Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
25be28e0 by security tracker role at 2018-03-15T09:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,23 @@
+CVE-2018-8726
+ RESERVED
+CVE-2018-8725
+ RESERVED
+CVE-2018-8724
+ RESERVED
+CVE-2018-8723
+ RESERVED
+CVE-2018-8722 (Zoho ManageEngine Desktop Central version 9.1.0 build 91099 has
...)
+ TODO: check
+CVE-2018-8721 (Zoho ManageEngine EventLog Analyzer version 11.0 build 11000
has Stored ...)
+ TODO: check
+CVE-2018-8720
+ RESERVED
+CVE-2018-8719
+ RESERVED
+CVE-2018-8718
+ RESERVED
+CVE-2017-18232 (The Serial Attached SCSI (SAS) implementation in the Linux
kernel ...)
+ TODO: check
CVE-2018-8717 (joyplus-cms 1.6.0 has CSRF, as demonstrated by adding an
administrator ...)
NOT-FOR-US: joyplus-cms
CVE-2018-8716
@@ -1360,8 +1380,8 @@ CVE-2018-8078 (YzmCMS 3.7 has Stored XSS via the title
parameter to ...)
NOT-FOR-US: YzmCMS
CVE-2018-8077
RESERVED
-CVE-2018-8076
- RESERVED
+CVE-2018-8076 (ZenMate 1.5.4 for macOS suffers from a type confusion
vulnerability ...)
+ TODO: check
CVE-2018-8075
RESERVED
CVE-2018-8074
@@ -1781,14 +1801,17 @@ CVE-2018-7889 (gui2/viewer/bookmarkmanager.py in
Calibre 3.18 calls cPickle.load
NOTE: https://bugs.launchpad.net/calibre/+bug/1753870
NOTE:
https://github.com/kovidgoyal/calibre/commit/aeb5b036a0bf657951756688b3c72bd68b6e4a7d
CVE-2018-1000122 (A buffer over-read exists in curl 7.20.0 to and including
curl 7.58.0 ...)
+ {DSA-4136-1}
- curl <unfixed>
NOTE: https://curl.haxx.se/docs/adv_2018-b047.html
NOTE: https://curl.haxx.se/CVE-2018-1000122.patch
CVE-2018-1000121 (A NULL pointer dereference exists in curl 7.21.0 to and
including curl ...)
+ {DSA-4136-1}
- curl <unfixed>
NOTE: https://curl.haxx.se/docs/adv_2018-97a2.html
NOTE: https://curl.haxx.se/CVE-2018-1000121.patch
CVE-2018-1000120 (A buffer overflow exists in curl 7.12.3 to and including
curl 7.58.0 ...)
+ {DSA-4136-1}
- curl <unfixed>
NOTE: https://curl.haxx.se/docs/adv_2018-9cd6.html
NOTE: https://curl.haxx.se/CVE-2018-1000120.patch
@@ -1796,8 +1819,8 @@ CVE-2018-7888
RESERVED
CVE-2018-7887
RESERVED
-CVE-2018-7886
- RESERVED
+CVE-2018-7886 (An issue was discovered in CloudMe 1.11.0. An unauthenticated
remote ...)
+ TODO: check
CVE-2018-7885
RESERVED
CVE-2018-7884
@@ -20452,6 +20475,7 @@ CVE-2018-1065 (The netfilter subsystem in the Linux
kernel through 4.15.7 mishan
NOTE: Fixed by:
https://git.kernel.org/linus/57ebd808a97d7c5b1e1afb937c2db22beba3c1f8
CVE-2018-1064 [qemu: avoid denial of service reading from QEMU guest agent]
RESERVED
+ {DSA-4137-1}
- libvirt 4.1.0-1
NOTE: Fixed by:
https://libvirt.org/git/?p=libvirt.git;a=commit;h=fbf31e1a4cd19d6f6e33e0937a009775cd7d9513
CVE-2018-1063 (Context relabeling of filesystems is vulnerable to symbolic
link ...)
@@ -38209,8 +38233,7 @@ CVE-2017-12196 [Client can use bogus uri in Digest
authentication]
CVE-2017-12195
RESERVED
NOT-FOR-US: OpenShift
-CVE-2017-12194 [Integer overflows causing buffer overflows in spice-client]
- RESERVED
+CVE-2017-12194 (A flaw was found in the way spice-client processed certain
messages ...)
- spice-gtk <undetermined>
- spice <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1240165
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/25be28e0be1edace9e6ab847907c18c3848e73f3
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/25be28e0be1edace9e6ab847907c18c3848e73f3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
