle.c in Python before 3.7.1 
has an integer overflow
        NOTE: 
https://github.com/python/cpython/commit/71a9c65e74a70b6ed39adc4ba81d311ac1aa2acc
 (3.6)
 CVE-2018-20405 (BigTree 4.3 allows full path disclosure via authenticated 
admin/news/ ...)
        NOT-FOR-US: BigTree CMS
-CVE-2018-20404
-       RESERVED
+CVE-2018-20404 (ETK_E900.sys, a SmartETK driver for VIA Technologies EPIA-E900 
system ...)
+       TODO: check
 CVE-2018-20403
        RESERVED
 CVE-2018-20402 (Safe Software FME Server through 2018.1 creates and enables 
three ...)
@@ -837,8 +879,7 @@ CVE-2018-20219
        RESERVED
 CVE-2018-20218
        RESERVED
-CVE-2018-20217 [Ignore password attributes for S4U2Self requests]
-       RESERVED
+CVE-2018-20217 (A Reachable Assertion issue was discovered in the KDC in MIT 
Kerberos ...)
        - krb5 <unfixed> (bug #917387)
        NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763
        NOTE: 
https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086
@@ -5421,8 +5462,7 @@ CVE-2018-19875
        RESERVED
 CVE-2018-19874
        RESERVED
-CVE-2018-19873 [QBmpHandler segfault on malformed BMP file]
-       RESERVED
+CVE-2018-19873 (An issue was discovered in Qt before 5.11.3. QBmpHandler has a 
buffer ...)
        [experimental] - qtbase-opensource-src 5.11.3+dfsg-1
        - qtbase-opensource-src 5.11.3+dfsg-2
        [jessie] - qtbase-opensource-src <ignored> (Minor issue)
@@ -5432,8 +5472,7 @@ CVE-2018-19873 [QBmpHandler segfault on malformed BMP 
file]
        NOTE: https://codereview.qt-project.org/#/c/238749/
 CVE-2018-19872
        RESERVED
-CVE-2018-19871 [QImage: QTgaFile CPU exhaustion]
-       RESERVED
+CVE-2018-19871 (An issue was discovered in Qt before 5.11.3. There is QTgaFile 
...)
        - qtimageformats-opensource-src 5.11.3-2 (low)
        [stretch] - qtimageformats-opensource-src <no-dsa> (Minor issue)
        [jessie] - qtimageformats-opensource-src <postponed> (Minor issue)
@@ -5443,8 +5482,7 @@ CVE-2018-19871 [QImage: QTgaFile CPU exhaustion]
        NOTE: 
https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
        NOTE: https://codereview.qt-project.org/#/c/237761/
        NOTE: qt4-x11 affected in src/plugins/imageformats/tga/qtgafile.cpp
-CVE-2018-19870 [Check for QImage allocation failure in qgifhandler]
-       RESERVED
+CVE-2018-19870 (An issue was discovered in Qt before 5.11.3. A malformed GIF 
image ...)
        [experimental] - qtbase-opensource-src 5.11.3+dfsg-1
        - qtbase-opensource-src 5.11.3+dfsg-2 (low)
        [stretch] - qtbase-opensource-src <no-dsa> (Minor issue)
@@ -5456,8 +5494,7 @@ CVE-2018-19870 [Check for QImage allocation failure in 
qgifhandler]
        NOTE: https://codereview.qt-project.org/#/c/235998/
        NOTE: affected code can be in src/gui/image/qgifhandler.cpp or in
        NOTE: src/plugins/imageformats/gif/qgifhandler.cpp depending on the 
version
-CVE-2018-19869 [Fix crash when parsing malformed url reference]
-       RESERVED
+CVE-2018-19869 (An issue was discovered in Qt before 5.11.3. A malformed SVG 
image ...)
        [experimental] - qtsvg-opensource-src 5.11.3-1
        - qtsvg-opensource-src 5.11.3-2 (low)
        [stretch] - qtsvg-opensource-src <no-dsa> (Minor issue)
@@ -5647,8 +5684,8 @@ CVE-2018-19801
        RESERVED
 CVE-2018-19800
        RESERVED
-CVE-2018-19799
-       RESERVED
+CVE-2018-19799 (Dolibarr ERP/CRM through 8.0.3 has 
/exports/export.php?datatoexport= ...)
+       TODO: check
 CVE-2018-19798
        RESERVED
 CVE-2018-19797 (In LibSass 3.5.5, a NULL Pointer Dereference in the function 
...)
@@ -6140,10 +6177,10 @@ CVE-2018-19618
        RESERVED
 CVE-2018-19617
        RESERVED
-CVE-2018-19616
-       RESERVED
-CVE-2018-19615
-       RESERVED
+CVE-2018-19616 (An issue was discovered in Rockwell Automation Allen-Bradley 
...)
+       TODO: check
+CVE-2018-19615 (An issue was discovered in Rockwell Automation Allen-Bradley 
...)
+       TODO: check
 CVE-2018-19614
        RESERVED
 CVE-2018-19613
@@ -10183,8 +10220,8 @@ CVE-2018-19184 (cmd/evm/runner.go in Go Ethereum (aka 
geth) 1.8.17 allows attack
        NOT-FOR-US: Go Ethereum
 CVE-2018-19183 (ethereumjs-vm 2.4.0 allows attackers to cause a denial of 
service ...)
        NOT-FOR-US: ethereumjs-vm
-CVE-2018-19182
-       RESERVED
+CVE-2018-19182 (Engelsystem before commit hash 2e28336 allows CSRF. ...)
+       TODO: check
 CVE-2018-19181 (statics/ueditor/php/vendor/Local.class.php in YUNUCMS 1.1.5 
allows ...)
        NOT-FOR-US: YUNUCMS
 CVE-2018-19180 (statics/app/index/controller/Install.php in YUNUCMS 1.1.5 (if 
...)
@@ -11736,12 +11773,12 @@ CVE-2018-18541 (In Teeworlds before 0.6.5, connection 
packets could be forged. T
        NOTE: 
https://github.com/teeworlds/teeworlds/commit/f5fa1a92ed81ed8da721e803a036b1553a38e39e
 CVE-2018-18538
        RESERVED
-CVE-2018-18537
-       RESERVED
-CVE-2018-18536
-       RESERVED
-CVE-2018-18535
-       RESERVED
+CVE-2018-18537 (The GLCKIo low-level driver in ASUS Aura Sync v1.07.22 and 
earlier ...)
+       TODO: check
+CVE-2018-18536 (The GLCKIo and Asusgio low-level drivers in ASUS Aura Sync 
v1.07.22 ...)
+       TODO: check
+CVE-2018-18535 (The Asusgio low-level driver in ASUS Aura Sync v1.07.22 and 
earlier ...)
+       TODO: check
 CVE-2018-18534
        RESERVED
 CVE-2018-18533
@@ -13283,8 +13320,8 @@ CVE-2018-17989
        RESERVED
 CVE-2018-17988
        RESERVED
-CVE-2018-17987
-       RESERVED
+CVE-2018-17987 (The determineWinner function of a smart contract 
implementation for ...)
+       TODO: check
 CVE-2018-17986 (rars/user/data in razorCMS 3.4.8 allows CSRF for changing the 
password ...)
        NOT-FOR-US: razorCMS
 CVE-2018-17985 (An issue was discovered in cp-demangle.c in GNU libiberty, as 
...)
@@ -19567,8 +19604,7 @@ CVE-2018-15520
        RESERVED
 CVE-2018-15519
        RESERVED
-CVE-2018-15518 [Qt Base: "double free or corruption" in QXmlStreamReader]
-       RESERVED
+CVE-2018-15518 (QXmlStream in Qt 5.x before 5.11.3 has a double-free or 
corruption ...)
        [experimental] - qtbase-opensource-src 5.11.3+dfsg-1
        - qtbase-opensource-src 5.11.3+dfsg-2
        [jessie] - qtbase-opensource-src <ignored> (Minor issue)
@@ -29251,10 +29287,10 @@ CVE-2018-11743 (The init_copy function in kernel.c in 
mruby 1.4.1 makes initiali
        [jessie] - mruby <no-dsa> (Minor issue)
        NOTE: 
https://github.com/mruby/mruby/commit/b64ce17852b180dfeea81cf458660be41a78974d
        NOTE: https://github.com/mruby/mruby/issues/4027
-CVE-2018-11742
-       RESERVED
-CVE-2018-11741
-       RESERVED
+CVE-2018-11742 (NEC Univerge Sv9100 WebPro 6.00.00 devices have Cleartext 
Password ...)
+       TODO: check
+CVE-2018-11741 (NEC Univerge Sv9100 WebPro 6.00.00 devices have Predictable 
Session ...)
+       TODO: check
 CVE-2018-11740 (An issue was discovered in libtskbase.a in The Sleuth Kit 
(TSK) from ...)
        - sleuthkit <unfixed> (low; bug #902187)
        [stretch] - sleuthkit <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6907716ce60968bf824c62ae7b869a47b4c94931

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6907716ce60968bf824c62ae7b869a47b4c94931
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to