Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: ed6615d3 by security tracker role at 2018-04-01T08:10:21+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,15 @@ +CVE-2018-9164 + RESERVED +CVE-2018-9163 + RESERVED +CVE-2018-9162 (Contec Smart Home 4.15 devices do not require authentication for ...) + TODO: check +CVE-2018-9161 (Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote attackers ...) + TODO: check +CVE-2018-9160 (SickRage before v2018.03.09-1 includes cleartext credentials in HTTP ...) + TODO: check +CVE-2018-9159 (In Spark before 2.7.2, a remote attacker can read unintended static ...) + TODO: check CVE-2018-9158 RESERVED CVE-2018-9157 @@ -13,10 +25,10 @@ CVE-2018-9153 CVE-2017-18255 (The perf_cpu_time_max_percent_handler function in kernel/events/core.c ...) - linux 4.11.6-1 NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1572e45a924f254d9570093abde46430c3172e3d -CVE-2015-9259 - RESERVED -CVE-2015-9258 - RESERVED +CVE-2015-9259 (In Docker Notary before 0.1, the checkRoot function in ...) + TODO: check +CVE-2015-9258 (In Docker Notary before 0.1, gotuf/signed/verify.go has a Signature ...) + TODO: check CVE-2018-9152 RESERVED CVE-2018-9151 (A NULL pointer dereference bug in the function ...) @@ -77,8 +89,8 @@ CVE-2018-9130 (IBOS 4.4.3 has XSS via a company full name. ...) NOT-FOR-US: IBOS CVE-2018-9129 RESERVED -CVE-2018-9128 - RESERVED +CVE-2018-9128 (DVD X Player Standard 5.5.3.9 has a Buffer Overflow via a crafted .plf ...) + TODO: check CVE-2018-9127 RESERVED CVE-2018-9126 @@ -627,8 +639,8 @@ CVE-2018-8910 RESERVED CVE-2018-8909 (The Wire application before 2018-03-07 for Android allows attackers to ...) NOT-FOR-US: Wire application for Android -CVE-2018-8908 - RESERVED +CVE-2018-8908 (An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The ...) + TODO: check CVE-2018-8907 RESERVED CVE-2018-8906 (dsmall v20180320 has XSS via a crafted street address to ...) @@ -661,8 +673,8 @@ CVE-2018-8895 (In 2345 Security Guard 3.6, the driver file (2345DumpBlock.sys) a NOT-FOR-US: 2345 Security Guard CVE-2018-8894 (In 2345 Security Guard 3.6, the driver file (2345BdPcSafe.sys) allows ...) NOT-FOR-US: 2345 Security Guard -CVE-2018-8893 - RESERVED +CVE-2018-8893 (Z-BlogPHP 1.5.1 Zero has CSRF in plugin_edit.php, resulting in the ...) + TODO: check CVE-2018-8892 RESERVED CVE-2018-8891 @@ -2733,7 +2745,7 @@ CVE-2018-7999 (In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference . - graphite2 1.3.11-2 (bug #892590) [stretch] - graphite2 <no-dsa> (Minor issue) [jessie] - graphite2 <no-dsa> (Minor issue) - [wheezy] - graphite2 <no-dsa> (Minor issue) + [wheezy] - graphite2 <no-dsa> (Minor issue) NOTE: https://github.com/silnrsi/graphite/commit/db132b4731a9b4c9534144ba3a18e65b390e9ff6 NOTE: https://github.com/silnrsi/graphite/issues/22 CVE-2018-7998 (In libvips before 8.6.3, a NULL function pointer dereference ...) @@ -4904,6 +4916,7 @@ CVE-2018-1000079 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 NOTE: https://github.com/rubygems/rubygems/commit/666ef793cad42eed96f7aee1cdf77865db921099 NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/ CVE-2018-1000078 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...) + {DLA-1337-1 DLA-1336-1} - ruby2.5 2.5.0-5 - ruby2.3 <unfixed> - ruby2.1 <removed> @@ -4913,6 +4926,7 @@ CVE-2018-1000078 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 NOTE: https://github.com/rubygems/rubygems/commit/66a28b9275551384fdab45f3591a82d6b59952cb NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/ CVE-2018-1000077 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...) + {DLA-1337-1 DLA-1336-1} - ruby2.5 2.5.0-5 - ruby2.3 <unfixed> - ruby2.1 <removed> @@ -4922,6 +4936,7 @@ CVE-2018-1000077 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 NOTE: https://github.com/rubygems/rubygems/commit/feadefc2d351dcb95d6492f5ad17ebca546eb964 NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/ CVE-2018-1000076 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...) + {DLA-1337-1 DLA-1336-1} - ruby2.5 2.5.0-5 - ruby2.3 <unfixed> - ruby2.1 <removed> @@ -4931,6 +4946,7 @@ CVE-2018-1000076 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 NOTE: https://github.com/rubygems/rubygems/commit/f5042b879259b1f1ce95a0c5082622c646376693 NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/ CVE-2018-1000075 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...) + {DLA-1337-1 DLA-1336-1} - ruby2.5 2.5.0-5 - ruby2.3 <unfixed> - ruby2.1 <removed> @@ -21751,6 +21767,7 @@ CVE-2018-1085 CVE-2018-1084 RESERVED CVE-2018-1083 (Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in ...) + {DLA-1335-1} - zsh <unfixed> (low; bug #894043) [stretch] - zsh <no-dsa> (Minor issue) [jessie] - zsh <no-dsa> (Minor issue) @@ -21782,6 +21799,7 @@ CVE-2018-1073 CVE-2018-1072 RESERVED CVE-2018-1071 (zsh through version 5.4.2 is vulnerable to a stack-based buffer ...) + {DLA-1335-1} - zsh <unfixed> (low; bug #894044) [stretch] - zsh <no-dsa> (Minor issue) [jessie] - zsh <no-dsa> (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ed6615d3e6e9958f8b72aa32320627175b26722f --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ed6615d3e6e9958f8b72aa32320627175b26722f You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits