[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat Mar 24 21:10:23 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
19c59de8 by security tracker role at 2018-03-24T21:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,8 +1,20 @@
+CVE-2018-8969 (An issue was discovered in zzcms 8.2. user/licence_save.php allows ...)
+	TODO: check
+CVE-2018-8968 (An issue was discovered in zzcms 8.2. user/manage.php allows remote ...)
+	TODO: check
+CVE-2018-8967 (An issue was discovered in zzcms 8.2. It allows SQL injection via the ...)
+	TODO: check
+CVE-2018-8966 (An issue was discovered in zzcms 8.2. It allows PHP code injection via ...)
+	TODO: check
+CVE-2018-8965 (An issue was discovered in zzcms 8.2. user/ppsave.php allows remote ...)
+	TODO: check
+CVE-2015-9257 (BMC Remedy Action Request (AR) System 9.0 before 9.0.00 Service Pack 2 ...)
+	TODO: check
 CVE-2018-8964 (In libming 0.4.8, the decompileDELETE function of decompile.c has a ...)
 	- ming <removed>
 	NOTE: https://github.com/libming/libming/issues/130
 CVE-2018-8963 (In libming 0.4.8, the decompileGETVARIABLE function of decompile.c has ...)
-	 - ming <removed>
+	- ming <removed>
 	NOTE: https://github.com/libming/libming/issues/130
 CVE-2018-8962 (In libming 0.4.8, the decompileSingleArgBuiltInFunctionCall function of ...)
 	- ming <removed>
@@ -4444,6 +4456,7 @@ CVE-2018-1000071 (roundcube version 1.3.4 and earlier contains an Insecure Permi
 CVE-2018-1000070 (Bitmessage PyBitmessage version v0.6.2 (and introduced in or after ...)
 	NOT-FOR-US: PyBitmessage
 CVE-2018-1000069 (FreePlane version 1.5.9 and earlier contains a XML External Entity ...)
+	{DLA-1316-1}
 	- freeplane 1.6.6-1 (bug #893663)
 	NOTE: https://www.freeplane.org/wiki/index.php/XML_External_Entity_vulnerability_in_map_parser
 	NOTE: https://github.com/freeplane/freeplane/commit/a5dce7f9f
@@ -8846,6 +8859,7 @@ CVE-2018-5750 (The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Lin
 CVE-2018-5749 (install.php in Minecraft Servers List Lite before commit c1cd164 and ...)
 	NOT-FOR-US: Minecraft Servers List Lite
 CVE-2018-5748 (qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of ...)
+	{DLA-1315-1}
 	- libvirt 4.0.0-1 (bug #887700)
 	[stretch] - libvirt 3.0.0-4+deb9u2
 	[jessie] - libvirt 1.2.9-9+deb8u5
@@ -14915,12 +14929,12 @@ CVE-2017-17753 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
 	NOT-FOR-US: esb-csv-import-export plugin for WordPress
 CVE-2017-17752 (Ability Mail Server 3.3.2 has Cross Site Scripting (XSS) via the body ...)
 	NOT-FOR-US: Ability Mail Server
-CVE-2017-17751
-	RESERVED
-CVE-2017-17750
-	RESERVED
-CVE-2017-17749
-	RESERVED
+CVE-2017-17751 (Bose SoundTouch devices allows remote attackers to achieve remote ...)
+	TODO: check
+CVE-2017-17750 (Bose SoundTouch devices allow XSS via a crafted public playlist from ...)
+	TODO: check
+CVE-2017-17749 (Bose SoundTouch devices allow XSS via crafted song data from a music ...)
+	TODO: check
 CVE-2017-17748
 	RESERVED
 CVE-2017-17747 (Weak access controls in the Device Logout functionality on the TP-Link ...)
@@ -21194,7 +21208,7 @@ CVE-2018-1065 (The netfilter subsystem in the Linux kernel through 4.15.7 mishan
 	NOTE: Fixed by: https://git.kernel.org/linus/57ebd808a97d7c5b1e1afb937c2db22beba3c1f8
 CVE-2018-1064 [qemu: avoid denial of service reading from QEMU guest agent]
 	RESERVED
-	{DSA-4137-1}
+	{DSA-4137-1 DLA-1315-1}
 	- libvirt 4.1.0-1
 	NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=fbf31e1a4cd19d6f6e33e0937a009775cd7d9513
 CVE-2018-1063 (Context relabeling of filesystems is vulnerable to symbolic link ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/19c59de84389200fddb186f435d61059a85e53a9

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/19c59de84389200fddb186f435d61059a85e53a9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180324/4f281ef4/attachment.html>

More information about the Secure-testing-commits mailing list