[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Mon Apr 9 08:10:32 UTC 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ef76d426 by security tracker role at 2018-04-09T08:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,11 @@
+CVE-2018-9858
+	RESERVED
+CVE-2018-9857 (PHP Scripts Mall Match Clone Script 1.0.4 has XSS via the search field ...)
+	TODO: check
+CVE-2018-9856 (Kotti before 1.3.2 and 2.x before 2.0.0b2 has CSRF in the local roles ...)
+	TODO: check
+CVE-2018-9855
+	RESERVED
 CVE-2018-9854
 	RESERVED
 CVE-2018-9853
@@ -1080,7 +1088,7 @@ CVE-2016-10719
 	RESERVED
 CVE-2018-9330 (register.jsp in Coremail XT3.0 allows stored XSS, as demonstrated by ...)
 	NOT-FOR-US: Coremail XT3.0
-CVE-2018-9329 (The Bitdefender Antivirus 6.2.19.890 component, as configured for AV ...)
+CVE-2018-9329 (** DISPUTED ** The Bitdefender Antivirus 6.2.19.890 component, as ...)
 	NOT-FOR-US: Bitdefender Antivirus
 CVE-2018-9328 (PHP Scripts Mall Redbus Clone Script 3.0.6 has XSS via the ter_from ...)
 	NOT-FOR-US: PHP Scripts Mall Redbus Clone Script
@@ -2594,7 +2602,7 @@ CVE-2018-8764 (Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3
 	NOTE: https://www.ldap-account-manager.org/lamcms/node/354
 	NOTE: https://github.com/LDAPAccountManager/lam/commit/993751c7ff0faa07b7c028295152cf9c20349688
 CVE-2018-8763 (Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has ...)
-	{DSA-4165-1}
+	{DSA-4165-1 DLA-1342-1}
 	- ldap-account-manager 6.3-1
 	NOTE: https://github.com/LDAPAccountManager/lam/commit/f1d7aec5fc4aaf516e1d8a6f0eb3082050553302
 	NOTE: https://github.com/LDAPAccountManager/lam/commit/16fc7f7e8603c5cb7c129cfbf97fc572b9b8740c
@@ -8507,7 +8515,6 @@ CVE-2018-6596 (webhooks/base.py in Anymail (aka django-anymail) before 1.2.1 is 
 CVE-2018-6595
 	RESERVED
 CVE-2018-6594 (lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates ...)
-	{DLA-1283-1}
 	- pycryptodome 3.4.11-1 (bug #889998)
 	- python-crypto <unfixed> (bug #889999)
 	[stretch] - python-crypto <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ef76d4267cb302af58c3e4592cfdd659eeda391a

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ef76d4267cb302af58c3e4592cfdd659eeda391a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180409/350805f2/attachment.html>
