[Git][security-tracker-team/security-tracker][master] Review old XMP Toolkit SDK NFUs
Neil Williams (@codehelp)
codehelp at debian.org
Fri May 6 09:20:15 BST 2022
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker
Commits:
60280f60 by Neil Williams at 2022-05-06T09:19:57+01:00
Review old XMP Toolkit SDK NFUs
exempi is a port of Adobe XMP SDK to work on UNIX.
2.6.0 updated the Adobe SDK from 2016.07 through to 2021.10
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -37683,6 +37683,7 @@ CVE-2021-42532 (XMP Toolkit SDK version 2021.07 (and earlier) is affected by a s
- exempi 2.6.0-1
NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-108.html
NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
+ NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases
TODO: check for fixing commit
CVE-2021-42531 (XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-b ...)
- exempi 2.6.0-1
@@ -43422,7 +43423,11 @@ CVE-2021-40734 (Adobe Audition version 14.4 (and earlier) is affected by a memor
CVE-2021-40733 (Adobe Animate version 21.0.9 (and earlier) is affected by a memory cor ...)
NOT-FOR-US: Adobe
CVE-2021-40732 (XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer ...)
- NOT-FOR-US: Adobe
+ - exempi 2.6.0-1
+ NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-85.html
+ NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
+ NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases
+ TODO: check for fixing commit
CVE-2021-40731 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.200 ...)
NOT-FOR-US: Adobe
CVE-2021-40730 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.200 ...)
@@ -43454,7 +43459,11 @@ CVE-2021-40718
CVE-2021-40717
RESERVED
CVE-2021-40716 (XMP Toolkit SDK versions 2021.07 (and earlier) are affected by an out- ...)
- NOT-FOR-US: Adobe
+ - exempi 2.6.0-1
+ NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-85.html
+ NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
+ NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases
+ TODO: check for fixing commit
CVE-2021-40715 (Adobe Premiere Pro version 15.4 (and earlier) is affected by a memory ...)
NOT-FOR-US: Adobe
CVE-2021-40714 (Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by ...)
@@ -45619,7 +45628,11 @@ CVE-2021-39849 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.00
CVE-2021-39848
RESERVED
CVE-2021-39847 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a stack-ba ...)
- NOT-FOR-US: Adobe
+ - exempi 2.6.0-1
+ NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html
+ NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
+ NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases
+ TODO: check for fixing commit
CVE-2021-39846 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
NOT-FOR-US: Adobe
CVE-2021-39845 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
@@ -55161,7 +55174,11 @@ CVE-2021-36066 (Adobe Photoshop versions 21.2.10 (and earlier) and 22.4.3 (and e
CVE-2021-36065 (Adobe Photoshop versions 21.2.10 (and earlier) and 22.4.3 (and earlier ...)
NOT-FOR-US: Adobe
CVE-2021-36064 (XMP Toolkit version 2020.1 (and earlier) is affected by a Buffer Under ...)
- NOT-FOR-US: Adobe
+ - exempi 2.6.0-1
+ NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html
+ NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
+ NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases
+ TODO: check for fixing commit
CVE-2021-36063 (Adobe Connect version 11.2.2 (and earlier) is affected by a Reflected ...)
NOT-FOR-US: Adobe
CVE-2021-36062 (Adobe Connect version 11.2.2 (and earlier) is affected by a Reflected ...)
@@ -55173,33 +55190,85 @@ CVE-2021-36060
CVE-2021-36059 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...)
NOT-FOR-US: Adobe
CVE-2021-36058 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Integer ...)
- NOT-FOR-US: Adobe
+ - exempi 2.6.0-1
+ NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html
+ NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
+ NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases
+ TODO: check for fixing commit
CVE-2021-36057 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a write-wh ...)
- NOT-FOR-US: Adobe
+ - exempi 2.6.0-1
+ NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html
+ NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
+ NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases
+ TODO: check for fixing commit
CVE-2021-36056 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer o ...)
- NOT-FOR-US: Adobe
+ - exempi 2.6.0-1
+ NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html
+ NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
+ NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases
+ TODO: check for fixing commit
CVE-2021-36055 (XMP Toolkit SDK versions 2020.1 (and earlier) are affected by a use-af ...)
- NOT-FOR-US: Adobe
+ - exempi 2.6.0-1
+ NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html
+ NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
+ NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases
+ TODO: check for fixing commit
CVE-2021-36054 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer o ...)
- NOT-FOR-US: Adobe
+ - exempi 2.6.0-1
+ NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html
+ NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
+ NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases
+ TODO: check for fixing commit
CVE-2021-36053 (XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-o ...)
- NOT-FOR-US: Adobe
+ - exempi 2.6.0-1
+ NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html
+ NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
+ NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases
+ TODO: check for fixing commit
CVE-2021-36052 (XMP Toolkit version 2020.1 (and earlier) is affected by a memory corru ...)
- NOT-FOR-US: Adobe
+ - exempi 2.6.0-1
+ NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html
+ NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
+ NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases
+ TODO: check for fixing commit
CVE-2021-36051 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer o ...)
- NOT-FOR-US: Adobe
+ - exempi 2.6.0-1
+ NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html
+ NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
+ NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases
+ TODO: check for fixing commit
CVE-2021-36050 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer o ...)
- NOT-FOR-US: Adobe
+ - exempi 2.6.0-1
+ NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html
+ NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
+ NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases
+ TODO: check for fixing commit
CVE-2021-36049 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...)
NOT-FOR-US: Adobe
CVE-2021-36048 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Imprope ...)
- NOT-FOR-US: Adobe
+ - exempi 2.6.0-1
+ NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html
+ NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
+ NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases
+ TODO: check for fixing commit
CVE-2021-36047 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Imprope ...)
- NOT-FOR-US: Adobe
+ - exempi 2.6.0-1
+ NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html
+ NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
+ NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases
+ TODO: check for fixing commit
CVE-2021-36046 (XMP Toolkit version 2020.1 (and earlier) is affected by a memory corru ...)
- NOT-FOR-US: Adobe
+ - exempi 2.6.0-1
+ NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html
+ NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
+ NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases
+ TODO: check for fixing commit
CVE-2021-36045 (XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-o ...)
- NOT-FOR-US: Adobe
+ - exempi 2.6.0-1
+ NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html
+ NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
+ NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases
+ TODO: check for fixing commit
CVE-2021-36044 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
NOT-FOR-US: Magento
CVE-2021-36043 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
@@ -357901,7 +357970,7 @@ CVE-2016-4218 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before
CVE-2016-4217 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0 ...)
NOT-FOR-US: Adobe
CVE-2016-4216 (XMPCore in Adobe XMP Toolkit for Java before 5.1.3 allows remote attac ...)
- NOT-FOR-US: Adobe
+ NOT-FOR-US: Adobe XMP Toolkit for Java
CVE-2016-4215 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
NOT-FOR-US: Adobe
CVE-2016-4214 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60280f6027d780cdaa322f1b2b499980e6c4a6cd
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60280f6027d780cdaa322f1b2b499980e6c4a6cd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220506/4ecebbbe/attachment.htm>
More information about the debian-security-tracker-commits
mailing list