[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] new r-cran-readxl issues

Moritz Muehlenhoff Thu, 12 Apr 2018 11:51:37 -0700

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
064fef0c by Moritz Muehlenhoff at 2018-04-12T20:50:40+02:00
new r-cran-readxl issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -42226,9 +42226,11 @@ CVE-2017-12113 (An exploitable improper authorization 
vulnerability exists in ..
 CVE-2017-12112 (An exploitable improper authorization vulnerability exists in 
...)
        - cpp-ethereum <itp> (bug #860434)
 CVE-2017-12111 (An exploitable out-of-bounds vulnerability exists in the 
xls_addCell ...)
-       TODO: check, libxls is not packaged in Debian, but embedded in 
r-cran-readxl
+       - r-cran-readxl <unfixed> (bug #895564)
+       NOTE: 
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0463
 CVE-2017-12110 (An exploitable integer overflow vulnerability exists in the 
...)
-       TODO: check, libxls is not packaged in Debian, but embedded in 
r-cran-readxl
+       - r-cran-readxl <unfixed> (bug #895564)
+       NOTE: 
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0462
 CVE-2017-12109
        RESERVED
 CVE-2017-12108
@@ -70790,7 +70792,8 @@ CVE-2017-2921 (An exploitable memory corruption 
vulnerability exists in the Webs
 CVE-2017-2920 (An memory corruption vulnerability exists in the .SVG parsing 
...)
        NOT-FOR-US: Computerinsel Photoline
 CVE-2017-2919 (An exploitable stack based buffer overflow vulnerability exists 
in the ...)
-       TODO: check, libxls is not packaged in Debian, but embedded in 
r-cran-readxl
+       - r-cran-readxl <unfixed> (bug #895564)
+       NOTE: 
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0426
 CVE-2017-2918
        RESERVED
 CVE-2017-2917 (An exploitable vulnerability exists in the notifications 
functionality ...)
@@ -70835,9 +70838,11 @@ CVE-2017-2899
 CVE-2017-2898 (An exploitable vulnerability exists in the signature 
verification of ...)
        NOT-FOR-US: Circle with Disney
 CVE-2017-2897 (An exploitable out-of-bounds write vulnerability exists in the 
...)
-       TODO: check, libxls is not packaged in Debian, but embedded in 
r-cran-readxl
+       - r-cran-readxl <unfixed> (bug #895564)
+       NOTE: 
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0404
 CVE-2017-2896 (An exploitable out-of-bounds write vulnerability exists in the 
...)
-       TODO: check, libxls is not packaged in Debian, but embedded in 
r-cran-readxl
+       - r-cran-readxl <unfixed> (bug #895564)
+       NOTE: 
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0403
 CVE-2017-2895 (An exploitable arbitrary memory read vulnerability exists in 
the MQTT ...)
        NOT-FOR-US: Cesanta Mongoose
        TODO: check smplayer, embeds it



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/064fef0cae91a3ce8d0ce4d5d15af8216b0ab562

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/064fef0cae91a3ce8d0ce4d5d15af8216b0ab562
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] new r-cran-readxl issues

Reply via email to