[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] new r-cran-readxl issues
Moritz Muehlenhoff
jmm at debian.org
Thu Apr 12 19:51:13 BST 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
064fef0c by Moritz Muehlenhoff at 2018-04-12T20:50:40+02:00
new r-cran-readxl issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -42226,9 +42226,11 @@ CVE-2017-12113 (An exploitable improper authorization vulnerability exists in ..
CVE-2017-12112 (An exploitable improper authorization vulnerability exists in ...)
- cpp-ethereum <itp> (bug #860434)
CVE-2017-12111 (An exploitable out-of-bounds vulnerability exists in the xls_addCell ...)
- TODO: check, libxls is not packaged in Debian, but embedded in r-cran-readxl
+ - r-cran-readxl <unfixed> (bug #895564)
+ NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0463
CVE-2017-12110 (An exploitable integer overflow vulnerability exists in the ...)
- TODO: check, libxls is not packaged in Debian, but embedded in r-cran-readxl
+ - r-cran-readxl <unfixed> (bug #895564)
+ NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0462
CVE-2017-12109
RESERVED
CVE-2017-12108
@@ -70790,7 +70792,8 @@ CVE-2017-2921 (An exploitable memory corruption vulnerability exists in the Webs
CVE-2017-2920 (An memory corruption vulnerability exists in the .SVG parsing ...)
NOT-FOR-US: Computerinsel Photoline
CVE-2017-2919 (An exploitable stack based buffer overflow vulnerability exists in the ...)
- TODO: check, libxls is not packaged in Debian, but embedded in r-cran-readxl
+ - r-cran-readxl <unfixed> (bug #895564)
+ NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0426
CVE-2017-2918
RESERVED
CVE-2017-2917 (An exploitable vulnerability exists in the notifications functionality ...)
@@ -70835,9 +70838,11 @@ CVE-2017-2899
CVE-2017-2898 (An exploitable vulnerability exists in the signature verification of ...)
NOT-FOR-US: Circle with Disney
CVE-2017-2897 (An exploitable out-of-bounds write vulnerability exists in the ...)
- TODO: check, libxls is not packaged in Debian, but embedded in r-cran-readxl
+ - r-cran-readxl <unfixed> (bug #895564)
+ NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0404
CVE-2017-2896 (An exploitable out-of-bounds write vulnerability exists in the ...)
- TODO: check, libxls is not packaged in Debian, but embedded in r-cran-readxl
+ - r-cran-readxl <unfixed> (bug #895564)
+ NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0403
CVE-2017-2895 (An exploitable arbitrary memory read vulnerability exists in the MQTT ...)
NOT-FOR-US: Cesanta Mongoose
TODO: check smplayer, embeds it
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/064fef0cae91a3ce8d0ce4d5d15af8216b0ab562
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/064fef0cae91a3ce8d0ce4d5d15af8216b0ab562
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180412/66dd7e86/attachment.html>
More information about the debian-security-tracker-commits
mailing list