[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] automatic update

Sat, 24 Mar 2018 14:40:04 -0700 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
19c59de8 by security tracker role at 2018-03-24T21:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,8 +1,20 @@
+CVE-2018-8969 (An issue was discovered in zzcms 8.2. user/licence_save.php 
allows ...)
+       TODO: check
+CVE-2018-8968 (An issue was discovered in zzcms 8.2. user/manage.php allows 
remote ...)
+       TODO: check
+CVE-2018-8967 (An issue was discovered in zzcms 8.2. It allows SQL injection 
via the ...)
+       TODO: check
+CVE-2018-8966 (An issue was discovered in zzcms 8.2. It allows PHP code 
injection via ...)
+       TODO: check
+CVE-2018-8965 (An issue was discovered in zzcms 8.2. user/ppsave.php allows 
remote ...)
+       TODO: check
+CVE-2015-9257 (BMC Remedy Action Request (AR) System 9.0 before 9.0.00 Service 
Pack 2 ...)
+       TODO: check
 CVE-2018-8964 (In libming 0.4.8, the decompileDELETE function of decompile.c 
has a ...)
        - ming <removed>
        NOTE: https://github.com/libming/libming/issues/130
 CVE-2018-8963 (In libming 0.4.8, the decompileGETVARIABLE function of 
decompile.c has ...)
-        - ming <removed>
+       - ming <removed>
        NOTE: https://github.com/libming/libming/issues/130
 CVE-2018-8962 (In libming 0.4.8, the decompileSingleArgBuiltInFunctionCall 
function of ...)
        - ming <removed>
@@ -4444,6 +4456,7 @@ CVE-2018-1000071 (roundcube version 1.3.4 and earlier 
contains an Insecure Permi
 CVE-2018-1000070 (Bitmessage PyBitmessage version v0.6.2 (and introduced in or 
after ...)
        NOT-FOR-US: PyBitmessage
 CVE-2018-1000069 (FreePlane version 1.5.9 and earlier contains a XML External 
Entity ...)
+       {DLA-1316-1}
        - freeplane 1.6.6-1 (bug #893663)
        NOTE: 
https://www.freeplane.org/wiki/index.php/XML_External_Entity_vulnerability_in_map_parser
        NOTE: https://github.com/freeplane/freeplane/commit/a5dce7f9f
@@ -8846,6 +8859,7 @@ CVE-2018-5750 (The acpi_smbus_hc_add function in 
drivers/acpi/sbshc.c in the Lin
 CVE-2018-5749 (install.php in Minecraft Servers List Lite before commit 
c1cd164 and ...)
        NOT-FOR-US: Minecraft Servers List Lite
 CVE-2018-5748 (qemu/qemu_monitor.c in libvirt allows attackers to cause a 
denial of ...)
+       {DLA-1315-1}
        - libvirt 4.0.0-1 (bug #887700)
        [stretch] - libvirt 3.0.0-4+deb9u2
        [jessie] - libvirt 1.2.9-9+deb8u5
@@ -14915,12 +14929,12 @@ CVE-2017-17753 (Multiple cross-site scripting (XSS) 
vulnerabilities in the ...)
        NOT-FOR-US: esb-csv-import-export plugin for WordPress
 CVE-2017-17752 (Ability Mail Server 3.3.2 has Cross Site Scripting (XSS) via 
the body ...)
        NOT-FOR-US: Ability Mail Server
-CVE-2017-17751
-       RESERVED
-CVE-2017-17750
-       RESERVED
-CVE-2017-17749
-       RESERVED
+CVE-2017-17751 (Bose SoundTouch devices allows remote attackers to achieve 
remote ...)
+       TODO: check
+CVE-2017-17750 (Bose SoundTouch devices allow XSS via a crafted public 
playlist from ...)
+       TODO: check
+CVE-2017-17749 (Bose SoundTouch devices allow XSS via crafted song data from a 
music ...)
+       TODO: check
 CVE-2017-17748
        RESERVED
 CVE-2017-17747 (Weak access controls in the Device Logout functionality on the 
TP-Link ...)
@@ -21194,7 +21208,7 @@ CVE-2018-1065 (The netfilter subsystem in the Linux 
kernel through 4.15.7 mishan
        NOTE: Fixed by: 
https://git.kernel.org/linus/57ebd808a97d7c5b1e1afb937c2db22beba3c1f8
 CVE-2018-1064 [qemu: avoid denial of service reading from QEMU guest agent]
        RESERVED
-       {DSA-4137-1}
+       {DSA-4137-1 DLA-1315-1}
        - libvirt 4.1.0-1
        NOTE: Fixed by: 
https://libvirt.org/git/?p=libvirt.git;a=commit;h=fbf31e1a4cd19d6f6e33e0937a009775cd7d9513
 CVE-2018-1063 (Context relabeling of filesystems is vulnerable to symbolic 
link ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/19c59de84389200fddb186f435d61059a85e53a9

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/19c59de84389200fddb186f435d61059a85e53a9
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to