[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Aug 13 21:10:31 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f8300fe2 by security tracker role at 2018-08-13T20:10:22Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -330,20 +330,20 @@ CVE-2018-15147
RESERVED
CVE-2018-15146
RESERVED
-CVE-2018-15145
- RESERVED
-CVE-2018-15144
- RESERVED
-CVE-2018-15143
- RESERVED
-CVE-2018-15142
- RESERVED
-CVE-2018-15141
- RESERVED
-CVE-2018-15140
- RESERVED
-CVE-2018-15139
- RESERVED
+CVE-2018-15145 (Multiple SQL injection vulnerabilities in ...)
+ TODO: check
+CVE-2018-15144 (SQL injection vulnerability in ...)
+ TODO: check
+CVE-2018-15143 (Multiple SQL injection vulnerabilities in ...)
+ TODO: check
+CVE-2018-15142 (Directory traversal in portal/import_template.php in versions of ...)
+ TODO: check
+CVE-2018-15141 (Directory traversal in portal/import_template.php in versions of ...)
+ TODO: check
+CVE-2018-15140 (Directory traversal in portal/import_template.php in versions of ...)
+ TODO: check
+CVE-2018-15139 (Unrestricted file upload in interface/super/manage_site_files.php in ...)
+ TODO: check
CVE-2018-15138
RESERVED
CVE-2018-15137 (CeLa Link CLR-M20 devices allow unauthorized users to upload any file ...)
@@ -896,8 +896,8 @@ CVE-2018-XXXX [Default KeyInfo resolver doesn't check for empty element content.
[jessie] - xml-security-c 1.7.2-3+deb8u1
NOTE: https://issues.apache.org/jira/projects/SANTUARIO/issues/SANTUARIO-491
NOTE: https://shibboleth.net/community/advisories/secadv_20180803.txt
-CVE-2018-14878
- RESERVED
+CVE-2018-14878 (JetBrains dotPeek before 2018.2 and ReSharper Ultimate before 2018.1.4 ...)
+ TODO: check
CVE-2018-14877 (An issue was discovered in WeaselCMS v0.3.5. XSS exists via Site ...)
NOT-FOR-US: WeaselCMS
CVE-2018-14876 (An issue was discovered in image_save_png in image/image-png.cpp in ...)
@@ -959,12 +959,10 @@ CVE-2018-14851 (exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5
- php5 <removed>
NOTE: Fixed in 5.6.37, 7.0.31, 7.1.20, 7.2.8
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76557
-CVE-2018-14850
- RESERVED
+CVE-2018-14850 (Stored XSS vulnerabilities in Tiki before 18.2, 15.7 and 12.14 allow ...)
- tikiwiki <removed>
NOTE: https://sourceforge.net/p/tikiwiki/code/66990
-CVE-2018-14849
- RESERVED
+CVE-2018-14849 (Tiki before 18.2, 15.7 and 12.14 has XSS via link attributes, related ...)
- tikiwiki <removed>
NOTE: https://sourceforge.net/p/tikiwiki/code/66809
CVE-2018-14848
@@ -2106,6 +2104,7 @@ CVE-2016-10727 (camel/providers/imapx/camel-imapx-server.c in the IMAPx componen
NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/commit/f26a6f67
CVE-2018-14424 [use-after-free of disposed transient displays]
RESERVED
+ {DSA-4270-1}
- gdm3 3.28.2-4
NOTE: https://gitlab.gnome.org/GNOME/gdm/issues/401
NOTE: https://gitlab.gnome.org/GNOME/gdm/commit/6060db704a19b0db68f2e9e6a2d020c0c78b6bba
@@ -4480,12 +4479,12 @@ CVE-2018-13419 (An issue has been found in libsndfile 1.0.28. There is a memory
NOTE: https://github.com/erikd/libsndfile/issues/398
CVE-2018-13418
RESERVED
-CVE-2018-13417
- RESERVED
+CVE-2018-13417 (In Vuze Bittorrent Client 5.7.6.0, the XML parsing engine for ...)
+ TODO: check
CVE-2018-13416 (In Universal Media Server (UMS) 7.1.0, the XML parsing engine for ...)
NOT-FOR-US: Universal Media Server
-CVE-2018-13415
- RESERVED
+CVE-2018-13415 (In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP ...)
+ TODO: check
CVE-2018-13414
RESERVED
CVE-2018-13413
@@ -4509,7 +4508,7 @@ CVE-2018-13406 (An integer overflow in the uvesafb_setcmap function in ...)
- linux 4.17.6-1
NOTE: https://git.kernel.org/linus/9f645bcc566a1e9f921bdae7528a01ced5bc3713
CVE-2018-13405 (The inode_init_owner function in fs/inode.c in the Linux kernel through ...)
- {DSA-4266-1}
+ {DSA-4266-1 DLA-1466-1}
- linux 4.17.6-1
NOTE: https://git.kernel.org/linus/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7
NOTE: http://www.openwall.com/lists/oss-security/2018/07/13/2
@@ -4537,8 +4536,8 @@ CVE-2018-13394
RESERVED
CVE-2018-13393
RESERVED
-CVE-2018-13392
- RESERVED
+CVE-2018-13392 (Several resources in Atlassian Fisheye and Crucible before version ...)
+ TODO: check
CVE-2018-13391
RESERVED
CVE-2018-13390 (Unauthenticated access to cloudtoken daemon on Linux via network from ...)
@@ -6542,8 +6541,8 @@ CVE-2018-12589 (Polaris Office 2017 8.1 allows attackers to execute arbitrary co
NOT-FOR-US: Polaris Office
CVE-2018-12588 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: Public Knowledge Project (PKP) Open Monograph Press (OMP)
-CVE-2018-12587
- RESERVED
+CVE-2018-12587 (A cross-site scripting (XSS) vulnerability was found in valeuraddons ...)
+ TODO: check
CVE-2018-12586
RESERVED
CVE-2018-12585
@@ -8678,8 +8677,7 @@ CVE-2018-11772
RESERVED
CVE-2018-11771
RESERVED
-CVE-2018-11770
- RESERVED
+CVE-2018-11770 (From version 1.3.0 onward, Apache Spark's standalone master exposes a ...)
NOT-FOR-US: Apache Spark
CVE-2018-11769 (CouchDB administrative users before 2.2.0 can configure the database ...)
- couchdb <removed>
@@ -11197,8 +11195,7 @@ CVE-2018-10866
CVE-2018-10865
RESERVED
NOT-FOR-US: Red Hat Certification
-CVE-2018-10864
- RESERVED
+CVE-2018-10864 (An uncontrolled resource consumption flaw has been discovered in ...)
NOT-FOR-US: Red Hat Certification
CVE-2018-10863
RESERVED
@@ -11274,8 +11271,7 @@ CVE-2018-10844
RESERVED
CVE-2018-10843 (source-to-image component of Openshift Container Platform before ...)
NOT-FOR-US: source-to-image in OpenShift
-CVE-2018-10842
- RESERVED
+CVE-2018-10842 (It was found that an authenticated user could manipulate user session ...)
NOT-FOR-US: Keycloak
CVE-2018-10841 (glusterfs is vulnerable to privilege escalation on gluster server ...)
- glusterfs 4.1.2-1 (bug #901968)
@@ -11953,8 +11949,8 @@ CVE-2018-10571 (Multiple reflected cross-site scripting (XSS) vulnerabilities in
NOT-FOR-US: OpenEMR
CVE-2018-10570 (Frog CMS 0.9.5 has XSS in /install/index.php via the ...)
NOT-FOR-US: Frog CMS
-CVE-2018-10569
- RESERVED
+CVE-2018-10569 (An issue was discovered in Edimax EW-7438RPn Mini v2 before version ...)
+ TODO: check
CVE-2018-10568 (XSS exists in Flexense DiskSorter Enterprise from v9.5.12 to v10.7. ...)
NOT-FOR-US: Flexense DiskSorter Enterprise
CVE-2018-10567 (XSS exists in Flexense VX Search Enterprise from v10.1.12 to v10.7. ...)
@@ -23386,8 +23382,8 @@ CVE-2018-6416
RESERVED
CVE-2018-6415
RESERVED
-CVE-2018-6414
- RESERVED
+CVE-2018-6414 (A buffer overflow vulnerability in the web server of some Hikvision IP ...)
+ TODO: check
CVE-2018-6413 (There is a buffer overflow in the Hikvision Camera DS-2CD9111-S of ...)
NOT-FOR-US: Hikvision Camera DS-2CD9111-S
CVE-2018-6412 (In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c ...)
@@ -25259,10 +25255,10 @@ CVE-2018-5927
RESERVED
CVE-2018-5926
RESERVED
-CVE-2018-5925
- RESERVED
-CVE-2018-5924
- RESERVED
+CVE-2018-5925 (A security vulnerability has been identified with certain HP Inkjet ...)
+ TODO: check
+CVE-2018-5924 (A security vulnerability has been identified with certain HP Inkjet ...)
+ TODO: check
CVE-2018-5923
RESERVED
CVE-2018-5922
@@ -26669,7 +26665,7 @@ CVE-2018-5392 [mingw-w64 by default produces executables that opt in to ASLR, bu
CVE-2018-5391
RESERVED
CVE-2018-5390 (Linux kernel versions 4.9+ can be forced to make very expensive calls ...)
- {DSA-4266-1}
+ {DSA-4266-1 DLA-1466-1}
- linux 4.17.14-1 (bug #905751)
[jessie] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://www.kb.cert.org/vuls/id/962459
@@ -30938,11 +30934,11 @@ CVE-2018-3784
CVE-2018-3783
RESERVED
CVE-2018-3782
- RESERVED
-CVE-2018-3781
- RESERVED
-CVE-2018-3780
- RESERVED
+ REJECTED
+CVE-2018-3781 (A missing sanitization of search results for an autocomplete field in ...)
+ TODO: check
+CVE-2018-3780 (A missing sanitization of search results for an autocomplete field in ...)
+ TODO: check
CVE-2018-3779 (active-support ruby gem 5.2.0 could allow a remote attacker to execute ...)
NOT-FOR-US: Trojaned gem release
CVE-2018-3778 (Improper authorization in aedes version <0.35.0 will publish a LWT in ...)
@@ -38193,7 +38189,7 @@ CVE-2018-1260 (Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to
NOT-FOR-US: Spring Security OAuth
CVE-2018-1259 (Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to ...)
NOT-FOR-US: Spring Data Commons
-CVE-2018-1258 (Spring Security in combination with Spring Framework versions prior to ...)
+CVE-2018-1258 (Spring Framework version 5.0.5 when used in combination with any ...)
- libspring-security-2.0-java <removed>
NOTE: https://pivotal.io/security/cve-2018-1258
CVE-2018-1257 (Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior ...)
@@ -40581,8 +40577,8 @@ CVE-2018-0716
RESERVED
CVE-2018-0715
RESERVED
-CVE-2018-0714
- RESERVED
+CVE-2018-0714 (Command injection vulnerability in Helpdesk versions 1.1.21 and ...)
+ TODO: check
CVE-2018-0713
RESERVED
CVE-2018-0712 (Command injection vulnerability in LDAP Server in QNAP QTS 4.2.6 build ...)
@@ -47950,8 +47946,7 @@ CVE-2017-15140
RESERVED
CVE-2017-15139
RESERVED
-CVE-2017-15138
- RESERVED
+CVE-2017-15138 (The OpenShift Enterprise cluster-read can access webhook tokens which ...)
NOT-FOR-US: atomic-openshift
CVE-2017-15137 (The OpenShift image import whitelist failed to enforce restrictions ...)
NOT-FOR-US: atomic-openshift
@@ -57348,43 +57343,43 @@ CVE-2017-12107 (An memory corruption vulnerability exists in the .PCX parsing ..
CVE-2017-12106 (A memory corruption vulnerability exists in the .TGA parsing ...)
NOT-FOR-US: Computerinsel Photoline
CVE-2017-12105 (An exploitable integer overflow exists in the way that the Blender ...)
- {DSA-4248-1}
+ {DSA-4248-1 DLA-1465-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0457
CVE-2017-12104 (An exploitable integer overflow exists in the way that the Blender ...)
- {DSA-4248-1}
+ {DSA-4248-1 DLA-1465-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e6df02861e17f75d4dd243776f35208681b78465
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0456
CVE-2017-12103 (An exploitable integer overflow exists in the way that the Blender ...)
- {DSA-4248-1}
+ {DSA-4248-1 DLA-1465-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e6df02861e17f75d4dd243776f35208681b78465
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0455
CVE-2017-12102 (An exploitable integer overflow exists in the way that the Blender ...)
- {DSA-4248-1}
+ {DSA-4248-1 DLA-1465-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e6df02861e17f75d4dd243776f35208681b78465
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0454
CVE-2017-12101 (An exploitable integer overflow exists in the ...)
- {DSA-4248-1}
+ {DSA-4248-1 DLA-1465-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0453
CVE-2017-12100 (An exploitable integer overflow exists in the 'multires_load_old_dm' ...)
- {DSA-4248-1}
+ {DSA-4248-1 DLA-1465-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0452
CVE-2017-12099 (An exploitable integer overflow exists in the upgrade of the legacy ...)
- {DSA-4248-1}
+ {DSA-4248-1 DLA-1465-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581
@@ -57420,7 +57415,7 @@ CVE-2017-12087 (An exploitable heap overflow vulnerability exists in the tinysvc
NOTE: Debian build uses Avahi instead
NOTE: https://bugs.launchpad.net/ubuntu/+source/shairport-sync/+bug/1729668
CVE-2017-12086 (An exploitable integer overflow exists in the ...)
- {DSA-4248-1}
+ {DSA-4248-1 DLA-1465-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581
@@ -57432,13 +57427,13 @@ CVE-2017-12084 (A backdoor vulnerability exists in remote control functionality
CVE-2017-12083 (An exploitable information disclosure vulnerability exists in the apid ...)
NOT-FOR-US: Circle with Disney
CVE-2017-12082 (An exploitable integer overflow exists in the 'CustomData' Mesh ...)
- {DSA-4248-1}
+ {DSA-4248-1 DLA-1465-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0434
CVE-2017-12081 (An exploitable integer overflow exists in the upgrade of a legacy Mesh ...)
- {DSA-4248-1}
+ {DSA-4248-1 DLA-1465-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581
@@ -71472,8 +71467,7 @@ CVE-2017-7501 (It was found that versions of rpm before 4.13.0.2 use temporary f
- rpm <unfixed> (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1452133
NOTE: Not supported for installations in Debian (and an unprivileged attacker would not have permissions for systems directories anyway)
-CVE-2017-7500 [Following symlinks to directories when installing packages allows privilege escalation]
- RESERVED
+CVE-2017-7500 (It was found that rpm did not properly handle RPM installations when a ...)
- rpm <unfixed> (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1450369
NOTE: Not supported for installations in Debian (and an unprivileged attacker would not have permissions for systems directories anyway)
@@ -85799,7 +85793,7 @@ CVE-2017-2919 (An exploitable stack based buffer overflow vulnerability exists i
- r-cran-readxl 1.0.0-2 (bug #895564)
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0426
CVE-2017-2918 (An exploitable integer overflow exists in the Image loading ...)
- {DSA-4248-1}
+ {DSA-4248-1 DLA-1465-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
@@ -85827,62 +85821,62 @@ CVE-2017-2909 (An infinite loop programming error exists in the DNS server ...)
[wheezy] - smplayer <not-affected> (Vulnerable code not present)
NOTE: 18.5.0~ds1-1 isn't fixed on the source level, but no longer builds the Chromecast support
CVE-2017-2908 (An exploitable integer overflow exists in the thumbnail functionality ...)
- {DSA-4248-1}
+ {DSA-4248-1 DLA-1465-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/07aed404cfb2759f97c60b9f64d8a9392dabaf1a
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0415
CVE-2017-2907 (An exploitable integer overflow exists in the animation playing ...)
- {DSA-4248-1}
+ {DSA-4248-1 DLA-1465-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0414
CVE-2017-2906 (An exploitable integer overflow exists in the animation playing ...)
- {DSA-4248-1}
+ {DSA-4248-1 DLA-1465-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0413
CVE-2017-2905 (An exploitable integer overflow exists in the bmp loading ...)
- {DSA-4248-1}
+ {DSA-4248-1 DLA-1465-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0412
CVE-2017-2904 (An exploitable integer overflow exists in the RADIANCE loading ...)
- {DSA-4248-1}
+ {DSA-4248-1 DLA-1465-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0411
CVE-2017-2903 (An exploitable integer overflow exists in the DPX loading ...)
- {DSA-4248-1}
+ {DSA-4248-1 DLA-1465-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0410
CVE-2017-2902 (An exploitable integer overflow exists in the DPX loading ...)
- {DSA-4248-1}
+ {DSA-4248-1 DLA-1465-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0409
CVE-2017-2901 (An exploitable integer overflow exists in the IRIS loading ...)
- {DSA-4248-1}
+ {DSA-4248-1 DLA-1465-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/829916f4e57a2d1580ff3b625f6bb909b9144a20
NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0408
CVE-2017-2900 (An exploitable integer overflow exists in the PNG loading ...)
- {DSA-4248-1}
+ {DSA-4248-1 DLA-1465-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0407
CVE-2017-2899 (An exploitable integer overflow exists in the TIFF loading ...)
- {DSA-4248-1}
+ {DSA-4248-1 DLA-1465-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
@@ -88550,8 +88544,8 @@ CVE-2017-1751 (IBM Robotic Process Automation with Automation Anywhere 10.0.0 is
NOT-FOR-US: IBM Robotic Process Automation with Automation Anywhere
CVE-2017-1750 (IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through ...)
NOT-FOR-US: IBM Jazz Reporting Service
-CVE-2017-1749
- RESERVED
+CVE-2017-1749 (IBM UrbanCode Deploy 6.1 through 6.9.6.0 could allow a remote attacker ...)
+ TODO: check
CVE-2017-1748 (IBM Connections 5.0, 5.5, and 6.0 could allow a remote attacker to ...)
NOT-FOR-US: IBM
CVE-2017-1747 (A specially crafted message could cause a denial of service in IBM ...)
@@ -89476,8 +89470,8 @@ CVE-2017-1288
RESERVED
CVE-2017-1287 (IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to conduct ...)
NOT-FOR-US: IBM
-CVE-2017-1286
- RESERVED
+CVE-2017-1286 (Sensitive information about the configuration of the IBM UrbanCode ...)
+ TODO: check
CVE-2017-1285 (IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user ...)
NOT-FOR-US: IBM
CVE-2017-1284 (IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with ability ...)
@@ -113838,8 +113832,8 @@ CVE-2016-2924 (IBM Infosphere BigInsights is vulnerable to cross-site scripting,
NOT-FOR-US: IBM
CVE-2016-2923 (IBM WebSphere Application Server (WAS) 8.5 through 8.5.5.9 Liberty ...)
NOT-FOR-US: IBM
-CVE-2016-2922
- RESERVED
+CVE-2016-2922 (IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 ...)
+ TODO: check
CVE-2016-2921
RESERVED
CVE-2016-2920
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f8300fe274f20f7152ca7a1f8461b70d7872e0bc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f8300fe274f20f7152ca7a1f8461b70d7872e0bc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180813/01b2a247/attachment.html>
More information about the debian-security-tracker-commits
mailing list