data/CVE/list

@@ -500,7 +500,7 @@ CVE-2018-19655 (A stack-based buffer overflow in the find_green() function of dc
 	- ufraw <unfixed> (bug #890086)
 	- dcraw 9.28-2 (bug #906529)
 CVE-2018-19654 (An issue was discovered in Sales &amp; Company Management System (SCMS) ...)
-	NOT-FOR-US: Sales & Company Management System (SCMS) 
+	NOT-FOR-US: Sales & Company Management System (SCMS)
 CVE-2018-19653
 	RESERVED
 CVE-2018-19652
@@ -3620,8 +3620,11 @@ CVE-2018-19480
 	RESERVED
 CVE-2018-19479
 	RESERVED
-CVE-2018-19478
+CVE-2018-19478 [Attempting to open a carefully crafted PDF file results in long-running computation]
 	RESERVED
+	- ghostscript 9.26~dfsg-1
+	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699856
+	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0a7e5a1c309fa0911b892fa40996a7d55d90bace
 CVE-2018-19474
 	RESERVED
 CVE-2018-19473
@@ -8610,7 +8613,7 @@ CVE-2018-17616 (This vulnerability allows remote attackers to execute arbitrary
 CVE-2018-17615 (This vulnerability allows remote attackers to execute arbitrary code ...)
 	NOT-FOR-US: Foxit Reader
 CVE-2018-17614 (This vulnerability allows remote attackers to execute arbitrary code ...)
-	NOT-FOR-US: Losant Arduino MQTT Client 
+	NOT-FOR-US: Losant Arduino MQTT Client
 CVE-2018-17613 (Telegram Desktop (aka tdesktop) 1.3.16 alpha, when &quot;Use proxy&quot; is ...)
 	- telegram-desktop <unfixed>
 	NOTE: https://www.inputzero.io/2018/09/telegram-share-password-in-cleartext.html

data/DSA/list

@@ -8,7 +8,7 @@
 	{CVE-2018-18311 CVE-2018-18312 CVE-2018-18313 CVE-2018-18314}
 	[stretch] - perl 5.24.1-3+deb9u5
 [27 Nov 2018] DSA-4346-1 ghostscript - security update
-	{CVE-2018-19409 CVE-2018-19475 CVE-2018-19476 CVE-2018-19477 CVE-2018-19134}
+	{CVE-2018-19409 CVE-2018-19475 CVE-2018-19476 CVE-2018-19477 CVE-2018-19134 CVE-2018-19478}
 	[stretch] - ghostscript 9.26~dfsg-0+deb9u1
 [27 Nov 2018] DSA-4345-1 samba - security update
 	{CVE-2018-14629 CVE-2018-16841 CVE-2018-16851}