[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Sun Apr 1 08:10:28 UTC 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ed6615d3 by security tracker role at 2018-04-01T08:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,15 @@
+CVE-2018-9164
+	RESERVED
+CVE-2018-9163
+	RESERVED
+CVE-2018-9162 (Contec Smart Home 4.15 devices do not require authentication for ...)
+	TODO: check
+CVE-2018-9161 (Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote attackers ...)
+	TODO: check
+CVE-2018-9160 (SickRage before v2018.03.09-1 includes cleartext credentials in HTTP ...)
+	TODO: check
+CVE-2018-9159 (In Spark before 2.7.2, a remote attacker can read unintended static ...)
+	TODO: check
 CVE-2018-9158
 	RESERVED
 CVE-2018-9157
@@ -13,10 +25,10 @@ CVE-2018-9153
 CVE-2017-18255 (The perf_cpu_time_max_percent_handler function in kernel/events/core.c ...)
 	- linux 4.11.6-1
 	NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1572e45a924f254d9570093abde46430c3172e3d
-CVE-2015-9259
-	RESERVED
-CVE-2015-9258
-	RESERVED
+CVE-2015-9259 (In Docker Notary before 0.1, the checkRoot function in ...)
+	TODO: check
+CVE-2015-9258 (In Docker Notary before 0.1, gotuf/signed/verify.go has a Signature ...)
+	TODO: check
 CVE-2018-9152
 	RESERVED
 CVE-2018-9151 (A NULL pointer dereference bug in the function ...)
@@ -77,8 +89,8 @@ CVE-2018-9130 (IBOS 4.4.3 has XSS via a company full name. ...)
 	NOT-FOR-US: IBOS
 CVE-2018-9129
 	RESERVED
-CVE-2018-9128
-	RESERVED
+CVE-2018-9128 (DVD X Player Standard 5.5.3.9 has a Buffer Overflow via a crafted .plf ...)
+	TODO: check
 CVE-2018-9127
 	RESERVED
 CVE-2018-9126
@@ -627,8 +639,8 @@ CVE-2018-8910
 	RESERVED
 CVE-2018-8909 (The Wire application before 2018-03-07 for Android allows attackers to ...)
 	NOT-FOR-US: Wire application for Android
-CVE-2018-8908
-	RESERVED
+CVE-2018-8908 (An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The ...)
+	TODO: check
 CVE-2018-8907
 	RESERVED
 CVE-2018-8906 (dsmall v20180320 has XSS via a crafted street address to ...)
@@ -661,8 +673,8 @@ CVE-2018-8895 (In 2345 Security Guard 3.6, the driver file (2345DumpBlock.sys) a
 	NOT-FOR-US: 2345 Security Guard
 CVE-2018-8894 (In 2345 Security Guard 3.6, the driver file (2345BdPcSafe.sys) allows ...)
 	NOT-FOR-US: 2345 Security Guard
-CVE-2018-8893
-	RESERVED
+CVE-2018-8893 (Z-BlogPHP 1.5.1 Zero has CSRF in plugin_edit.php, resulting in the ...)
+	TODO: check
 CVE-2018-8892
 	RESERVED
 CVE-2018-8891
@@ -2733,7 +2745,7 @@ CVE-2018-7999 (In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference .
 	- graphite2 1.3.11-2 (bug #892590)
 	[stretch] - graphite2 <no-dsa> (Minor issue)
 	[jessie] - graphite2 <no-dsa> (Minor issue)
-        [wheezy] - graphite2 <no-dsa> (Minor issue)
+	[wheezy] - graphite2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/silnrsi/graphite/commit/db132b4731a9b4c9534144ba3a18e65b390e9ff6
 	NOTE: https://github.com/silnrsi/graphite/issues/22
 CVE-2018-7998 (In libvips before 8.6.3, a NULL function pointer dereference ...)
@@ -4904,6 +4916,7 @@ CVE-2018-1000079 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 
 	NOTE: https://github.com/rubygems/rubygems/commit/666ef793cad42eed96f7aee1cdf77865db921099
 	NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
 CVE-2018-1000078 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...)
+	{DLA-1337-1 DLA-1336-1}
 	- ruby2.5 2.5.0-5
 	- ruby2.3 <unfixed>
 	- ruby2.1 <removed>
@@ -4913,6 +4926,7 @@ CVE-2018-1000078 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 
 	NOTE: https://github.com/rubygems/rubygems/commit/66a28b9275551384fdab45f3591a82d6b59952cb
 	NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
 CVE-2018-1000077 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...)
+	{DLA-1337-1 DLA-1336-1}
 	- ruby2.5 2.5.0-5
 	- ruby2.3 <unfixed>
 	- ruby2.1 <removed>
@@ -4922,6 +4936,7 @@ CVE-2018-1000077 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 
 	NOTE: https://github.com/rubygems/rubygems/commit/feadefc2d351dcb95d6492f5ad17ebca546eb964
 	NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
 CVE-2018-1000076 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...)
+	{DLA-1337-1 DLA-1336-1}
 	- ruby2.5 2.5.0-5
 	- ruby2.3 <unfixed>
 	- ruby2.1 <removed>
@@ -4931,6 +4946,7 @@ CVE-2018-1000076 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 
 	NOTE: https://github.com/rubygems/rubygems/commit/f5042b879259b1f1ce95a0c5082622c646376693
 	NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
 CVE-2018-1000075 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...)
+	{DLA-1337-1 DLA-1336-1}
 	- ruby2.5 2.5.0-5
 	- ruby2.3 <unfixed>
 	- ruby2.1 <removed>
@@ -21751,6 +21767,7 @@ CVE-2018-1085
 CVE-2018-1084
 	RESERVED
 CVE-2018-1083 (Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in ...)
+	{DLA-1335-1}
 	- zsh <unfixed> (low; bug #894043)
 	[stretch] - zsh <no-dsa> (Minor issue)
 	[jessie] - zsh <no-dsa> (Minor issue)
@@ -21782,6 +21799,7 @@ CVE-2018-1073
 CVE-2018-1072
 	RESERVED
 CVE-2018-1071 (zsh through version 5.4.2 is vulnerable to a stack-based buffer ...)
+	{DLA-1335-1}
 	- zsh <unfixed> (low; bug #894044)
 	[stretch] - zsh <no-dsa> (Minor issue)
 	[jessie] - zsh <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ed6615d3e6e9958f8b72aa32320627175b26722f

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ed6615d3e6e9958f8b72aa32320627175b26722f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180401/25ee752b/attachment.html>
