[Secure-testing-team] Bug#890412: CVE-2017-10689

Source: puppet Severity: important Tags: security Hi, please see https://puppet.com/security/cve/CVE-2017-10689 Report is here: https://tickets.puppetlabs.com/browse/PUP-7866 Patch is here: https://github.com/puppetlabs/puppet/commit/17d9e02da3882e44c1876e2805cf9708481715ee Cheers,

[Secure-testing-team] Bug#890450: freetype: CVE-2018-6942: NULL pointer dereference in the Ins_GETVARIATION() function

Source: freetype Version: 2.8.1-1 Severity: important Tags: security upstream Hi, the following vulnerability was published for freetype. CVE-2018-6942[0]: | An issue was discovered in FreeType 2 through 2.9. A NULL pointer | dereference in the Ins_GETVARIATION() function within ttinterp.c

[Secure-testing-team] Bug#890441: tiff: CVE-2018-5784: Uncontrolled resource consumption in TIFFSetDirectory

Source: tiff Version: 4.0.9-1 Severity: important Tags: patch security upstream Forwarded: http://bugzilla.maptools.org/show_bug.cgi?id=2772 Hi, the following vulnerability was published for tiff. CVE-2018-5784[0]: | In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the |

[Secure-testing-team] Bug#890440: puppet: CVE-2017-10690

Source: puppet Version: 5.1.0-1 Severity: important Tags: security upstream Forwarded: https://tickets.puppetlabs.com/browse/PUP-8225 Hi, the following vulnerability was published for puppet. CVE-2017-10690[0]: | In previous versions of Puppet Agent it was possible for the agent to | retrieve