[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sun Apr 1 20:10:33 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a37d64b8 by security tracker role at 2018-04-01T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,11 @@
+CVE-2018-9168
+ RESERVED
+CVE-2018-9167
+ RESERVED
+CVE-2018-9166
+ RESERVED
+CVE-2018-9165 (The pushdup function in util/decompile.c in libming through 0.4.8 does ...)
+ TODO: check
CVE-2018-9164
RESERVED
CVE-2018-9163
@@ -10,12 +18,12 @@ CVE-2018-9160 (SickRage before v2018.03.09-1 includes cleartext credentials in H
NOT-FOR-US: SickRage
CVE-2018-9159 (In Spark before 2.7.2, a remote attacker can read unintended static ...)
NOT-FOR-US: Spark Java framework (unrelated to src:spark)
-CVE-2018-9158
- RESERVED
-CVE-2018-9157
- RESERVED
-CVE-2018-9156
- RESERVED
+CVE-2018-9158 (An issue was discovered on AXIS M1033-W (IP camera) Firmware version ...)
+ TODO: check
+CVE-2018-9157 (** DISPUTED ** An issue was discovered on AXIS M1033-W (IP camera) ...)
+ TODO: check
+CVE-2018-9156 (** DISPUTED ** An issue was discovered on AXIS P1354 (IP camera) ...)
+ TODO: check
CVE-2018-9155
RESERVED
CVE-2018-9154
@@ -35,8 +43,8 @@ CVE-2018-9151 (A NULL pointer dereference bug in the function ...)
NOT-FOR-US: Kingsoft Internet Security
CVE-2018-9150
RESERVED
-CVE-2018-9149
- RESERVED
+CVE-2018-9149 (The Zyxel Multy X (AC3000 Tri-Band WiFi System) device doesn't use a ...)
+ TODO: check
CVE-2018-9148 (Western Digital WD My Cloud v04.05.00-320 devices embed the session ...)
NOT-FOR-US: Western Digital WD My Cloud
CVE-2018-9147 (Cross-site scripting (XSS) vulnerabilities in version 7.5.7 of Gespage ...)
@@ -1042,6 +1050,7 @@ CVE-2018-8756 (Eval injection in yzmphp/core/function/global.func.php in YzmCMS
CVE-2018-8755
RESERVED
CVE-2018-8754 (The libevt_record_values_read_event() function in ...)
+ {DSA-4160-1}
- libevt 20180317-1 (bug #893431)
NOTE: https://github.com/libyal/libevt/commit/444ca3ce7853538c577e0ec3f6146d2d65780734
CVE-2018-8753
@@ -4080,12 +4089,12 @@ CVE-2018-7644 (The XmlSecLibs library as used in the saml2 library in SimpleSAML
NOTE: https://simplesamlphp.org/security/201802-01
NOTE: Fixed by: https://github.com/simplesamlphp/saml2/commit/88a9ae848c4b310b1c53b5700893d890999dd930
CVE-2018-7537 (An issue was discovered in Django 2.0 before 2.0.3, 1.11 before ...)
- {DLA-1303-1}
+ {DSA-4161-1 DLA-1303-1}
- python-django 1:1.11.11-1
NOTE: https://www.djangoproject.com/weblog/2018/mar/06/security-releases/
NOTE: Patch https://github.com/django/django/commit/a91436360b79a6ff995c3e5018bcc666dfaf1539
CVE-2018-7536 (An issue was discovered in Django 2.0 before 2.0.3, 1.11 before ...)
- {DLA-1303-1}
+ {DSA-4161-1 DLA-1303-1}
- python-django 1:1.11.11-1
NOTE: https://www.djangoproject.com/weblog/2018/mar/06/security-releases/
NOTE: Patch https://github.com/django/django/commit/abf89d729f210c692a50e0ad3f75fb6bec6fae16
@@ -6169,8 +6178,8 @@ CVE-2018-6851
RESERVED
CVE-2018-6850
RESERVED
-CVE-2018-6849
- RESERVED
+CVE-2018-6849 (In the WebRTC component in DuckDuckGo 4.2.0, after visiting a web site ...)
+ TODO: check
CVE-2018-6848
RESERVED
CVE-2018-6847
@@ -23882,6 +23891,7 @@ CVE-2018-0494
RESERVED
CVE-2018-0493
RESERVED
+ {DSA-4159-1}
- remctl <unfixed>
[jessie] - remctl <not-affected> (Affected code introduced in 3.12)
[wheezy] - remctl <not-affected> (Affected code introduced in 3.12)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a37d64b865553d8df11df7fc16dde9d8af9b1c5e
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a37d64b865553d8df11df7fc16dde9d8af9b1c5e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180401/ae87ba96/attachment-0001.html>
More information about the Secure-testing-commits
mailing list