[Git][security-tracker-team/security-tracker][master] 2 commits: openexr: add commit reference for 2.5

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Jul 8 21:19:05 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
89778b99 by Moritz Muehlenhoff at 2021-07-08T22:15:13+02:00
openexr: add commit reference for 2.5

- - - - -
d4701e73 by Moritz Muehlenhoff at 2021-07-08T22:18:46+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3500,7 +3500,8 @@ CVE-2021-3598 (There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionalit
 	[buster] - openexr <no-dsa> (Minor issue)
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/issues/1033
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1037
-	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/566f5241edd87445373885d5f7a904dc81e866c1
+	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/566f5241edd87445373885d5f7a904dc81e866c1 (master)
+	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/e2667ae1a3ff8a9fce730e61129868b326abb3f5 (2.5)
 	NOTE: Introduced by https://github.com/AcademySoftwareFoundation/openexr/commit/9f011ae9ce9b1ca03521ff76e7659d34ee830344 (v2.0.0)
 CVE-2021-3597
 	RESERVED
@@ -3627,17 +3628,17 @@ CVE-2021-34616
 CVE-2021-34615
 	RESERVED
 CVE-2021-34614 (A remote arbitrary command execution vulnerability was discovered in A ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2021-34613
 	RESERVED
 CVE-2021-34612
 	RESERVED
 CVE-2021-34611 (A remote arbitrary command execution vulnerability was discovered in A ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2021-34610 (A remote arbitrary command execution vulnerability was discovered in A ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2021-34609 (A remote SQL injection vulnerability was discovered in Aruba ClearPass ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2021-34608
 	RESERVED
 CVE-2021-34607
@@ -4054,7 +4055,7 @@ CVE-2021-34432
 CVE-2021-34431
 	RESERVED
 CVE-2021-34430 (Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C  ...)
-	TODO: check
+	NOT-FOR-US: Eclipse TinyDTLS
 CVE-2021-34429
 	RESERVED
 CVE-2021-34428 (For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, i ...)
@@ -4738,7 +4739,7 @@ CVE-2021-34112
 CVE-2021-34111
 	RESERVED
 CVE-2021-34110 (WinWaste.NET version 1.0.6183.16475 has incorrect permissions, allowin ...)
-	TODO: check
+	NOT-FOR-US: WinWaste.NET
 CVE-2021-34109
 	RESERVED
 CVE-2021-34108
@@ -8406,7 +8407,7 @@ CVE-2021-32539 (Add event in calendar function in the 101EIP system does not fil
 CVE-2021-32538 (ARTWARE CMS parameter of image upload function does not filter the typ ...)
 	NOT-FOR-US: ARTWARE CMS
 CVE-2021-32537 (Realtek HAD contains a driver crashed vulnerability which allows local ...)
-	TODO: check
+	NOT-FOR-US: Realtek
 CVE-2021-32536 (The login page in the MCUsystem does not filter with special character ...)
 	NOT-FOR-US: MCUsystem
 CVE-2021-32535 (The vulnerability of hard-coded default credentials in QSAN SANOS allo ...)
@@ -8599,9 +8600,9 @@ CVE-2021-32464
 CVE-2021-32463
 	RESERVED
 CVE-2021-32462 (Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below i ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2021-32461 (Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below i ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2021-32460 (The Trend Micro Maximum Security 2021 (v17) consumer product is vulner ...)
 	NOT-FOR-US: Trend Micro
 CVE-2021-32459 (Trend Micro Home Network Security version 6.6.604 and earlier contains ...)
@@ -10210,9 +10211,9 @@ CVE-2021-31819
 CVE-2021-31818 (Affected versions of Octopus Server are prone to an authenticated SQL  ...)
 	NOT-FOR-US: Octopus Server
 CVE-2021-31817 (When configuring Octopus Server if it is configured with an external S ...)
-	TODO: check
+	NOT-FOR-US: Octopus Server
 CVE-2021-31816 (When configuring Octopus Server if it is configured with an external S ...)
-	TODO: check
+	NOT-FOR-US: Octopus Server
 CVE-2019-25042 (** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via  ...)
 	{DLA-2652-1}
 	- unbound 1.9.6-1
@@ -15366,7 +15367,7 @@ CVE-2021-29713
 CVE-2021-29712
 	RESERVED
 CVE-2021-29711 (IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 6.2.7.8 , 6.2.7.9, 7.0.3. ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2021-29710
 	RESERVED
 CVE-2021-29709
@@ -16825,11 +16826,11 @@ CVE-2021-3465
 CVE-2021-29153
 	RESERVED
 CVE-2021-29152 (A remote denial of service (DoS) vulnerability was discovered in Aruba ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2021-29151 (A remote authentication bypass vulnerability was discovered in Aruba C ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2021-29150 (A remote insecure deserialization vulnerability was discovered in Arub ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2021-29149
 	RESERVED
 CVE-2021-29148
@@ -17650,7 +17651,7 @@ CVE-2021-28811 (If exploited, this command injection vulnerability could allow r
 CVE-2021-28810 (If exploited, this vulnerability allows an attacker to access resource ...)
 	NOT-FOR-US: QNAP
 CVE-2021-28809 (An improper access control vulnerability has been reported to affect c ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2021-28808
 	RESERVED
 CVE-2021-28807 (A post-authentication reflected XSS vulnerability has been reported to ...)
@@ -33135,7 +33136,7 @@ CVE-2021-22235
 CVE-2021-22234
 	RESERVED
 CVE-2021-22233 (An information disclosure vulnerability in GitLab EE versions 13.10 an ...)
-	TODO: check
+	- gitlab <not-affected> (Specific to EE)
 CVE-2021-22232 (HTML injection was possible via the full name field before versions 13 ...)
 	- gitlab <unfixed>
 CVE-2021-22231 (A denial of service in user's profile page is found starting with GitL ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d15a2c1d8ab1ef0f09b648572c827bf617b50932...d4701e73b6524274b03e755215e6a02254220c55

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d15a2c1d8ab1ef0f09b648572c827bf617b50932...d4701e73b6524274b03e755215e6a02254220c55
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210708/bfbd85ec/attachment.htm>

More information about the debian-security-tracker-commits mailing list