Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 25be28e0 by security tracker role at 2018-03-15T09:10:19+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,23 @@ +CVE-2018-8726 + RESERVED +CVE-2018-8725 + RESERVED +CVE-2018-8724 + RESERVED +CVE-2018-8723 + RESERVED +CVE-2018-8722 (Zoho ManageEngine Desktop Central version 9.1.0 build 91099 has ...) + TODO: check +CVE-2018-8721 (Zoho ManageEngine EventLog Analyzer version 11.0 build 11000 has Stored ...) + TODO: check +CVE-2018-8720 + RESERVED +CVE-2018-8719 + RESERVED +CVE-2018-8718 + RESERVED +CVE-2017-18232 (The Serial Attached SCSI (SAS) implementation in the Linux kernel ...) + TODO: check CVE-2018-8717 (joyplus-cms 1.6.0 has CSRF, as demonstrated by adding an administrator ...) NOT-FOR-US: joyplus-cms CVE-2018-8716 @@ -1360,8 +1380,8 @@ CVE-2018-8078 (YzmCMS 3.7 has Stored XSS via the title parameter to ...) NOT-FOR-US: YzmCMS CVE-2018-8077 RESERVED -CVE-2018-8076 - RESERVED +CVE-2018-8076 (ZenMate 1.5.4 for macOS suffers from a type confusion vulnerability ...) + TODO: check CVE-2018-8075 RESERVED CVE-2018-8074 @@ -1781,14 +1801,17 @@ CVE-2018-7889 (gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load NOTE: https://bugs.launchpad.net/calibre/+bug/1753870 NOTE: https://github.com/kovidgoyal/calibre/commit/aeb5b036a0bf657951756688b3c72bd68b6e4a7d CVE-2018-1000122 (A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 ...) + {DSA-4136-1} - curl <unfixed> NOTE: https://curl.haxx.se/docs/adv_2018-b047.html NOTE: https://curl.haxx.se/CVE-2018-1000122.patch CVE-2018-1000121 (A NULL pointer dereference exists in curl 7.21.0 to and including curl ...) + {DSA-4136-1} - curl <unfixed> NOTE: https://curl.haxx.se/docs/adv_2018-97a2.html NOTE: https://curl.haxx.se/CVE-2018-1000121.patch CVE-2018-1000120 (A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 ...) + {DSA-4136-1} - curl <unfixed> NOTE: https://curl.haxx.se/docs/adv_2018-9cd6.html NOTE: https://curl.haxx.se/CVE-2018-1000120.patch @@ -1796,8 +1819,8 @@ CVE-2018-7888 RESERVED CVE-2018-7887 RESERVED -CVE-2018-7886 - RESERVED +CVE-2018-7886 (An issue was discovered in CloudMe 1.11.0. An unauthenticated remote ...) + TODO: check CVE-2018-7885 RESERVED CVE-2018-7884 @@ -20452,6 +20475,7 @@ CVE-2018-1065 (The netfilter subsystem in the Linux kernel through 4.15.7 mishan NOTE: Fixed by: https://git.kernel.org/linus/57ebd808a97d7c5b1e1afb937c2db22beba3c1f8 CVE-2018-1064 [qemu: avoid denial of service reading from QEMU guest agent] RESERVED + {DSA-4137-1} - libvirt 4.1.0-1 NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=fbf31e1a4cd19d6f6e33e0937a009775cd7d9513 CVE-2018-1063 (Context relabeling of filesystems is vulnerable to symbolic link ...) @@ -38209,8 +38233,7 @@ CVE-2017-12196 [Client can use bogus uri in Digest authentication] CVE-2017-12195 RESERVED NOT-FOR-US: OpenShift -CVE-2017-12194 [Integer overflows causing buffer overflows in spice-client] - RESERVED +CVE-2017-12194 (A flaw was found in the way spice-client processed certain messages ...) - spice-gtk <undetermined> - spice <undetermined> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1240165 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/25be28e0be1edace9e6ab847907c18c3848e73f3 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/25be28e0be1edace9e6ab847907c18c3848e73f3 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits