[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Jul 18 09:10:28 BST 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8c118d59 by security tracker role at 2018-07-18T08:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,29 @@
+CVE-2018-14379 (MP4Atom::factory in mp4atom.cpp in MP4v2 2.0.0 incorrectly uses the ...)
+	TODO: check
+CVE-2018-14378 (An issue was discovered in LibTIFF 4.0.9. A buffer overflow can occur ...)
+	TODO: check
+CVE-2018-14377
+	RESERVED
+CVE-2018-14376
+	RESERVED
+CVE-2018-14375 (An issue was discovered in LibTIFF 4.0.9. A buffer overflow ...)
+	TODO: check
+CVE-2018-14374 (An issue was discovered in LibTIFF 4.0.9. A buffer overflow can occur ...)
+	TODO: check
+CVE-2018-14373 (An issue was discovered in LibTIFF 4.0.9. In TIFFFindField in ...)
+	TODO: check
+CVE-2018-14372
+	RESERVED
+CVE-2018-14371
+	RESERVED
+CVE-2018-14370
+	RESERVED
+CVE-2018-14369
+	RESERVED
+CVE-2018-14368
+	RESERVED
+CVE-2018-14367
+	RESERVED
 CVE-2018-14366
 	RESERVED
 CVE-2018-14365
@@ -2352,6 +2378,7 @@ CVE-2018-13303 (In FFmpeg 4.0.1, a missing check for failure of a call to ...)
 	- libav <undetermined>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/00e8181bd97c834fe60751b0c511d4bb97875f78
 CVE-2018-13302 (In FFmpeg 4.0.1, improper handling of frame types (other than ...)
+	{DSA-4249-1}
 	- ffmpeg 7:3.4.3-1
 	- libav <undetermined>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/ed22dc22216f74c75ee7901f82649e1ff725ba50
@@ -2362,6 +2389,7 @@ CVE-2018-13301 (In FFmpeg 4.0.1, due to a missing check of a profile value befor
 	- libav <undetermined>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/2aa9047486dbff12d9e040f917e5f799ed2fd78b
 CVE-2018-13300 (In FFmpeg 4.0.1, an improper argument (AVCodecParameters) passed to the ...)
+	{DSA-4249-1}
 	- ffmpeg 7:3.4.3-1
 	- libav <undetermined>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/95556e27e2c1d56d9e18f5db34d6f756f3011148
@@ -3270,6 +3298,7 @@ CVE-2018-12896 (An issue was discovered in the Linux kernel through 4.17.3. An I
 	NOTE: https://github.com/lcytxw/bug_repro/tree/master/bug_200189
 	NOTE: https://github.com/torvalds/linux/commit/78c9c4dfbf8c04883941445a195276bb4bb92c76
 CVE-2018-12895 (WordPress through 4.9.6 allows Author users to execute arbitrary code ...)
+	{DSA-4250-1}
 	- wordpress 4.9.7+dfsg1-1 (bug #902876)
 	NOTE: https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
 	NOTE: https://github.com/WordPress/WordPress/commit/c9dce0606b0d7e6f494d4abe7b193ac046a322cd
@@ -4472,6 +4501,7 @@ CVE-2018-12459 (An inconsistent bits-per-sample value in the ...)
 	[stretch] - ffmpeg <postponed> (Can be fixed when new 3.2.x release fixes it)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/2fc108f60f98cd00813418a8754a46476b404a3c
 CVE-2018-12458 (An improper integer type in the mpeg4_encode_gop_header function in ...)
+	{DSA-4249-1}
 	[experimental] - ffmpeg 7:4.0.1-1 (low)
 	- ffmpeg 7:3.4.3-1 (low)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/e1182fac1afba92a4975917823a5f644bee7e6e8
@@ -10963,6 +10993,7 @@ CVE-2018-10003
 CVE-2018-10002
 	RESERVED
 CVE-2018-10001 (The decode_init function in libavcodec/utvideodec.c in FFmpeg through ...)
+	{DSA-4249-1}
 	- ffmpeg 7:3.4.3-1 (low)
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=47b7c68ae54560e2308bdb6be4fb076c73b93081
 	- libav <undetermined>
@@ -17145,6 +17176,7 @@ CVE-2018-7559 (An issue was discovered in OPC UA .NET Standard Stack and Sample 
 CVE-2018-7558
 	RESERVED
 CVE-2018-7557 (The decode_init function in libavcodec/utvideodec.c in FFmpeg through ...)
+	{DSA-4249-1}
 	- ffmpeg 7:3.4.3-1
 	- libav <removed>
 	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/7414d0bda7763f9bd69c26c068e482ab297c1c96
@@ -19985,7 +20017,7 @@ CVE-2018-1000051 (Artifex Mupdf version 1.12.0 contains a Use After Free vulnera
 	NOTE: Fixed by: http://www.ghostscript.com/cgi-bin/findgit.cgi?321ba1de287016b0036bf4a56ce774ad11763384
 CVE-2018-1000050 (Sean Barrett stb_vorbis version 1.12 and earlier contains a Buffer ...)
 	NOT-FOR-US: Sean Barrett stb_vorbis
-CVE-2018-1000049 (nanopool Claymore Dual Miner version 7.3 and earlier contains a Remote ...)
+CVE-2018-1000049 (Nanopool Claymore Dual Miner version 7.3 and earlier contains a remote ...)
 	NOT-FOR-US: nanopool Claymore Dual Miner
 CVE-2018-1000048 (NASA RtRetrievalFramework version v1.0 contains a CWE-502 ...)
 	NOT-FOR-US: NASA RtRetrievalFramework
@@ -20118,6 +20150,7 @@ CVE-2017-18124
 CVE-2018-6622
 	RESERVED
 CVE-2018-6621 (The decode_frame function in libavcodec/utvideodec.c in FFmpeg through ...)
+	{DSA-4249-1}
 	- ffmpeg 7:3.4.2-1 (low)
 	- libav <undetermined>
 	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/118e1b0b3370dd1c0da442901b486689efd1654b
@@ -20892,6 +20925,7 @@ CVE-2018-6394 (SQL Injection exists in the InviteX 3.0.5 component for Joomla! v
 CVE-2018-6393 (** DISPUTED ** FreePBX 10.13.66-32bit and 14.0.1.24 ...)
 	NOT-FOR-US: FreePBX
 CVE-2018-6392 (The filter_slice function in libavfilter/vf_transpose.c in FFmpeg ...)
+	{DSA-4249-1}
 	- ffmpeg 7:3.4.2-1
 	- libav <undetermined>
 	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/3f621455d62e46745453568d915badd5b1e5bcd5
@@ -35164,6 +35198,7 @@ CVE-2018-1335 (From Apache Tika versions 1.7 to 1.17, clients could send careful
 CVE-2018-1334 (In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using ...)
 	NOT-FOR-US: Apache Spark
 CVE-2018-1333 [Apache HTTP Server HTTP/2 DoS]
+	REJECTED
 	- apache2 <unfixed>
 	NOTE: Affects 2.4.18-2.4.33
 	NOTE: http://www.openwall.com/lists/oss-security/2018/07/18/1
@@ -54595,36 +54630,43 @@ CVE-2017-12107 (An memory corruption vulnerability exists in the .PCX parsing ..
 CVE-2017-12106 (A memory corruption vulnerability exists in the .TGA parsing ...)
 	NOT-FOR-US: Computerinsel Photoline
 CVE-2017-12105 (An exploitable integer overflow exists in the way that the Blender ...)
+	{DSA-4248-1}
 	- blender 2.79.a+dfsg0-1
 	[wheezy] - blender <ignored> (Vulnerable but not ignored)
 	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0457
 CVE-2017-12104 (An exploitable integer overflow exists in the way that the Blender ...)
+	{DSA-4248-1}
 	- blender 2.79.a+dfsg0-1
 	[wheezy] - blender <ignored> (Vulnerable but not ignored)
 	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e6df02861e17f75d4dd243776f35208681b78465
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0456
 CVE-2017-12103 (An exploitable integer overflow exists in the way that the Blender ...)
+	{DSA-4248-1}
 	- blender 2.79.a+dfsg0-1
 	[wheezy] - blender <ignored> (Vulnerable but not ignored)
 	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e6df02861e17f75d4dd243776f35208681b78465
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0455
 CVE-2017-12102 (An exploitable integer overflow exists in the way that the Blender ...)
+	{DSA-4248-1}
 	- blender 2.79.a+dfsg0-1
 	[wheezy] - blender <ignored> (Vulnerable but not ignored)
 	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e6df02861e17f75d4dd243776f35208681b78465
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0454
 CVE-2017-12101 (An exploitable integer overflow exists in the ...)
+	{DSA-4248-1}
 	- blender 2.79.a+dfsg0-1
 	[wheezy] - blender <ignored> (Vulnerable but not ignored)
 	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0453
 CVE-2017-12100 (An exploitable integer overflow exists in the 'multires_load_old_dm' ...)
+	{DSA-4248-1}
 	- blender 2.79.a+dfsg0-1
 	[wheezy] - blender <ignored> (Vulnerable but not ignored)
 	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0452
 CVE-2017-12099 (An exploitable integer overflow exists in the upgrade of the legacy ...)
+	{DSA-4248-1}
 	- blender 2.79.a+dfsg0-1
 	[wheezy] - blender <ignored> (Vulnerable but not ignored)
 	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581
@@ -54660,6 +54702,7 @@ CVE-2017-12087 (An exploitable heap overflow vulnerability exists in the tinysvc
 	NOTE: Debian build uses Avahi instead
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/shairport-sync/+bug/1729668
 CVE-2017-12086 (An exploitable integer overflow exists in the ...)
+	{DSA-4248-1}
 	- blender 2.79.a+dfsg0-1
 	[wheezy] - blender <ignored> (Vulnerable but not ignored)
 	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581
@@ -54671,11 +54714,13 @@ CVE-2017-12084 (A backdoor vulnerability exists in remote control functionality 
 CVE-2017-12083 (An exploitable information disclosure vulnerability exists in the apid ...)
 	NOT-FOR-US: Circle with Disney
 CVE-2017-12082 (An exploitable integer overflow exists in the 'CustomData' Mesh ...)
+	{DSA-4248-1}
 	- blender 2.79.a+dfsg0-1
 	[wheezy] - blender <ignored> (Vulnerable but not ignored)
 	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0434
 CVE-2017-12081 (An exploitable integer overflow exists in the upgrade of a legacy Mesh ...)
+	{DSA-4248-1}
 	- blender 2.79.a+dfsg0-1
 	[wheezy] - blender <ignored> (Vulnerable but not ignored)
 	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581
@@ -83033,6 +83078,7 @@ CVE-2017-2919 (An exploitable stack based buffer overflow vulnerability exists i
 	- r-cran-readxl 1.0.0-2 (bug #895564)
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0426
 CVE-2017-2918 (An exploitable integer overflow exists in the Image loading ...)
+	{DSA-4248-1}
 	- blender 2.79.a+dfsg0-1
 	[wheezy] - blender <ignored> (Vulnerable but not ignored)
 	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
@@ -83060,52 +83106,62 @@ CVE-2017-2909 (An infinite loop programming error exists in the DNS server ...)
 	[wheezy] - smplayer <not-affected> (Vulnerable code not present)
 	NOTE: 18.5.0~ds1-1 isn't fixed on the source level, but no longer builds the Chromecast support
 CVE-2017-2908 (An exploitable integer overflow exists in the thumbnail functionality ...)
+	{DSA-4248-1}
 	- blender 2.79.a+dfsg0-1
 	[wheezy] - blender <ignored> (Vulnerable but not ignored)
 	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/07aed404cfb2759f97c60b9f64d8a9392dabaf1a
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0415
 CVE-2017-2907 (An exploitable integer overflow exists in the animation playing ...)
+	{DSA-4248-1}
 	- blender 2.79.a+dfsg0-1
 	[wheezy] - blender <ignored> (Vulnerable but not ignored)
 	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0414
 CVE-2017-2906 (An exploitable integer overflow exists in the animation playing ...)
+	{DSA-4248-1}
 	- blender 2.79.a+dfsg0-1
 	[wheezy] - blender <ignored> (Vulnerable but not ignored)
 	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0413
 CVE-2017-2905 (An exploitable integer overflow exists in the bmp loading ...)
+	{DSA-4248-1}
 	- blender 2.79.a+dfsg0-1
 	[wheezy] - blender <ignored> (Vulnerable but not ignored)
 	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0412
 CVE-2017-2904 (An exploitable integer overflow exists in the RADIANCE loading ...)
+	{DSA-4248-1}
 	- blender 2.79.a+dfsg0-1
 	[wheezy] - blender <ignored> (Vulnerable but not ignored)
 	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0411
 CVE-2017-2903 (An exploitable integer overflow exists in the DPX loading ...)
+	{DSA-4248-1}
 	- blender 2.79.a+dfsg0-1
 	[wheezy] - blender <ignored> (Vulnerable but not ignored)
 	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0410
 CVE-2017-2902 (An exploitable integer overflow exists in the DPX loading ...)
+	{DSA-4248-1}
 	- blender 2.79.a+dfsg0-1
 	[wheezy] - blender <ignored> (Vulnerable but not ignored)
 	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0409
 CVE-2017-2901 (An exploitable integer overflow exists in the IRIS loading ...)
+	{DSA-4248-1}
 	- blender 2.79.a+dfsg0-1
 	[wheezy] - blender <ignored> (Vulnerable but not ignored)
 	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/829916f4e57a2d1580ff3b625f6bb909b9144a20
 	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0408
 CVE-2017-2900 (An exploitable integer overflow exists in the PNG loading ...)
+	{DSA-4248-1}
 	- blender 2.79.a+dfsg0-1
 	[wheezy] - blender <ignored> (Vulnerable but not ignored)
 	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0407
 CVE-2017-2899 (An exploitable integer overflow exists in the TIFF loading ...)
+	{DSA-4248-1}
 	- blender 2.79.a+dfsg0-1
 	[wheezy] - blender <ignored> (Vulnerable but not ignored)
 	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c118d59cfc2e39ec69a34d4b87e79f0c557c71d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c118d59cfc2e39ec69a34d4b87e79f0c557c71d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180718/e821aa97/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list