[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Thu Mar 15 09:11:24 UTC 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
25be28e0 by security tracker role at 2018-03-15T09:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,23 @@
+CVE-2018-8726
+	RESERVED
+CVE-2018-8725
+	RESERVED
+CVE-2018-8724
+	RESERVED
+CVE-2018-8723
+	RESERVED
+CVE-2018-8722 (Zoho ManageEngine Desktop Central version 9.1.0 build 91099 has ...)
+	TODO: check
+CVE-2018-8721 (Zoho ManageEngine EventLog Analyzer version 11.0 build 11000 has Stored ...)
+	TODO: check
+CVE-2018-8720
+	RESERVED
+CVE-2018-8719
+	RESERVED
+CVE-2018-8718
+	RESERVED
+CVE-2017-18232 (The Serial Attached SCSI (SAS) implementation in the Linux kernel ...)
+	TODO: check
 CVE-2018-8717 (joyplus-cms 1.6.0 has CSRF, as demonstrated by adding an administrator ...)
 	NOT-FOR-US: joyplus-cms
 CVE-2018-8716
@@ -1360,8 +1380,8 @@ CVE-2018-8078 (YzmCMS 3.7 has Stored XSS via the title parameter to ...)
 	NOT-FOR-US: YzmCMS
 CVE-2018-8077
 	RESERVED
-CVE-2018-8076
-	RESERVED
+CVE-2018-8076 (ZenMate 1.5.4 for macOS suffers from a type confusion vulnerability ...)
+	TODO: check
 CVE-2018-8075
 	RESERVED
 CVE-2018-8074
@@ -1781,14 +1801,17 @@ CVE-2018-7889 (gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load
 	NOTE: https://bugs.launchpad.net/calibre/+bug/1753870
 	NOTE: https://github.com/kovidgoyal/calibre/commit/aeb5b036a0bf657951756688b3c72bd68b6e4a7d
 CVE-2018-1000122 (A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 ...)
+	{DSA-4136-1}
 	- curl <unfixed>
 	NOTE: https://curl.haxx.se/docs/adv_2018-b047.html
 	NOTE: https://curl.haxx.se/CVE-2018-1000122.patch
 CVE-2018-1000121 (A NULL pointer dereference exists in curl 7.21.0 to and including curl ...)
+	{DSA-4136-1}
 	- curl <unfixed>
 	NOTE: https://curl.haxx.se/docs/adv_2018-97a2.html
 	NOTE: https://curl.haxx.se/CVE-2018-1000121.patch
 CVE-2018-1000120 (A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 ...)
+	{DSA-4136-1}
 	- curl <unfixed>
 	NOTE: https://curl.haxx.se/docs/adv_2018-9cd6.html
 	NOTE: https://curl.haxx.se/CVE-2018-1000120.patch
@@ -1796,8 +1819,8 @@ CVE-2018-7888
 	RESERVED
 CVE-2018-7887
 	RESERVED
-CVE-2018-7886
-	RESERVED
+CVE-2018-7886 (An issue was discovered in CloudMe 1.11.0. An unauthenticated remote ...)
+	TODO: check
 CVE-2018-7885
 	RESERVED
 CVE-2018-7884
@@ -20452,6 +20475,7 @@ CVE-2018-1065 (The netfilter subsystem in the Linux kernel through 4.15.7 mishan
 	NOTE: Fixed by: https://git.kernel.org/linus/57ebd808a97d7c5b1e1afb937c2db22beba3c1f8
 CVE-2018-1064 [qemu: avoid denial of service reading from QEMU guest agent]
 	RESERVED
+	{DSA-4137-1}
 	- libvirt 4.1.0-1
 	NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=fbf31e1a4cd19d6f6e33e0937a009775cd7d9513
 CVE-2018-1063 (Context relabeling of filesystems is vulnerable to symbolic link ...)
@@ -38209,8 +38233,7 @@ CVE-2017-12196 [Client can use bogus uri in Digest authentication]
 CVE-2017-12195
 	RESERVED
 	NOT-FOR-US: OpenShift
-CVE-2017-12194 [Integer overflows causing buffer overflows in spice-client]
-	RESERVED
+CVE-2017-12194 (A flaw was found in the way spice-client processed certain messages ...)
 	- spice-gtk <undetermined>
 	- spice <undetermined>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1240165



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/25be28e0be1edace9e6ab847907c18c3848e73f3

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/25be28e0be1edace9e6ab847907c18c3848e73f3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180315/e1e5bc84/attachment-0001.html>
