[Git][security-tracker-team/security-tracker][master] 2 commits: openexr: add commit reference for 2.5

Moritz Muehlenhoff (@jmm) Thu, 08 Jul 2021 13:19:15 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
89778b99 by Moritz Muehlenhoff at 2021-07-08T22:15:13+02:00
openexr: add commit reference for 2.5

- - - - -
d4701e73 by Moritz Muehlenhoff at 2021-07-08T22:18:46+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3500,7 +3500,8 @@ CVE-2021-3598 (There's a flaw in OpenEXR's 
ImfDeepScanLineInputFile functionalit
        [buster] - openexr <no-dsa> (Minor issue)
        NOTE: https://github.com/AcademySoftwareFoundation/openexr/issues/1033
        NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1037
-       NOTE: 
https://github.com/AcademySoftwareFoundation/openexr/commit/566f5241edd87445373885d5f7a904dc81e866c1
+       NOTE: 
https://github.com/AcademySoftwareFoundation/openexr/commit/566f5241edd87445373885d5f7a904dc81e866c1
 (master)
+       NOTE: 
https://github.com/AcademySoftwareFoundation/openexr/commit/e2667ae1a3ff8a9fce730e61129868b326abb3f5
 (2.5)
        NOTE: Introduced by 
https://github.com/AcademySoftwareFoundation/openexr/commit/9f011ae9ce9b1ca03521ff76e7659d34ee830344
 (v2.0.0)
 CVE-2021-3597
        RESERVED
@@ -3627,17 +3628,17 @@ CVE-2021-34616
 CVE-2021-34615
        RESERVED
 CVE-2021-34614 (A remote arbitrary command execution vulnerability was 
discovered in A ...)
-       TODO: check
+       NOT-FOR-US: Aruba
 CVE-2021-34613
        RESERVED
 CVE-2021-34612
        RESERVED
 CVE-2021-34611 (A remote arbitrary command execution vulnerability was 
discovered in A ...)
-       TODO: check
+       NOT-FOR-US: Aruba
 CVE-2021-34610 (A remote arbitrary command execution vulnerability was 
discovered in A ...)
-       TODO: check
+       NOT-FOR-US: Aruba
 CVE-2021-34609 (A remote SQL injection vulnerability was discovered in Aruba 
ClearPass ...)
-       TODO: check
+       NOT-FOR-US: Aruba
 CVE-2021-34608
        RESERVED
 CVE-2021-34607
@@ -4054,7 +4055,7 @@ CVE-2021-34432
 CVE-2021-34431
        RESERVED
 CVE-2021-34430 (Eclipse TinyDTLS through 0.9-rc1 relies on the rand function 
in the C  ...)
-       TODO: check
+       NOT-FOR-US: Eclipse TinyDTLS
 CVE-2021-34429
        RESERVED
 CVE-2021-34428 (For Eclipse Jetty versions &lt;= 9.4.40, &lt;= 10.0.2, &lt;= 
11.0.2, i ...)
@@ -4738,7 +4739,7 @@ CVE-2021-34112
 CVE-2021-34111
        RESERVED
 CVE-2021-34110 (WinWaste.NET version 1.0.6183.16475 has incorrect permissions, 
allowin ...)
-       TODO: check
+       NOT-FOR-US: WinWaste.NET
 CVE-2021-34109
        RESERVED
 CVE-2021-34108
@@ -8406,7 +8407,7 @@ CVE-2021-32539 (Add event in calendar function in the 
101EIP system does not fil
 CVE-2021-32538 (ARTWARE CMS parameter of image upload function does not filter 
the typ ...)
        NOT-FOR-US: ARTWARE CMS
 CVE-2021-32537 (Realtek HAD contains a driver crashed vulnerability which 
allows local ...)
-       TODO: check
+       NOT-FOR-US: Realtek
 CVE-2021-32536 (The login page in the MCUsystem does not filter with special 
character ...)
        NOT-FOR-US: MCUsystem
 CVE-2021-32535 (The vulnerability of hard-coded default credentials in QSAN 
SANOS allo ...)
@@ -8599,9 +8600,9 @@ CVE-2021-32464
 CVE-2021-32463
        RESERVED
 CVE-2021-32462 (Trend Micro Password Manager (Consumer) version 5.0.0.1217 and 
below i ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2021-32461 (Trend Micro Password Manager (Consumer) version 5.0.0.1217 and 
below i ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2021-32460 (The Trend Micro Maximum Security 2021 (v17) consumer product 
is vulner ...)
        NOT-FOR-US: Trend Micro
 CVE-2021-32459 (Trend Micro Home Network Security version 6.6.604 and earlier 
contains ...)
@@ -10210,9 +10211,9 @@ CVE-2021-31819
 CVE-2021-31818 (Affected versions of Octopus Server are prone to an 
authenticated SQL  ...)
        NOT-FOR-US: Octopus Server
 CVE-2021-31817 (When configuring Octopus Server if it is configured with an 
external S ...)
-       TODO: check
+       NOT-FOR-US: Octopus Server
 CVE-2021-31816 (When configuring Octopus Server if it is configured with an 
external S ...)
-       TODO: check
+       NOT-FOR-US: Octopus Server
 CVE-2019-25042 (** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds 
write via  ...)
        {DLA-2652-1}
        - unbound 1.9.6-1
@@ -15366,7 +15367,7 @@ CVE-2021-29713
 CVE-2021-29712
        RESERVED
 CVE-2021-29711 (IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 6.2.7.8 , 
6.2.7.9, 7.0.3. ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2021-29710
        RESERVED
 CVE-2021-29709
@@ -16825,11 +16826,11 @@ CVE-2021-3465
 CVE-2021-29153
        RESERVED
 CVE-2021-29152 (A remote denial of service (DoS) vulnerability was discovered 
in Aruba ...)
-       TODO: check
+       NOT-FOR-US: Aruba
 CVE-2021-29151 (A remote authentication bypass vulnerability was discovered in 
Aruba C ...)
-       TODO: check
+       NOT-FOR-US: Aruba
 CVE-2021-29150 (A remote insecure deserialization vulnerability was discovered 
in Arub ...)
-       TODO: check
+       NOT-FOR-US: Aruba
 CVE-2021-29149
        RESERVED
 CVE-2021-29148
@@ -17650,7 +17651,7 @@ CVE-2021-28811 (If exploited, this command injection 
vulnerability could allow r
 CVE-2021-28810 (If exploited, this vulnerability allows an attacker to access 
resource ...)
        NOT-FOR-US: QNAP
 CVE-2021-28809 (An improper access control vulnerability has been reported to 
affect c ...)
-       TODO: check
+       NOT-FOR-US: QNAP
 CVE-2021-28808
        RESERVED
 CVE-2021-28807 (A post-authentication reflected XSS vulnerability has been 
reported to ...)
@@ -33135,7 +33136,7 @@ CVE-2021-22235
 CVE-2021-22234
        RESERVED
 CVE-2021-22233 (An information disclosure vulnerability in GitLab EE versions 
13.10 an ...)
-       TODO: check
+       - gitlab <not-affected> (Specific to EE)
 CVE-2021-22232 (HTML injection was possible via the full name field before 
versions 13 ...)
        - gitlab <unfixed>
 CVE-2021-22231 (A denial of service in user's profile page is found starting 
with GitL ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d15a2c1d8ab1ef0f09b648572c827bf617b50932...d4701e73b6524274b03e755215e6a02254220c55

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d15a2c1d8ab1ef0f09b648572c827bf617b50932...d4701e73b6524274b03e755215e6a02254220c55
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: openexr: add commit reference for 2.5

Reply via email to