[Git][security-tracker-team/security-tracker][master] 3 commits: Reference both upstream commits for CVE-2018-1997{4,5,6}

Thu Dec 20 16:15:44 GMT 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f4a5424b by Salvatore Bonaccorso at 2018-12-20T16:02:41Z
Reference both upstream commits for CVE-2018-1997{4,5,6}

- - - - -
2231098d by Salvatore Bonaccorso at 2018-12-20T16:06:01Z
Add CVE-2018-1160/netatalk

- - - - -
0210cd5f by Salvatore Bonaccorso at 2018-12-20T16:14:07Z
Add bug reference for CVE-2018-1160/netatalk

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3672,19 +3672,24 @@ CVE-2018-19976 (In YARA 3.8.1, bytecode in a specially crafted compiled rule is
 	NOTE: https://github.com/VirusTotal/yara/issues/999
 	NOTE: https://bnbdr.github.io/posts/extracheese/
 	NOTE: https://github.com/bnbdr/swisscheese/
+	NOTE: https://github.com/VirusTotal/yara/commit/6acc08d7329413f60e0976be017e18a581450d7a
+	NOTE: https://github.com/VirusTotal/yara/commit/d8f714891ed92da15d50b397b74d1d9431e9c54c
 CVE-2018-19975 (In YARA 3.8.1, bytecode in a specially crafted compiled rule can read ...)
 	- yara <unfixed>
 	[jessie] - yara <no-dsa> (Minor issue)
 	NOTE: https://github.com/VirusTotal/yara/issues/999
 	NOTE: https://bnbdr.github.io/posts/extracheese/
 	NOTE: https://github.com/bnbdr/swisscheese/
+	NOTE: https://github.com/VirusTotal/yara/commit/6acc08d7329413f60e0976be017e18a581450d7a
+	NOTE: https://github.com/VirusTotal/yara/commit/d8f714891ed92da15d50b397b74d1d9431e9c54c
 CVE-2018-19974 (In YARA 3.8.1, bytecode in a specially crafted compiled rule can read ...)
 	- yara <unfixed>
 	[jessie] - yara <no-dsa> (Minor issue)
 	NOTE: https://github.com/VirusTotal/yara/issues/999
 	NOTE: https://bnbdr.github.io/posts/extracheese/
 	NOTE: https://github.com/bnbdr/swisscheese/
-	NOTE: Fixed by https://github.com/VirusTotal/yara/commit/6acc08d7329413f60e0976be017e18a581450d7a
+	NOTE: https://github.com/VirusTotal/yara/commit/6acc08d7329413f60e0976be017e18a581450d7a
+	NOTE: https://github.com/VirusTotal/yara/commit/d8f714891ed92da15d50b397b74d1d9431e9c54c
 CVE-2018-19973
 	RESERVED
 CVE-2018-19972
@@ -58873,8 +58878,10 @@ CVE-2018-1162 (This vulnerability allows remote attackers to create a ...)
 	NOT-FOR-US: Quest NetVault Backup
 CVE-2018-1161 (This vulnerability allows remote attackers to execute arbitrary code ...)
 	NOT-FOR-US: Quest NetVault Backup
-CVE-2018-1160
+CVE-2018-1160 [Unauthenticated remote code execution in Netatalk]
 	RESERVED
+	- netatalk <unfixed> (bug #916930)
+	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=13711
 CVE-2018-1159 (Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory ...)
 	NOT-FOR-US: Mikrotik RouterOS
 CVE-2018-1158 (Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/72c5e5a19bfddb956cb19f0e23e3ba2815be71a6...0210cd5f8ee35803473d61d23326dcf4c8faeadb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/72c5e5a19bfddb956cb19f0e23e3ba2815be71a6...0210cd5f8ee35803473d61d23326dcf4c8faeadb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181220/05644dcf/attachment.html>
