[Git][security-tracker-team/security-tracker][master] Track more blender CVEs

Salvatore Bonaccorso carnil at debian.org
Fri Apr 27 05:33:45 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
48424ce7 by Salvatore Bonaccorso at 2018-04-27T06:33:26+02:00
Track more blender CVEs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -72150,7 +72150,9 @@ CVE-2017-2919 (An exploitable stack based buffer overflow vulnerability exists i
 	- r-cran-readxl 1.0.0-2 (bug #895564)
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0426
 CVE-2017-2918 (An exploitable integer overflow exists in the Image loading ...)
-	TODO: check
+	- blender 2.79.a+dfsg0-1
+	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
+	NOTE: :https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0425
 CVE-2017-2917 (An exploitable vulnerability exists in the notifications functionality ...)
 	NOT-FOR-US: Circle with Disney
 CVE-2017-2916 (An exploitable vulnerability exists in the /api/CONFIG/restore ...)
@@ -72177,23 +72179,42 @@ CVE-2017-2908 (An exploitable integer overflow exists in the thumbnail functiona
 	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/07aed404cfb2759f97c60b9f64d8a9392dabaf1a
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0415
 CVE-2017-2907 (An exploitable integer overflow exists in the animation playing ...)
-	TODO: check
+	- blender 2.79.a+dfsg0-1
+	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
+	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0414
 CVE-2017-2906 (An exploitable integer overflow exists in the animation playing ...)
-	TODO: check
+	- blender 2.79.a+dfsg0-1
+	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
+	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0413
 CVE-2017-2905 (An exploitable integer overflow exists in the bmp loading ...)
-	TODO: check
+	- blender 2.79.a+dfsg0-1
+	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
+	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0412
 CVE-2017-2904 (An exploitable integer overflow exists in the RADIANCE loading ...)
-	TODO: check
+	- blender 2.79.a+dfsg0-1
+	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
+	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0411
 CVE-2017-2903 (An exploitable integer overflow exists in the DPX loading ...)
+	- blender 2.79.a+dfsg0-1
+	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
+	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0410
 	TODO: check
 CVE-2017-2902 (An exploitable integer overflow exists in the DPX loading ...)
-	TODO: check
+	- blender 2.79.a+dfsg0-1
+	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
+	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0409
 CVE-2017-2901 (An exploitable integer overflow exists in the IRIS loading ...)
-	TODO: check
+	- blender 2.79.a+dfsg0-1
+	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
+	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0408
 CVE-2017-2900 (An exploitable integer overflow exists in the PNG loading ...)
-	TODO: check
+	- blender 2.79.a+dfsg0-1
+	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
+	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0407
 CVE-2017-2899 (An exploitable integer overflow exists in the TIFF loading ...)
-	TODO: check
+	- blender 2.79.a+dfsg0-1
+	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
+	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0406
 CVE-2017-2898 (An exploitable vulnerability exists in the signature verification of ...)
 	NOT-FOR-US: Circle with Disney
 CVE-2017-2897 (An exploitable out-of-bounds write vulnerability exists in the ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/48424ce71a44a8fc6440c611e092c913d5f496d8

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/48424ce71a44a8fc6440c611e092c913d5f496d8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180427/e74070d5/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list