Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f8300fe2 by security tracker role at 2018-08-13T20:10:22Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -330,20 +330,20 @@ CVE-2018-15147
RESERVED
CVE-2018-15146
RESERVED
-CVE-2018-15145
- RESERVED
-CVE-2018-15144
- RESERVED
-CVE-2018-15143
- RESERVED
-CVE-2018-15142
- RESERVED
-CVE-2018-15141
- RESERVED
-CVE-2018-15140
- RESERVED
-CVE-2018-15139
- RESERVED
+CVE-2018-15145 (Multiple SQL injection vulnerabilities in ...)
+ TODO: check
+CVE-2018-15144 (SQL injection vulnerability in ...)
+ TODO: check
+CVE-2018-15143 (Multiple SQL injection vulnerabilities in ...)
+ TODO: check
+CVE-2018-15142 (Directory traversal in portal/import_template.php in versions
of ...)
+ TODO: check
+CVE-2018-15141 (Directory traversal in portal/import_template.php in versions
of ...)
+ TODO: check
+CVE-2018-15140 (Directory traversal in portal/import_template.php in versions
of ...)
+ TODO: check
+CVE-2018-15139 (Unrestricted file upload in
interface/super/manage_site_files.php in ...)
+ TODO: check
CVE-2018-15138
RESERVED
CVE-2018-15137 (CeLa Link CLR-M20 devices allow unauthorized users to upload
any file ...)
@@ -896,8 +896,8 @@ CVE-2018-XXXX [Default KeyInfo resolver doesn't check for
empty element content.
[jessie] - xml-security-c 1.7.2-3+deb8u1
NOTE:
https://issues.apache.org/jira/projects/SANTUARIO/issues/SANTUARIO-491
NOTE: https://shibboleth.net/community/advisories/secadv_20180803.txt
-CVE-2018-14878
- RESERVED
+CVE-2018-14878 (JetBrains dotPeek before 2018.2 and ReSharper Ultimate before
2018.1.4 ...)
+ TODO: check
CVE-2018-14877 (An issue was discovered in WeaselCMS v0.3.5. XSS exists via
Site ...)
NOT-FOR-US: WeaselCMS
CVE-2018-14876 (An issue was discovered in image_save_png in
image/image-png.cpp in ...)
@@ -959,12 +959,10 @@ CVE-2018-14851 (exif_process_IFD_in_MAKERNOTE in
ext/exif/exif.c in PHP before 5
- php5 <removed>
NOTE: Fixed in 5.6.37, 7.0.31, 7.1.20, 7.2.8
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76557
-CVE-2018-14850
- RESERVED
+CVE-2018-14850 (Stored XSS vulnerabilities in Tiki before 18.2, 15.7 and 12.14
allow ...)
- tikiwiki <removed>
NOTE: https://sourceforge.net/p/tikiwiki/code/66990
-CVE-2018-14849
- RESERVED
+CVE-2018-14849 (Tiki before 18.2, 15.7 and 12.14 has XSS via link attributes,
related ...)
- tikiwiki <removed>
NOTE: https://sourceforge.net/p/tikiwiki/code/66809
CVE-2018-14848
@@ -2106,6 +2104,7 @@ CVE-2016-10727
(camel/providers/imapx/camel-imapx-server.c in the IMAPx componen
NOTE:
https://gitlab.gnome.org/GNOME/evolution-data-server/commit/f26a6f67
CVE-2018-14424 [use-after-free of disposed transient displays]
RESERVED
+ {DSA-4270-1}
- gdm3 3.28.2-4
NOTE: https://gitlab.gnome.org/GNOME/gdm/issues/401
NOTE:
https://gitlab.gnome.org/GNOME/gdm/commit/6060db704a19b0db68f2e9e6a2d020c0c78b6bba
@@ -4480,12 +4479,12 @@ CVE-2018-13419 (An issue has been found in libsndfile
1.0.28. There is a memory
NOTE: https://github.com/erikd/libsndfile/issues/398
CVE-2018-13418
RESERVED
-CVE-2018-13417
- RESERVED
+CVE-2018-13417 (In Vuze Bittorrent Client 5.7.6.0, the XML parsing engine for
...)
+ TODO: check
CVE-2018-13416 (In Universal Media Server (UMS) 7.1.0, the XML parsing engine
for ...)
NOT-FOR-US: Universal Media Server
-CVE-2018-13415
- RESERVED
+CVE-2018-13415 (In Plex Media Server 1.13.2.5154, the XML parsing engine for
SSDP/UPnP ...)
+ TODO: check
CVE-2018-13414
RESERVED
CVE-2018-13413
@@ -4509,7 +4508,7 @@ CVE-2018-13406 (An integer overflow in the
uvesafb_setcmap function in ...)
- linux 4.17.6-1
NOTE:
https://git.kernel.org/linus/9f645bcc566a1e9f921bdae7528a01ced5bc3713
CVE-2018-13405 (The inode_init_owner function in fs/inode.c in the Linux
kernel through ...)
- {DSA-4266-1}
+ {DSA-4266-1 DLA-1466-1}
- linux 4.17.6-1
NOTE:
https://git.kernel.org/linus/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7
NOTE: http://www.openwall.com/lists/oss-security/2018/07/13/2
@@ -4537,8 +4536,8 @@ CVE-2018-13394
RESERVED
CVE-2018-13393
RESERVED
-CVE-2018-13392
- RESERVED
+CVE-2018-13392 (Several resources in Atlassian Fisheye and Crucible before
version ...)
+ TODO: check
CVE-2018-13391
RESERVED
CVE-2018-13390 (Unauthenticated access to cloudtoken daemon on Linux via
network from ...)
@@ -6542,8 +6541,8 @@ CVE-2018-12589 (Polaris Office 2017 8.1 allows attackers
to execute arbitrary co
NOT-FOR-US: Polaris Office
CVE-2018-12588 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: Public Knowledge Project (PKP) Open Monograph Press (OMP)
-CVE-2018-12587
- RESERVED
+CVE-2018-12587 (A cross-site scripting (XSS) vulnerability was found in
valeuraddons ...)
+ TODO: check
CVE-2018-12586
RESERVED
CVE-2018-12585
@@ -8678,8 +8677,7 @@ CVE-2018-11772
RESERVED
CVE-2018-11771
RESERVED
-CVE-2018-11770
- RESERVED
+CVE-2018-11770 (From version 1.3.0 onward, Apache Spark's standalone master
exposes a ...)
NOT-FOR-US: Apache Spark
CVE-2018-11769 (CouchDB administrative users before 2.2.0 can configure the
database ...)
- couchdb <removed>
@@ -11197,8 +11195,7 @@ CVE-2018-10866
CVE-2018-10865
RESERVED
NOT-FOR-US: Red Hat Certification
-CVE-2018-10864
- RESERVED
+CVE-2018-10864 (An uncontrolled resource consumption flaw has been discovered
in ...)
NOT-FOR-US: Red Hat Certification
CVE-2018-10863
RESERVED
@@ -11274,8 +11271,7 @@ CVE-2018-10844
RESERVED
CVE-2018-10843 (source-to-image component of Openshift Container Platform
before ...)
NOT-FOR-US: source-to-image in OpenShift
-CVE-2018-10842
- RESERVED
+CVE-2018-10842 (It was found that an authenticated user could manipulate user
session ...)
NOT-FOR-US: Keycloak
CVE-2018-10841 (glusterfs is vulnerable to privilege escalation on gluster
server ...)
- glusterfs 4.1.2-1 (bug #901968)
@@ -11953,8 +11949,8 @@ CVE-2018-10571 (Multiple reflected cross-site scripting
(XSS) vulnerabilities in
NOT-FOR-US: OpenEMR
CVE-2018-10570 (Frog CMS 0.9.5 has XSS in /install/index.php via the ...)
NOT-FOR-US: Frog CMS
-CVE-2018-10569
- RESERVED
+CVE-2018-10569 (An issue was discovered in Edimax EW-7438RPn Mini v2 before
version ...)
+ TODO: check
CVE-2018-10568 (XSS exists in Flexense DiskSorter Enterprise from v9.5.12 to
v10.7. ...)
NOT-FOR-US: Flexense DiskSorter Enterprise
CVE-2018-10567 (XSS exists in Flexense VX Search Enterprise from v10.1.12 to
v10.7. ...)
@@ -23386,8 +23382,8 @@ CVE-2018-6416
RESERVED
CVE-2018-6415
RESERVED
-CVE-2018-6414
- RESERVED
+CVE-2018-6414 (A buffer overflow vulnerability in the web server of some
Hikvision IP ...)
+ TODO: check
CVE-2018-6413 (There is a buffer overflow in the Hikvision Camera DS-2CD9111-S
of ...)
NOT-FOR-US: Hikvision Camera DS-2CD9111-S
CVE-2018-6412 (In the function sbusfb_ioctl_helper() in
drivers/video/fbdev/sbuslib.c ...)
@@ -25259,10 +25255,10 @@ CVE-2018-5927
RESERVED
CVE-2018-5926
RESERVED
-CVE-2018-5925
- RESERVED
-CVE-2018-5924
- RESERVED
+CVE-2018-5925 (A security vulnerability has been identified with certain HP
Inkjet ...)
+ TODO: check
+CVE-2018-5924 (A security vulnerability has been identified with certain HP
Inkjet ...)
+ TODO: check
CVE-2018-5923
RESERVED
CVE-2018-5922
@@ -26669,7 +26665,7 @@ CVE-2018-5392 [mingw-w64 by default produces
executables that opt in to ASLR, bu
CVE-2018-5391
RESERVED
CVE-2018-5390 (Linux kernel versions 4.9+ can be forced to make very expensive
calls ...)
- {DSA-4266-1}
+ {DSA-4266-1 DLA-1466-1}
- linux 4.17.14-1 (bug #905751)
[jessie] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://www.kb.cert.org/vuls/id/962459
@@ -30938,11 +30934,11 @@ CVE-2018-3784
CVE-2018-3783
RESERVED
CVE-2018-3782
- RESERVED
-CVE-2018-3781
- RESERVED
-CVE-2018-3780
- RESERVED
+ REJECTED
+CVE-2018-3781 (A missing sanitization of search results for an autocomplete
field in ...)
+ TODO: check
+CVE-2018-3780 (A missing sanitization of search results for an autocomplete
field in ...)
+ TODO: check
CVE-2018-3779 (active-support ruby gem 5.2.0 could allow a remote attacker to
execute ...)
NOT-FOR-US: Trojaned gem release
CVE-2018-3778 (Improper authorization in aedes version <0.35.0 will publish
a LWT in ...)
@@ -38193,7 +38189,7 @@ CVE-2018-1260 (Spring Security OAuth, versions 2.3
prior to 2.3.3, 2.2 prior to
NOT-FOR-US: Spring Security OAuth
CVE-2018-1259 (Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0
prior to ...)
NOT-FOR-US: Spring Data Commons
-CVE-2018-1258 (Spring Security in combination with Spring Framework versions
prior to ...)
+CVE-2018-1258 (Spring Framework version 5.0.5 when used in combination with
any ...)
- libspring-security-2.0-java <removed>
NOTE: https://pivotal.io/security/cve-2018-1258
CVE-2018-1257 (Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x
prior ...)
@@ -40581,8 +40577,8 @@ CVE-2018-0716
RESERVED
CVE-2018-0715
RESERVED
-CVE-2018-0714
- RESERVED
+CVE-2018-0714 (Command injection vulnerability in Helpdesk versions 1.1.21 and
...)
+ TODO: check
CVE-2018-0713
RESERVED
CVE-2018-0712 (Command injection vulnerability in LDAP Server in QNAP QTS
4.2.6 build ...)
@@ -47950,8 +47946,7 @@ CVE-2017-15140
RESERVED
CVE-2017-15139
RESERVED
-CVE-2017-15138
- RESERVED
+CVE-2017-15138 (The OpenShift Enterprise cluster-read can access webhook
tokens which ...)
NOT-FOR-US: atomic-openshift
CVE-2017-15137 (The OpenShift image import whitelist failed to enforce
restrictions ...)
NOT-FOR-US: atomic-openshift
@@ -57348,43 +57343,43 @@ CVE-2017-12107 (An memory corruption vulnerability
exists in the .PCX parsing ..
CVE-2017-12106 (A memory corruption vulnerability exists in the .TGA parsing
...)
NOT-FOR-US: Computerinsel Photoline
CVE-2017-12105 (An exploitable integer overflow exists in the way that the
Blender ...)
- {DSA-4248-1}
+ {DSA-4248-1 DLA-1465-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE:
https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0457
CVE-2017-12104 (An exploitable integer overflow exists in the way that the
Blender ...)
- {DSA-4248-1}
+ {DSA-4248-1 DLA-1465-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE:
https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e6df02861e17f75d4dd243776f35208681b78465
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0456
CVE-2017-12103 (An exploitable integer overflow exists in the way that the
Blender ...)
- {DSA-4248-1}
+ {DSA-4248-1 DLA-1465-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE:
https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e6df02861e17f75d4dd243776f35208681b78465
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0455
CVE-2017-12102 (An exploitable integer overflow exists in the way that the
Blender ...)
- {DSA-4248-1}
+ {DSA-4248-1 DLA-1465-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE:
https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e6df02861e17f75d4dd243776f35208681b78465
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0454
CVE-2017-12101 (An exploitable integer overflow exists in the ...)
- {DSA-4248-1}
+ {DSA-4248-1 DLA-1465-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE:
https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0453
CVE-2017-12100 (An exploitable integer overflow exists in the
'multires_load_old_dm' ...)
- {DSA-4248-1}
+ {DSA-4248-1 DLA-1465-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE:
https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0452
CVE-2017-12099 (An exploitable integer overflow exists in the upgrade of the
legacy ...)
- {DSA-4248-1}
+ {DSA-4248-1 DLA-1465-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE:
https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581
@@ -57420,7 +57415,7 @@ CVE-2017-12087 (An exploitable heap overflow
vulnerability exists in the tinysvc
NOTE: Debian build uses Avahi instead
NOTE:
https://bugs.launchpad.net/ubuntu/+source/shairport-sync/+bug/1729668
CVE-2017-12086 (An exploitable integer overflow exists in the ...)
- {DSA-4248-1}
+ {DSA-4248-1 DLA-1465-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE:
https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581
@@ -57432,13 +57427,13 @@ CVE-2017-12084 (A backdoor vulnerability exists in
remote control functionality
CVE-2017-12083 (An exploitable information disclosure vulnerability exists in
the apid ...)
NOT-FOR-US: Circle with Disney
CVE-2017-12082 (An exploitable integer overflow exists in the 'CustomData'
Mesh ...)
- {DSA-4248-1}
+ {DSA-4248-1 DLA-1465-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE:
https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0434
CVE-2017-12081 (An exploitable integer overflow exists in the upgrade of a
legacy Mesh ...)
- {DSA-4248-1}
+ {DSA-4248-1 DLA-1465-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE:
https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581
@@ -71472,8 +71467,7 @@ CVE-2017-7501 (It was found that versions of rpm before
4.13.0.2 use temporary f
- rpm <unfixed> (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1452133
NOTE: Not supported for installations in Debian (and an unprivileged
attacker would not have permissions for systems directories anyway)
-CVE-2017-7500 [Following symlinks to directories when installing packages
allows privilege escalation]
- RESERVED
+CVE-2017-7500 (It was found that rpm did not properly handle RPM installations
when a ...)
- rpm <unfixed> (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1450369
NOTE: Not supported for installations in Debian (and an unprivileged
attacker would not have permissions for systems directories anyway)
@@ -85799,7 +85793,7 @@ CVE-2017-2919 (An exploitable stack based buffer
overflow vulnerability exists i
- r-cran-readxl 1.0.0-2 (bug #895564)
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0426
CVE-2017-2918 (An exploitable integer overflow exists in the Image loading ...)
- {DSA-4248-1}
+ {DSA-4248-1 DLA-1465-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE:
https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
@@ -85827,62 +85821,62 @@ CVE-2017-2909 (An infinite loop programming error
exists in the DNS server ...)
[wheezy] - smplayer <not-affected> (Vulnerable code not present)
NOTE: 18.5.0~ds1-1 isn't fixed on the source level, but no longer
builds the Chromecast support
CVE-2017-2908 (An exploitable integer overflow exists in the thumbnail
functionality ...)
- {DSA-4248-1}
+ {DSA-4248-1 DLA-1465-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE:
https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/07aed404cfb2759f97c60b9f64d8a9392dabaf1a
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0415
CVE-2017-2907 (An exploitable integer overflow exists in the animation playing
...)
- {DSA-4248-1}
+ {DSA-4248-1 DLA-1465-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE:
https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0414
CVE-2017-2906 (An exploitable integer overflow exists in the animation playing
...)
- {DSA-4248-1}
+ {DSA-4248-1 DLA-1465-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE:
https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0413
CVE-2017-2905 (An exploitable integer overflow exists in the bmp loading ...)
- {DSA-4248-1}
+ {DSA-4248-1 DLA-1465-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE:
https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0412
CVE-2017-2904 (An exploitable integer overflow exists in the RADIANCE loading
...)
- {DSA-4248-1}
+ {DSA-4248-1 DLA-1465-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE:
https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0411
CVE-2017-2903 (An exploitable integer overflow exists in the DPX loading ...)
- {DSA-4248-1}
+ {DSA-4248-1 DLA-1465-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE:
https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0410
CVE-2017-2902 (An exploitable integer overflow exists in the DPX loading ...)
- {DSA-4248-1}
+ {DSA-4248-1 DLA-1465-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE:
https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0409
CVE-2017-2901 (An exploitable integer overflow exists in the IRIS loading ...)
- {DSA-4248-1}
+ {DSA-4248-1 DLA-1465-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE:
https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/829916f4e57a2d1580ff3b625f6bb909b9144a20
NOTE:
https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0408
CVE-2017-2900 (An exploitable integer overflow exists in the PNG loading ...)
- {DSA-4248-1}
+ {DSA-4248-1 DLA-1465-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE:
https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
NOTE:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0407
CVE-2017-2899 (An exploitable integer overflow exists in the TIFF loading ...)
- {DSA-4248-1}
+ {DSA-4248-1 DLA-1465-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE:
https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
@@ -88550,8 +88544,8 @@ CVE-2017-1751 (IBM Robotic Process Automation with
Automation Anywhere 10.0.0 is
NOT-FOR-US: IBM Robotic Process Automation with Automation Anywhere
CVE-2017-1750 (IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0
through ...)
NOT-FOR-US: IBM Jazz Reporting Service
-CVE-2017-1749
- RESERVED
+CVE-2017-1749 (IBM UrbanCode Deploy 6.1 through 6.9.6.0 could allow a remote
attacker ...)
+ TODO: check
CVE-2017-1748 (IBM Connections 5.0, 5.5, and 6.0 could allow a remote attacker
to ...)
NOT-FOR-US: IBM
CVE-2017-1747 (A specially crafted message could cause a denial of service in
IBM ...)
@@ -89476,8 +89470,8 @@ CVE-2017-1288
RESERVED
CVE-2017-1287 (IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to
conduct ...)
NOT-FOR-US: IBM
-CVE-2017-1286
- RESERVED
+CVE-2017-1286 (Sensitive information about the configuration of the IBM
UrbanCode ...)
+ TODO: check
CVE-2017-1285 (IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated
user ...)
NOT-FOR-US: IBM
CVE-2017-1284 (IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with
ability ...)
@@ -113838,8 +113832,8 @@ CVE-2016-2924 (IBM Infosphere BigInsights is
vulnerable to cross-site scripting,
NOT-FOR-US: IBM
CVE-2016-2923 (IBM WebSphere Application Server (WAS) 8.5 through 8.5.5.9
Liberty ...)
NOT-FOR-US: IBM
-CVE-2016-2922
- RESERVED
+CVE-2016-2922 (IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through
9.0.1.3 ...)
+ TODO: check
CVE-2016-2921
RESERVED
CVE-2016-2920
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f8300fe274f20f7152ca7a1f8461b70d7872e0bc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f8300fe274f20f7152ca7a1f8461b70d7872e0bc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
