[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Sun Apr 1 20:10:33 UTC 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a37d64b8 by security tracker role at 2018-04-01T20:10:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,11 @@
+CVE-2018-9168
+	RESERVED
+CVE-2018-9167
+	RESERVED
+CVE-2018-9166
+	RESERVED
+CVE-2018-9165 (The pushdup function in util/decompile.c in libming through 0.4.8 does ...)
+	TODO: check
 CVE-2018-9164
 	RESERVED
 CVE-2018-9163
@@ -10,12 +18,12 @@ CVE-2018-9160 (SickRage before v2018.03.09-1 includes cleartext credentials in H
 	NOT-FOR-US: SickRage
 CVE-2018-9159 (In Spark before 2.7.2, a remote attacker can read unintended static ...)
 	NOT-FOR-US: Spark Java framework (unrelated to src:spark)
-CVE-2018-9158
-	RESERVED
-CVE-2018-9157
-	RESERVED
-CVE-2018-9156
-	RESERVED
+CVE-2018-9158 (An issue was discovered on AXIS M1033-W (IP camera) Firmware version ...)
+	TODO: check
+CVE-2018-9157 (** DISPUTED ** An issue was discovered on AXIS M1033-W (IP camera) ...)
+	TODO: check
+CVE-2018-9156 (** DISPUTED ** An issue was discovered on AXIS P1354 (IP camera) ...)
+	TODO: check
 CVE-2018-9155
 	RESERVED
 CVE-2018-9154
@@ -35,8 +43,8 @@ CVE-2018-9151 (A NULL pointer dereference bug in the function ...)
 	NOT-FOR-US: Kingsoft Internet Security
 CVE-2018-9150
 	RESERVED
-CVE-2018-9149
-	RESERVED
+CVE-2018-9149 (The Zyxel Multy X (AC3000 Tri-Band WiFi System) device doesn't use a ...)
+	TODO: check
 CVE-2018-9148 (Western Digital WD My Cloud v04.05.00-320 devices embed the session ...)
 	NOT-FOR-US: Western Digital WD My Cloud
 CVE-2018-9147 (Cross-site scripting (XSS) vulnerabilities in version 7.5.7 of Gespage ...)
@@ -1042,6 +1050,7 @@ CVE-2018-8756 (Eval injection in yzmphp/core/function/global.func.php in YzmCMS 
 CVE-2018-8755
 	RESERVED
 CVE-2018-8754 (The libevt_record_values_read_event() function in ...)
+	{DSA-4160-1}
 	- libevt 20180317-1 (bug #893431)
 	NOTE: https://github.com/libyal/libevt/commit/444ca3ce7853538c577e0ec3f6146d2d65780734
 CVE-2018-8753
@@ -4080,12 +4089,12 @@ CVE-2018-7644 (The XmlSecLibs library as used in the saml2 library in SimpleSAML
 	NOTE: https://simplesamlphp.org/security/201802-01
 	NOTE: Fixed by: https://github.com/simplesamlphp/saml2/commit/88a9ae848c4b310b1c53b5700893d890999dd930
 CVE-2018-7537 (An issue was discovered in Django 2.0 before 2.0.3, 1.11 before ...)
-	{DLA-1303-1}
+	{DSA-4161-1 DLA-1303-1}
 	- python-django 1:1.11.11-1
 	NOTE: https://www.djangoproject.com/weblog/2018/mar/06/security-releases/
 	NOTE: Patch https://github.com/django/django/commit/a91436360b79a6ff995c3e5018bcc666dfaf1539
 CVE-2018-7536 (An issue was discovered in Django 2.0 before 2.0.3, 1.11 before ...)
-	{DLA-1303-1}
+	{DSA-4161-1 DLA-1303-1}
 	- python-django 1:1.11.11-1
 	NOTE: https://www.djangoproject.com/weblog/2018/mar/06/security-releases/
 	NOTE: Patch https://github.com/django/django/commit/abf89d729f210c692a50e0ad3f75fb6bec6fae16
@@ -6169,8 +6178,8 @@ CVE-2018-6851
 	RESERVED
 CVE-2018-6850
 	RESERVED
-CVE-2018-6849
-	RESERVED
+CVE-2018-6849 (In the WebRTC component in DuckDuckGo 4.2.0, after visiting a web site ...)
+	TODO: check
 CVE-2018-6848
 	RESERVED
 CVE-2018-6847
@@ -23882,6 +23891,7 @@ CVE-2018-0494
 	RESERVED
 CVE-2018-0493
 	RESERVED
+	{DSA-4159-1}
 	- remctl <unfixed>
 	[jessie] - remctl <not-affected> (Affected code introduced in 3.12)
 	[wheezy] - remctl <not-affected> (Affected code introduced in 3.12)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a37d64b865553d8df11df7fc16dde9d8af9b1c5e

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a37d64b865553d8df11df7fc16dde9d8af9b1c5e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180401/ae87ba96/attachment-0001.html>
