[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Jul 18 09:10:28 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8c118d59 by security tracker role at 2018-07-18T08:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,29 @@
+CVE-2018-14379 (MP4Atom::factory in mp4atom.cpp in MP4v2 2.0.0 incorrectly uses the ...)
+ TODO: check
+CVE-2018-14378 (An issue was discovered in LibTIFF 4.0.9. A buffer overflow can occur ...)
+ TODO: check
+CVE-2018-14377
+ RESERVED
+CVE-2018-14376
+ RESERVED
+CVE-2018-14375 (An issue was discovered in LibTIFF 4.0.9. A buffer overflow ...)
+ TODO: check
+CVE-2018-14374 (An issue was discovered in LibTIFF 4.0.9. A buffer overflow can occur ...)
+ TODO: check
+CVE-2018-14373 (An issue was discovered in LibTIFF 4.0.9. In TIFFFindField in ...)
+ TODO: check
+CVE-2018-14372
+ RESERVED
+CVE-2018-14371
+ RESERVED
+CVE-2018-14370
+ RESERVED
+CVE-2018-14369
+ RESERVED
+CVE-2018-14368
+ RESERVED
+CVE-2018-14367
+ RESERVED
CVE-2018-14366
RESERVED
CVE-2018-14365
@@ -2352,6 +2378,7 @@ CVE-2018-13303 (In FFmpeg 4.0.1, a missing check for failure of a call to ...)
- libav <undetermined>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/00e8181bd97c834fe60751b0c511d4bb97875f78
CVE-2018-13302 (In FFmpeg 4.0.1, improper handling of frame types (other than ...)
+ {DSA-4249-1}
- ffmpeg 7:3.4.3-1
- libav <undetermined>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/ed22dc22216f74c75ee7901f82649e1ff725ba50
@@ -2362,6 +2389,7 @@ CVE-2018-13301 (In FFmpeg 4.0.1, due to a missing check of a profile value befor
- libav <undetermined>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/2aa9047486dbff12d9e040f917e5f799ed2fd78b
CVE-2018-13300 (In FFmpeg 4.0.1, an improper argument (AVCodecParameters) passed to the ...)
+ {DSA-4249-1}
- ffmpeg 7:3.4.3-1
- libav <undetermined>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/95556e27e2c1d56d9e18f5db34d6f756f3011148
@@ -3270,6 +3298,7 @@ CVE-2018-12896 (An issue was discovered in the Linux kernel through 4.17.3. An I
NOTE: https://github.com/lcytxw/bug_repro/tree/master/bug_200189
NOTE: https://github.com/torvalds/linux/commit/78c9c4dfbf8c04883941445a195276bb4bb92c76
CVE-2018-12895 (WordPress through 4.9.6 allows Author users to execute arbitrary code ...)
+ {DSA-4250-1}
- wordpress 4.9.7+dfsg1-1 (bug #902876)
NOTE: https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
NOTE: https://github.com/WordPress/WordPress/commit/c9dce0606b0d7e6f494d4abe7b193ac046a322cd
@@ -4472,6 +4501,7 @@ CVE-2018-12459 (An inconsistent bits-per-sample value in the ...)
[stretch] - ffmpeg <postponed> (Can be fixed when new 3.2.x release fixes it)
NOTE: https://github.com/FFmpeg/FFmpeg/commit/2fc108f60f98cd00813418a8754a46476b404a3c
CVE-2018-12458 (An improper integer type in the mpeg4_encode_gop_header function in ...)
+ {DSA-4249-1}
[experimental] - ffmpeg 7:4.0.1-1 (low)
- ffmpeg 7:3.4.3-1 (low)
NOTE: https://github.com/FFmpeg/FFmpeg/commit/e1182fac1afba92a4975917823a5f644bee7e6e8
@@ -10963,6 +10993,7 @@ CVE-2018-10003
CVE-2018-10002
RESERVED
CVE-2018-10001 (The decode_init function in libavcodec/utvideodec.c in FFmpeg through ...)
+ {DSA-4249-1}
- ffmpeg 7:3.4.3-1 (low)
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=47b7c68ae54560e2308bdb6be4fb076c73b93081
- libav <undetermined>
@@ -17145,6 +17176,7 @@ CVE-2018-7559 (An issue was discovered in OPC UA .NET Standard Stack and Sample
CVE-2018-7558
RESERVED
CVE-2018-7557 (The decode_init function in libavcodec/utvideodec.c in FFmpeg through ...)
+ {DSA-4249-1}
- ffmpeg 7:3.4.3-1
- libav <removed>
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/7414d0bda7763f9bd69c26c068e482ab297c1c96
@@ -19985,7 +20017,7 @@ CVE-2018-1000051 (Artifex Mupdf version 1.12.0 contains a Use After Free vulnera
NOTE: Fixed by: http://www.ghostscript.com/cgi-bin/findgit.cgi?321ba1de287016b0036bf4a56ce774ad11763384
CVE-2018-1000050 (Sean Barrett stb_vorbis version 1.12 and earlier contains a Buffer ...)
NOT-FOR-US: Sean Barrett stb_vorbis
-CVE-2018-1000049 (nanopool Claymore Dual Miner version 7.3 and earlier contains a Remote ...)
+CVE-2018-1000049 (Nanopool Claymore Dual Miner version 7.3 and earlier contains a remote ...)
NOT-FOR-US: nanopool Claymore Dual Miner
CVE-2018-1000048 (NASA RtRetrievalFramework version v1.0 contains a CWE-502 ...)
NOT-FOR-US: NASA RtRetrievalFramework
@@ -20118,6 +20150,7 @@ CVE-2017-18124
CVE-2018-6622
RESERVED
CVE-2018-6621 (The decode_frame function in libavcodec/utvideodec.c in FFmpeg through ...)
+ {DSA-4249-1}
- ffmpeg 7:3.4.2-1 (low)
- libav <undetermined>
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/118e1b0b3370dd1c0da442901b486689efd1654b
@@ -20892,6 +20925,7 @@ CVE-2018-6394 (SQL Injection exists in the InviteX 3.0.5 component for Joomla! v
CVE-2018-6393 (** DISPUTED ** FreePBX 10.13.66-32bit and 14.0.1.24 ...)
NOT-FOR-US: FreePBX
CVE-2018-6392 (The filter_slice function in libavfilter/vf_transpose.c in FFmpeg ...)
+ {DSA-4249-1}
- ffmpeg 7:3.4.2-1
- libav <undetermined>
NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/3f621455d62e46745453568d915badd5b1e5bcd5
@@ -35164,6 +35198,7 @@ CVE-2018-1335 (From Apache Tika versions 1.7 to 1.17, clients could send careful
CVE-2018-1334 (In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using ...)
NOT-FOR-US: Apache Spark
CVE-2018-1333 [Apache HTTP Server HTTP/2 DoS]
+ REJECTED
- apache2 <unfixed>
NOTE: Affects 2.4.18-2.4.33
NOTE: http://www.openwall.com/lists/oss-security/2018/07/18/1
@@ -54595,36 +54630,43 @@ CVE-2017-12107 (An memory corruption vulnerability exists in the .PCX parsing ..
CVE-2017-12106 (A memory corruption vulnerability exists in the .TGA parsing ...)
NOT-FOR-US: Computerinsel Photoline
CVE-2017-12105 (An exploitable integer overflow exists in the way that the Blender ...)
+ {DSA-4248-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0457
CVE-2017-12104 (An exploitable integer overflow exists in the way that the Blender ...)
+ {DSA-4248-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e6df02861e17f75d4dd243776f35208681b78465
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0456
CVE-2017-12103 (An exploitable integer overflow exists in the way that the Blender ...)
+ {DSA-4248-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e6df02861e17f75d4dd243776f35208681b78465
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0455
CVE-2017-12102 (An exploitable integer overflow exists in the way that the Blender ...)
+ {DSA-4248-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e6df02861e17f75d4dd243776f35208681b78465
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0454
CVE-2017-12101 (An exploitable integer overflow exists in the ...)
+ {DSA-4248-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0453
CVE-2017-12100 (An exploitable integer overflow exists in the 'multires_load_old_dm' ...)
+ {DSA-4248-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0452
CVE-2017-12099 (An exploitable integer overflow exists in the upgrade of the legacy ...)
+ {DSA-4248-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581
@@ -54660,6 +54702,7 @@ CVE-2017-12087 (An exploitable heap overflow vulnerability exists in the tinysvc
NOTE: Debian build uses Avahi instead
NOTE: https://bugs.launchpad.net/ubuntu/+source/shairport-sync/+bug/1729668
CVE-2017-12086 (An exploitable integer overflow exists in the ...)
+ {DSA-4248-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581
@@ -54671,11 +54714,13 @@ CVE-2017-12084 (A backdoor vulnerability exists in remote control functionality
CVE-2017-12083 (An exploitable information disclosure vulnerability exists in the apid ...)
NOT-FOR-US: Circle with Disney
CVE-2017-12082 (An exploitable integer overflow exists in the 'CustomData' Mesh ...)
+ {DSA-4248-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0434
CVE-2017-12081 (An exploitable integer overflow exists in the upgrade of a legacy Mesh ...)
+ {DSA-4248-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581
@@ -83033,6 +83078,7 @@ CVE-2017-2919 (An exploitable stack based buffer overflow vulnerability exists i
- r-cran-readxl 1.0.0-2 (bug #895564)
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0426
CVE-2017-2918 (An exploitable integer overflow exists in the Image loading ...)
+ {DSA-4248-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
@@ -83060,52 +83106,62 @@ CVE-2017-2909 (An infinite loop programming error exists in the DNS server ...)
[wheezy] - smplayer <not-affected> (Vulnerable code not present)
NOTE: 18.5.0~ds1-1 isn't fixed on the source level, but no longer builds the Chromecast support
CVE-2017-2908 (An exploitable integer overflow exists in the thumbnail functionality ...)
+ {DSA-4248-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/07aed404cfb2759f97c60b9f64d8a9392dabaf1a
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0415
CVE-2017-2907 (An exploitable integer overflow exists in the animation playing ...)
+ {DSA-4248-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0414
CVE-2017-2906 (An exploitable integer overflow exists in the animation playing ...)
+ {DSA-4248-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0413
CVE-2017-2905 (An exploitable integer overflow exists in the bmp loading ...)
+ {DSA-4248-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0412
CVE-2017-2904 (An exploitable integer overflow exists in the RADIANCE loading ...)
+ {DSA-4248-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0411
CVE-2017-2903 (An exploitable integer overflow exists in the DPX loading ...)
+ {DSA-4248-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0410
CVE-2017-2902 (An exploitable integer overflow exists in the DPX loading ...)
+ {DSA-4248-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0409
CVE-2017-2901 (An exploitable integer overflow exists in the IRIS loading ...)
+ {DSA-4248-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/829916f4e57a2d1580ff3b625f6bb909b9144a20
NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0408
CVE-2017-2900 (An exploitable integer overflow exists in the PNG loading ...)
+ {DSA-4248-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0407
CVE-2017-2899 (An exploitable integer overflow exists in the TIFF loading ...)
+ {DSA-4248-1}
- blender 2.79.a+dfsg0-1
[wheezy] - blender <ignored> (Vulnerable but not ignored)
NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c118d59cfc2e39ec69a34d4b87e79f0c557c71d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c118d59cfc2e39ec69a34d4b87e79f0c557c71d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180718/e821aa97/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list