[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
044250c7 by security tracker role at 2019-01-01T08:10:14Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,53 @@
+CVE-2018-20648
+       RESERVED
+CVE-2018-20647
+       RESERVED
+CVE-2018-20646
+       RESERVED
+CVE-2018-20645
+       RESERVED
+CVE-2018-20644
+       RESERVED
+CVE-2018-20643
+       RESERVED
+CVE-2018-20642
+       RESERVED
+CVE-2018-20641
+       RESERVED
+CVE-2018-20640
+       RESERVED
+CVE-2018-20639
+       RESERVED
+CVE-2018-20638
+       RESERVED
+CVE-2018-20637
+       RESERVED
+CVE-2018-20636
+       RESERVED
+CVE-2018-20635
+       RESERVED
+CVE-2018-20634
+       RESERVED
+CVE-2018-20633
+       RESERVED
+CVE-2018-20632
+       RESERVED
+CVE-2018-20631
+       RESERVED
+CVE-2018-20630
+       RESERVED
+CVE-2018-20629
+       RESERVED
+CVE-2018-20628
+       RESERVED
+CVE-2018-20627
+       RESERVED
+CVE-2018-20626
+       RESERVED
+CVE-2018-20625
+       RESERVED
+CVE-2018-20624
+       RESERVED
 CVE-2019-3493
        RESERVED
 CVE-2019-3492
@@ -44939,50 +44989,47 @@ CVE-2018-6349
        RESERVED
 CVE-2018-6348
        RESERVED
-CVE-2018-6347
-       RESERVED
-CVE-2018-6346
-       RESERVED
+CVE-2018-6347 (An issue in the Proxygen handling of HTTP2 parsing of 
headers/trailers ...)
+       TODO: check
+CVE-2018-6346 (A potential denial-of-service issue in the Proxygen handling of 
...)
+       TODO: check
 CVE-2018-6345
        RESERVED
-CVE-2018-6344
-       RESERVED
-CVE-2018-6343
-       RESERVED
-CVE-2018-6342
-       RESERVED
-CVE-2018-6341
-       RESERVED
-CVE-2018-6340
-       RESERVED
+CVE-2018-6344 (A heap corruption in WhatsApp can be caused by a malformed RTP 
packet ...)
+       TODO: check
+CVE-2018-6343 (Proxygen fails to validate that a secondary auth manager is set 
before ...)
+       TODO: check
+CVE-2018-6342 (react-dev-utils on Windows allows developers to run a local 
webserver ...)
+       TODO: check
+CVE-2018-6341 (React applications which rendered to HTML using the 
ReactDOMServer API ...)
+       TODO: check
+CVE-2018-6340 (The Memcache::getextendedstats function can be used to trigger 
an ...)
+       TODO: check
 CVE-2018-6339
        RESERVED
 CVE-2018-6338
        RESERVED
-CVE-2018-6337
-       RESERVED
+CVE-2018-6337 (folly::secureRandom will re-use a buffer between parent and 
child ...)
        - hhvm <not-affected> (Only affects 3.26)
        NOTE: 
https://github.com/facebook/hhvm/commit/e2d10a1e32d01f71aaadd81169bcb9ae86c5d6b8
        NOTE: https://hhvm.com/blog/2018/05/24/hhvm-3.26.3.html
-CVE-2018-6336
-       RESERVED
-CVE-2018-6335
-       RESERVED
+CVE-2018-6336 (An issue was discovered in osquery. A maliciously crafted ...)
+       TODO: check
+CVE-2018-6335 (A Malformed h2 frame can cause 'std::out_of_range' exception 
when ...)
        - hhvm 3.24.7+dfsg-1
        NOTE: 
https://github.com/facebook/hhvm/commit/4cb57dd753a339654ca464c139db9871fe961d56
        NOTE: https://hhvm.com/blog/2018/05/04/hhvm-3.25.3.html
-CVE-2018-6334 [ability to override global variables and members of $GLOBALS 
via file uploads]
-       RESERVED
+CVE-2018-6334 (Multipart-file uploads call variables to be improperly 
registered in ...)
        - hhvm 3.24.7+dfsg-1 (bug #895194)
        NOTE: https://hhvm.com/blog/2018/03/30/hhvm-3.25.2.html
        NOTE: 
https://github.com/facebook/hhvm/commit/6937de5544c3eead3466b75020d8382080ed0cff
-CVE-2018-6333
-       RESERVED
+CVE-2018-6333 (The hhvm-attach deep link handler in Nuclide did not properly 
sanitize ...)
+       TODO: check
 CVE-2018-6332 (A potential denial-of-service issue in the Proxygen handling of 
...)
        - hhvm 3.24.7+dfsg-1 (bug #895194)
        NOTE: https://hhvm.com/blog/2018/03/15/hhvm-3.25.html
-CVE-2018-6331
-       RESERVED
+CVE-2018-6331 (Buck parser-cache command loads/saves state using Java 
serialized ...)
+       TODO: check
 CVE-2018-6330
        RESERVED
 CVE-2018-6329 (It was discovered that the Unitrends Backup (UB) before 10.1.0 
...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/044250c7c78e8d34597cad98ba3e1c37b5a4c9c2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/044250c7c78e8d34597cad98ba3e1c37b5a4c9c2
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits