[Git][security-tracker-team/security-tracker][master] Record new blender issues

Salvatore Bonaccorso carnil at debian.org
Thu Apr 26 07:33:41 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
59d85956 by Salvatore Bonaccorso at 2018-04-26T08:33:26+02:00
Record new blender issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -43450,7 +43450,9 @@ CVE-2017-12107 (An memory corruption vulnerability exists in the .PCX parsing ..
 CVE-2017-12106 (A memory corruption vulnerability exists in the .TGA parsing ...)
 	NOT-FOR-US: Computerinsel Photoline
 CVE-2017-12105 (An exploitable integer overflow exists in the way that the Blender ...)
-	TODO: check
+	- blender 2.79.a+dfsg0-1
+	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581
+	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0457
 CVE-2017-12104 (An exploitable integer overflow exists in the way that the Blender ...)
 	TODO: check
 CVE-2017-12103 (An exploitable integer overflow exists in the way that the Blender ...)
@@ -43458,11 +43460,17 @@ CVE-2017-12103 (An exploitable integer overflow exists in the way that the Blend
 CVE-2017-12102 (An exploitable integer overflow exists in the way that the Blender ...)
 	TODO: check
 CVE-2017-12101 (An exploitable integer overflow exists in the ...)
-	TODO: check
+	- blender 2.79.a+dfsg0-1
+	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581
+	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0453
 CVE-2017-12100 (An exploitable integer overflow exists in the 'multires_load_old_dm' ...)
-	TODO: check
+	- blender 2.79.a+dfsg0-1
+	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581
+	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0452
 CVE-2017-12099 (An exploitable integer overflow exists in the upgrade of the legacy ...)
-	TODO: check
+	- blender 2.79.a+dfsg0-1
+	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581
+	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0451
 CVE-2017-12098 (An exploitable cross site scripting (XSS) vulnerability exists in the ...)
 	- ruby-rails-admin <unfixed>
 	[stretch] - ruby-rails-admin <no-dsa> (Minor issue)
@@ -43502,9 +43510,13 @@ CVE-2017-12084 (A backdoor vulnerability exists in remote control functionality 
 CVE-2017-12083 (An exploitable information disclosure vulnerability exists in the apid ...)
 	NOT-FOR-US: Circle with Disney
 CVE-2017-12082 (An exploitable integer overflow exists in the 'CustomData' Mesh ...)
-	TODO: check
+	- blender 2.79.a+dfsg0-1
+	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581
+	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0434
 CVE-2017-12081 (An exploitable integer overflow exists in the upgrade of a legacy Mesh ...)
-	TODO: check
+	- blender 2.79.a+dfsg0-1
+	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581
+	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0433
 CVE-2017-12080 (An information exposure vulnerability in default HTTP configuration ...)
 	NOT-FOR-US: Synology Photo Station
 CVE-2017-12079 (Files or directories accessible to external parties vulnerability in ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/59d8595660061252d77636b8af27863e17795e89

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/59d8595660061252d77636b8af27863e17795e89
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180426/7b8a3864/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list