Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ed6615d3 by security tracker role at 2018-04-01T08:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,15 @@
+CVE-2018-9164
+ RESERVED
+CVE-2018-9163
+ RESERVED
+CVE-2018-9162 (Contec Smart Home 4.15 devices do not require authentication
for ...)
+ TODO: check
+CVE-2018-9161 (Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote
attackers ...)
+ TODO: check
+CVE-2018-9160 (SickRage before v2018.03.09-1 includes cleartext credentials in
HTTP ...)
+ TODO: check
+CVE-2018-9159 (In Spark before 2.7.2, a remote attacker can read unintended
static ...)
+ TODO: check
CVE-2018-9158
RESERVED
CVE-2018-9157
@@ -13,10 +25,10 @@ CVE-2018-9153
CVE-2017-18255 (The perf_cpu_time_max_percent_handler function in
kernel/events/core.c ...)
- linux 4.11.6-1
NOTE:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1572e45a924f254d9570093abde46430c3172e3d
-CVE-2015-9259
- RESERVED
-CVE-2015-9258
- RESERVED
+CVE-2015-9259 (In Docker Notary before 0.1, the checkRoot function in ...)
+ TODO: check
+CVE-2015-9258 (In Docker Notary before 0.1, gotuf/signed/verify.go has a
Signature ...)
+ TODO: check
CVE-2018-9152
RESERVED
CVE-2018-9151 (A NULL pointer dereference bug in the function ...)
@@ -77,8 +89,8 @@ CVE-2018-9130 (IBOS 4.4.3 has XSS via a company full name.
...)
NOT-FOR-US: IBOS
CVE-2018-9129
RESERVED
-CVE-2018-9128
- RESERVED
+CVE-2018-9128 (DVD X Player Standard 5.5.3.9 has a Buffer Overflow via a
crafted .plf ...)
+ TODO: check
CVE-2018-9127
RESERVED
CVE-2018-9126
@@ -627,8 +639,8 @@ CVE-2018-8910
RESERVED
CVE-2018-8909 (The Wire application before 2018-03-07 for Android allows
attackers to ...)
NOT-FOR-US: Wire application for Android
-CVE-2018-8908
- RESERVED
+CVE-2018-8908 (An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5.
The ...)
+ TODO: check
CVE-2018-8907
RESERVED
CVE-2018-8906 (dsmall v20180320 has XSS via a crafted street address to ...)
@@ -661,8 +673,8 @@ CVE-2018-8895 (In 2345 Security Guard 3.6, the driver file
(2345DumpBlock.sys) a
NOT-FOR-US: 2345 Security Guard
CVE-2018-8894 (In 2345 Security Guard 3.6, the driver file (2345BdPcSafe.sys)
allows ...)
NOT-FOR-US: 2345 Security Guard
-CVE-2018-8893
- RESERVED
+CVE-2018-8893 (Z-BlogPHP 1.5.1 Zero has CSRF in plugin_edit.php, resulting in
the ...)
+ TODO: check
CVE-2018-8892
RESERVED
CVE-2018-8891
@@ -2733,7 +2745,7 @@ CVE-2018-7999 (In libgraphite2 in graphite2 1.3.11, a
NULL pointer dereference .
- graphite2 1.3.11-2 (bug #892590)
[stretch] - graphite2 <no-dsa> (Minor issue)
[jessie] - graphite2 <no-dsa> (Minor issue)
- [wheezy] - graphite2 <no-dsa> (Minor issue)
+ [wheezy] - graphite2 <no-dsa> (Minor issue)
NOTE:
https://github.com/silnrsi/graphite/commit/db132b4731a9b4c9534144ba3a18e65b390e9ff6
NOTE: https://github.com/silnrsi/graphite/issues/22
CVE-2018-7998 (In libvips before 8.6.3, a NULL function pointer dereference
...)
@@ -4904,6 +4916,7 @@ CVE-2018-1000079 (RubyGems version Ruby 2.2 series: 2.2.9
and earlier, Ruby 2.3
NOTE:
https://github.com/rubygems/rubygems/commit/666ef793cad42eed96f7aee1cdf77865db921099
NOTE:
https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000078 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby
2.3 series: ...)
+ {DLA-1337-1 DLA-1336-1}
- ruby2.5 2.5.0-5
- ruby2.3 <unfixed>
- ruby2.1 <removed>
@@ -4913,6 +4926,7 @@ CVE-2018-1000078 (RubyGems version Ruby 2.2 series: 2.2.9
and earlier, Ruby 2.3
NOTE:
https://github.com/rubygems/rubygems/commit/66a28b9275551384fdab45f3591a82d6b59952cb
NOTE:
https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000077 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby
2.3 series: ...)
+ {DLA-1337-1 DLA-1336-1}
- ruby2.5 2.5.0-5
- ruby2.3 <unfixed>
- ruby2.1 <removed>
@@ -4922,6 +4936,7 @@ CVE-2018-1000077 (RubyGems version Ruby 2.2 series: 2.2.9
and earlier, Ruby 2.3
NOTE:
https://github.com/rubygems/rubygems/commit/feadefc2d351dcb95d6492f5ad17ebca546eb964
NOTE:
https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000076 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby
2.3 series: ...)
+ {DLA-1337-1 DLA-1336-1}
- ruby2.5 2.5.0-5
- ruby2.3 <unfixed>
- ruby2.1 <removed>
@@ -4931,6 +4946,7 @@ CVE-2018-1000076 (RubyGems version Ruby 2.2 series: 2.2.9
and earlier, Ruby 2.3
NOTE:
https://github.com/rubygems/rubygems/commit/f5042b879259b1f1ce95a0c5082622c646376693
NOTE:
https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000075 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby
2.3 series: ...)
+ {DLA-1337-1 DLA-1336-1}
- ruby2.5 2.5.0-5
- ruby2.3 <unfixed>
- ruby2.1 <removed>
@@ -21751,6 +21767,7 @@ CVE-2018-1085
CVE-2018-1084
RESERVED
CVE-2018-1083 (Zsh before version 5.4.2-test-1 is vulnerable to a buffer
overflow in ...)
+ {DLA-1335-1}
- zsh <unfixed> (low; bug #894043)
[stretch] - zsh <no-dsa> (Minor issue)
[jessie] - zsh <no-dsa> (Minor issue)
@@ -21782,6 +21799,7 @@ CVE-2018-1073
CVE-2018-1072
RESERVED
CVE-2018-1071 (zsh through version 5.4.2 is vulnerable to a stack-based buffer
...)
+ {DLA-1335-1}
- zsh <unfixed> (low; bug #894044)
[stretch] - zsh <no-dsa> (Minor issue)
[jessie] - zsh <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ed6615d3e6e9958f8b72aa32320627175b26722f
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ed6615d3e6e9958f8b72aa32320627175b26722f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
