[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Jul 3 21:10:36 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
34c171c7 by security tracker role at 2021-07-03T20:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -540,6 +540,7 @@ CVE-2021-35942 [Wild read in wordexp (parse_param)]
CVE-2021-35941 (Western Digital WD My Book Live (2.x and later) and WD My Book Live Du ...)
NOT-FOR-US: Western Digital
CVE-2021-3630 (An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::D ...)
+ {DLA-2702-1}
- djvulibre 3.5.27.1-12
NOTE: https://sourceforge.net/p/djvu/bugs/302/
NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/7b0ef20690e08f1fe124aebbf42f6310e2f40f81/
@@ -3256,6 +3257,7 @@ CVE-2021-34675
RESERVED
CVE-2021-3598
RESERVED
+ {DLA-2701-1}
- openexr <unfixed> (bug #990450)
NOTE: https://github.com/AcademySoftwareFoundation/openexr/issues/1033
NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1037
@@ -10667,12 +10669,14 @@ CVE-2021-26945 (An integer overflow leading to a heap-buffer overflow was found
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/2f01a253db2bc82724405a16c76783c38c67ba05
NOTE: Only affects exrcheck, which isn't built into the binary packages
CVE-2021-26260 (An integer overflow leading to a heap-buffer overflow was found in the ...)
+ {DLA-2701-1}
- openexr <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1947582
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29423
NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/894
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/088a61434568cedf3ac1521c44584be397909078
CVE-2021-23215 (An integer overflow leading to a heap-buffer overflow was found in the ...)
+ {DLA-2701-1}
- openexr <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1947586
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29653
@@ -15249,6 +15253,7 @@ CVE-2021-3480 (A flaw was found in slapi-nis in versions before 0.56.7. A NULL p
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1944640
NOTE: https://pagure.io/slapi-nis/c/c7417ea2d534712e559b56ed45baa91c5d3d44db?branch=master
CVE-2021-3479 (There's a flaw in OpenEXR's Scanline API functionality in versions bef ...)
+ {DLA-2701-1}
- openexr <unfixed> (bug #986796)
[bullseye] - openexr <no-dsa> (Minor issue)
[buster] - openexr <no-dsa> (Minor issue)
@@ -15256,6 +15261,7 @@ CVE-2021-3479 (There's a flaw in OpenEXR's Scanline API functionality in version
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/d80f11f4f55100d007ae80a162bf257ec291612c
NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/830
CVE-2021-3478 (There's a flaw in OpenEXR's scanline input file functionality in versi ...)
+ {DLA-2701-1}
- openexr <unfixed> (bug #986796)
[bullseye] - openexr <no-dsa> (Minor issue)
[buster] - openexr <no-dsa> (Minor issue)
@@ -15264,6 +15270,7 @@ CVE-2021-3478 (There's a flaw in OpenEXR's scanline input file functionality in
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/bc88cdb6c97fbf5bc5d11ad8ca55306da931283a
NOTE: Depends on prior v3 checks https://github.com/AcademySoftwareFoundation/openexr/commit/0963ff1c4fcb3e748a9386685622747bfef00eb1
CVE-2021-3477 (There's a flaw in OpenEXR's deep tile sample size calculations in vers ...)
+ {DLA-2701-1}
- openexr <unfixed> (bug #986796)
[bullseye] - openexr <no-dsa> (Minor issue)
[buster] - openexr <no-dsa> (Minor issue)
@@ -15846,18 +15853,21 @@ CVE-2021-29425 (In Apache Commons IO before 2.7, When invoking the method FileNa
NOTE: https://www.openwall.com/lists/oss-security/2021/04/12/1
NOTE: https://issues.apache.org/jira/browse/IO-556
CVE-2021-3476 (A flaw was found in OpenEXR's B44 uncompression functionality in versi ...)
+ {DLA-2701-1}
- openexr <unfixed> (bug #986796)
[bullseye] - openexr <no-dsa> (Minor issue)
[buster] - openexr <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24787
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/eec0dba242bedd2778c973ae4af112107b33d9c9
CVE-2021-3475 (There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker ...)
+ {DLA-2701-1}
- openexr <unfixed> (bug #986796)
[bullseye] - openexr <no-dsa> (Minor issue)
[buster] - openexr <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25297
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/2a18ed424a854598c2a20b5dd7e782b436a1e753
CVE-2021-3474 (There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted inp ...)
+ {DLA-2701-1}
- openexr <unfixed> (bug #986796)
[bullseye] - openexr <no-dsa> (Minor issue)
[buster] - openexr <no-dsa> (Minor issue)
@@ -38705,6 +38715,7 @@ CVE-2021-20297 (A flaw was found in NetworkManager in versions before 1.30.0. Se
NOTE: Introduced by: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/3ced486f4162edcd03ff42fa27535130aff0c86c (1.26-rc2)
NOTE: Fixed by: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/420784e342da4883f6debdfe10cde68507b10d27
CVE-2021-20296 (A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted i ...)
+ {DLA-2701-1}
- openexr <unfixed> (bug #986796)
[bullseye] - openexr <no-dsa> (Minor issue)
[buster] - openexr <no-dsa> (Minor issue)
@@ -74653,6 +74664,7 @@ CVE-2020-16588 (A Null Pointer Deference issue exists in Academy Software Founda
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/74504503cff86e986bac441213c403b0ba28d58f (v2.4.0-beta.1)
NOTE: https://github.com/AcademySoftwareFoundation/openexr/issues/493
CVE-2020-16587 (A heap-based buffer overflow vulnerability exists in Academy Software ...)
+ {DLA-2701-1}
- openexr 2.5.3-2
[buster] - openexr <no-dsa> (Minor issue)
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/8b5370c688a7362673c3a5256d93695617a4cd9a (v2.4.0-beta.1)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34c171c711c3de69ccb7f9f06952efb430b13862
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34c171c711c3de69ccb7f9f06952efb430b13862
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210703/fdb5c71e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list